import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; export interface ProviderEnhancedValidation { /** * Should the AzureRM Provider validate location arguments against the list of supported Azure Locations? When enabled, invalid locations are caught at plan time; when disabled, they are caught at apply time. */ locations?: pulumi.Input; /** * Should the AzureRM Provider validate Resource Provider arguments against the list of supported Resource Providers? When enabled, invalid resource providers are caught at plan time; when disabled, they are caught at apply time. */ resourceProviders?: pulumi.Input; } export interface ProviderFeatures { apiManagement?: pulumi.Input; appConfiguration?: pulumi.Input; applicationInsights?: pulumi.Input; cognitiveAccount?: pulumi.Input; databricksWorkspace?: pulumi.Input; keyVault?: pulumi.Input; logAnalyticsWorkspace?: pulumi.Input; machineLearning?: pulumi.Input; managedDisk?: pulumi.Input; netapp?: pulumi.Input; postgresqlFlexibleServer?: pulumi.Input; recoveryService?: pulumi.Input; recoveryServicesVaults?: pulumi.Input; resourceGroup?: pulumi.Input; storage?: pulumi.Input; subscription?: pulumi.Input; templateDeployment?: pulumi.Input; virtualMachine?: pulumi.Input; virtualMachineScaleSet?: pulumi.Input; } export interface ProviderFeaturesApiManagement { purgeSoftDeleteOnDestroy?: pulumi.Input; recoverSoftDeleted?: pulumi.Input; } export interface ProviderFeaturesAppConfiguration { purgeSoftDeleteOnDestroy?: pulumi.Input; recoverSoftDeleted?: pulumi.Input; } export interface ProviderFeaturesApplicationInsights { disableGeneratedRule?: pulumi.Input; } export interface ProviderFeaturesCognitiveAccount { purgeSoftDeleteOnDestroy?: pulumi.Input; } export interface ProviderFeaturesDatabricksWorkspace { /** * When enabled, the managed resource group that contains the Unity Catalog data will be forcibly deleted when the workspace is destroyed, regardless of contents. */ forceDelete?: pulumi.Input; } export interface ProviderFeaturesKeyVault { /** * When enabled soft-deleted `azure.keyvault.KeyVault` resources will be permanently deleted (e.g purged), when destroyed */ purgeSoftDeleteOnDestroy?: pulumi.Input; /** * When enabled soft-deleted `azure.keyvault.Certificate` resources will be permanently deleted (e.g purged), when destroyed */ purgeSoftDeletedCertificatesOnDestroy?: pulumi.Input; /** * When enabled soft-deleted `azure.keyvault.ManagedHardwareSecurityModuleKey` resources will be permanently deleted (e.g purged), when destroyed */ purgeSoftDeletedHardwareSecurityModuleKeysOnDestroy?: pulumi.Input; /** * When enabled soft-deleted `azure.keyvault.ManagedHardwareSecurityModule` resources will be permanently deleted (e.g purged), when destroyed */ purgeSoftDeletedHardwareSecurityModulesOnDestroy?: pulumi.Input; /** * When enabled soft-deleted `azure.keyvault.Key` resources will be permanently deleted (e.g purged), when destroyed */ purgeSoftDeletedKeysOnDestroy?: pulumi.Input; /** * When enabled soft-deleted `azure.keyvault.Secret` resources will be permanently deleted (e.g purged), when destroyed */ purgeSoftDeletedSecretsOnDestroy?: pulumi.Input; /** * When enabled soft-deleted `azure.keyvault.Certificate` resources will be restored, instead of creating new ones */ recoverSoftDeletedCertificates?: pulumi.Input; /** * When enabled soft-deleted `azure.keyvault.ManagedHardwareSecurityModuleKey` resources will be restored, instead of creating new ones */ recoverSoftDeletedHardwareSecurityModuleKeys?: pulumi.Input; /** * When enabled soft-deleted `azure.keyvault.KeyVault` resources will be restored, instead of creating new ones */ recoverSoftDeletedKeyVaults?: pulumi.Input; /** * When enabled soft-deleted `azure.keyvault.Key` resources will be restored, instead of creating new ones */ recoverSoftDeletedKeys?: pulumi.Input; /** * When enabled soft-deleted `azure.keyvault.Secret` resources will be restored, instead of creating new ones */ recoverSoftDeletedSecrets?: pulumi.Input; } export interface ProviderFeaturesLogAnalyticsWorkspace { permanentlyDeleteOnDestroy?: pulumi.Input; } export interface ProviderFeaturesMachineLearning { purgeSoftDeletedWorkspaceOnDestroy?: pulumi.Input; } export interface ProviderFeaturesManagedDisk { expandWithoutDowntime?: pulumi.Input; } export interface ProviderFeaturesNetapp { /** * When enabled, backups will be deleted when the `azure.netapp.BackupVault` resource is destroyed */ deleteBackupsOnBackupVaultDestroy?: pulumi.Input; /** * When enabled, the volume will not be destroyed, safeguarding from severe data loss */ preventVolumeDestruction?: pulumi.Input; } export interface ProviderFeaturesPostgresqlFlexibleServer { restartServerOnConfigurationValueChange?: pulumi.Input; } export interface ProviderFeaturesRecoveryService { purgeProtectedItemsFromVaultOnDestroy?: pulumi.Input; vmBackupStopProtectionAndRetainDataOnDestroy?: pulumi.Input; vmBackupSuspendProtectionAndRetainDataOnDestroy?: pulumi.Input; } export interface ProviderFeaturesRecoveryServicesVaults { recoverSoftDeletedBackupProtectedVm?: pulumi.Input; } export interface ProviderFeaturesResourceGroup { preventDeletionIfContainsResources?: pulumi.Input; } export interface ProviderFeaturesStorage { dataPlaneAvailable?: pulumi.Input; } export interface ProviderFeaturesSubscription { preventCancellationOnDestroy?: pulumi.Input; } export interface ProviderFeaturesTemplateDeployment { deleteNestedItemsDuringDeletion: pulumi.Input; } export interface ProviderFeaturesVirtualMachine { deleteOsDiskOnDeletion?: pulumi.Input; detachImplicitDataDiskOnDeletion?: pulumi.Input; /** * @deprecated 'graceful_shutdown' has been deprecated and will be removed from v5.0 of the AzureRM provider. */ gracefulShutdown?: pulumi.Input; skipShutdownAndForceDelete?: pulumi.Input; } export interface ProviderFeaturesVirtualMachineScaleSet { forceDelete?: pulumi.Input; reimageOnManualUpgrade?: pulumi.Input; rollInstancesWhenRequired?: pulumi.Input; scaleToZeroBeforeDeletion?: pulumi.Input; } export declare namespace advisor { } export declare namespace aifoundry { interface HubEncryption { /** * The Key Vault URI to access the encryption key. */ keyId: pulumi.Input; /** * The Key Vault ID where the customer owned encryption key exists. */ keyVaultId: pulumi.Input; /** * The user assigned identity ID that has access to the encryption key. * * > **Note:** `userAssignedIdentityId` must be set when`identity.type` is `UserAssigned` in order for the service to find the assigned permissions. */ userAssignedIdentityId?: pulumi.Input; } interface HubIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this AI Foundry Hub. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this AI Foundry Hub. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface HubManagedNetwork { /** * The isolation mode of the AI Foundry Hub. Possible values are `Disabled`, `AllowOnlyApprovedOutbound`, and `AllowInternetOutbound`. */ isolationMode?: pulumi.Input; } interface ProjectIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this AI Foundry Project. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this AI Foundry Project. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } } export declare namespace analysisservices { interface ServerIpv4FirewallRule { /** * Specifies the name of the firewall rule. */ name: pulumi.Input; /** * End of the firewall rule range as IPv4 address. */ rangeEnd: pulumi.Input; /** * Start of the firewall rule range as IPv4 address. */ rangeStart: pulumi.Input; } } export declare namespace apimanagement { interface ApiContact { /** * The email address of the contact person/organization. */ email?: pulumi.Input; /** * The name of the contact person/organization. */ name?: pulumi.Input; /** * Absolute URL of the contact information. */ url?: pulumi.Input; } interface ApiDiagnosticBackendRequest { /** * Number of payload bytes to log (up to 8192). */ bodyBytes?: pulumi.Input; /** * A `dataMasking` block as defined below. */ dataMasking?: pulumi.Input; /** * Specifies a list of headers to log. */ headersToLogs?: pulumi.Input[]>; } interface ApiDiagnosticBackendRequestDataMasking { /** * A `headers` block as defined below. */ headers?: pulumi.Input[]>; /** * A `queryParams` block as defined below. */ queryParams?: pulumi.Input[]>; } interface ApiDiagnosticBackendRequestDataMaskingHeader { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface ApiDiagnosticBackendRequestDataMaskingQueryParam { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface ApiDiagnosticBackendResponse { /** * Number of payload bytes to log (up to 8192). */ bodyBytes?: pulumi.Input; /** * A `dataMasking` block as defined below. */ dataMasking?: pulumi.Input; /** * Specifies a list of headers to log. */ headersToLogs?: pulumi.Input[]>; } interface ApiDiagnosticBackendResponseDataMasking { /** * A `headers` block as defined below. */ headers?: pulumi.Input[]>; /** * A `queryParams` block as defined below. */ queryParams?: pulumi.Input[]>; } interface ApiDiagnosticBackendResponseDataMaskingHeader { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface ApiDiagnosticBackendResponseDataMaskingQueryParam { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface ApiDiagnosticFrontendRequest { /** * Number of payload bytes to log (up to 8192). */ bodyBytes?: pulumi.Input; /** * A `dataMasking` block as defined below. */ dataMasking?: pulumi.Input; /** * Specifies a list of headers to log. */ headersToLogs?: pulumi.Input[]>; } interface ApiDiagnosticFrontendRequestDataMasking { /** * A `headers` block as defined below. */ headers?: pulumi.Input[]>; /** * A `queryParams` block as defined below. */ queryParams?: pulumi.Input[]>; } interface ApiDiagnosticFrontendRequestDataMaskingHeader { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface ApiDiagnosticFrontendRequestDataMaskingQueryParam { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface ApiDiagnosticFrontendResponse { /** * Number of payload bytes to log (up to 8192). */ bodyBytes?: pulumi.Input; /** * A `dataMasking` block as defined below. */ dataMasking?: pulumi.Input; /** * Specifies a list of headers to log. */ headersToLogs?: pulumi.Input[]>; } interface ApiDiagnosticFrontendResponseDataMasking { /** * A `headers` block as defined below. */ headers?: pulumi.Input[]>; /** * A `queryParams` block as defined below. */ queryParams?: pulumi.Input[]>; } interface ApiDiagnosticFrontendResponseDataMaskingHeader { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface ApiDiagnosticFrontendResponseDataMaskingQueryParam { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface ApiImport { /** * The format of the content from which the API Definition should be imported. Possible values are: `openapi`, `openapi+json`, `openapi+json-link`, `openapi-link`, `swagger-json`, `swagger-link-json`, `wadl-link-json`, `wadl-xml`, `wsdl` and `wsdl-link`. */ contentFormat: pulumi.Input; /** * The Content from which the API Definition should be imported. When a `contentFormat` of `*-link-*` is specified this must be a URL, otherwise this must be defined inline. The URL must be accessible and return a valid document; otherwise, deployment may fail. */ contentValue: pulumi.Input; /** * A `wsdlSelector` block as defined below, which allows you to limit the import of a WSDL to only a subset of the document. This can only be specified when `contentFormat` is `wsdl` or `wsdl-link`. */ wsdlSelector?: pulumi.Input; } interface ApiImportWsdlSelector { /** * The name of endpoint (port) to import from WSDL. */ endpointName: pulumi.Input; /** * The name of service to import from WSDL. */ serviceName: pulumi.Input; } interface ApiLicense { /** * The name of the license . */ name?: pulumi.Input; /** * Absolute URL of the license. */ url?: pulumi.Input; } interface ApiOauth2Authorization { /** * OAuth authorization server identifier. The name of an OAuth2 Authorization Server. */ authorizationServerName: pulumi.Input; /** * Operations scope. */ scope?: pulumi.Input; } interface ApiOpenidAuthentication { /** * How to send token to the server. A list of zero or more methods. Valid values are `authorizationHeader` and `query`. */ bearerTokenSendingMethods?: pulumi.Input[]>; /** * OpenID Connect provider identifier. The name of an OpenID Connect Provider. */ openidProviderName: pulumi.Input; } interface ApiOperationRequest { /** * A description of the HTTP Request, which may include HTML tags. */ description?: pulumi.Input; /** * One or more `header` blocks as defined above. */ headers?: pulumi.Input[]>; /** * One or more `queryParameter` blocks as defined above. */ queryParameters?: pulumi.Input[]>; /** * One or more `representation` blocks as defined below. */ representations?: pulumi.Input[]>; } interface ApiOperationRequestHeader { /** * The default value for this Header. */ defaultValue?: pulumi.Input; /** * A description of this Header. */ description?: pulumi.Input; /** * One or more `example` blocks as defined above. */ examples?: pulumi.Input[]>; /** * The Name of this Header. */ name: pulumi.Input; /** * Is this Header Required? */ required: pulumi.Input; /** * The name of the Schema. */ schemaId?: pulumi.Input; /** * The Type of this Header, such as a `string`. */ type: pulumi.Input; /** * The type name defined by the Schema. */ typeName?: pulumi.Input; /** * One or more acceptable values for this Header. */ values?: pulumi.Input[]>; } interface ApiOperationRequestHeaderExample { /** * A long description for this example. */ description?: pulumi.Input; /** * A URL that points to the literal example. */ externalValue?: pulumi.Input; /** * The name of this example. */ name: pulumi.Input; /** * A short description for this example. */ summary?: pulumi.Input; /** * The example of the representation. */ value?: pulumi.Input; } interface ApiOperationRequestQueryParameter { /** * The default value for this Query Parameter. */ defaultValue?: pulumi.Input; /** * A description of this Query Parameter. */ description?: pulumi.Input; /** * One or more `example` blocks as defined above. */ examples?: pulumi.Input[]>; /** * The Name of this Query Parameter. */ name: pulumi.Input; /** * Is this Query Parameter Required? */ required: pulumi.Input; /** * The name of the Schema. */ schemaId?: pulumi.Input; /** * The Type of this Query Parameter, such as a `string`. */ type: pulumi.Input; /** * The type name defined by the Schema. */ typeName?: pulumi.Input; /** * One or more acceptable values for this Query Parameter. */ values?: pulumi.Input[]>; } interface ApiOperationRequestQueryParameterExample { /** * A long description for this example. */ description?: pulumi.Input; /** * A URL that points to the literal example. */ externalValue?: pulumi.Input; /** * The name of this example. */ name: pulumi.Input; /** * A short description for this example. */ summary?: pulumi.Input; /** * The example of the representation. */ value?: pulumi.Input; } interface ApiOperationRequestRepresentation { /** * The Content Type of this representation, such as `application/json`. */ contentType: pulumi.Input; /** * One or more `example` blocks as defined above. */ examples?: pulumi.Input[]>; /** * One or more `formParameter` block as defined above. * * > **Note:** This is Required when `contentType` is set to `application/x-www-form-urlencoded` or `multipart/form-data`. */ formParameters?: pulumi.Input[]>; /** * The ID of an API Management Schema which represents this Response. * * > **Note:** This can only be specified when `contentType` is not set to `application/x-www-form-urlencoded` or `multipart/form-data`. */ schemaId?: pulumi.Input; /** * The Type Name defined by the Schema. * * > **Note:** This can only be specified when `contentType` is not set to `application/x-www-form-urlencoded` or `multipart/form-data`. */ typeName?: pulumi.Input; } interface ApiOperationRequestRepresentationExample { /** * A long description for this example. */ description?: pulumi.Input; /** * A URL that points to the literal example. */ externalValue?: pulumi.Input; /** * The name of this example. */ name: pulumi.Input; /** * A short description for this example. */ summary?: pulumi.Input; /** * The example of the representation. */ value?: pulumi.Input; } interface ApiOperationRequestRepresentationFormParameter { /** * The default value for this Form Parameter. */ defaultValue?: pulumi.Input; /** * A description of this Form Parameter. */ description?: pulumi.Input; /** * One or more `example` blocks as defined above. */ examples?: pulumi.Input[]>; /** * The Name of this Form Parameter. */ name: pulumi.Input; /** * Is this Form Parameter Required? */ required: pulumi.Input; /** * The name of the Schema. */ schemaId?: pulumi.Input; /** * The Type of this Form Parameter, such as a `string`. */ type: pulumi.Input; /** * The type name defined by the Schema. */ typeName?: pulumi.Input; /** * One or more acceptable values for this Form Parameter. */ values?: pulumi.Input[]>; } interface ApiOperationRequestRepresentationFormParameterExample { /** * A long description for this example. */ description?: pulumi.Input; /** * A URL that points to the literal example. */ externalValue?: pulumi.Input; /** * The name of this example. */ name: pulumi.Input; /** * A short description for this example. */ summary?: pulumi.Input; /** * The example of the representation. */ value?: pulumi.Input; } interface ApiOperationResponse { /** * A description of the HTTP Response, which may include HTML tags. */ description?: pulumi.Input; /** * One or more `header` blocks as defined above. */ headers?: pulumi.Input[]>; /** * One or more `representation` blocks as defined above. */ representations?: pulumi.Input[]>; /** * The HTTP Status Code. */ statusCode: pulumi.Input; } interface ApiOperationResponseHeader { /** * The default value for this Header. */ defaultValue?: pulumi.Input; /** * A description of this Header. */ description?: pulumi.Input; /** * One or more `example` blocks as defined above. */ examples?: pulumi.Input[]>; /** * The Name of this Header. */ name: pulumi.Input; /** * Is this Header Required? */ required: pulumi.Input; /** * The name of the Schema. */ schemaId?: pulumi.Input; /** * The Type of this Header, such as a `string`. */ type: pulumi.Input; /** * The type name defined by the Schema. */ typeName?: pulumi.Input; /** * One or more acceptable values for this Header. */ values?: pulumi.Input[]>; } interface ApiOperationResponseHeaderExample { /** * A long description for this example. */ description?: pulumi.Input; /** * A URL that points to the literal example. */ externalValue?: pulumi.Input; /** * The name of this example. */ name: pulumi.Input; /** * A short description for this example. */ summary?: pulumi.Input; /** * The example of the representation. */ value?: pulumi.Input; } interface ApiOperationResponseRepresentation { /** * The Content Type of this representation, such as `application/json`. */ contentType: pulumi.Input; /** * One or more `example` blocks as defined above. */ examples?: pulumi.Input[]>; /** * One or more `formParameter` block as defined above. * * > **Note:** This is Required when `contentType` is set to `application/x-www-form-urlencoded` or `multipart/form-data`. */ formParameters?: pulumi.Input[]>; /** * The ID of an API Management Schema which represents this Response. * * > **Note:** This can only be specified when `contentType` is not set to `application/x-www-form-urlencoded` or `multipart/form-data`. */ schemaId?: pulumi.Input; /** * The Type Name defined by the Schema. * * > **Note:** This can only be specified when `contentType` is not set to `application/x-www-form-urlencoded` or `multipart/form-data`. */ typeName?: pulumi.Input; } interface ApiOperationResponseRepresentationExample { /** * A long description for this example. */ description?: pulumi.Input; /** * A URL that points to the literal example. */ externalValue?: pulumi.Input; /** * The name of this example. */ name: pulumi.Input; /** * A short description for this example. */ summary?: pulumi.Input; /** * The example of the representation. */ value?: pulumi.Input; } interface ApiOperationResponseRepresentationFormParameter { /** * The default value for this Form Parameter. */ defaultValue?: pulumi.Input; /** * A description of this Form Parameter. */ description?: pulumi.Input; /** * One or more `example` blocks as defined above. */ examples?: pulumi.Input[]>; /** * The Name of this Form Parameter. */ name: pulumi.Input; /** * Is this Form Parameter Required? */ required: pulumi.Input; /** * The name of the Schema. */ schemaId?: pulumi.Input; /** * The Type of this Form Parameter, such as a `string`. */ type: pulumi.Input; /** * The type name defined by the Schema. */ typeName?: pulumi.Input; /** * One or more acceptable values for this Form Parameter. */ values?: pulumi.Input[]>; } interface ApiOperationResponseRepresentationFormParameterExample { /** * A long description for this example. */ description?: pulumi.Input; /** * A URL that points to the literal example. */ externalValue?: pulumi.Input; /** * The name of this example. */ name: pulumi.Input; /** * A short description for this example. */ summary?: pulumi.Input; /** * The example of the representation. */ value?: pulumi.Input; } interface ApiOperationTemplateParameter { /** * The default value for this Template Parameter. */ defaultValue?: pulumi.Input; /** * A description of this Template Parameter. */ description?: pulumi.Input; /** * One or more `example` blocks as defined above. */ examples?: pulumi.Input[]>; /** * The Name of this Template Parameter. */ name: pulumi.Input; /** * Is this Template Parameter Required? */ required: pulumi.Input; /** * The name of the Schema. */ schemaId?: pulumi.Input; /** * The Type of this Template Parameter, such as a `string`. */ type: pulumi.Input; /** * The type name defined by the Schema. */ typeName?: pulumi.Input; /** * One or more acceptable values for this Template Parameter. */ values?: pulumi.Input[]>; } interface ApiOperationTemplateParameterExample { /** * A long description for this example. */ description?: pulumi.Input; /** * A URL that points to the literal example. */ externalValue?: pulumi.Input; /** * The name of this example. */ name: pulumi.Input; /** * A short description for this example. */ summary?: pulumi.Input; /** * The example of the representation. */ value?: pulumi.Input; } interface ApiSubscriptionKeyParameterNames { /** * The name of the HTTP Header which should be used for the Subscription Key. */ header: pulumi.Input; /** * The name of the QueryString parameter which should be used for the Subscription Key. */ query: pulumi.Input; } interface AuthorizationServerTokenBodyParameter { /** * The Name of the Parameter. */ name: pulumi.Input; /** * The Value of the Parameter. */ value: pulumi.Input; } interface BackendCircuitBreakerRule { /** * Specifies whether the circuit breaker should honor `Retry-After` requests. Defaults to `false`. */ acceptRetryAfterEnabled?: pulumi.Input; /** * A `failureCondition` block as defined below. */ failureCondition: pulumi.Input; /** * The name of the circuit breaker rule. */ name: pulumi.Input; /** * Specifies the duration for which the circuit remains open before retrying, in ISO 8601 format. */ tripDuration: pulumi.Input; } interface BackendCircuitBreakerRuleFailureCondition { /** * Specifies the number of failures within the specified interval that will trigger the circuit breaker. Possible values are between `1` and `10000`. */ count?: pulumi.Input; /** * Specifies a list of error reasons to consider as failures. */ errorReasons?: pulumi.Input[]>; /** * Specifies the time window over which failures are counted, in ISO 8601 format. */ intervalDuration: pulumi.Input; /** * Specifies the percentage of failures within the specified interval that will trigger the circuit breaker. Possible values are between `1` and `100`. * * > **Note:** Exactly one of `percentage` or `count` must be specified. */ percentage?: pulumi.Input; /** * One or more `statusCodeRange` blocks as defined below. * * > **Note:** At least one of `statusCodeRange`, and `errorReasons` must be set. */ statusCodeRanges?: pulumi.Input[]>; } interface BackendCircuitBreakerRuleFailureConditionStatusCodeRange { /** * Specifies the maximum HTTP status code to consider as a failure. Possible values are between `200` and `599`. */ max: pulumi.Input; /** * Specifies the minimum HTTP status code to consider as a failure. Possible values are between `200` and `599`. */ min: pulumi.Input; } interface BackendCredentials { /** * An `authorization` block as defined below. */ authorization?: pulumi.Input; /** * A list of client certificate thumbprints to present to the backend host. The certificates must exist within the API Management Service. */ certificates?: pulumi.Input[]>; /** * A mapping of header parameters to pass to the backend host. The keys are the header names and the values are a comma separated string of header values. This is converted to a list before being passed to the API. */ header?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * A mapping of query parameters to pass to the backend host. The keys are the query names and the values are a comma separated string of query values. This is converted to a list before being passed to the API. */ query?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface BackendCredentialsAuthorization { /** * The authentication Parameter value. */ parameter?: pulumi.Input; /** * The authentication Scheme name. */ scheme?: pulumi.Input; } interface BackendProxy { /** * The password to connect to the proxy server. */ password?: pulumi.Input; /** * The URL of the proxy server. */ url: pulumi.Input; /** * The username to connect to the proxy server. */ username: pulumi.Input; } interface BackendServiceFabricCluster { /** * The client certificate resource id for the management endpoint. * * > **Note:** At least one of `clientCertificateThumbprint`, and `clientCertificateId` must be set. */ clientCertificateId?: pulumi.Input; /** * The client certificate thumbprint for the management endpoint. */ clientCertificateThumbprint?: pulumi.Input; /** * A list of cluster management endpoints. */ managementEndpoints: pulumi.Input[]>; /** * The maximum number of retries when attempting resolve the partition. */ maxPartitionResolutionRetries: pulumi.Input; /** * A list of thumbprints of the server certificates of the Service Fabric cluster. */ serverCertificateThumbprints?: pulumi.Input[]>; /** * One or more `serverX509Name` blocks as documented below. */ serverX509Names?: pulumi.Input[]>; } interface BackendServiceFabricClusterServerX509Name { /** * The thumbprint for the issuer of the certificate. */ issuerCertificateThumbprint: pulumi.Input; /** * The common name of the certificate. */ name: pulumi.Input; } interface BackendTls { /** * Flag indicating whether SSL certificate chain validation should be done when using self-signed certificates for the backend host. */ validateCertificateChain?: pulumi.Input; /** * Flag indicating whether SSL certificate name validation should be done when using self-signed certificates for the backend host. */ validateCertificateName?: pulumi.Input; } interface CustomDomainDeveloperPortal { /** * The Base64 Encoded Certificate. (Mutually exclusive with `keyVaultId`.) */ certificate?: pulumi.Input; /** * The password associated with the certificate provided above. */ certificatePassword?: pulumi.Input; certificateSource?: pulumi.Input; certificateStatus?: pulumi.Input; expiry?: pulumi.Input; /** * The Hostname to use for the corresponding endpoint. */ hostName: pulumi.Input; keyVaultCertificateId?: pulumi.Input; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be should be of the type application/x-pkcs12. * * @deprecated `keyVaultId` has been deprecated in favour of `keyVaultCertificateId` and will be removed in v5.0 of the AzureRM provider */ keyVaultId?: pulumi.Input; /** * Should Client Certificate Negotiation be enabled for this Hostname? Defaults to `false`. */ negotiateClientCertificate?: pulumi.Input; /** * System or User Assigned Managed identity clientId as generated by Azure AD, which has `GET` access to the keyVault containing the SSL certificate. * * > **NOTE:** If a User Assigned Managed identity is specified for `sslKeyvaultIdentityClientId` then this identity must be associated to the `azure.apimanagement.Service` within an `identity` block. */ sslKeyvaultIdentityClientId?: pulumi.Input; subject?: pulumi.Input; thumbprint?: pulumi.Input; } interface CustomDomainGateway { /** * The Base64 Encoded Certificate. (Mutually exclusive with `keyVaultId`.) */ certificate?: pulumi.Input; /** * The password associated with the certificate provided above. */ certificatePassword?: pulumi.Input; certificateSource?: pulumi.Input; certificateStatus?: pulumi.Input; /** * Is the certificate associated with this Hostname the Default SSL Certificate? This is used when an SNI header isn't specified by a client. Defaults to `false`. */ defaultSslBinding?: pulumi.Input; expiry?: pulumi.Input; /** * The Hostname to use for the API Proxy Endpoint. */ hostName: pulumi.Input; keyVaultCertificateId?: pulumi.Input; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be should be of the type application/x-pkcs12. * * @deprecated `keyVaultId` has been deprecated in favour of `keyVaultCertificateId` and will be removed in v5.0 of the AzureRM provider */ keyVaultId?: pulumi.Input; /** * Should Client Certificate Negotiation be enabled for this Hostname? Defaults to `false`. */ negotiateClientCertificate?: pulumi.Input; /** * System or User Assigned Managed identity clientId as generated by Azure AD, which has `GET` access to the keyVault containing the SSL certificate. * * > **NOTE:** If a User Assigned Managed identity is specified for `sslKeyvaultIdentityClientId` then this identity must be associated to the `azure.apimanagement.Service` within an `identity` block. */ sslKeyvaultIdentityClientId?: pulumi.Input; subject?: pulumi.Input; thumbprint?: pulumi.Input; } interface CustomDomainManagement { /** * The Base64 Encoded Certificate. (Mutually exclusive with `keyVaultId`.) */ certificate?: pulumi.Input; /** * The password associated with the certificate provided above. */ certificatePassword?: pulumi.Input; certificateSource?: pulumi.Input; certificateStatus?: pulumi.Input; expiry?: pulumi.Input; /** * The Hostname to use for the corresponding endpoint. */ hostName: pulumi.Input; keyVaultCertificateId?: pulumi.Input; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be should be of the type application/x-pkcs12. * * @deprecated `keyVaultId` has been deprecated in favour of `keyVaultCertificateId` and will be removed in v5.0 of the AzureRM provider */ keyVaultId?: pulumi.Input; /** * Should Client Certificate Negotiation be enabled for this Hostname? Defaults to `false`. */ negotiateClientCertificate?: pulumi.Input; /** * System or User Assigned Managed identity clientId as generated by Azure AD, which has `GET` access to the keyVault containing the SSL certificate. * * > **NOTE:** If a User Assigned Managed identity is specified for `sslKeyvaultIdentityClientId` then this identity must be associated to the `azure.apimanagement.Service` within an `identity` block. */ sslKeyvaultIdentityClientId?: pulumi.Input; subject?: pulumi.Input; thumbprint?: pulumi.Input; } interface CustomDomainPortal { /** * The Base64 Encoded Certificate. (Mutually exclusive with `keyVaultId`.) */ certificate?: pulumi.Input; /** * The password associated with the certificate provided above. */ certificatePassword?: pulumi.Input; certificateSource?: pulumi.Input; certificateStatus?: pulumi.Input; expiry?: pulumi.Input; /** * The Hostname to use for the corresponding endpoint. */ hostName: pulumi.Input; keyVaultCertificateId?: pulumi.Input; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be should be of the type application/x-pkcs12. * * @deprecated `keyVaultId` has been deprecated in favour of `keyVaultCertificateId` and will be removed in v5.0 of the AzureRM provider */ keyVaultId?: pulumi.Input; /** * Should Client Certificate Negotiation be enabled for this Hostname? Defaults to `false`. */ negotiateClientCertificate?: pulumi.Input; /** * System or User Assigned Managed identity clientId as generated by Azure AD, which has `GET` access to the keyVault containing the SSL certificate. * * > **NOTE:** If a User Assigned Managed identity is specified for `sslKeyvaultIdentityClientId` then this identity must be associated to the `azure.apimanagement.Service` within an `identity` block. */ sslKeyvaultIdentityClientId?: pulumi.Input; subject?: pulumi.Input; thumbprint?: pulumi.Input; } interface CustomDomainScm { /** * The Base64 Encoded Certificate. (Mutually exclusive with `keyVaultId`.) */ certificate?: pulumi.Input; /** * The password associated with the certificate provided above. */ certificatePassword?: pulumi.Input; certificateSource?: pulumi.Input; certificateStatus?: pulumi.Input; expiry?: pulumi.Input; /** * The Hostname to use for the corresponding endpoint. */ hostName: pulumi.Input; keyVaultCertificateId?: pulumi.Input; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be should be of the type application/x-pkcs12. * * @deprecated `keyVaultId` has been deprecated in favour of `keyVaultCertificateId` and will be removed in v5.0 of the AzureRM provider */ keyVaultId?: pulumi.Input; /** * Should Client Certificate Negotiation be enabled for this Hostname? Defaults to `false`. */ negotiateClientCertificate?: pulumi.Input; /** * System or User Assigned Managed identity clientId as generated by Azure AD, which has `GET` access to the keyVault containing the SSL certificate. * * > **NOTE:** If a User Assigned Managed identity is specified for `sslKeyvaultIdentityClientId` then this identity must be associated to the `azure.apimanagement.Service` within an `identity` block. */ sslKeyvaultIdentityClientId?: pulumi.Input; subject?: pulumi.Input; thumbprint?: pulumi.Input; } interface DiagnosticBackendRequest { /** * Number of payload bytes to log (up to 8192). */ bodyBytes?: pulumi.Input; /** * A `dataMasking` block as defined below. */ dataMasking?: pulumi.Input; /** * Specifies a list of headers to log. */ headersToLogs?: pulumi.Input[]>; } interface DiagnosticBackendRequestDataMasking { /** * A `headers` block as defined below. */ headers?: pulumi.Input[]>; /** * A `queryParams` block as defined below. */ queryParams?: pulumi.Input[]>; } interface DiagnosticBackendRequestDataMaskingHeader { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface DiagnosticBackendRequestDataMaskingQueryParam { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface DiagnosticBackendResponse { /** * Number of payload bytes to log (up to 8192). */ bodyBytes?: pulumi.Input; /** * A `dataMasking` block as defined below. */ dataMasking?: pulumi.Input; /** * Specifies a list of headers to log. */ headersToLogs?: pulumi.Input[]>; } interface DiagnosticBackendResponseDataMasking { /** * A `headers` block as defined below. */ headers?: pulumi.Input[]>; /** * A `queryParams` block as defined below. */ queryParams?: pulumi.Input[]>; } interface DiagnosticBackendResponseDataMaskingHeader { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface DiagnosticBackendResponseDataMaskingQueryParam { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface DiagnosticFrontendRequest { /** * Number of payload bytes to log (up to 8192). */ bodyBytes?: pulumi.Input; /** * A `dataMasking` block as defined below. */ dataMasking?: pulumi.Input; /** * Specifies a list of headers to log. */ headersToLogs?: pulumi.Input[]>; } interface DiagnosticFrontendRequestDataMasking { /** * A `headers` block as defined below. */ headers?: pulumi.Input[]>; /** * A `queryParams` block as defined below. */ queryParams?: pulumi.Input[]>; } interface DiagnosticFrontendRequestDataMaskingHeader { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface DiagnosticFrontendRequestDataMaskingQueryParam { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface DiagnosticFrontendResponse { /** * Number of payload bytes to log (up to 8192). */ bodyBytes?: pulumi.Input; /** * A `dataMasking` block as defined below. */ dataMasking?: pulumi.Input; /** * Specifies a list of headers to log. */ headersToLogs?: pulumi.Input[]>; } interface DiagnosticFrontendResponseDataMasking { /** * A `headers` block as defined below. */ headers?: pulumi.Input[]>; /** * A `queryParams` block as defined below. */ queryParams?: pulumi.Input[]>; } interface DiagnosticFrontendResponseDataMaskingHeader { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface DiagnosticFrontendResponseDataMaskingQueryParam { /** * The data masking mode. Possible values are `Mask` and `Hide` for `queryParams`. The only possible value is `Mask` for `headers`. */ mode: pulumi.Input; /** * The name of the header or the query parameter to mask. */ value: pulumi.Input; } interface GatewayLocationData { /** * The city or locality where the resource is located. */ city?: pulumi.Input; /** * The district, state, or province where the resource is located. */ district?: pulumi.Input; /** * A canonical name for the geographic or physical location. */ name: pulumi.Input; /** * The country or region where the resource is located. */ region?: pulumi.Input; } interface LoggerApplicationInsights { /** * The connection string of Application Insights. */ connectionString?: pulumi.Input; /** * The instrumentation key used to push data to Application Insights. * * > **Note:** Either `connectionString` or `instrumentationKey` have to be specified. */ instrumentationKey?: pulumi.Input; } interface LoggerEventhub { /** * The connection string of an EventHub Namespace. * * > **Note:** At least one of `connectionString` or `endpointUri` must be specified */ connectionString?: pulumi.Input; /** * The endpoint address of an EventHub Namespace. Required when `clientId` is set. */ endpointUri?: pulumi.Input; /** * The name of an EventHub. */ name: pulumi.Input; /** * The Client Id of the User Assigned Identity with the "Azure Event Hubs Data Sender" role to the target EventHub Namespace. Required when `endpointUri` is set. If not specified the System Assigned Identity will be used. */ userAssignedIdentityClientId?: pulumi.Input; } interface NamedValueValueFromKeyVault { /** * The client ID of User Assigned Identity, for the API Management Service, which will be used to access the key vault secret. The System Assigned Identity will be used in absence. */ identityClientId?: pulumi.Input; /** * The resource ID of the Key Vault Secret. */ secretId: pulumi.Input; } interface ServiceAdditionalLocation { /** * The number of compute units in this region. Defaults to the capacity of the main region. */ capacity?: pulumi.Input; /** * Only valid for an Api Management service deployed in multiple locations. This can be used to disable the gateway in this additional location. */ gatewayDisabled?: pulumi.Input; /** * The URL of the Regional Gateway for the API Management Service in the specified region. */ gatewayRegionalUrl?: pulumi.Input; /** * The name of the Azure Region in which the API Management Service should be expanded to. */ location: pulumi.Input; /** * The Private IP addresses of the API Management Service. Available only when the API Manager instance is using Virtual Network mode. */ privateIpAddresses?: pulumi.Input[]>; /** * ID of a standard SKU IPv4 Public IP. * * > **Note:** Availability zones and custom public IPs are only supported in the Premium tier. */ publicIpAddressId?: pulumi.Input; /** * Public Static Load Balanced IP addresses of the API Management service in the additional location. Available only for Basic, Standard and Premium SKU. */ publicIpAddresses?: pulumi.Input[]>; /** * A `virtualNetworkConfiguration` block as defined below. Required when `virtualNetworkType` is `External` or `Internal`. */ virtualNetworkConfiguration?: pulumi.Input; /** * A list of availability zones. */ zones?: pulumi.Input[]>; } interface ServiceAdditionalLocationVirtualNetworkConfiguration { /** * The id of the subnet that will be used for the API Management. */ subnetId: pulumi.Input; } interface ServiceCertificate { /** * The password for the certificate. */ certificatePassword?: pulumi.Input; /** * The Base64 Encoded PFX or Base64 Encoded X.509 Certificate. */ encodedCertificate: pulumi.Input; /** * The expiration date of the certificate in RFC3339 format: `2000-01-02T03:04:05Z`. */ expiry?: pulumi.Input; /** * The name of the Certificate Store where this certificate should be stored. Possible values are `CertificateAuthority` and `Root`. */ storeName: pulumi.Input; /** * The subject of the certificate. */ subject?: pulumi.Input; /** * The thumbprint of the certificate. */ thumbprint?: pulumi.Input; } interface ServiceDelegation { /** * Should subscription requests be delegated to an external url? Defaults to `false`. */ subscriptionsEnabled?: pulumi.Input; /** * The delegation URL. */ url?: pulumi.Input; /** * Should user registration requests be delegated to an external url? Defaults to `false`. */ userRegistrationEnabled?: pulumi.Input; /** * A base64-encoded validation key to validate, that a request is coming from Azure API Management. */ validationKey?: pulumi.Input; } interface ServiceHostnameConfiguration { /** * One or more `developerPortal` blocks as documented below. */ developerPortals?: pulumi.Input[]>; /** * One or more `management` blocks as documented below. */ managements?: pulumi.Input[]>; /** * One or more `portal` blocks as documented below. */ portals?: pulumi.Input[]>; /** * One or more `proxy` blocks as documented below. */ proxies?: pulumi.Input[]>; /** * One or more `scm` blocks as documented below. */ scms?: pulumi.Input[]>; } interface ServiceHostnameConfigurationDeveloperPortal { /** * The Base64 Encoded Certificate. */ certificate?: pulumi.Input; /** * The password associated with the certificate provided above. * * > **Note:** Either `keyVaultCertificateId` or `certificate` and `certificatePassword` must be specified. */ certificatePassword?: pulumi.Input; /** * The source of the certificate. */ certificateSource?: pulumi.Input; /** * The status of the certificate. */ certificateStatus?: pulumi.Input; /** * The expiration date of the certificate in RFC3339 format: `2000-01-02T03:04:05Z`. */ expiry?: pulumi.Input; /** * The Hostname to use for the Management API. */ hostName: pulumi.Input; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be of the type `application/x-pkcs12`. * * > **Note:** Setting this field requires the `identity` block to be specified, since this identity is used for to retrieve the Key Vault Certificate. Possible values are versioned or versionless secret ID. Auto-updating the Certificate from the Key Vault requires the Secret version isn't specified. */ keyVaultCertificateId?: pulumi.Input; /** * @deprecated `keyVaultId` has been deprecated in favour of `keyVaultCertificateId` and will be removed in v5.0 of the AzureRM provider */ keyVaultId?: pulumi.Input; /** * Should Client Certificate Negotiation be enabled for this Hostname? Defaults to `false`. */ negotiateClientCertificate?: pulumi.Input; /** * System or User Assigned Managed identity clientId as generated by Azure AD, which has `GET` access to the keyVault containing the SSL certificate. * * > **Note:** If a User Assigned Managed identity is specified for `sslKeyvaultIdentityClientId` then this identity must be associated to the `azure.apimanagement.Service` within an `identity` block. */ sslKeyvaultIdentityClientId?: pulumi.Input; /** * The subject of the certificate. */ subject?: pulumi.Input; /** * The thumbprint of the certificate. */ thumbprint?: pulumi.Input; } interface ServiceHostnameConfigurationManagement { /** * The Base64 Encoded Certificate. */ certificate?: pulumi.Input; /** * The password associated with the certificate provided above. * * > **Note:** Either `keyVaultCertificateId` or `certificate` and `certificatePassword` must be specified. */ certificatePassword?: pulumi.Input; /** * The source of the certificate. */ certificateSource?: pulumi.Input; /** * The status of the certificate. */ certificateStatus?: pulumi.Input; /** * The expiration date of the certificate in RFC3339 format: `2000-01-02T03:04:05Z`. */ expiry?: pulumi.Input; /** * The Hostname to use for the Management API. */ hostName: pulumi.Input; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be of the type `application/x-pkcs12`. * * > **Note:** Setting this field requires the `identity` block to be specified, since this identity is used for to retrieve the Key Vault Certificate. Possible values are versioned or versionless secret ID. Auto-updating the Certificate from the Key Vault requires the Secret version isn't specified. */ keyVaultCertificateId?: pulumi.Input; /** * @deprecated `keyVaultId` has been deprecated in favour of `keyVaultCertificateId` and will be removed in v5.0 of the AzureRM provider */ keyVaultId?: pulumi.Input; /** * Should Client Certificate Negotiation be enabled for this Hostname? Defaults to `false`. */ negotiateClientCertificate?: pulumi.Input; /** * System or User Assigned Managed identity clientId as generated by Azure AD, which has `GET` access to the keyVault containing the SSL certificate. * * > **Note:** If a User Assigned Managed identity is specified for `sslKeyvaultIdentityClientId` then this identity must be associated to the `azure.apimanagement.Service` within an `identity` block. */ sslKeyvaultIdentityClientId?: pulumi.Input; /** * The subject of the certificate. */ subject?: pulumi.Input; /** * The thumbprint of the certificate. */ thumbprint?: pulumi.Input; } interface ServiceHostnameConfigurationPortal { /** * The Base64 Encoded Certificate. */ certificate?: pulumi.Input; /** * The password associated with the certificate provided above. * * > **Note:** Either `keyVaultCertificateId` or `certificate` and `certificatePassword` must be specified. */ certificatePassword?: pulumi.Input; /** * The source of the certificate. */ certificateSource?: pulumi.Input; /** * The status of the certificate. */ certificateStatus?: pulumi.Input; /** * The expiration date of the certificate in RFC3339 format: `2000-01-02T03:04:05Z`. */ expiry?: pulumi.Input; /** * The Hostname to use for the Management API. */ hostName: pulumi.Input; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be of the type `application/x-pkcs12`. * * > **Note:** Setting this field requires the `identity` block to be specified, since this identity is used for to retrieve the Key Vault Certificate. Possible values are versioned or versionless secret ID. Auto-updating the Certificate from the Key Vault requires the Secret version isn't specified. */ keyVaultCertificateId?: pulumi.Input; /** * @deprecated `keyVaultId` has been deprecated in favour of `keyVaultCertificateId` and will be removed in v5.0 of the AzureRM provider */ keyVaultId?: pulumi.Input; /** * Should Client Certificate Negotiation be enabled for this Hostname? Defaults to `false`. */ negotiateClientCertificate?: pulumi.Input; /** * System or User Assigned Managed identity clientId as generated by Azure AD, which has `GET` access to the keyVault containing the SSL certificate. * * > **Note:** If a User Assigned Managed identity is specified for `sslKeyvaultIdentityClientId` then this identity must be associated to the `azure.apimanagement.Service` within an `identity` block. */ sslKeyvaultIdentityClientId?: pulumi.Input; /** * The subject of the certificate. */ subject?: pulumi.Input; /** * The thumbprint of the certificate. */ thumbprint?: pulumi.Input; } interface ServiceHostnameConfigurationProxy { /** * The Base64 Encoded Certificate. */ certificate?: pulumi.Input; /** * The password associated with the certificate provided above. * * > **Note:** Either `keyVaultCertificateId` or `certificate` and `certificatePassword` must be specified. */ certificatePassword?: pulumi.Input; /** * The source of the certificate. */ certificateSource?: pulumi.Input; /** * The status of the certificate. */ certificateStatus?: pulumi.Input; /** * Is the certificate associated with this Hostname the Default SSL Certificate? This is used when an SNI header isn't specified by a client. Defaults to `false`. */ defaultSslBinding?: pulumi.Input; /** * The expiration date of the certificate in RFC3339 format: `2000-01-02T03:04:05Z`. */ expiry?: pulumi.Input; /** * The Hostname to use for the Management API. */ hostName: pulumi.Input; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be of the type `application/x-pkcs12`. * * > **Note:** Setting this field requires the `identity` block to be specified, since this identity is used for to retrieve the Key Vault Certificate. Auto-updating the Certificate from the Key Vault requires the Secret version isn't specified. */ keyVaultCertificateId?: pulumi.Input; /** * @deprecated `keyVaultId` has been deprecated in favour of `keyVaultCertificateId` and will be removed in v5.0 of the AzureRM provider */ keyVaultId?: pulumi.Input; /** * Should Client Certificate Negotiation be enabled for this Hostname? Defaults to `false`. */ negotiateClientCertificate?: pulumi.Input; /** * The Managed Identity Client ID to use to access the Key Vault. This Identity must be specified in the `identity` block to be used. */ sslKeyvaultIdentityClientId?: pulumi.Input; /** * The subject of the certificate. */ subject?: pulumi.Input; /** * The thumbprint of the certificate. */ thumbprint?: pulumi.Input; } interface ServiceHostnameConfigurationScm { /** * The Base64 Encoded Certificate. */ certificate?: pulumi.Input; /** * The password associated with the certificate provided above. * * > **Note:** Either `keyVaultCertificateId` or `certificate` and `certificatePassword` must be specified. */ certificatePassword?: pulumi.Input; /** * The source of the certificate. */ certificateSource?: pulumi.Input; /** * The status of the certificate. */ certificateStatus?: pulumi.Input; /** * The expiration date of the certificate in RFC3339 format: `2000-01-02T03:04:05Z`. */ expiry?: pulumi.Input; /** * The Hostname to use for the Management API. */ hostName: pulumi.Input; /** * The ID of the Key Vault Secret containing the SSL Certificate, which must be of the type `application/x-pkcs12`. * * > **Note:** Setting this field requires the `identity` block to be specified, since this identity is used for to retrieve the Key Vault Certificate. Possible values are versioned or versionless secret ID. Auto-updating the Certificate from the Key Vault requires the Secret version isn't specified. */ keyVaultCertificateId?: pulumi.Input; /** * @deprecated `keyVaultId` has been deprecated in favour of `keyVaultCertificateId` and will be removed in v5.0 of the AzureRM provider */ keyVaultId?: pulumi.Input; /** * Should Client Certificate Negotiation be enabled for this Hostname? Defaults to `false`. */ negotiateClientCertificate?: pulumi.Input; /** * System or User Assigned Managed identity clientId as generated by Azure AD, which has `GET` access to the keyVault containing the SSL certificate. * * > **Note:** If a User Assigned Managed identity is specified for `sslKeyvaultIdentityClientId` then this identity must be associated to the `azure.apimanagement.Service` within an `identity` block. */ sslKeyvaultIdentityClientId?: pulumi.Input; /** * The subject of the certificate. */ subject?: pulumi.Input; /** * The thumbprint of the certificate. */ thumbprint?: pulumi.Input; } interface ServiceIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this API Management Service. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The identifier for the tenant access information contract. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this API Management Service. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface ServiceProtocols { /** * @deprecated `protocols.enable_http2` has been deprecated in favour of the `protocols.http2_enabled` property and will be removed in v5.0 of the AzureRM Provider */ enableHttp2?: pulumi.Input; /** * Should HTTP/2 be supported by the API Management Service? Defaults to `false`. */ http2Enabled?: pulumi.Input; } interface ServiceSecurity { /** * Should SSL 3.0 be enabled on the backend of the gateway? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30` field */ backendSsl30Enabled?: pulumi.Input; /** * Should TLS 1.0 be enabled on the backend of the gateway? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10` field */ backendTls10Enabled?: pulumi.Input; /** * Should TLS 1.1 be enabled on the backend of the gateway? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11` field */ backendTls11Enabled?: pulumi.Input; /** * @deprecated `security.enable_backend_ssl30` has been deprecated in favour of the `security.backend_ssl30_enabled` property and will be removed in v5.0 of the AzureRM Provider */ enableBackendSsl30?: pulumi.Input; /** * @deprecated `security.enable_backend_tls10` has been deprecated in favour of the `security.backend_tls10_enabled` property and will be removed in v5.0 of the AzureRM Provider */ enableBackendTls10?: pulumi.Input; /** * @deprecated `security.enable_backend_tls11` has been deprecated in favour of the `security.backend_tls11_enabled` property and will be removed in v5.0 of the AzureRM Provider */ enableBackendTls11?: pulumi.Input; /** * @deprecated `security.enable_frontend_ssl30` has been deprecated in favour of the `security.frontend_ssl30_enabled` property and will be removed in v5.0 of the AzureRM Provider */ enableFrontendSsl30?: pulumi.Input; /** * @deprecated `security.enable_frontend_tls10` has been deprecated in favour of the `security.frontend_tls10_enabled` property and will be removed in v5.0 of the AzureRM Provider */ enableFrontendTls10?: pulumi.Input; /** * @deprecated `security.enable_frontend_tls11` has been deprecated in favour of the `security.frontend_tls11_enabled` property and will be removed in v5.0 of the AzureRM Provider */ enableFrontendTls11?: pulumi.Input; /** * Should SSL 3.0 be enabled on the frontend of the gateway? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30` field */ frontendSsl30Enabled?: pulumi.Input; /** * Should TLS 1.0 be enabled on the frontend of the gateway? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10` field */ frontendTls10Enabled?: pulumi.Input; /** * Should TLS 1.1 be enabled on the frontend of the gateway? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11` field */ frontendTls11Enabled?: pulumi.Input; /** * Should the `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA` cipher be enabled? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA` field */ tlsEcdheEcdsaWithAes128CbcShaCiphersEnabled?: pulumi.Input; /** * Should the `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA` cipher be enabled? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA` field */ tlsEcdheEcdsaWithAes256CbcShaCiphersEnabled?: pulumi.Input; /** * Should the `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` cipher be enabled? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` field */ tlsEcdheRsaWithAes128CbcShaCiphersEnabled?: pulumi.Input; /** * Should the `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` cipher be enabled? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` field */ tlsEcdheRsaWithAes256CbcShaCiphersEnabled?: pulumi.Input; /** * Should the `TLS_RSA_WITH_AES_128_CBC_SHA256` cipher be enabled? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256` field */ tlsRsaWithAes128CbcSha256CiphersEnabled?: pulumi.Input; /** * Should the `TLS_RSA_WITH_AES_128_CBC_SHA` cipher be enabled? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA` field */ tlsRsaWithAes128CbcShaCiphersEnabled?: pulumi.Input; /** * Should the `TLS_RSA_WITH_AES_128_GCM_SHA256` cipher be enabled? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256` field */ tlsRsaWithAes128GcmSha256CiphersEnabled?: pulumi.Input; /** * Should the `TLS_RSA_WITH_AES_256_CBC_SHA256` cipher be enabled? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256` field */ tlsRsaWithAes256CbcSha256CiphersEnabled?: pulumi.Input; /** * Should the `TLS_RSA_WITH_AES_256_CBC_SHA` cipher be enabled? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA` field */ tlsRsaWithAes256CbcShaCiphersEnabled?: pulumi.Input; /** * Should the `TLS_RSA_WITH_AES_256_GCM_SHA384` cipher be enabled? Defaults to `false`. * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_GCM_SHA384` field */ tlsRsaWithAes256GcmSha384CiphersEnabled?: pulumi.Input; /** * Should the `TLS_RSA_WITH_3DES_EDE_CBC_SHA` cipher be enabled for alL TLS versions (1.0, 1.1 and 1.2)? * * > **Note:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168` field */ tripleDesCiphersEnabled?: pulumi.Input; } interface ServiceSignIn { /** * Should anonymous users be redirected to the sign in page? */ enabled: pulumi.Input; } interface ServiceSignUp { /** * Can users sign up on the development portal? */ enabled: pulumi.Input; /** * A `termsOfService` block as defined below. */ termsOfService: pulumi.Input; } interface ServiceSignUpTermsOfService { /** * Should the user be asked for consent during sign up? */ consentRequired: pulumi.Input; /** * Should Terms of Service be displayed during sign up?. */ enabled: pulumi.Input; /** * The Terms of Service which users are required to agree to in order to sign up. */ text?: pulumi.Input; } interface ServiceTenantAccess { /** * Should the access to the management API be enabled? */ enabled: pulumi.Input; /** * Primary access key for the tenant access information contract. */ primaryKey?: pulumi.Input; /** * Secondary access key for the tenant access information contract. */ secondaryKey?: pulumi.Input; /** * The identifier for the tenant access information contract. */ tenantId?: pulumi.Input; } interface ServiceVirtualNetworkConfiguration { /** * The id of the subnet that will be used for the API Management. */ subnetId: pulumi.Input; } interface StandaloneGatewaySku { /** * The number of deployed units of the SKU. Defaults to `1`. */ capacity?: pulumi.Input; /** * The name of the SKU. The only possible value is `WorkspaceGatewayPremium`. */ name: pulumi.Input; } interface WorkspaceNamedValueValueFromKeyVault { /** * The client ID of the User Assigned Identity, for the API Management Service, which will be used to access the key vault secret. The System Assigned Identity will be used if not specified. */ identityClientId?: pulumi.Input; /** * The resource ID of the Key Vault Secret. */ secretId: pulumi.Input; } } export declare namespace appconfiguration { interface ConfigurationFeatureCustomFilter { /** * The name of the parameter, this could be any string. */ name: pulumi.Input; /** * One or more `parameters` blocks as defined below. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface ConfigurationFeatureTargetingFilter { /** * A number representing the percentage of the entire user base. */ defaultRolloutPercentage: pulumi.Input; /** * One or more `groups` blocks as defined below. */ groups?: pulumi.Input[]>; /** * A list of users to target for this feature. */ users?: pulumi.Input[]>; } interface ConfigurationFeatureTargetingFilterGroup { /** * The name of the group. */ name: pulumi.Input; /** * Rollout percentage of the group. */ rolloutPercentage: pulumi.Input; } interface ConfigurationFeatureTimewindowFilter { /** * The latest timestamp the feature is enabled. The timestamp must be in RFC3339 format. */ end?: pulumi.Input; /** * The earliest timestamp the feature is enabled. The timestamp must be in RFC3339 format. */ start?: pulumi.Input; } interface ConfigurationStoreEncryption { /** * Specifies the client ID of the identity which will be used to access key vault. */ identityClientId?: pulumi.Input; /** * Specifies the URI of the key vault key used to encrypt data. */ keyVaultKeyIdentifier?: pulumi.Input; } interface ConfigurationStoreIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this App Configuration. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this App Configuration. Possible values are `SystemAssigned`, `UserAssigned`, and `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface ConfigurationStorePrimaryReadKey { /** * The Connection String for this Access Key - consisting of the Endpoint, ID, and Secret. */ connectionString?: pulumi.Input; /** * The ID of the Access Key. */ id?: pulumi.Input; /** * The Secret of the Access Key. */ secret?: pulumi.Input; } interface ConfigurationStorePrimaryWriteKey { /** * The Connection String for this Access Key - consisting of the Endpoint, ID, and Secret. */ connectionString?: pulumi.Input; /** * The ID of the Access Key. */ id?: pulumi.Input; /** * The Secret of the Access Key. */ secret?: pulumi.Input; } interface ConfigurationStoreReplica { /** * The URL of the App Configuration Replica. */ endpoint?: pulumi.Input; /** * The ID of the Access Key. */ id?: pulumi.Input; /** * Specifies the supported Azure location where the replica exists. */ location: pulumi.Input; /** * Specifies the name of the replica. */ name: pulumi.Input; } interface ConfigurationStoreSecondaryReadKey { /** * The Connection String for this Access Key - consisting of the Endpoint, ID, and Secret. */ connectionString?: pulumi.Input; /** * The ID of the Access Key. */ id?: pulumi.Input; /** * The Secret of the Access Key. */ secret?: pulumi.Input; } interface ConfigurationStoreSecondaryWriteKey { /** * The Connection String for this Access Key - consisting of the Endpoint, ID, and Secret. */ connectionString?: pulumi.Input; /** * The ID of the Access Key. */ id?: pulumi.Input; /** * The Secret of the Access Key. */ secret?: pulumi.Input; } } export declare namespace appinsights { interface StandardWebTestRequest { /** * The WebTest request body. */ body?: pulumi.Input; /** * Should the following of redirects be enabled? Defaults to `true`. */ followRedirectsEnabled?: pulumi.Input; /** * One or more `header` blocks as defined above. */ headers?: pulumi.Input[]>; /** * Which HTTP verb to use for the call. Options are 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', and 'OPTIONS'. Defaults to `GET`. */ httpVerb?: pulumi.Input; /** * Should the parsing of dependend requests be enabled? Defaults to `true`. */ parseDependentRequestsEnabled?: pulumi.Input; /** * The WebTest request URL. */ url: pulumi.Input; } interface StandardWebTestRequestHeader { /** * The name which should be used for a header in the request. */ name: pulumi.Input; /** * The value which should be used for a header in the request. */ value: pulumi.Input; } interface StandardWebTestValidationRules { /** * A `content` block as defined above. */ content?: pulumi.Input; /** * The expected status code of the response. Default is '200', '0' means 'response code < 400' */ expectedStatusCode?: pulumi.Input; /** * The number of days of SSL certificate validity remaining for the checked endpoint. If the certificate has a shorter remaining lifetime left, the test will fail. This number should be between 1 and 365. */ sslCertRemainingLifetime?: pulumi.Input; /** * Should the SSL check be enabled? */ sslCheckEnabled?: pulumi.Input; } interface StandardWebTestValidationRulesContent { /** * A string value containing the content to match on. */ contentMatch: pulumi.Input; /** * Ignore the casing in the `contentMatch` value. */ ignoreCase?: pulumi.Input; /** * If the content of `contentMatch` is found, pass the test. If set to `false`, the WebTest is failing if the content of `contentMatch` is found. */ passIfTextFound?: pulumi.Input; } interface WorkbookIdentity { /** * The list of User Assigned Managed Identity IDs assigned to this Workbook. Changing this forces a new resource to be created. */ identityIds?: pulumi.Input[]>; /** * The Principal ID of the System Assigned Managed Service Identity that is configured on this Workbook. */ principalId?: pulumi.Input; /** * The Tenant ID of the System Assigned Managed Service Identity that is configured on this Workbook. */ tenantId?: pulumi.Input; /** * The type of Managed Service Identity that is configured on this Workbook. Possible values are `UserAssigned`, `SystemAssigned` and `SystemAssigned, UserAssigned`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface WorkbookTemplateGallery { /** * Category for the gallery. */ category: pulumi.Input; /** * Name of the workbook template in the gallery. */ name: pulumi.Input; /** * Order of the template within the gallery. Defaults to `0`. */ order?: pulumi.Input; /** * Azure resource type supported by the gallery. Defaults to `Azure Monitor`. */ resourceType?: pulumi.Input; /** * Type of workbook supported by the workbook template. Defaults to `workbook`. * * > **Note:** See [documentation](https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-automate#galleries) for more information of `resourceType` and `type`. */ type?: pulumi.Input; } } export declare namespace appplatform { interface SpringCloudApiPortalSso { /** * The public identifier for the application. */ clientId?: pulumi.Input; /** * The secret known only to the application and the authorization server. */ clientSecret?: pulumi.Input; /** * The URI of Issuer Identifier. */ issuerUri?: pulumi.Input; /** * It defines the specific actions applications can be allowed to do on a user's behalf. */ scopes?: pulumi.Input[]>; } interface SpringCloudAppCustomPersistentDisk { /** * These are the mount options for a persistent disk. */ mountOptions?: pulumi.Input[]>; /** * The mount path of the persistent disk. */ mountPath: pulumi.Input; /** * Indicates whether the persistent disk is a readOnly one. */ readOnlyEnabled?: pulumi.Input; /** * The share name of the Azure File share. */ shareName: pulumi.Input; /** * The name of the Spring Cloud Storage. */ storageName: pulumi.Input; } interface SpringCloudAppIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Spring Cloud Application. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this Spring Cloud Application. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this Spring Cloud Application. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Spring Cloud Application. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface SpringCloudAppIngressSettings { /** * Specifies how ingress should communicate with this app backend service. Allowed values are `GRPC` and `Default`. Defaults to `Default`. */ backendProtocol?: pulumi.Input; /** * Specifies the ingress read time out in seconds. Defaults to `300`. */ readTimeoutInSeconds?: pulumi.Input; /** * Specifies the ingress send time out in seconds. Defaults to `60`. */ sendTimeoutInSeconds?: pulumi.Input; /** * Specifies the type of the affinity, set this to `Cookie` to enable session affinity. Allowed values are `Cookie` and `None`. Defaults to `None`. */ sessionAffinity?: pulumi.Input; /** * Specifies the time in seconds until the cookie expires. */ sessionCookieMaxAge?: pulumi.Input; } interface SpringCloudAppPersistentDisk { /** * Specifies the mount path of the persistent disk. Defaults to `/persistent`. */ mountPath?: pulumi.Input; /** * Specifies the size of the persistent disk in GB. Possible values are between `0` and `50`. */ sizeInGb: pulumi.Input; } interface SpringCloudBuildDeploymentQuota { /** * Specifies the required cpu of the Spring Cloud Deployment. Possible Values are `500m`, `1`, `2`, `3` and `4`. Defaults to `1` if not specified. * * > **Note:** `cpu` supports `500m` and `1` for Basic tier, `500m`, `1`, `2`, `3` and `4` for Standard tier. */ cpu?: pulumi.Input; /** * Specifies the required memory size of the Spring Cloud Deployment. Possible Values are `512Mi`, `1Gi`, `2Gi`, `3Gi`, `4Gi`, `5Gi`, `6Gi`, `7Gi`, and `8Gi`. Defaults to `1Gi` if not specified. * * > **Note:** `memory` supports `512Mi`, `1Gi` and `2Gi` for Basic tier, `512Mi`, `1Gi`, `2Gi`, `3Gi`, `4Gi`, `5Gi`, `6Gi`, `7Gi`, and `8Gi` for Standard tier. */ memory?: pulumi.Input; } interface SpringCloudBuildPackBindingLaunch { /** * Specifies a map of non-sensitive properties for launchProperties. */ properties?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies a map of sensitive properties for launchProperties. */ secrets?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface SpringCloudBuilderBuildPackGroup { /** * Specifies a list of the build pack's ID. */ buildPackIds?: pulumi.Input[]>; /** * The name which should be used for this build pack group. */ name: pulumi.Input; } interface SpringCloudBuilderStack { /** * Specifies the ID of the ClusterStack. */ id: pulumi.Input; /** * Specifies the version of the ClusterStack */ version: pulumi.Input; } interface SpringCloudConfigurationServiceRepository { /** * Specifies the ID of the Certificate Authority used when retrieving the Git Repository via HTTPS. */ caCertificateId?: pulumi.Input; /** * Specifies the SSH public key of git repository. */ hostKey?: pulumi.Input; /** * Specifies the SSH key algorithm of git repository. */ hostKeyAlgorithm?: pulumi.Input; /** * Specifies the label of the repository. */ label: pulumi.Input; /** * Specifies the name which should be used for this repository. */ name: pulumi.Input; /** * Specifies the password of git repository basic auth. */ password?: pulumi.Input; /** * Specifies the collection of patterns of the repository. */ patterns: pulumi.Input[]>; /** * Specifies the SSH private key of git repository. */ privateKey?: pulumi.Input; /** * Specifies a list of searching path of the repository */ searchPaths?: pulumi.Input[]>; /** * Specifies whether enable the strict host key checking. */ strictHostKeyChecking?: pulumi.Input; /** * Specifies the URI of the repository. */ uri: pulumi.Input; /** * Specifies the username of git repository basic auth. */ username?: pulumi.Input; } interface SpringCloudConnectionAuthentication { /** * Service principal certificate for `servicePrincipal` auth. Should be specified when `type` is set to `servicePrincipalCertificate`. */ certificate?: pulumi.Input; /** * Client ID for `userAssignedIdentity` or `servicePrincipal` auth. Should be specified when `type` is set to `servicePrincipalSecret` or `servicePrincipalCertificate`. When `type` is set to `userAssignedIdentity`, `clientId` and `subscriptionId` should be either both specified or both not specified. */ clientId?: pulumi.Input; /** * Username or account name for secret auth. `name` and `secret` should be either both specified or both not specified when `type` is set to `secret`. */ name?: pulumi.Input; /** * Principal ID for `servicePrincipal` auth. Should be specified when `type` is set to `servicePrincipalSecret` or `servicePrincipalCertificate`. */ principalId?: pulumi.Input; /** * Password or account key for secret auth. `secret` and `name` should be either both specified or both not specified when `type` is set to `secret`. */ secret?: pulumi.Input; /** * Subscription ID for `userAssignedIdentity`. `subscriptionId` and `clientId` should be either both specified or both not specified. */ subscriptionId?: pulumi.Input; /** * The authentication type. Possible values are `systemAssignedIdentity`, `userAssignedIdentity`, `servicePrincipalSecret`, `servicePrincipalCertificate`, `secret`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface SpringCloudConnectionSecretStore { /** * The key vault id to store secret. */ keyVaultId: pulumi.Input; } interface SpringCloudContainerDeploymentQuota { /** * Specifies the required cpu of the Spring Cloud Deployment. Possible Values are `500m`, `1`, `2`, `3` and `4`. Defaults to `1` if not specified. * * > **Note:** `cpu` supports `500m` and `1` for Basic tier, `500m`, `1`, `2`, `3` and `4` for Standard tier. */ cpu?: pulumi.Input; /** * Specifies the required memory size of the Spring Cloud Deployment. Possible Values are `512Mi`, `1Gi`, `2Gi`, `3Gi`, `4Gi`, `5Gi`, `6Gi`, `7Gi`, and `8Gi`. Defaults to `1Gi` if not specified. * * > **Note:** `memory` supports `512Mi`, `1Gi` and `2Gi` for Basic tier, `512Mi`, `1Gi`, `2Gi`, `3Gi`, `4Gi`, `5Gi`, `6Gi`, `7Gi`, and `8Gi` for Standard tier. */ memory?: pulumi.Input; } interface SpringCloudCustomizedAcceleratorGitRepository { /** * A `basicAuth` block as defined below. Conflicts with `git_repository[0].ssh_auth`. Changing this forces a new Spring Cloud Customized Accelerator to be created. */ basicAuth?: pulumi.Input; /** * Specifies the Git repository branch to be used. */ branch?: pulumi.Input; /** * Specifies the ID of the CA Spring Cloud Certificate for https URL of Git repository. */ caCertificateId?: pulumi.Input; /** * Specifies the Git repository commit to be used. */ commit?: pulumi.Input; /** * Specifies the Git repository tag to be used. */ gitTag?: pulumi.Input; /** * Specifies the interval for checking for updates to Git or image repository. It should be greater than 10. */ intervalInSeconds?: pulumi.Input; /** * Specifies the path under the git repository to be treated as the root directory of the accelerator or the fragment (depending on `acceleratorType`). */ path?: pulumi.Input; /** * A `sshAuth` block as defined below. Conflicts with `git_repository[0].basic_auth`. Changing this forces a new Spring Cloud Customized Accelerator to be created. */ sshAuth?: pulumi.Input; /** * Specifies Git repository URL for the accelerator. */ url: pulumi.Input; } interface SpringCloudCustomizedAcceleratorGitRepositoryBasicAuth { /** * Specifies the password of git repository basic auth. */ password: pulumi.Input; /** * Specifies the username of git repository basic auth. */ username: pulumi.Input; } interface SpringCloudCustomizedAcceleratorGitRepositorySshAuth { /** * Specifies the Public SSH Key of git repository basic auth. */ hostKey?: pulumi.Input; /** * Specifies the SSH Key algorithm of git repository basic auth. */ hostKeyAlgorithm?: pulumi.Input; /** * Specifies the Private SSH Key of git repository basic auth. */ privateKey: pulumi.Input; } interface SpringCloudDevToolPortalSso { /** * Specifies the public identifier for the application. */ clientId?: pulumi.Input; /** * Specifies the secret known only to the application and the authorization server. */ clientSecret?: pulumi.Input; /** * Specifies the URI of a JSON file with generic OIDC provider configuration. */ metadataUrl?: pulumi.Input; /** * Specifies a list of specific actions applications can be allowed to do on a user's behalf. */ scopes?: pulumi.Input[]>; } interface SpringCloudGatewayApiMetadata { /** * Detailed description of the APIs available on the Gateway instance. */ description?: pulumi.Input; /** * Location of additional documentation for the APIs available on the Gateway instance. */ documentationUrl?: pulumi.Input; /** * Base URL that API consumers will use to access APIs on the Gateway instance. */ serverUrl?: pulumi.Input; /** * Specifies the title describing the context of the APIs available on the Gateway instance. */ title?: pulumi.Input; /** * Specifies the version of APIs available on this Gateway instance. */ version?: pulumi.Input; } interface SpringCloudGatewayClientAuthorization { /** * Specifies the Spring Cloud Certificate IDs of the Spring Cloud Gateway. */ certificateIds?: pulumi.Input[]>; /** * Specifies whether the client certificate verification is enabled. */ verificationEnabled?: pulumi.Input; } interface SpringCloudGatewayCors { /** * Allowed headers in cross-site requests. The special value `*` allows actual requests to send any header. */ allowedHeaders?: pulumi.Input[]>; /** * Allowed HTTP methods on cross-site requests. The special value `*` allows all methods. If not set, `GET` and `HEAD` are allowed by default. Possible values are `DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS` and `PUT`. */ allowedMethods?: pulumi.Input[]>; /** * Allowed origin patterns to make cross-site requests. */ allowedOriginPatterns?: pulumi.Input[]>; /** * Allowed origins to make cross-site requests. The special value `*` allows all domains. */ allowedOrigins?: pulumi.Input[]>; /** * is user credentials are supported on cross-site requests? */ credentialsAllowed?: pulumi.Input; /** * HTTP response headers to expose for cross-site requests. */ exposedHeaders?: pulumi.Input[]>; /** * How long, in seconds, the response from a pre-flight request can be cached by clients. */ maxAgeSeconds?: pulumi.Input; } interface SpringCloudGatewayLocalResponseCachePerInstance { /** * Specifies the maximum size of cache (10MB, 900KB, 1GB...) to determine if the cache needs to evict some entries. */ size?: pulumi.Input; /** * Specifies the time before a cached entry is expired (300s, 5m, 1h...). */ timeToLive?: pulumi.Input; } interface SpringCloudGatewayLocalResponseCachePerRoute { /** * Specifies the maximum size of cache (10MB, 900KB, 1GB...) to determine if the cache needs to evict some entries. */ size?: pulumi.Input; /** * Specifies the time before a cached entry is expired (300s, 5m, 1h...). */ timeToLive?: pulumi.Input; } interface SpringCloudGatewayQuota { /** * Specifies the required cpu of the Spring Cloud Deployment. Possible Values are `500m`, `1`, `2`, `3` and `4`. Defaults to `1` if not specified. * * > **Note:** `cpu` supports `500m` and `1` for Basic tier, `500m`, `1`, `2`, `3` and `4` for Standard tier. */ cpu?: pulumi.Input; /** * Specifies the required memory size of the Spring Cloud Deployment. Possible Values are `512Mi`, `1Gi`, `2Gi`, `3Gi`, `4Gi`, `5Gi`, `6Gi`, `7Gi`, and `8Gi`. Defaults to `2Gi` if not specified. * * > **Note:** `memory` supports `512Mi`, `1Gi` and `2Gi` for Basic tier, `512Mi`, `1Gi`, `2Gi`, `3Gi`, `4Gi`, `5Gi`, `6Gi`, `7Gi`, and `8Gi` for Standard tier. */ memory?: pulumi.Input; } interface SpringCloudGatewayRouteConfigOpenApi { /** * The URI of OpenAPI specification. */ uri?: pulumi.Input; } interface SpringCloudGatewayRouteConfigRoute { /** * Specifies the classification tags which will be applied to methods in the generated OpenAPI documentation. */ classificationTags?: pulumi.Input[]>; /** * Specifies the description which will be applied to methods in the generated OpenAPI documentation. */ description?: pulumi.Input; /** * Specifies a list of filters which are used to modify the request before sending it to the target endpoint, or the received response. */ filters?: pulumi.Input[]>; /** * Specifies the route processing order. */ order: pulumi.Input; /** * Specifies a list of conditions to evaluate a route for each request. Each predicate may be evaluated against request headers and parameter values. All of the predicates associated with a route must evaluate to true for the route to be matched to the request. */ predicates?: pulumi.Input[]>; /** * Should the sso validation be enabled? */ ssoValidationEnabled?: pulumi.Input; /** * Specifies the title which will be applied to methods in the generated OpenAPI documentation. */ title?: pulumi.Input; /** * Should pass currently-authenticated user's identity token to application service? */ tokenRelay?: pulumi.Input; /** * Specifies the full uri which will override `appName`. */ uri?: pulumi.Input; } interface SpringCloudGatewaySso { /** * The public identifier for the application. */ clientId?: pulumi.Input; /** * The secret known only to the application and the authorization server. */ clientSecret?: pulumi.Input; /** * The URI of Issuer Identifier. */ issuerUri?: pulumi.Input; /** * It defines the specific actions applications can be allowed to do on a user's behalf. */ scopes?: pulumi.Input[]>; } interface SpringCloudJavaDeploymentQuota { /** * Specifies the required cpu of the Spring Cloud Deployment. Possible Values are `500m`, `1`, `2`, `3` and `4`. Defaults to `1` if not specified. * * > **Note:** `cpu` supports `500m` and `1` for Basic tier, `500m`, `1`, `2`, `3` and `4` for Standard tier. */ cpu?: pulumi.Input; /** * Specifies the required memory size of the Spring Cloud Deployment. Possible Values are `512Mi`, `1Gi`, `2Gi`, `3Gi`, `4Gi`, `5Gi`, `6Gi`, `7Gi`, and `8Gi`. Defaults to `1Gi` if not specified. * * > **Note:** `memory` supports `512Mi`, `1Gi` and `2Gi` for Basic tier, `512Mi`, `1Gi`, `2Gi`, `3Gi`, `4Gi`, `5Gi`, `6Gi`, `7Gi`, and `8Gi` for Standard tier. */ memory?: pulumi.Input; } interface SpringCloudServiceConfigServerGitSetting { /** * A `httpBasicAuth` block as defined below. */ httpBasicAuth?: pulumi.Input; /** * The default label of the Git repository, should be the branch name, tag name, or commit-id of the repository. */ label?: pulumi.Input; /** * One or more `repository` blocks as defined below. */ repositories?: pulumi.Input[]>; /** * An array of strings used to search subdirectories of the Git repository. */ searchPaths?: pulumi.Input[]>; /** * A `sshAuth` block as defined below. */ sshAuth?: pulumi.Input; /** * The URI of the default Git repository used as the Config Server back end, should be started with `http://`, `https://`, `git@`, or `ssh://`. */ uri: pulumi.Input; } interface SpringCloudServiceConfigServerGitSettingHttpBasicAuth { /** * The password used to access the Git repository server, required when the Git repository server supports HTTP Basic Authentication. */ password: pulumi.Input; /** * The username that's used to access the Git repository server, required when the Git repository server supports HTTP Basic Authentication. */ username: pulumi.Input; } interface SpringCloudServiceConfigServerGitSettingRepository { /** * A `httpBasicAuth` block as defined below. */ httpBasicAuth?: pulumi.Input; /** * The default label of the Git repository, should be the branch name, tag name, or commit-id of the repository. */ label?: pulumi.Input; /** * A name to identify on the Git repository, required only if repos exists. */ name: pulumi.Input; /** * An array of strings used to match an application name. For each pattern, use the `{application}/{profile}` format with wildcards. */ patterns?: pulumi.Input[]>; /** * An array of strings used to search subdirectories of the Git repository. */ searchPaths?: pulumi.Input[]>; /** * A `sshAuth` block as defined below. */ sshAuth?: pulumi.Input; /** * The URI of the Git repository that's used as the Config Server back end should be started with `http://`, `https://`, `git@`, or `ssh://`. */ uri: pulumi.Input; } interface SpringCloudServiceConfigServerGitSettingRepositoryHttpBasicAuth { /** * The password used to access the Git repository server, required when the Git repository server supports HTTP Basic Authentication. */ password: pulumi.Input; /** * The username that's used to access the Git repository server, required when the Git repository server supports HTTP Basic Authentication. */ username: pulumi.Input; } interface SpringCloudServiceConfigServerGitSettingRepositorySshAuth { /** * The host key of the Git repository server, should not include the algorithm prefix as covered by `host-key-algorithm`. */ hostKey?: pulumi.Input; /** * The host key algorithm, should be `ssh-dss`, `ssh-rsa`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, or `ecdsa-sha2-nistp521`. Required only if `host-key` exists. */ hostKeyAlgorithm?: pulumi.Input; /** * The SSH private key to access the Git repository, required when the URI starts with `git@` or `ssh://`. */ privateKey: pulumi.Input; /** * Indicates whether the Config Server instance will fail to start if the hostKey does not match. Defaults to `true`. */ strictHostKeyCheckingEnabled?: pulumi.Input; } interface SpringCloudServiceConfigServerGitSettingSshAuth { /** * The host key of the Git repository server, should not include the algorithm prefix as covered by `host-key-algorithm`. */ hostKey?: pulumi.Input; /** * The host key algorithm, should be `ssh-dss`, `ssh-rsa`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, or `ecdsa-sha2-nistp521`. Required only if `host-key` exists. */ hostKeyAlgorithm?: pulumi.Input; /** * The SSH private key to access the Git repository, required when the URI starts with `git@` or `ssh://`. */ privateKey: pulumi.Input; /** * Indicates whether the Config Server instance will fail to start if the hostKey does not match. Defaults to `true`. */ strictHostKeyCheckingEnabled?: pulumi.Input; } interface SpringCloudServiceContainerRegistry { /** * Specifies the name of the container registry. */ name: pulumi.Input; /** * Specifies the password of the container registry. */ password: pulumi.Input; /** * Specifies the login server of the container registry. */ server: pulumi.Input; /** * Specifies the username of the container registry. */ username: pulumi.Input; } interface SpringCloudServiceDefaultBuildService { /** * Specifies the name of the container registry used in the default build service. */ containerRegistryName?: pulumi.Input; } interface SpringCloudServiceMarketplace { /** * Specifies the plan ID of the 3rd Party Artifact that is being procured. */ plan: pulumi.Input; /** * Specifies the 3rd Party artifact that is being procured. */ product: pulumi.Input; /** * Specifies the publisher ID of the 3rd Party Artifact that is being procured. */ publisher: pulumi.Input; } interface SpringCloudServiceNetwork { /** * Specifies the Name of the resource group containing network resources of Azure Spring Cloud Apps. Changing this forces a new resource to be created. */ appNetworkResourceGroup?: pulumi.Input; /** * Specifies the ID of the Subnet which should host the Spring Boot Applications deployed in this Spring Cloud Service. Changing this forces a new resource to be created. */ appSubnetId: pulumi.Input; /** * A list of (at least 3) CIDR ranges (at least /16) which are used to host the Spring Cloud infrastructure, which must not overlap with any existing CIDR ranges in the Subnet. Changing this forces a new resource to be created. */ cidrRanges: pulumi.Input[]>; /** * Specifies the egress traffic type of the Spring Cloud Service. Possible values are `loadBalancer` and `userDefinedRouting`. Defaults to `loadBalancer`. Changing this forces a new resource to be created. */ outboundType?: pulumi.Input; /** * Ingress read time out in seconds. */ readTimeoutSeconds?: pulumi.Input; /** * Specifies the Name of the resource group containing network resources of Azure Spring Cloud Service Runtime. Changing this forces a new resource to be created. */ serviceRuntimeNetworkResourceGroup?: pulumi.Input; /** * Specifies the ID of the Subnet where the Service Runtime components of the Spring Cloud Service will exist. Changing this forces a new resource to be created. */ serviceRuntimeSubnetId: pulumi.Input; } interface SpringCloudServiceRequiredNetworkTrafficRule { /** * The direction of required traffic. Possible values are `Inbound`, `Outbound`. */ direction?: pulumi.Input; /** * The FQDN list of required traffic. */ fqdns?: pulumi.Input[]>; /** * The IP list of required traffic. */ ipAddresses?: pulumi.Input[]>; /** * The port of required traffic. */ port?: pulumi.Input; /** * The protocol of required traffic. */ protocol?: pulumi.Input; } interface SpringCloudServiceTrace { /** * The connection string used for Application Insights. */ connectionString?: pulumi.Input; /** * The sampling rate of Application Insights Agent. Must be between `0.0` and `100.0`. Defaults to `10.0`. */ sampleRate?: pulumi.Input; } } export declare namespace appservice { interface AppConnectionAuthentication { /** * Service principal certificate for `servicePrincipal` auth. Should be specified when `type` is set to `servicePrincipalCertificate`. */ certificate?: pulumi.Input; /** * Client ID for `userAssignedIdentity` or `servicePrincipal` auth. Should be specified when `type` is set to `servicePrincipalSecret` or `servicePrincipalCertificate`. When `type` is set to `userAssignedIdentity`, `clientId` and `subscriptionId` should be either both specified or both not specified. */ clientId?: pulumi.Input; /** * Username or account name for secret auth. `name` and `secret` should be either both specified or both not specified when `type` is set to `secret`. */ name?: pulumi.Input; /** * Principal ID for `servicePrincipal` auth. Should be specified when `type` is set to `servicePrincipalSecret` or `servicePrincipalCertificate`. */ principalId?: pulumi.Input; /** * Password or account key for secret auth. `secret` and `name` should be either both specified or both not specified when `type` is set to `secret`. */ secret?: pulumi.Input; /** * Subscription ID for `userAssignedIdentity`. `subscriptionId` and `clientId` should be either both specified or both not specified. */ subscriptionId?: pulumi.Input; /** * The authentication type. Possible values are `systemAssignedIdentity`, `userAssignedIdentity`, `servicePrincipalSecret`, `servicePrincipalCertificate`, `secret`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface AppConnectionSecretStore { /** * The key vault id to store secret. */ keyVaultId: pulumi.Input; } interface AppFlexConsumptionAlwaysReady { /** * The instance count of the `alwaysReady` of the Function App. The minimum number is `0`. The total number of `instanceCount` should not exceed the `maximumInstanceCount`. */ instanceCount?: pulumi.Input; /** * The name of the `alwaysReady` of the Function App. */ name: pulumi.Input; } interface AppFlexConsumptionAuthSettings { /** * An `activeDirectory` block as defined above. */ activeDirectory?: pulumi.Input; /** * Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. */ additionalLoginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Linux Web App. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github` * * > **Note:** This setting is only needed if multiple providers are configured, and the `unauthenticatedClientAction` is set to "RedirectToLoginPage". */ defaultProvider?: pulumi.Input; /** * Should the Authentication / Authorization feature be enabled for the Linux Web App? */ enabled: pulumi.Input; /** * A `facebook` block as defined below. */ facebook?: pulumi.Input; /** * A `github` block as defined below. */ github?: pulumi.Input; /** * A `google` block as defined below. */ google?: pulumi.Input; /** * The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Linux Web App. * * > **Note:** When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * A `microsoft` block as defined below. */ microsoft?: pulumi.Input; /** * The RuntimeVersion of the Authentication / Authorization feature in use for the Linux Web App. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionHours?: pulumi.Input; /** * Should the Linux Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * A `twitter` block as defined below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. */ unauthenticatedClientAction?: pulumi.Input; } interface AppFlexConsumptionAuthSettingsActiveDirectory { /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** The `clientId` value is always considered an allowed audience. */ allowedAudiences?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret for the Client ID. Cannot be used with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. Cannot be used with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; } interface AppFlexConsumptionAuthSettingsFacebook { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. Cannot be specified with `appSecretSettingName`. */ appSecret?: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook login. Cannot be specified with `appSecret`. */ appSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook login authentication. */ oauthScopes?: pulumi.Input[]>; } interface AppFlexConsumptionAuthSettingsGithub { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The Client Secret of the GitHub app used for GitHub login. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub login authentication. */ oauthScopes?: pulumi.Input[]>; } interface AppFlexConsumptionAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, `openid`, `profile`, and `email` are used as default scopes. */ oauthScopes?: pulumi.Input[]>; } interface AppFlexConsumptionAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, `wl.basic` is used as the default scope. */ oauthScopes?: pulumi.Input[]>; } interface AppFlexConsumptionAuthSettingsTwitter { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecretSettingName`. */ consumerSecret?: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecret`. */ consumerSecretSettingName?: pulumi.Input; } interface AppFlexConsumptionAuthSettingsV2 { /** * An `activeDirectoryV2` block as defined below. */ activeDirectoryV2?: pulumi.Input; /** * An `appleV2` block as defined below. */ appleV2?: pulumi.Input; /** * Should the AuthV2 Settings be enabled. Defaults to `false`. */ authEnabled?: pulumi.Input; /** * An `azureStaticWebAppV2` block as defined below. */ azureStaticWebAppV2?: pulumi.Input; /** * The path to the App Auth settings. * * > **Note:** Relative Paths are evaluated from the Site Root directory. */ configFilePath?: pulumi.Input; /** * Zero or more `customOidcV2` blocks as defined below. */ customOidcV2s?: pulumi.Input[]>; /** * The Default Authentication Provider to use when the `unauthenticatedAction` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `customOidcV2` provider. * * > **Note:** Whilst any value will be accepted by the API for `defaultProvider`, it can leave the app in an unusable state if this value does not correspond to the name of a known provider (either built-in value, or customOidc name) as it is used to build the auth endpoint URI. */ defaultProvider?: pulumi.Input; /** * The paths which should be excluded from the `unauthenticatedAction` when it is set to `RedirectToLoginPage`. * * > **Note:** This list should be used instead of setting `WEBSITE_WARMUP_PATH` in `appSettings` as it takes priority. */ excludedPaths?: pulumi.Input[]>; /** * A `facebookV2` block as defined below. */ facebookV2?: pulumi.Input; /** * The convention used to determine the url of the request made. Possible values include `NoProxy`, `Standard`, `Custom`. Defaults to `NoProxy`. */ forwardProxyConvention?: pulumi.Input; /** * The name of the custom header containing the host of the request. */ forwardProxyCustomHostHeaderName?: pulumi.Input; /** * The name of the custom header containing the scheme of the request. */ forwardProxyCustomSchemeHeaderName?: pulumi.Input; /** * A `githubV2` block as defined below. */ githubV2?: pulumi.Input; /** * A `googleV2` block as defined below. */ googleV2?: pulumi.Input; /** * The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth`. */ httpRouteApiPrefix?: pulumi.Input; /** * A `login` block as defined below. */ login: pulumi.Input; /** * A `microsoftV2` block as defined below. */ microsoftV2?: pulumi.Input; /** * Should the authentication flow be used for all requests. */ requireAuthentication?: pulumi.Input; /** * Should HTTPS be required on connections? Defaults to `true`. */ requireHttps?: pulumi.Input; /** * The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1`. */ runtimeVersion?: pulumi.Input; /** * A `twitterV2` block as defined below. */ twitterV2?: pulumi.Input; /** * The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. */ unauthenticatedAction?: pulumi.Input; } interface AppFlexConsumptionAuthSettingsV2ActiveDirectoryV2 { /** * The list of allowed Applications for the Default Authorisation Policy. */ allowedApplications?: pulumi.Input[]>; /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ allowedAudiences?: pulumi.Input[]>; /** * The list of allowed Group Names for the Default Authorisation Policy. */ allowedGroups?: pulumi.Input[]>; /** * The list of allowed Identities for the Default Authorisation Policy. */ allowedIdentities?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The thumbprint of the certificate used for signing purposes. * * !> **Note:** If one `clientSecretSettingName` or `clientSecretCertificateThumbprint` is specified, terraform won't write the client secret or secret certificate thumbprint back to `appSetting`, so make sure they are existed in `appSettings` to function correctly. */ clientSecretCertificateThumbprint?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName?: pulumi.Input; /** * A list of Allowed Client Applications in the JWT Claim. */ jwtAllowedClientApplications?: pulumi.Input[]>; /** * A list of Allowed Groups in the JWT Claim. */ jwtAllowedGroups?: pulumi.Input[]>; /** * A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. */ loginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/{tenant-guid}/v2.0/` * * > **Note:** [Here](https://learn.microsoft.com/en-us/entra/identity-platform/authentication-national-cloud#microsoft-entra-authentication-endpoints) is a list of possible authentication endpoints based on the cloud environment. [Here](https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-tenant) is more information to better understand how to configure authentication for Azure App Service or Azure Functions. */ tenantAuthEndpoint: pulumi.Input; /** * Should the www-authenticate provider should be omitted from the request? Defaults to `false`. */ wwwAuthenticationDisabled?: pulumi.Input; } interface AppFlexConsumptionAuthSettingsV2AppleV2 { /** * The OpenID Connect Client ID for the Apple web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Apple Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * A list of Login Scopes provided by this Authentication Provider. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ loginScopes?: pulumi.Input[]>; } interface AppFlexConsumptionAuthSettingsV2AzureStaticWebAppV2 { /** * The ID of the Client to use to authenticate with Azure Static Web App Authentication. */ clientId: pulumi.Input; } interface AppFlexConsumptionAuthSettingsV2CustomOidcV2 { /** * The endpoint to make the Authorisation Request as supplied by `openidConfigurationEndpoint` response. */ authorisationEndpoint?: pulumi.Input; /** * The endpoint that provides the keys necessary to validate the token as supplied by `openidConfigurationEndpoint` response. */ certificationUri?: pulumi.Input; /** * The Client Credential Method used. */ clientCredentialMethod?: pulumi.Input; /** * The ID of the Client to use to authenticate with the Custom OIDC. */ clientId: pulumi.Input; /** * The App Setting name that contains the secret for this Custom OIDC Client. This is generated from `name` above and suffixed with `_PROVIDER_AUTHENTICATION_SECRET`. */ clientSecretSettingName?: pulumi.Input; /** * The endpoint that issued the Token as supplied by `openidConfigurationEndpoint` response. */ issuerEndpoint?: pulumi.Input; /** * The name of the Custom OIDC Authentication Provider. * * > **Note:** An `appSetting` matching this value in upper case with the suffix of `_PROVIDER_AUTHENTICATION_SECRET` is required. e.g. `MYOIDC_PROVIDER_AUTHENTICATION_SECRET` for a value of `myoidc`. */ name: pulumi.Input; /** * The name of the claim that contains the users name. */ nameClaimType?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for the Custom OIDC Login. */ openidConfigurationEndpoint: pulumi.Input; /** * The list of the scopes that should be requested while authenticating. */ scopes?: pulumi.Input[]>; /** * The endpoint used to request a Token as supplied by `openidConfigurationEndpoint` response. */ tokenEndpoint?: pulumi.Input; } interface AppFlexConsumptionAuthSettingsV2FacebookV2 { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ appSecretSettingName: pulumi.Input; /** * The version of the Facebook API to be used while logging in. */ graphApiVersion?: pulumi.Input; /** * The list of scopes that should be requested as part of Facebook Login authentication. */ loginScopes?: pulumi.Input[]>; } interface AppFlexConsumptionAuthSettingsV2GithubV2 { /** * The ID of the GitHub app used for login.. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of GitHub Login authentication. */ loginScopes?: pulumi.Input[]>; } interface AppFlexConsumptionAuthSettingsV2GoogleV2 { /** * Specifies a list of Allowed Audiences that should be requested as part of Google Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of Google Sign-In authentication. */ loginScopes?: pulumi.Input[]>; } interface AppFlexConsumptionAuthSettingsV2Login { /** * External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. * * > **Note:** URLs within the current domain are always implicitly allowed. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. */ cookieExpirationConvention?: pulumi.Input; /** * The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. */ cookieExpirationTime?: pulumi.Input; /** * The endpoint to which logout requests should be made. */ logoutEndpoint?: pulumi.Input; /** * The time after the request is made when the nonce should expire. Defaults to `00:05:00`. */ nonceExpirationTime?: pulumi.Input; /** * Should the fragments from the request be preserved after the login request is made. Defaults to `false`. */ preserveUrlFragmentsForLogins?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionTime?: pulumi.Input; /** * Should the Token Store configuration Enabled. Defaults to `false` */ tokenStoreEnabled?: pulumi.Input; /** * The directory path in the App Filesystem in which the tokens will be stored. */ tokenStorePath?: pulumi.Input; /** * The name of the app setting which contains the SAS URL of the blob storage containing the tokens. */ tokenStoreSasSettingName?: pulumi.Input; /** * Should the nonce be validated while completing the login flow. Defaults to `true`. */ validateNonce?: pulumi.Input; } interface AppFlexConsumptionAuthSettingsV2MicrosoftV2 { /** * Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of Login scopes that should be requested as part of Microsoft Account authentication. */ loginScopes?: pulumi.Input[]>; } interface AppFlexConsumptionAuthSettingsV2TwitterV2 { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ consumerSecretSettingName: pulumi.Input; } interface AppFlexConsumptionConnectionString { /** * The name which should be used for this Connection. */ name: pulumi.Input; /** * Type of database. Possible values include: `MySQL`, `SQLServer`, `SQLAzure`, `Custom`, `NotificationHub`, `ServiceBus`, `EventHub`, `APIHub`, `DocDb`, `RedisCache`, and `PostgreSQL`. */ type: pulumi.Input; /** * The connection string value. */ value: pulumi.Input; } interface AppFlexConsumptionIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Linux Function App. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Linux Function App. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface AppFlexConsumptionSiteConfig { /** * The URL of the API definition that describes this Linux Function App. */ apiDefinitionUrl?: pulumi.Input; /** * The ID of the API Management API for this Linux Function App. */ apiManagementApiId?: pulumi.Input; /** * The App command line to launch. */ appCommandLine?: pulumi.Input; /** * An `appServiceLogs` block as defined above. */ appServiceLogs?: pulumi.Input; /** * The Connection String for linking the Linux Function App to Application Insights. */ applicationInsightsConnectionString?: pulumi.Input; /** * The Instrumentation Key for connecting the Linux Function App to Application Insights. */ applicationInsightsKey?: pulumi.Input; /** * The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. */ containerRegistryManagedIdentityClientId?: pulumi.Input; /** * Should connections for Azure Container Registry use Managed Identity. */ containerRegistryUseManagedIdentity?: pulumi.Input; /** * A `cors` block as defined above. */ cors?: pulumi.Input; /** * Specifies a list of Default Documents for the Linux Web App. */ defaultDocuments?: pulumi.Input[]>; /** * Is detailed error logging enabled */ detailedErrorLoggingEnabled?: pulumi.Input; /** * The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. */ elasticInstanceMinimum?: pulumi.Input; /** * The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Only valid in conjunction with `healthCheckPath`. */ healthCheckEvictionTimeInMin?: pulumi.Input; /** * The path to be checked for this function app health. */ healthCheckPath?: pulumi.Input; /** * Specifies if the HTTP2 protocol should be enabled. Defaults to `false`. */ http2Enabled?: pulumi.Input; /** * The Default action for traffic that does not match any `ipRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ ipRestrictionDefaultAction?: pulumi.Input; /** * One or more `ipRestriction` blocks as defined above. */ ipRestrictions?: pulumi.Input[]>; /** * The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. */ loadBalancingMode?: pulumi.Input; /** * Managed pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. */ managedPipelineMode?: pulumi.Input; /** * The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ minimumTlsVersion?: pulumi.Input; /** * Should Remote Debugging be enabled. Defaults to `false`. */ remoteDebuggingEnabled?: pulumi.Input; /** * The Remote Debugging Version. Possible values include `VS2017`, `VS2019`, and `VS2022`. */ remoteDebuggingVersion?: pulumi.Input; /** * Should Scale Monitoring of the Functions Runtime be enabled? * * > **Note:** Functions runtime scale monitoring can only be enabled for Elastic Premium Function Apps or Workflow Standard Logic Apps and requires a minimum prewarmed instance count of 1. */ runtimeScaleMonitoringEnabled?: pulumi.Input; /** * The Default action for traffic that does not match any `scmIpRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ scmIpRestrictionDefaultAction?: pulumi.Input; /** * One or more `scmIpRestriction` blocks as defined above. */ scmIpRestrictions?: pulumi.Input[]>; /** * The minimum version of TLS required for SSL requests to the SCM site. Possible values include `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ scmMinimumTlsVersion?: pulumi.Input; /** * The SCM Type in use by the Linux Function App. */ scmType?: pulumi.Input; /** * Should the Linux Function App `ipRestriction` configuration be used for the SCM also. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the Linux Web App Linux Function App use a 32-bit worker. Defaults to `false`. */ use32BitWorker?: pulumi.Input; /** * Should the Linux Function App route all traffic through the virtual network. Defaults to `false`. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should Web Sockets be enabled. Defaults to `false`. */ websocketsEnabled?: pulumi.Input; /** * The number of Workers for this Linux Function App. */ workerCount?: pulumi.Input; } interface AppFlexConsumptionSiteConfigAppServiceLogs { /** * The amount of disk space to use for logs. Valid values are between `25` and `100`. Defaults to `35`. */ diskQuotaMb?: pulumi.Input; /** * The retention period for logs in days. Valid values are between `0` and `99999`.(never delete). * * > **Note:** This block is not supported on Consumption plans. */ retentionPeriodDays?: pulumi.Input; } interface AppFlexConsumptionSiteConfigCors { /** * Specifies a list of origins that should be allowed to make cross-origin calls. */ allowedOrigins?: pulumi.Input[]>; /** * Are credentials allowed in CORS requests? Defaults to `false`. */ supportCredentials?: pulumi.Input; } interface AppFlexConsumptionSiteConfigIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface AppFlexConsumptionSiteConfigIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface AppFlexConsumptionSiteConfigScmIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface AppFlexConsumptionSiteConfigScmIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface AppFlexConsumptionSiteCredential { /** * The name which should be used for this Function App. Changing this forces a new Function App to be created. Limit the function name to 32 characters to avoid naming collisions. For more information about [Function App naming rule](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules#microsoftweb) and [Host ID Collisions](https://github.com/Azure/azure-functions-host/wiki/Host-IDs#host-id-collisions) */ name?: pulumi.Input; /** * The Site Credentials Password used for publishing. */ password?: pulumi.Input; } interface AppFlexConsumptionStickySettings { /** * A list of `appSetting` names that the Linux Function App will not swap between Slots when a swap operation is triggered. */ appSettingNames?: pulumi.Input[]>; /** * A list of `connectionString` names that the Linux Function App will not swap between Slots when a swap operation is triggered. */ connectionStringNames?: pulumi.Input[]>; } interface AppServiceAuthSettings { /** * A `activeDirectory` block as defined below. */ activeDirectory?: pulumi.Input; /** * Login parameters to send to the OpenID Connect authorization endpoint when a user logs in. Each parameter must be in the form "key=value". */ additionalLoginParams?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * External URLs that can be redirected to as part of logging in or logging out of the app. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default provider to use when multiple providers have been set up. Possible values are `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount` and `Twitter`. * * > **NOTE:** When using multiple providers, the default provider must be set for settings like `unauthenticatedClientAction` to work. */ defaultProvider?: pulumi.Input; /** * Is Authentication enabled? */ enabled: pulumi.Input; /** * A `facebook` block as defined below. */ facebook?: pulumi.Input; /** * A `google` block as defined below. */ google?: pulumi.Input; /** * Issuer URI. When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * A `microsoft` block as defined below. */ microsoft?: pulumi.Input; /** * The runtime version of the Authentication/Authorization module. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72`. */ tokenRefreshExtensionHours?: pulumi.Input; /** * If enabled the module will durably store platform-specific security tokens that are obtained during login flows. Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * A `twitter` block as defined below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values are `AllowAnonymous` and `RedirectToLoginPage`. */ unauthenticatedClientAction?: pulumi.Input; } interface AppServiceAuthSettingsActiveDirectory { /** * Allowed audience values to consider when validating JWTs issued by Azure Active Directory. */ allowedAudiences?: pulumi.Input[]>; /** * The Client ID of this relying party application. Enables OpenIDConnection authentication with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret of this relying party application. If no secret is provided, implicit flow will be used. */ clientSecret?: pulumi.Input; } interface AppServiceAuthSettingsFacebook { /** * The App ID of the Facebook app used for login */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. */ appSecret: pulumi.Input; /** * The OAuth 2.0 scopes that will be requested as part of Facebook login authentication. */ oauthScopes?: pulumi.Input[]>; } interface AppServiceAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. */ clientSecret: pulumi.Input; /** * The OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. */ oauthScopes?: pulumi.Input[]>; } interface AppServiceAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. */ clientSecret: pulumi.Input; /** * The OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. */ oauthScopes?: pulumi.Input[]>; } interface AppServiceAuthSettingsTwitter { /** * The consumer key of the Twitter app used for login */ consumerKey: pulumi.Input; /** * The consumer secret of the Twitter app used for login. */ consumerSecret: pulumi.Input; } interface AppServiceBackup { /** * Is this Backup enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * Specifies the name for this Backup. */ name: pulumi.Input; /** * A `schedule` block as defined below. */ schedule: pulumi.Input; /** * The SAS URL to a Storage Container where Backups should be saved. */ storageAccountUrl: pulumi.Input; } interface AppServiceBackupSchedule { /** * Sets how often the backup should be executed. */ frequencyInterval: pulumi.Input; /** * Sets the unit of time for how often the backup should be executed. Possible values are `Day` or `Hour`. */ frequencyUnit: pulumi.Input; /** * Should at least one backup always be kept in the Storage Account by the Retention Policy, regardless of how old it is? */ keepAtLeastOneBackup?: pulumi.Input; /** * Specifies the number of days after which Backups should be deleted. Defaults to `30`. */ retentionPeriodInDays?: pulumi.Input; /** * Sets when the schedule should start working. */ startTime?: pulumi.Input; } interface AppServiceConnectionString { /** * The name of the Connection String. */ name: pulumi.Input; /** * The type of the Connection String. Possible values are `APIHub`, `Custom`, `DocDb`, `EventHub`, `MySQL`, `NotificationHub`, `PostgreSQL`, `RedisCache`, `ServiceBus`, `SQLAzure` and `SQLServer`. */ type: pulumi.Input; /** * The value for the Connection String. */ value: pulumi.Input; } interface AppServiceIdentity { /** * Specifies a list of user managed identity ids to be assigned. Required if `type` is `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this App Service. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this App Service. */ tenantId?: pulumi.Input; /** * Specifies the identity type of the App Service. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you), `UserAssigned` where you can specify the Service Principal IDs in the `identityIds` field, and `SystemAssigned, UserAssigned` which assigns both a system managed identity as well as the specified user assigned identities. * * > **NOTE:** When `type` is set to `SystemAssigned`, The assigned `principalId` and `tenantId` can be retrieved after the App Service has been created. More details are available below. */ type: pulumi.Input; } interface AppServiceLogs { /** * An `applicationLogs` block as defined below. */ applicationLogs?: pulumi.Input; /** * Should `Detailed error messages` be enabled on this App Service? Defaults to `false`. */ detailedErrorMessagesEnabled?: pulumi.Input; /** * Should `Failed request tracing` be enabled on this App Service? Defaults to `false`. */ failedRequestTracingEnabled?: pulumi.Input; /** * An `httpLogs` block as defined below. */ httpLogs?: pulumi.Input; } interface AppServiceLogsApplicationLogs { /** * An `azureBlobStorage` block as defined below. */ azureBlobStorage?: pulumi.Input; /** * Log level for filesystem based logging. Supported values are `Error`, `Information`, `Verbose`, `Warning` and `Off`. Defaults to `Off`. */ fileSystemLevel?: pulumi.Input; } interface AppServiceLogsApplicationLogsAzureBlobStorage { /** * The level at which to log. Possible values include `Error`, `Warning`, `Information`, `Verbose` and `Off`. **NOTE:** this field is not available for `httpLogs` */ level: pulumi.Input; /** * The number of days to retain logs for. */ retentionInDays: pulumi.Input; /** * The URL to the storage container with a shared access signature token appended. * * > **Note:** There isn't enough information to for the provider to generate the `sasUrl` from `data.azurerm_storage_account_sas` and it should be built by hand (i.e. `https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}${data.azurerm_storage_account_sas.example.sas}&sr=b`). */ sasUrl: pulumi.Input; } interface AppServiceLogsHttpLogs { /** * An `azureBlobStorage` block as defined below. */ azureBlobStorage?: pulumi.Input; /** * A `fileSystem` block as defined below. */ fileSystem?: pulumi.Input; } interface AppServiceLogsHttpLogsAzureBlobStorage { /** * The number of days to retain logs for. */ retentionInDays: pulumi.Input; /** * The URL to the storage container with a shared access signature token appended. * * > **Note:** There isn't enough information to for the provider to generate the `sasUrl` from `data.azurerm_storage_account_sas` and it should be built by hand (i.e. `https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}${data.azurerm_storage_account_sas.example.sas}&sr=b`). */ sasUrl: pulumi.Input; } interface AppServiceLogsHttpLogsFileSystem { /** * The number of days to retain logs for. */ retentionInDays: pulumi.Input; /** * The maximum size in megabytes that HTTP log files can use before being removed. */ retentionInMb: pulumi.Input; } interface AppServiceSiteConfig { /** * Are Managed Identity Credentials used for Azure Container Registry pull */ acrUseManagedIdentityCredentials?: pulumi.Input; /** * If using User Managed Identity, the User Managed Identity Client Id * * > **NOTE:** When using User Managed Identity with Azure Container Registry the Identity will need to have the [ACRPull role assigned](https://docs.microsoft.com/azure/container-registry/container-registry-authentication-managed-identity#example-1-access-with-a-user-assigned-identity) */ acrUserManagedIdentityClientId?: pulumi.Input; /** * Should the app be loaded at all times? Defaults to `false`. * * > **NOTE:** when using an App Service Plan in the `Free` or `Shared` Tiers `alwaysOn` must be set to `false`. */ alwaysOn?: pulumi.Input; /** * App command line to launch, e.g. `/sbin/myserver -b 0.0.0.0`. */ appCommandLine?: pulumi.Input; /** * The name of the slot to automatically swap to during deployment */ autoSwapSlotName?: pulumi.Input; /** * A `cors` block as defined below. */ cors?: pulumi.Input; /** * The ordering of default documents to load, if an address isn't specified. */ defaultDocuments?: pulumi.Input[]>; /** * The version of the .NET framework's CLR used in this App Service. Possible values are `v2.0` (which will use the latest version of the .NET framework for the .NET CLR v2 - currently `.net 3.5`), `v4.0` (which corresponds to the latest version of the .NET CLR v4 - which at the time of writing is `.net 4.7.1`), `v5.0` and `v6.0`. [For more information on which .NET CLR version to use based on the .NET framework you're targeting - please see this table](https://en.wikipedia.org/wiki/.NET_Framework_version_history#Overview). Defaults to `v4.0`. */ dotnetFrameworkVersion?: pulumi.Input; /** * State of FTP / FTPS service for this App Service. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. */ ftpsState?: pulumi.Input; /** * The health check path to be pinged by App Service. [For more information - please see App Service health check announcement](https://azure.github.io/AppService/2020/08/24/healthcheck-on-app-service.html). */ healthCheckPath?: pulumi.Input; /** * Is HTTP2 Enabled on this App Service? Defaults to `false`. */ http2Enabled?: pulumi.Input; /** * A list of objects representing ip restrictions as defined below. * * > **NOTE** User has to explicitly set `ipRestriction` to empty slice (`[]`) to remove it. */ ipRestrictions?: pulumi.Input[]>; /** * The Java Container to use. If specified `javaVersion` and `javaContainerVersion` must also be specified. Possible values are `JAVA`, `JETTY`, and `TOMCAT`. */ javaContainer?: pulumi.Input; /** * The version of the Java Container to use. If specified `javaVersion` and `javaContainer` must also be specified. */ javaContainerVersion?: pulumi.Input; /** * The version of Java to use. If specified `javaContainer` and `javaContainerVersion` must also be specified. Possible values are `1.7`, `1.8` and `11` and their specific versions - except for Java 11 (e.g. `1.7.0_80`, `1.8.0_181`, `11`) */ javaVersion?: pulumi.Input; /** * Linux App Framework and version for the App Service. Possible options are a Docker container (`DOCKER|`), a base-64 encoded Docker Compose file (`COMPOSE|${filebase64("compose.yml")}`) or a base-64 encoded Kubernetes Manifest (`KUBE|${filebase64("kubernetes.yml")}`). * * > **NOTE:** To set this property the App Service Plan to which the App belongs must be configured with `kind = "Linux"`, and `reserved = true` or the API will reject any value supplied. */ linuxFxVersion?: pulumi.Input; /** * Is "MySQL In App" Enabled? This runs a local MySQL instance with your app and shares resources from the App Service plan. * * > **NOTE:** MySQL In App is not intended for production environments and will not scale beyond a single instance. Instead you may wish to use Azure Database for MySQL. */ localMysqlEnabled?: pulumi.Input; /** * The Managed Pipeline Mode. Possible values are `Integrated` and `Classic`. Defaults to `Integrated`. */ managedPipelineMode?: pulumi.Input; /** * The minimum supported TLS version for the app service. Possible values are `1.0`, `1.1`, and `1.2`. Defaults to `1.2` for new app services. */ minTlsVersion?: pulumi.Input; /** * The scaled number of workers (for per site scaling) of this App Service. Requires that `perSiteScaling` is enabled on the `azure.appservice.Plan`. [For more information - please see Microsoft documentation on high-density hosting](https://docs.microsoft.com/azure/app-service/manage-scale-per-app). */ numberOfWorkers?: pulumi.Input; /** * The version of PHP to use in this App Service. Possible values are `5.5`, `5.6`, `7.0`, `7.1`, `7.2`, `7.3` and `7.4`. */ phpVersion?: pulumi.Input; /** * The version of Python to use in this App Service. Possible values are `2.7` and `3.4`. */ pythonVersion?: pulumi.Input; /** * Is Remote Debugging Enabled? Defaults to `false`. */ remoteDebuggingEnabled?: pulumi.Input; /** * Which version of Visual Studio should the Remote Debugger be compatible with? Currently only `VS2022` is supported. */ remoteDebuggingVersion?: pulumi.Input; /** * A list of `scmIpRestriction` objects representing IP restrictions as defined below. * * > **NOTE** User has to explicitly set `scmIpRestriction` to empty slice (`[]`) to remove it. */ scmIpRestrictions?: pulumi.Input[]>; /** * The type of Source Control enabled for this App Service. Defaults to `None`. Possible values are: `BitbucketGit`, `BitbucketHg`, `CodePlexGit`, `CodePlexHg`, `Dropbox`, `ExternalGit`, `ExternalHg`, `GitHub`, `LocalGit`, `None`, `OneDrive`, `Tfs`, `VSO`, and `VSTSRM` */ scmType?: pulumi.Input; /** * IP security restrictions for scm to use main. Defaults to `false`. * * > **NOTE** Any `scmIpRestriction` blocks configured are ignored by the service when `scmUseMainIpRestriction` is set to `true`. Any scm restrictions will become active if this is subsequently set to `false` or removed. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the App Service run in 32 bit mode, rather than 64 bit mode? * * > **NOTE:** when using an App Service Plan in the `Free` or `Shared` Tiers `use32BitWorkerProcess` must be set to `true`. */ use32BitWorkerProcess?: pulumi.Input; /** * Should all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied? Defaults to `false`. * * > **NOTE:** This setting supersedes the previous mechanism of setting the `appSettings` value of `WEBSITE_VNET_ROUTE_ALL`. However, to prevent older configurations breaking Terraform will update this value if it not explicitly set to the value in `app_settings.WEBSITE_VNET_ROUTE_ALL`. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should WebSockets be enabled? */ websocketsEnabled?: pulumi.Input; /** * The Windows Docker container image (`DOCKER|`) */ windowsFxVersion?: pulumi.Input; } interface AppServiceSiteConfigCors { /** * A list of origins which should be able to make cross-origin calls. `*` can be used to allow all calls. */ allowedOrigins: pulumi.Input[]>; /** * Are credentials supported? */ supportCredentials?: pulumi.Input; } interface AppServiceSiteConfigIpRestriction { /** * Does this restriction `Allow` or `Deny` access for this IP range. Defaults to `Allow`. */ action?: pulumi.Input; /** * The `headers` block for this specific `ipRestriction` as defined below. */ headers?: pulumi.Input; /** * The IP Address used for this IP Restriction in CIDR notation. */ ipAddress?: pulumi.Input; /** * The name for this IP Restriction. */ name?: pulumi.Input; /** * The priority for this IP Restriction. Restrictions are enforced in priority order. By default, priority is set to 65000 if not specified. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **NOTE:** One of either `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified */ virtualNetworkSubnetId?: pulumi.Input; } interface AppServiceSiteConfigIpRestrictionHeaders { /** * A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8. */ xAzureFdids?: pulumi.Input[]>; /** * A list to allow the Azure FrontDoor health probe header. Only allowed value is "1". */ xFdHealthProbe?: pulumi.Input; /** * A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8 */ xForwardedFors?: pulumi.Input[]>; /** * A list of allowed 'X-Forwarded-Host' domains with a maximum of 8. */ xForwardedHosts?: pulumi.Input[]>; } interface AppServiceSiteConfigScmIpRestriction { /** * Allow or Deny access for this IP range. Defaults to `Allow`. */ action?: pulumi.Input; /** * The `headers` block for this specific `scmIpRestriction` as defined below. */ headers?: pulumi.Input; /** * The IP Address used for this IP Restriction in CIDR notation. */ ipAddress?: pulumi.Input; /** * The name for this IP Restriction. */ name?: pulumi.Input; /** * The priority for this IP Restriction. Restrictions are enforced in priority order. By default, priority is set to 65000 if not specified. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **NOTE:** One of either `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified */ virtualNetworkSubnetId?: pulumi.Input; } interface AppServiceSiteConfigScmIpRestrictionHeaders { /** * A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8. */ xAzureFdids?: pulumi.Input[]>; /** * A list to allow the Azure FrontDoor health probe header. Only allowed value is "1". */ xFdHealthProbe?: pulumi.Input; /** * A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8 */ xForwardedFors?: pulumi.Input[]>; /** * A list of allowed 'X-Forwarded-Host' domains with a maximum of 8. */ xForwardedHosts?: pulumi.Input[]>; } interface AppServiceSiteCredential { /** * The password associated with the username, which can be used to publish to this App Service. */ password?: pulumi.Input; /** * The username which can be used to publish to this App Service */ username?: pulumi.Input; } interface AppServiceSourceControl { /** * The branch of the remote repository to use. Defaults to 'master'. */ branch?: pulumi.Input; /** * Limits to manual integration. Defaults to `false` if not specified. */ manualIntegration?: pulumi.Input; /** * The URL of the source code repository. */ repoUrl?: pulumi.Input; /** * Enable roll-back for the repository. Defaults to `false` if not specified. */ rollbackEnabled?: pulumi.Input; /** * Use Mercurial if `true`, otherwise uses Git. */ useMercurial?: pulumi.Input; } interface AppServiceStorageAccount { /** * The access key for the storage account. */ accessKey: pulumi.Input; /** * The name of the storage account. */ accountName: pulumi.Input; /** * The path to mount the storage within the site's runtime environment. */ mountPath?: pulumi.Input; /** * The name of the storage account identifier. */ name: pulumi.Input; /** * The name of the file share (container name, for Blob storage). */ shareName: pulumi.Input; /** * The type of storage. Possible values are `AzureBlob` and `AzureFiles`. */ type: pulumi.Input; } interface CertificateOrderCertificate { /** * The name of the App Service Certificate. */ certificateName?: pulumi.Input; /** * Key Vault resource Id. */ keyVaultId?: pulumi.Input; /** * Key Vault secret name. */ keyVaultSecretName?: pulumi.Input; /** * Status of the Key Vault secret. */ provisioningState?: pulumi.Input; } interface ConnectionAuthentication { /** * Service principal certificate for `servicePrincipal` auth. Should be specified when `type` is set to `servicePrincipalCertificate`. */ certificate?: pulumi.Input; /** * Client ID for `userAssignedIdentity` or `servicePrincipal` auth. Should be specified when `type` is set to `servicePrincipalSecret` or `servicePrincipalCertificate`. When `type` is set to `userAssignedIdentity`, `clientId` and `subscriptionId` should be either both specified or both not specified. */ clientId?: pulumi.Input; /** * Username or account name for secret auth. `name` and `secret` should be either both specified or both not specified when `type` is set to `secret`. */ name?: pulumi.Input; /** * Principal ID for `servicePrincipal` auth. Should be specified when `type` is set to `servicePrincipalSecret` or `servicePrincipalCertificate`. */ principalId?: pulumi.Input; /** * Password or account key for secret auth. `secret` and `name` should be either both specified or both not specified when `type` is set to `secret`. */ secret?: pulumi.Input; /** * Subscription ID for `userAssignedIdentity`. `subscriptionId` and `clientId` should be either both specified or both not specified. */ subscriptionId?: pulumi.Input; /** * The authentication type. Possible values are `systemAssignedIdentity`, `userAssignedIdentity`, `servicePrincipalSecret`, `servicePrincipalCertificate`, `secret`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface ConnectionSecretStore { /** * The key vault id to store secret. */ keyVaultId: pulumi.Input; } interface EnvironmentV3ClusterSetting { /** * The name of the Cluster Setting. */ name: pulumi.Input; /** * The value for the Cluster Setting. */ value: pulumi.Input; } interface EnvironmentV3InboundNetworkDependency { /** * A short description of the purpose of the network traffic. */ description?: pulumi.Input; /** * A list of IP addresses that network traffic will originate from in CIDR notation. */ ipAddresses?: pulumi.Input[]>; /** * The ports that network traffic will arrive to the App Service Environment V3 on. */ ports?: pulumi.Input[]>; } interface FunctionAppAuthSettings { /** * A `activeDirectory` block as defined below. */ activeDirectory?: pulumi.Input; /** * Login parameters to send to the OpenID Connect authorization endpoint when a user logs in. Each parameter must be in the form "key=value". */ additionalLoginParams?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * External URLs that can be redirected to as part of logging in or logging out of the app. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default provider to use when multiple providers have been set up. Possible values are `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount` and `Twitter`. * * > **NOTE:** When using multiple providers, the default provider must be set for settings like `unauthenticatedClientAction` to work. */ defaultProvider?: pulumi.Input; /** * Is Authentication enabled? */ enabled: pulumi.Input; /** * A `facebook` block as defined below. */ facebook?: pulumi.Input; /** * A `google` block as defined below. */ google?: pulumi.Input; /** * Issuer URI. When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * A `microsoft` block as defined below. */ microsoft?: pulumi.Input; /** * The runtime version of the Authentication/Authorization module. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72`. */ tokenRefreshExtensionHours?: pulumi.Input; /** * If enabled the module will durably store platform-specific security tokens that are obtained during login flows. Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * A `twitter` block as defined below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values are `AllowAnonymous` and `RedirectToLoginPage`. */ unauthenticatedClientAction?: pulumi.Input; } interface FunctionAppAuthSettingsActiveDirectory { /** * Allowed audience values to consider when validating JWTs issued by Azure Active Directory. */ allowedAudiences?: pulumi.Input[]>; /** * The Client ID of this relying party application. Enables OpenIDConnection authentication with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret of this relying party application. If no secret is provided, implicit flow will be used. */ clientSecret?: pulumi.Input; } interface FunctionAppAuthSettingsFacebook { /** * The App ID of the Facebook app used for login */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. */ appSecret: pulumi.Input; /** * The OAuth 2.0 scopes that will be requested as part of Facebook login authentication. */ oauthScopes?: pulumi.Input[]>; } interface FunctionAppAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. */ clientSecret: pulumi.Input; /** * The OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. */ oauthScopes?: pulumi.Input[]>; } interface FunctionAppAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. */ clientSecret: pulumi.Input; /** * The OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. */ oauthScopes?: pulumi.Input[]>; } interface FunctionAppAuthSettingsTwitter { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. */ consumerSecret: pulumi.Input; } interface FunctionAppConnectionString { /** * The name of the Connection String. */ name: pulumi.Input; /** * The type of the Connection String. Possible values are `APIHub`, `Custom`, `DocDb`, `EventHub`, `MySQL`, `NotificationHub`, `PostgreSQL`, `RedisCache`, `ServiceBus`, `SQLAzure` and `SQLServer`. */ type: pulumi.Input; /** * The value for the Connection String. */ value: pulumi.Input; } interface FunctionAppFunctionFile { /** * The content of the file. Changing this forces a new resource to be created. */ content: pulumi.Input; /** * The filename of the file to be uploaded. Changing this forces a new resource to be created. */ name: pulumi.Input; } interface FunctionAppIdentity { /** * Specifies a list of user managed identity ids to be assigned. Required if `type` is `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this App Service. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this App Service. */ tenantId?: pulumi.Input; /** * Specifies the identity type of the Function App. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you), `UserAssigned` where you can specify the Service Principal IDs in the `identityIds` field, and `SystemAssigned, UserAssigned` which assigns both a system managed identity as well as the specified user assigned identities. * * > **NOTE:** When `type` is set to `SystemAssigned`, The assigned `principalId` and `tenantId` can be retrieved after the Function App has been created. More details are available below. */ type: pulumi.Input; } interface FunctionAppSiteConfig { /** * Should the Function App be loaded at all times? Defaults to `false`. */ alwaysOn?: pulumi.Input; /** * The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. */ appScaleLimit?: pulumi.Input; /** * The name of the slot to automatically swap to during deployment * * > **NOTE:** This attribute is only used for slots. */ autoSwapSlotName?: pulumi.Input; /** * A `cors` block as defined below. */ cors?: pulumi.Input; /** * The version of the .NET framework's CLR used in this function app. Possible values are `v4.0` (including .NET Core 2.1 and 3.1), `v5.0` and `v6.0`. [For more information on which .NET Framework version to use based on the runtime version you're targeting - please see this table](https://docs.microsoft.com/azure/azure-functions/functions-dotnet-class-library#supported-versions). Defaults to `v4.0`. */ dotnetFrameworkVersion?: pulumi.Input; /** * The number of minimum instances for this function app. Only affects apps on the Premium plan. Possible values are between `1` and `20`. */ elasticInstanceMinimum?: pulumi.Input; /** * State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `AllAllowed`. */ ftpsState?: pulumi.Input; /** * Path which will be checked for this function app health. */ healthCheckPath?: pulumi.Input; /** * Specifies whether or not the HTTP2 protocol should be enabled. Defaults to `false`. */ http2Enabled?: pulumi.Input; /** * A list of `ipRestriction` objects representing IP restrictions as defined below. * * > **NOTE** User has to explicitly set `ipRestriction` to empty slice (`[]`) to remove it. */ ipRestrictions?: pulumi.Input[]>; /** * Java version hosted by the function app in Azure. Possible values are `1.8`, `11` & `17` (In-Preview). */ javaVersion?: pulumi.Input; /** * Linux App Framework and version for the AppService, e.g. `DOCKER|(golang:latest)`. */ linuxFxVersion?: pulumi.Input; /** * The minimum supported TLS version for the function app. Possible values are `1.0`, `1.1`, and `1.2`. Defaults to `1.2` for new function apps. */ minTlsVersion?: pulumi.Input; /** * The number of pre-warmed instances for this function app. Only affects apps on the Premium plan. */ preWarmedInstanceCount?: pulumi.Input; /** * Should Runtime Scale Monitoring be enabled?. Only applicable to apps on the Premium plan. Defaults to `false`. */ runtimeScaleMonitoringEnabled?: pulumi.Input; /** * A list of `scmIpRestriction` objects representing IP restrictions as defined below. * * > **NOTE** User has to explicitly set `scmIpRestriction` to empty slice (`[]`) to remove it. */ scmIpRestrictions?: pulumi.Input[]>; /** * The type of Source Control used by the Function App. Valid values include: `BitBucketGit`, `BitBucketHg`, `CodePlexGit`, `CodePlexHg`, `Dropbox`, `ExternalGit`, `ExternalHg`, `GitHub`, `LocalGit`, `None` (default), `OneDrive`, `Tfs`, `VSO`, and `VSTSRM`. * * > **NOTE:** This setting is incompatible with the `sourceControl` block which updates this value based on the setting provided. */ scmType?: pulumi.Input; /** * IP security restrictions for scm to use main. Defaults to `false`. * * > **NOTE** Any `scmIpRestriction` blocks configured are ignored by the service when `scmUseMainIpRestriction` is set to `true`. Any scm restrictions will become active if this is subsequently set to `false` or removed. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the Function App run in 32 bit mode, rather than 64 bit mode? Defaults to `true`. * * > **Note:** when using an App Service Plan in the `Free` or `Shared` Tiers `use32BitWorkerProcess` must be set to `true`. */ use32BitWorkerProcess?: pulumi.Input; /** * Should all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied? Defaults to `false`. * * > **NOTE:** This setting supersedes the previous mechanism of setting the `appSettings` value of `WEBSITE_VNET_ROUTE_ALL`. However, to prevent older configurations breaking Terraform will update this value if it not explicitly set to the value in `app_settings.WEBSITE_VNET_ROUTE_ALL`. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should WebSockets be enabled? */ websocketsEnabled?: pulumi.Input; } interface FunctionAppSiteConfigCors { /** * A list of origins which should be able to make cross-origin calls. `*` can be used to allow all calls. */ allowedOrigins: pulumi.Input[]>; /** * Are credentials supported? */ supportCredentials?: pulumi.Input; } interface FunctionAppSiteConfigIpRestriction { /** * Does this restriction `Allow` or `Deny` access for this IP range. Defaults to `Allow`. */ action?: pulumi.Input; /** * The `headers` block for this specific `ipRestriction` as defined below. */ headers?: pulumi.Input; /** * The IP Address used for this IP Restriction in CIDR notation. */ ipAddress?: pulumi.Input; /** * The name for this IP Restriction. */ name?: pulumi.Input; /** * The priority for this IP Restriction. Restrictions are enforced in priority order. By default, the priority is set to 65000 if not specified. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **NOTE:** One of either `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified */ virtualNetworkSubnetId?: pulumi.Input; } interface FunctionAppSiteConfigIpRestrictionHeaders { /** * A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8. */ xAzureFdids?: pulumi.Input[]>; /** * A list to allow the Azure FrontDoor health probe header. Only allowed value is "1". */ xFdHealthProbe?: pulumi.Input; /** * A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8 */ xForwardedFors?: pulumi.Input[]>; /** * A list of allowed 'X-Forwarded-Host' domains with a maximum of 8. */ xForwardedHosts?: pulumi.Input[]>; } interface FunctionAppSiteConfigScmIpRestriction { /** * Allow or Deny access for this IP range. Defaults to `Allow`. */ action?: pulumi.Input; /** * The `headers` block for this specific `scmIpRestriction` as defined below. */ headers?: pulumi.Input; /** * The IP Address used for this IP Restriction in CIDR notation. */ ipAddress?: pulumi.Input; /** * The name for this IP Restriction. */ name?: pulumi.Input; /** * The priority for this IP Restriction. Restrictions are enforced in priority order. By default, priority is set to 65000 if not specified. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **NOTE:** One of either `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified */ virtualNetworkSubnetId?: pulumi.Input; } interface FunctionAppSiteConfigScmIpRestrictionHeaders { /** * A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8. */ xAzureFdids?: pulumi.Input[]>; /** * A list to allow the Azure FrontDoor health probe header. Only allowed value is "1". */ xFdHealthProbe?: pulumi.Input; /** * A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8 */ xForwardedFors?: pulumi.Input[]>; /** * A list of allowed 'X-Forwarded-Host' domains with a maximum of 8. */ xForwardedHosts?: pulumi.Input[]>; } interface FunctionAppSiteCredential { /** * The password associated with the username, which can be used to publish to this App Service. */ password?: pulumi.Input; /** * The username which can be used to publish to this App Service */ username?: pulumi.Input; } interface FunctionAppSlotAuthSettings { /** * An `activeDirectory` block as defined below. */ activeDirectory?: pulumi.Input; /** * login parameters to send to the OpenID Connect authorization endpoint when a user logs in. Each parameter must be in the form "key=value". */ additionalLoginParams?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * External URLs that can be redirected to as part of logging in or logging out of the app. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default provider to use when multiple providers have been set up. Possible values are `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount` and `Twitter`. * * > **NOTE:** When using multiple providers, the default provider must be set for settings like `unauthenticatedClientAction` to work. */ defaultProvider?: pulumi.Input; /** * Is Authentication enabled? */ enabled: pulumi.Input; /** * A `facebook` block as defined below. */ facebook?: pulumi.Input; /** * A `google` block as defined below. */ google?: pulumi.Input; /** * Issuer URI. When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * A `microsoft` block as defined below. */ microsoft?: pulumi.Input; /** * The runtime version of the Authentication/Authorization module. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72`. */ tokenRefreshExtensionHours?: pulumi.Input; /** * If enabled the module will durably store platform-specific security tokens that are obtained during login flows. Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * A `twitter` block as defined below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values are `AllowAnonymous` and `RedirectToLoginPage`. */ unauthenticatedClientAction?: pulumi.Input; } interface FunctionAppSlotAuthSettingsActiveDirectory { /** * Allowed audience values to consider when validating JWTs issued by Azure Active Directory. */ allowedAudiences?: pulumi.Input[]>; /** * The Client ID of this relying party application. Enables OpenIDConnection authentication with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret of this relying party application. If no secret is provided, implicit flow will be used. */ clientSecret?: pulumi.Input; } interface FunctionAppSlotAuthSettingsFacebook { /** * The App ID of the Facebook app used for login */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. */ appSecret: pulumi.Input; /** * The OAuth 2.0 scopes that will be requested as part of Facebook login authentication. */ oauthScopes?: pulumi.Input[]>; } interface FunctionAppSlotAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. */ clientSecret: pulumi.Input; /** * The OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. */ oauthScopes?: pulumi.Input[]>; } interface FunctionAppSlotAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. */ clientSecret: pulumi.Input; /** * The OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. */ oauthScopes?: pulumi.Input[]>; } interface FunctionAppSlotAuthSettingsTwitter { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. */ consumerSecret: pulumi.Input; } interface FunctionAppSlotConnectionString { /** * The name of the Connection String. */ name: pulumi.Input; /** * The type of the Connection String. Possible values are `APIHub`, `Custom`, `DocDb`, `EventHub`, `MySQL`, `NotificationHub`, `PostgreSQL`, `RedisCache`, `ServiceBus`, `SQLAzure` and `SQLServer`. */ type: pulumi.Input; /** * The value for the Connection String. */ value: pulumi.Input; } interface FunctionAppSlotIdentity { /** * Specifies a list of user managed identity ids to be assigned. Required if `type` is `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this App Service. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this App Service. */ tenantId?: pulumi.Input; /** * Specifies the identity type of the Function App. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you), `UserAssigned` where you can specify the Service Principal IDs in the `identityIds` field, and `SystemAssigned, UserAssigned` which assigns both a system managed identity as well as the specified user assigned identities. * * > **NOTE:** When `type` is set to `SystemAssigned`, The assigned `principalId` and `tenantId` can be retrieved after the Function App has been created. More details are available below. */ type: pulumi.Input; } interface FunctionAppSlotSiteConfig { /** * Should the Function App be loaded at all times? Defaults to `false`. */ alwaysOn?: pulumi.Input; /** * The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. */ appScaleLimit?: pulumi.Input; /** * The name of the slot to automatically swap to during deployment */ autoSwapSlotName?: pulumi.Input; /** * A `cors` block as defined below. */ cors?: pulumi.Input; /** * The version of the .NET framework's CLR used in this function app. Possible values are `v4.0` (including .NET Core 2.1 and 3.1), `v5.0` and `v6.0`. [For more information on which .NET Framework version to use based on the runtime version you're targeting - please see this table](https://docs.microsoft.com/azure/azure-functions/functions-dotnet-class-library#supported-versions). Defaults to `v4.0`. */ dotnetFrameworkVersion?: pulumi.Input; /** * The number of minimum instances for this function app. Only applicable to apps on the Premium plan. */ elasticInstanceMinimum?: pulumi.Input; /** * State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. */ ftpsState?: pulumi.Input; /** * Path which will be checked for this function app health. */ healthCheckPath?: pulumi.Input; /** * Specifies whether or not the HTTP2 protocol should be enabled. Defaults to `false`. */ http2Enabled?: pulumi.Input; /** * A list of `ipRestriction` objects representing IP restrictions as defined below. */ ipRestrictions?: pulumi.Input[]>; /** * Java version hosted by the function app in Azure. Possible values are `1.8`, `11` & `17` (In-Preview). */ javaVersion?: pulumi.Input; /** * Linux App Framework and version for the AppService, e.g. `DOCKER|(golang:latest)`. */ linuxFxVersion?: pulumi.Input; /** * The minimum supported TLS version for the function app. Possible values are `1.0`, `1.1`, and `1.2`. Defaults to `1.2` for new function apps. */ minTlsVersion?: pulumi.Input; /** * The number of pre-warmed instances for this function app. Only affects apps on the Premium plan. */ preWarmedInstanceCount?: pulumi.Input; /** * Should Runtime Scale Monitoring be enabled?. Only applicable to apps on the Premium plan. Defaults to `false`. */ runtimeScaleMonitoringEnabled?: pulumi.Input; /** * A list of `scmIpRestriction` objects representing IP restrictions as defined below. * * > **NOTE** User has to explicitly set `scmIpRestriction` to empty slice (`[]`) to remove it. */ scmIpRestrictions?: pulumi.Input[]>; /** * The type of Source Control used by this function App. Valid values include: `BitBucketGit`, `BitBucketHg`, `CodePlexGit`, `CodePlexHg`, `Dropbox`, `ExternalGit`, `ExternalHg`, `GitHub`, `LocalGit`, `None` (default), `OneDrive`, `Tfs`, `VSO`, and `VSTSRM`. * * > **NOTE:** This setting is incompatible with the `sourceControl` block which updates this value based on the setting provided. */ scmType?: pulumi.Input; /** * IP security restrictions for scm to use main. Defaults to `false`. * * > **NOTE** Any `scmIpRestriction` blocks configured are ignored by the service when `scmUseMainIpRestriction` is set to `true`. Any scm restrictions will become active if this is subsequently set to `false` or removed. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the Function App run in 32 bit mode, rather than 64 bit mode? Defaults to `true`. * * > **Note:** when using an App Service Plan in the `Free` or `Shared` Tiers `use32BitWorkerProcess` must be set to `true`. */ use32BitWorkerProcess?: pulumi.Input; vnetRouteAllEnabled?: pulumi.Input; /** * Should WebSockets be enabled? */ websocketsEnabled?: pulumi.Input; } interface FunctionAppSlotSiteConfigCors { /** * A list of origins which should be able to make cross-origin calls. `*` can be used to allow all calls. */ allowedOrigins: pulumi.Input[]>; /** * Are credentials supported? */ supportCredentials?: pulumi.Input; } interface FunctionAppSlotSiteConfigIpRestriction { /** * Does this restriction `Allow` or `Deny` access for this IP range. Defaults to `Allow`. */ action?: pulumi.Input; /** * The `headers` block for this specific `ipRestriction` as defined below. */ headers?: pulumi.Input; /** * The IP Address used for this IP Restriction in CIDR notation. */ ipAddress?: pulumi.Input; /** * The name for this IP Restriction. */ name?: pulumi.Input; /** * The priority for this IP Restriction. Restrictions are enforced in priority order. By default, priority is set to 65000 if not specified. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **NOTE:** One of either `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified */ virtualNetworkSubnetId?: pulumi.Input; } interface FunctionAppSlotSiteConfigIpRestrictionHeaders { /** * A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8. */ xAzureFdids?: pulumi.Input[]>; /** * A list to allow the Azure FrontDoor health probe header. Only allowed value is "1". */ xFdHealthProbe?: pulumi.Input; /** * A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8 */ xForwardedFors?: pulumi.Input[]>; /** * A list of allowed 'X-Forwarded-Host' domains with a maximum of 8. */ xForwardedHosts?: pulumi.Input[]>; } interface FunctionAppSlotSiteConfigScmIpRestriction { /** * Allow or Deny access for this IP range. Defaults to `Allow`. */ action?: pulumi.Input; /** * The `headers` block for this specific `scmIpRestriction` as defined below. */ headers?: pulumi.Input; /** * The IP Address used for this IP Restriction in CIDR notation. */ ipAddress?: pulumi.Input; /** * The name for this IP Restriction. */ name?: pulumi.Input; /** * The priority for this IP Restriction. Restrictions are enforced in priority order. By default, priority is set to 65000 if not specified. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **NOTE:** One of either `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified */ virtualNetworkSubnetId?: pulumi.Input; } interface FunctionAppSlotSiteConfigScmIpRestrictionHeaders { /** * A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8. */ xAzureFdids?: pulumi.Input[]>; /** * A list to allow the Azure FrontDoor health probe header. Only allowed value is "1". */ xFdHealthProbe?: pulumi.Input; /** * A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8 */ xForwardedFors?: pulumi.Input[]>; /** * A list of allowed 'X-Forwarded-Host' domains with a maximum of 8. */ xForwardedHosts?: pulumi.Input[]>; } interface FunctionAppSlotSiteCredential { /** * The password associated with the username, which can be used to publish to this App Service. */ password?: pulumi.Input; /** * The username which can be used to publish to this App Service */ username?: pulumi.Input; } interface FunctionAppSourceControl { /** * The branch of the remote repository to use. Defaults to 'master'. */ branch?: pulumi.Input; /** * Limits to manual integration. Defaults to `false` if not specified. */ manualIntegration?: pulumi.Input; /** * The URL of the source code repository. */ repoUrl?: pulumi.Input; /** * Enable roll-back for the repository. Defaults to `false` if not specified. */ rollbackEnabled?: pulumi.Input; /** * Use Mercurial if `true`, otherwise uses Git. */ useMercurial?: pulumi.Input; } interface LinuxFunctionAppAuthSettings { /** * An `activeDirectory` block as defined above. */ activeDirectory?: pulumi.Input; /** * Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. */ additionalLoginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Linux Web App. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github` * * > **Note:** This setting is only needed if multiple providers are configured, and the `unauthenticatedClientAction` is set to "RedirectToLoginPage". */ defaultProvider?: pulumi.Input; /** * Should the Authentication / Authorization feature be enabled for the Linux Web App? */ enabled: pulumi.Input; /** * A `facebook` block as defined below. */ facebook?: pulumi.Input; /** * A `github` block as defined below. */ github?: pulumi.Input; /** * A `google` block as defined below. */ google?: pulumi.Input; /** * The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Linux Web App. * * > **Note:** When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * A `microsoft` block as defined below. */ microsoft?: pulumi.Input; /** * The RuntimeVersion of the Authentication / Authorization feature in use for the Linux Web App. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionHours?: pulumi.Input; /** * Should the Linux Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * A `twitter` block as defined below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. */ unauthenticatedClientAction?: pulumi.Input; } interface LinuxFunctionAppAuthSettingsActiveDirectory { /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** The `clientId` value is always considered an allowed audience. */ allowedAudiences?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret for the Client ID. Cannot be used with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. Cannot be used with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; } interface LinuxFunctionAppAuthSettingsFacebook { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. Cannot be specified with `appSecretSettingName`. */ appSecret?: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook login. Cannot be specified with `appSecret`. */ appSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook login authentication. */ oauthScopes?: pulumi.Input[]>; } interface LinuxFunctionAppAuthSettingsGithub { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The Client Secret of the GitHub app used for GitHub login. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub login authentication. */ oauthScopes?: pulumi.Input[]>; } interface LinuxFunctionAppAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, `openid`, `profile`, and `email` are used as default scopes. */ oauthScopes?: pulumi.Input[]>; } interface LinuxFunctionAppAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, `wl.basic` is used as the default scope. */ oauthScopes?: pulumi.Input[]>; } interface LinuxFunctionAppAuthSettingsTwitter { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecretSettingName`. */ consumerSecret?: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecret`. */ consumerSecretSettingName?: pulumi.Input; } interface LinuxFunctionAppAuthSettingsV2 { /** * An `activeDirectoryV2` block as defined below. */ activeDirectoryV2?: pulumi.Input; /** * An `appleV2` block as defined below. */ appleV2?: pulumi.Input; /** * Should the AuthV2 Settings be enabled. Defaults to `false`. */ authEnabled?: pulumi.Input; /** * An `azureStaticWebAppV2` block as defined below. */ azureStaticWebAppV2?: pulumi.Input; /** * The path to the App Auth settings. * * > **Note:** Relative Paths are evaluated from the Site Root directory. */ configFilePath?: pulumi.Input; /** * Zero or more `customOidcV2` blocks as defined below. */ customOidcV2s?: pulumi.Input[]>; /** * The Default Authentication Provider to use when the `unauthenticatedAction` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `customOidcV2` provider. * * > **Note:** Whilst any value will be accepted by the API for `defaultProvider`, it can leave the app in an unusable state if this value does not correspond to the name of a known provider (either built-in value, or customOidc name) as it is used to build the auth endpoint URI. */ defaultProvider?: pulumi.Input; /** * The paths which should be excluded from the `unauthenticatedAction` when it is set to `RedirectToLoginPage`. * * > **Note:** This list should be used instead of setting `WEBSITE_WARMUP_PATH` in `appSettings` as it takes priority. */ excludedPaths?: pulumi.Input[]>; /** * A `facebookV2` block as defined below. */ facebookV2?: pulumi.Input; /** * The convention used to determine the url of the request made. Possible values include `NoProxy`, `Standard`, `Custom`. Defaults to `NoProxy`. */ forwardProxyConvention?: pulumi.Input; /** * The name of the custom header containing the host of the request. */ forwardProxyCustomHostHeaderName?: pulumi.Input; /** * The name of the custom header containing the scheme of the request. */ forwardProxyCustomSchemeHeaderName?: pulumi.Input; /** * A `githubV2` block as defined below. */ githubV2?: pulumi.Input; /** * A `googleV2` block as defined below. */ googleV2?: pulumi.Input; /** * The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth`. */ httpRouteApiPrefix?: pulumi.Input; /** * A `login` block as defined below. */ login: pulumi.Input; /** * A `microsoftV2` block as defined below. */ microsoftV2?: pulumi.Input; /** * Should the authentication flow be used for all requests. */ requireAuthentication?: pulumi.Input; /** * Should HTTPS be required on connections? Defaults to `true`. */ requireHttps?: pulumi.Input; /** * The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1`. */ runtimeVersion?: pulumi.Input; /** * A `twitterV2` block as defined below. */ twitterV2?: pulumi.Input; /** * The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. */ unauthenticatedAction?: pulumi.Input; } interface LinuxFunctionAppAuthSettingsV2ActiveDirectoryV2 { /** * The list of allowed Applications for the Default Authorisation Policy. */ allowedApplications?: pulumi.Input[]>; /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ allowedAudiences?: pulumi.Input[]>; /** * The list of allowed Group Names for the Default Authorisation Policy. */ allowedGroups?: pulumi.Input[]>; /** * The list of allowed Identities for the Default Authorisation Policy. */ allowedIdentities?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The thumbprint of the certificate used for signing purposes. * * !> **Note:** If one `clientSecretSettingName` or `clientSecretCertificateThumbprint` is specified, terraform won't write the client secret or secret certificate thumbprint back to `appSetting`, so make sure they are existed in `appSettings` to function correctly. */ clientSecretCertificateThumbprint?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName?: pulumi.Input; /** * A list of Allowed Client Applications in the JWT Claim. */ jwtAllowedClientApplications?: pulumi.Input[]>; /** * A list of Allowed Groups in the JWT Claim. */ jwtAllowedGroups?: pulumi.Input[]>; /** * A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. */ loginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/{tenant-guid}/v2.0/` * * > **Note:** [Here](https://learn.microsoft.com/en-us/entra/identity-platform/authentication-national-cloud#microsoft-entra-authentication-endpoints) is a list of possible authentication endpoints based on the cloud environment. [Here](https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-tenant) is more information to better understand how to configure authentication for Azure App Service or Azure Functions. */ tenantAuthEndpoint: pulumi.Input; /** * Should the www-authenticate provider should be omitted from the request? Defaults to `false`. */ wwwAuthenticationDisabled?: pulumi.Input; } interface LinuxFunctionAppAuthSettingsV2AppleV2 { /** * The OpenID Connect Client ID for the Apple web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Apple Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * A list of Login Scopes provided by this Authentication Provider. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ loginScopes?: pulumi.Input[]>; } interface LinuxFunctionAppAuthSettingsV2AzureStaticWebAppV2 { /** * The ID of the Client to use to authenticate with Azure Static Web App Authentication. */ clientId: pulumi.Input; } interface LinuxFunctionAppAuthSettingsV2CustomOidcV2 { /** * The endpoint to make the Authorisation Request as supplied by `openidConfigurationEndpoint` response. */ authorisationEndpoint?: pulumi.Input; /** * The endpoint that provides the keys necessary to validate the token as supplied by `openidConfigurationEndpoint` response. */ certificationUri?: pulumi.Input; /** * The Client Credential Method used. */ clientCredentialMethod?: pulumi.Input; /** * The ID of the Client to use to authenticate with the Custom OIDC. */ clientId: pulumi.Input; /** * The App Setting name that contains the secret for this Custom OIDC Client. This is generated from `name` above and suffixed with `_PROVIDER_AUTHENTICATION_SECRET`. */ clientSecretSettingName?: pulumi.Input; /** * The endpoint that issued the Token as supplied by `openidConfigurationEndpoint` response. */ issuerEndpoint?: pulumi.Input; /** * The name of the Custom OIDC Authentication Provider. * * > **Note:** An `appSetting` matching this value in upper case with the suffix of `_PROVIDER_AUTHENTICATION_SECRET` is required. e.g. `MYOIDC_PROVIDER_AUTHENTICATION_SECRET` for a value of `myoidc`. */ name: pulumi.Input; /** * The name of the claim that contains the users name. */ nameClaimType?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for the Custom OIDC Login. */ openidConfigurationEndpoint: pulumi.Input; /** * The list of the scopes that should be requested while authenticating. */ scopes?: pulumi.Input[]>; /** * The endpoint used to request a Token as supplied by `openidConfigurationEndpoint` response. */ tokenEndpoint?: pulumi.Input; } interface LinuxFunctionAppAuthSettingsV2FacebookV2 { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ appSecretSettingName: pulumi.Input; /** * The version of the Facebook API to be used while logging in. */ graphApiVersion?: pulumi.Input; /** * The list of scopes that should be requested as part of Facebook Login authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxFunctionAppAuthSettingsV2GithubV2 { /** * The ID of the GitHub app used for login.. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of GitHub Login authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxFunctionAppAuthSettingsV2GoogleV2 { /** * Specifies a list of Allowed Audiences that should be requested as part of Google Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of Google Sign-In authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxFunctionAppAuthSettingsV2Login { /** * External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. * * > **Note:** URLs within the current domain are always implicitly allowed. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. */ cookieExpirationConvention?: pulumi.Input; /** * The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. */ cookieExpirationTime?: pulumi.Input; /** * The endpoint to which logout requests should be made. */ logoutEndpoint?: pulumi.Input; /** * The time after the request is made when the nonce should expire. Defaults to `00:05:00`. */ nonceExpirationTime?: pulumi.Input; /** * Should the fragments from the request be preserved after the login request is made. Defaults to `false`. */ preserveUrlFragmentsForLogins?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionTime?: pulumi.Input; /** * Should the Token Store configuration Enabled. Defaults to `false` */ tokenStoreEnabled?: pulumi.Input; /** * The directory path in the App Filesystem in which the tokens will be stored. */ tokenStorePath?: pulumi.Input; /** * The name of the app setting which contains the SAS URL of the blob storage containing the tokens. */ tokenStoreSasSettingName?: pulumi.Input; /** * Should the nonce be validated while completing the login flow. Defaults to `true`. */ validateNonce?: pulumi.Input; } interface LinuxFunctionAppAuthSettingsV2MicrosoftV2 { /** * Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of Login scopes that should be requested as part of Microsoft Account authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxFunctionAppAuthSettingsV2TwitterV2 { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ consumerSecretSettingName: pulumi.Input; } interface LinuxFunctionAppBackup { /** * Should this backup job be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The name which should be used for this Backup. */ name: pulumi.Input; /** * A `schedule` block as defined below. */ schedule: pulumi.Input; /** * The SAS URL to the container. */ storageAccountUrl: pulumi.Input; } interface LinuxFunctionAppBackupSchedule { /** * How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequencyUnit` should be set to `Day`). * * > **Note:** Not all intervals are supported on all Linux Function App SKUs. Please refer to the official documentation for appropriate values. */ frequencyInterval: pulumi.Input; /** * The unit of time for how often the backup should take place. Possible values include: `Day` and `Hour`. */ frequencyUnit: pulumi.Input; /** * Should the service keep at least one backup, regardless of age of backup. Defaults to `false`. */ keepAtLeastOneBackup?: pulumi.Input; /** * The time the backup was last attempted. */ lastExecutionTime?: pulumi.Input; /** * After how many days backups should be deleted. Defaults to `30`. */ retentionPeriodDays?: pulumi.Input; /** * When the schedule should start working in RFC-3339 format. */ startTime?: pulumi.Input; } interface LinuxFunctionAppConnectionString { /** * The name which should be used for this Connection. */ name: pulumi.Input; /** * Type of database. Possible values include: `MySQL`, `SQLServer`, `SQLAzure`, `Custom`, `NotificationHub`, `ServiceBus`, `EventHub`, `APIHub`, `DocDb`, `RedisCache`, and `PostgreSQL`. */ type: pulumi.Input; /** * The connection string value. */ value: pulumi.Input; } interface LinuxFunctionAppIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Linux Function App. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Linux Function App. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface LinuxFunctionAppSiteConfig { /** * If this Linux Web App is Always On enabled. Defaults to `false`. * * > **Note:** when running in a Consumption or Premium Plan, `alwaysOn` feature should be turned off. Please turn it off before upgrading the service plan from standard to premium. */ alwaysOn?: pulumi.Input; /** * The URL of the API definition that describes this Linux Function App. */ apiDefinitionUrl?: pulumi.Input; /** * The ID of the API Management API for this Linux Function App. */ apiManagementApiId?: pulumi.Input; /** * The App command line to launch. */ appCommandLine?: pulumi.Input; /** * The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. */ appScaleLimit?: pulumi.Input; /** * An `appServiceLogs` block as defined above. */ appServiceLogs?: pulumi.Input; /** * The Connection String for linking the Linux Function App to Application Insights. */ applicationInsightsConnectionString?: pulumi.Input; /** * The Instrumentation Key for connecting the Linux Function App to Application Insights. */ applicationInsightsKey?: pulumi.Input; /** * An `applicationStack` block as defined above. * * > **Note:** If this is set, there must not be an application setting `FUNCTIONS_WORKER_RUNTIME`. */ applicationStack?: pulumi.Input; /** * The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. */ containerRegistryManagedIdentityClientId?: pulumi.Input; /** * Should connections for Azure Container Registry use Managed Identity. */ containerRegistryUseManagedIdentity?: pulumi.Input; /** * A `cors` block as defined above. */ cors?: pulumi.Input; /** * Specifies a list of Default Documents for the Linux Web App. */ defaultDocuments?: pulumi.Input[]>; /** * Is detailed error logging enabled */ detailedErrorLoggingEnabled?: pulumi.Input; /** * The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. */ elasticInstanceMinimum?: pulumi.Input; /** * State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`. */ ftpsState?: pulumi.Input; /** * The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Only valid in conjunction with `healthCheckPath`. */ healthCheckEvictionTimeInMin?: pulumi.Input; /** * The path to be checked for this function app health. */ healthCheckPath?: pulumi.Input; /** * Specifies if the HTTP2 protocol should be enabled. Defaults to `false`. */ http2Enabled?: pulumi.Input; /** * The Default action for traffic that does not match any `ipRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ ipRestrictionDefaultAction?: pulumi.Input; /** * One or more `ipRestriction` blocks as defined above. */ ipRestrictions?: pulumi.Input[]>; /** * The Linux FX Version */ linuxFxVersion?: pulumi.Input; /** * The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. */ loadBalancingMode?: pulumi.Input; /** * Managed pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. */ managedPipelineMode?: pulumi.Input; /** * The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ minimumTlsVersion?: pulumi.Input; /** * The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. */ preWarmedInstanceCount?: pulumi.Input; /** * Should Remote Debugging be enabled. Defaults to `false`. */ remoteDebuggingEnabled?: pulumi.Input; /** * The Remote Debugging Version. Currently only `VS2022` is supported. */ remoteDebuggingVersion?: pulumi.Input; /** * Should Scale Monitoring of the Functions Runtime be enabled? * * > **Note:** Functions runtime scale monitoring can only be enabled for Elastic Premium Function Apps or Workflow Standard Logic Apps and requires a minimum prewarmed instance count of 1. */ runtimeScaleMonitoringEnabled?: pulumi.Input; /** * The Default action for traffic that does not match any `scmIpRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ scmIpRestrictionDefaultAction?: pulumi.Input; /** * One or more `scmIpRestriction` blocks as defined above. */ scmIpRestrictions?: pulumi.Input[]>; /** * Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ scmMinimumTlsVersion?: pulumi.Input; /** * The SCM Type in use by the Linux Function App. */ scmType?: pulumi.Input; /** * Should the Linux Function App `ipRestriction` configuration be used for the SCM also. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the Linux Web App use a 32-bit worker process. Defaults to `false`. */ use32BitWorker?: pulumi.Input; /** * Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to `false`. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should Web Sockets be enabled. Defaults to `false`. */ websocketsEnabled?: pulumi.Input; /** * The number of Workers for this Linux Function App. */ workerCount?: pulumi.Input; } interface LinuxFunctionAppSiteConfigAppServiceLogs { /** * The amount of disk space to use for logs. Valid values are between `25` and `100`. Defaults to `35`. */ diskQuotaMb?: pulumi.Input; /** * The retention period for logs in days. Valid values are between `0` and `99999`.(never delete). * * > **Note:** This block is not supported on Consumption plans. */ retentionPeriodDays?: pulumi.Input; } interface LinuxFunctionAppSiteConfigApplicationStack { /** * One or more `docker` blocks as defined below. */ dockers?: pulumi.Input[]>; /** * The version of .NET to use. Possible values include `3.1`, `6.0`, `7.0`, `8.0`, `9.0` and `10.0`. */ dotnetVersion?: pulumi.Input; /** * The Version of Java to use. Supported versions include `8`, `11`, `17`, `21`, `25`. * * > **Note:** The value `21` is currently in Preview for `javaVersion`. */ javaVersion?: pulumi.Input; /** * The version of Node to run. Possible values include `12`, `14`, `16`, `18`, `20`, `22` and `24`. */ nodeVersion?: pulumi.Input; /** * The version of PowerShell Core to run. Possible values are `7`, `7.2`, and `7.4`. */ powershellCoreVersion?: pulumi.Input; /** * The version of Python to run. Possible values are `3.14`, `3.13`, `3.12`, `3.11`, `3.10`, `3.9`, `3.8` and `3.7`. */ pythonVersion?: pulumi.Input; /** * Should the Linux Function App use a custom runtime? */ useCustomRuntime?: pulumi.Input; /** * Should the DotNet process use an isolated runtime. Defaults to `false`. */ useDotnetIsolatedRuntime?: pulumi.Input; } interface LinuxFunctionAppSiteConfigApplicationStackDocker { /** * The name of the Docker image to use. */ imageName: pulumi.Input; /** * The image tag of the image to use. */ imageTag: pulumi.Input; /** * The password for the account to use to connect to the registry. * * > **Note:** This value is required if `containerRegistryUseManagedIdentity` is not set to `true`. */ registryPassword?: pulumi.Input; /** * The URL of the docker registry. */ registryUrl: pulumi.Input; /** * The username to use for connections to the registry. * * > **Note:** This value is required if `containerRegistryUseManagedIdentity` is not set to `true`. */ registryUsername?: pulumi.Input; } interface LinuxFunctionAppSiteConfigCors { /** * Specifies a list of origins that should be allowed to make cross-origin calls. */ allowedOrigins?: pulumi.Input[]>; /** * Are credentials allowed in CORS requests? Defaults to `false`. */ supportCredentials?: pulumi.Input; } interface LinuxFunctionAppSiteConfigIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface LinuxFunctionAppSiteConfigIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface LinuxFunctionAppSiteConfigScmIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface LinuxFunctionAppSiteConfigScmIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface LinuxFunctionAppSiteCredential { /** * The name which should be used for this Linux Function App. Changing this forces a new Linux Function App to be created. Limit the function name to 32 characters to avoid naming collisions. For more information about [Function App naming rule](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules#microsoftweb) and [Host ID Collisions](https://github.com/Azure/azure-functions-host/wiki/Host-IDs#host-id-collisions) */ name?: pulumi.Input; /** * The Site Credentials Password used for publishing. */ password?: pulumi.Input; } interface LinuxFunctionAppSlotAuthSettings { /** * an `activeDirectory` block as detailed below. */ activeDirectory?: pulumi.Input; /** * Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. */ additionalLoginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Windows Web App. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github`. * * > **Note:** This setting is only needed if multiple providers are configured, and the `unauthenticatedClientAction` is set to "RedirectToLoginPage". */ defaultProvider?: pulumi.Input; /** * Should the Authentication / Authorization feature be enabled? */ enabled: pulumi.Input; /** * a `facebook` block as detailed below. */ facebook?: pulumi.Input; /** * a `github` block as detailed below. */ github?: pulumi.Input; /** * a `google` block as detailed below. */ google?: pulumi.Input; /** * The OpenID Connect Issuer URI that represents the entity which issues access tokens. * * > **Note:** When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * a `microsoft` block as detailed below. */ microsoft?: pulumi.Input; /** * The RuntimeVersion of the Authentication / Authorization feature in use. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionHours?: pulumi.Input; /** * Should the Linux Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * a `twitter` block as detailed below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. */ unauthenticatedClientAction?: pulumi.Input; } interface LinuxFunctionAppSlotAuthSettingsActiveDirectory { /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** The `clientId` value is always considered an allowed audience. */ allowedAudiences?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret for the Client ID. Cannot be used with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. Cannot be used with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; } interface LinuxFunctionAppSlotAuthSettingsFacebook { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. Cannot be specified with `appSecretSettingName`. */ appSecret?: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook login. Cannot be specified with `appSecret`. */ appSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook login authentication. */ oauthScopes?: pulumi.Input[]>; } interface LinuxFunctionAppSlotAuthSettingsGithub { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The Client Secret of the GitHub app used for GitHub login. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub login authentication. */ oauthScopes?: pulumi.Input[]>; } interface LinuxFunctionAppSlotAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, `openid`, `profile`, and `email` are used as default scopes. */ oauthScopes?: pulumi.Input[]>; } interface LinuxFunctionAppSlotAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, `wl.basic` is used as the default scope. */ oauthScopes?: pulumi.Input[]>; } interface LinuxFunctionAppSlotAuthSettingsTwitter { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecretSettingName`. */ consumerSecret?: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecret`. */ consumerSecretSettingName?: pulumi.Input; } interface LinuxFunctionAppSlotAuthSettingsV2 { /** * An `activeDirectoryV2` block as defined below. */ activeDirectoryV2?: pulumi.Input; /** * An `appleV2` block as defined below. */ appleV2?: pulumi.Input; /** * Should the AuthV2 Settings be enabled. Defaults to `false`. */ authEnabled?: pulumi.Input; /** * An `azureStaticWebAppV2` block as defined below. */ azureStaticWebAppV2?: pulumi.Input; /** * The path to the App Auth settings. * * > **Note:** Relative Paths are evaluated from the Site Root directory. */ configFilePath?: pulumi.Input; /** * Zero or more `customOidcV2` blocks as defined below. */ customOidcV2s?: pulumi.Input[]>; /** * The Default Authentication Provider to use when the `unauthenticatedAction` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `customOidcV2` provider. * * > **Note:** Whilst any value will be accepted by the API for `defaultProvider`, it can leave the app in an unusable state if this value does not correspond to the name of a known provider (either built-in value, or customOidc name) as it is used to build the auth endpoint URI. */ defaultProvider?: pulumi.Input; /** * The paths which should be excluded from the `unauthenticatedAction` when it is set to `RedirectToLoginPage`. * * > **Note:** This list should be used instead of setting `WEBSITE_WARMUP_PATH` in `appSettings` as it takes priority. */ excludedPaths?: pulumi.Input[]>; /** * A `facebookV2` block as defined below. */ facebookV2?: pulumi.Input; /** * The convention used to determine the url of the request made. Possible values include `NoProxy`, `Standard`, `Custom`. Defaults to `NoProxy`. */ forwardProxyConvention?: pulumi.Input; /** * The name of the custom header containing the host of the request. */ forwardProxyCustomHostHeaderName?: pulumi.Input; /** * The name of the custom header containing the scheme of the request. */ forwardProxyCustomSchemeHeaderName?: pulumi.Input; /** * A `githubV2` block as defined below. */ githubV2?: pulumi.Input; /** * A `googleV2` block as defined below. */ googleV2?: pulumi.Input; /** * The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth`. */ httpRouteApiPrefix?: pulumi.Input; /** * A `login` block as defined below. */ login: pulumi.Input; /** * A `microsoftV2` block as defined below. */ microsoftV2?: pulumi.Input; /** * Should the authentication flow be used for all requests. */ requireAuthentication?: pulumi.Input; /** * Should HTTPS be required on connections? Defaults to `true`. */ requireHttps?: pulumi.Input; /** * The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1`. */ runtimeVersion?: pulumi.Input; /** * A `twitterV2` block as defined below. */ twitterV2?: pulumi.Input; /** * The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. */ unauthenticatedAction?: pulumi.Input; } interface LinuxFunctionAppSlotAuthSettingsV2ActiveDirectoryV2 { /** * The list of allowed Applications for the Default Authorisation Policy. */ allowedApplications?: pulumi.Input[]>; /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ allowedAudiences?: pulumi.Input[]>; /** * The list of allowed Group Names for the Default Authorisation Policy. */ allowedGroups?: pulumi.Input[]>; /** * The list of allowed Identities for the Default Authorisation Policy. */ allowedIdentities?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The thumbprint of the certificate used for signing purposes. * * !> **Note:** If one `clientSecretSettingName` or `clientSecretCertificateThumbprint` is specified, terraform won't write the client secret or secret certificate thumbprint back to `appSetting`, so make sure they are existed in `appSettings` to function correctly. */ clientSecretCertificateThumbprint?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName?: pulumi.Input; /** * A list of Allowed Client Applications in the JWT Claim. */ jwtAllowedClientApplications?: pulumi.Input[]>; /** * A list of Allowed Groups in the JWT Claim. */ jwtAllowedGroups?: pulumi.Input[]>; /** * A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. */ loginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/{tenant-guid}/v2.0/` * * > **Note:** [Here](https://learn.microsoft.com/en-us/entra/identity-platform/authentication-national-cloud#microsoft-entra-authentication-endpoints) is a list of possible authentication endpoints based on the cloud environment. [Here](https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-tenant) is more information to better understand how to configure authentication for Azure App Service or Azure Functions. */ tenantAuthEndpoint: pulumi.Input; /** * Should the www-authenticate provider should be omitted from the request? Defaults to `false`. */ wwwAuthenticationDisabled?: pulumi.Input; } interface LinuxFunctionAppSlotAuthSettingsV2AppleV2 { /** * The OpenID Connect Client ID for the Apple web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Apple Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * A list of Login Scopes provided by this Authentication Provider. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ loginScopes?: pulumi.Input[]>; } interface LinuxFunctionAppSlotAuthSettingsV2AzureStaticWebAppV2 { /** * The ID of the Client to use to authenticate with Azure Static Web App Authentication. */ clientId: pulumi.Input; } interface LinuxFunctionAppSlotAuthSettingsV2CustomOidcV2 { /** * The endpoint to make the Authorisation Request as supplied by `openidConfigurationEndpoint` response. */ authorisationEndpoint?: pulumi.Input; /** * The endpoint that provides the keys necessary to validate the token as supplied by `openidConfigurationEndpoint` response. */ certificationUri?: pulumi.Input; /** * The Client Credential Method used. */ clientCredentialMethod?: pulumi.Input; /** * The ID of the Client to use to authenticate with the Custom OIDC. */ clientId: pulumi.Input; /** * The App Setting name that contains the secret for this Custom OIDC Client. This is generated from `name` above and suffixed with `_PROVIDER_AUTHENTICATION_SECRET`. */ clientSecretSettingName?: pulumi.Input; /** * The endpoint that issued the Token as supplied by `openidConfigurationEndpoint` response. */ issuerEndpoint?: pulumi.Input; /** * The name of the Custom OIDC Authentication Provider. * * > **Note:** An `appSetting` matching this value in upper case with the suffix of `_PROVIDER_AUTHENTICATION_SECRET` is required. e.g. `MYOIDC_PROVIDER_AUTHENTICATION_SECRET` for a value of `myoidc`. */ name: pulumi.Input; /** * The name of the claim that contains the users name. */ nameClaimType?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for the Custom OIDC Login. */ openidConfigurationEndpoint: pulumi.Input; /** * The list of the scopes that should be requested while authenticating. */ scopes?: pulumi.Input[]>; /** * The endpoint used to request a Token as supplied by `openidConfigurationEndpoint` response. */ tokenEndpoint?: pulumi.Input; } interface LinuxFunctionAppSlotAuthSettingsV2FacebookV2 { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ appSecretSettingName: pulumi.Input; /** * The version of the Facebook API to be used while logging in. */ graphApiVersion?: pulumi.Input; /** * The list of scopes that should be requested as part of Facebook Login authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxFunctionAppSlotAuthSettingsV2GithubV2 { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of GitHub Login authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxFunctionAppSlotAuthSettingsV2GoogleV2 { /** * Specifies a list of Allowed Audiences that should be requested as part of Google Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of Google Sign-In authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxFunctionAppSlotAuthSettingsV2Login { /** * External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. * * > **Note:** URLs within the current domain are always implicitly allowed. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. */ cookieExpirationConvention?: pulumi.Input; /** * The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. */ cookieExpirationTime?: pulumi.Input; /** * The endpoint to which logout requests should be made. */ logoutEndpoint?: pulumi.Input; /** * The time after the request is made when the nonce should expire. Defaults to `00:05:00`. */ nonceExpirationTime?: pulumi.Input; /** * Should the fragments from the request be preserved after the login request is made. Defaults to `false`. */ preserveUrlFragmentsForLogins?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionTime?: pulumi.Input; /** * Should the Token Store configuration Enabled. Defaults to `false` */ tokenStoreEnabled?: pulumi.Input; /** * The directory path in the App Filesystem in which the tokens will be stored. */ tokenStorePath?: pulumi.Input; /** * The name of the app setting which contains the SAS URL of the blob storage containing the tokens. */ tokenStoreSasSettingName?: pulumi.Input; /** * Should the nonce be validated while completing the login flow. Defaults to `true`. */ validateNonce?: pulumi.Input; } interface LinuxFunctionAppSlotAuthSettingsV2MicrosoftV2 { /** * Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of Login scopes that should be requested as part of Microsoft Account authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxFunctionAppSlotAuthSettingsV2TwitterV2 { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ consumerSecretSettingName: pulumi.Input; } interface LinuxFunctionAppSlotBackup { /** * Should this backup job be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The name which should be used for this Backup. */ name: pulumi.Input; /** * a `schedule` block as detailed below. */ schedule: pulumi.Input; /** * The SAS URL to the container. */ storageAccountUrl: pulumi.Input; } interface LinuxFunctionAppSlotBackupSchedule { /** * How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequencyUnit` should be set to `Day`). * * > **Note:** Not all intervals are supported on all Linux Function App SKUs. Please refer to the official documentation for appropriate values. */ frequencyInterval: pulumi.Input; /** * The unit of time for how often the backup should take place. Possible values include: `Day` and `Hour`. */ frequencyUnit: pulumi.Input; /** * Should the service keep at least one backup, regardless of age of backup. Defaults to `false`. */ keepAtLeastOneBackup?: pulumi.Input; /** * The time the backup was last attempted. */ lastExecutionTime?: pulumi.Input; /** * After how many days backups should be deleted. Defaults to `30`. */ retentionPeriodDays?: pulumi.Input; /** * When the schedule should start working in RFC-3339 format. */ startTime?: pulumi.Input; } interface LinuxFunctionAppSlotConnectionString { /** * The name which should be used for this Connection. */ name: pulumi.Input; /** * Type of database. Possible values include: `APIHub`, `Custom`, `DocDb`, `EventHub`, `MySQL`, `NotificationHub`, `PostgreSQL`, `RedisCache`, `ServiceBus`, `SQLAzure`, and `SQLServer`. */ type: pulumi.Input; /** * The connection string value. */ value: pulumi.Input; } interface LinuxFunctionAppSlotIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Linux Function App Slot. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Linux Function App Slot. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface LinuxFunctionAppSlotSiteConfig { /** * If this Linux Web App is Always On enabled. Defaults to `false`. */ alwaysOn?: pulumi.Input; /** * The URL of the API definition that describes this Linux Function App. */ apiDefinitionUrl?: pulumi.Input; /** * The ID of the API Management API for this Linux Function App. */ apiManagementApiId?: pulumi.Input; /** * The program and any arguments used to launch this app via the command line. (Example `node myapp.js`). */ appCommandLine?: pulumi.Input; /** * The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. */ appScaleLimit?: pulumi.Input; /** * an `appServiceLogs` block as detailed below. */ appServiceLogs?: pulumi.Input; /** * The Connection String for linking the Linux Function App to Application Insights. */ applicationInsightsConnectionString?: pulumi.Input; /** * The Instrumentation Key for connecting the Linux Function App to Application Insights. */ applicationInsightsKey?: pulumi.Input; /** * an `applicationStack` block as detailed below. */ applicationStack?: pulumi.Input; /** * The name of the slot to automatically swap with when this slot is successfully deployed. */ autoSwapSlotName?: pulumi.Input; /** * The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. */ containerRegistryManagedIdentityClientId?: pulumi.Input; /** * Should connections for Azure Container Registry use Managed Identity. */ containerRegistryUseManagedIdentity?: pulumi.Input; /** * a `cors` block as detailed below. */ cors?: pulumi.Input; /** * Specifies a list of Default Documents for the Linux Web App. */ defaultDocuments?: pulumi.Input[]>; /** * Is detailed error logging enabled */ detailedErrorLoggingEnabled?: pulumi.Input; /** * The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. */ elasticInstanceMinimum?: pulumi.Input; /** * State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`. */ ftpsState?: pulumi.Input; /** * The amount of time in minutes that a node is unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Defaults to `0`. Only valid in conjunction with `healthCheckPath`. */ healthCheckEvictionTimeInMin?: pulumi.Input; /** * The path to be checked for this function app health. */ healthCheckPath?: pulumi.Input; /** * Specifies if the HTTP2 protocol should be enabled. Defaults to `false`. */ http2Enabled?: pulumi.Input; /** * The Default action for traffic that does not match any `ipRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ ipRestrictionDefaultAction?: pulumi.Input; /** * an `ipRestriction` block as detailed below. */ ipRestrictions?: pulumi.Input[]>; /** * The Linux FX Version */ linuxFxVersion?: pulumi.Input; /** * The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. */ loadBalancingMode?: pulumi.Input; /** * The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. */ managedPipelineMode?: pulumi.Input; /** * The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ minimumTlsVersion?: pulumi.Input; /** * The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. */ preWarmedInstanceCount?: pulumi.Input; /** * Should Remote Debugging be enabled. Defaults to `false`. */ remoteDebuggingEnabled?: pulumi.Input; /** * The Remote Debugging Version. Currently only `VS2022` is supported. */ remoteDebuggingVersion?: pulumi.Input; /** * Should Functions Runtime Scale Monitoring be enabled. * * > **Note:** Functions runtime scale monitoring can only be enabled for Elastic Premium Function Apps or Workflow Standard Logic Apps and requires a minimum prewarmed instance count of 1. */ runtimeScaleMonitoringEnabled?: pulumi.Input; /** * The Default action for traffic that does not match any `scmIpRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ scmIpRestrictionDefaultAction?: pulumi.Input; /** * a `scmIpRestriction` block as detailed below. */ scmIpRestrictions?: pulumi.Input[]>; /** * Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ scmMinimumTlsVersion?: pulumi.Input; /** * The SCM Type in use by the Linux Function App. */ scmType?: pulumi.Input; /** * Should the Linux Function App `ipRestriction` configuration be used for the SCM also. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the Linux Web App use a 32-bit worker. */ use32BitWorker?: pulumi.Input; /** * Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to `false`. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should Web Sockets be enabled. Defaults to `false`. */ websocketsEnabled?: pulumi.Input; /** * The number of Workers for this Linux Function App. */ workerCount?: pulumi.Input; } interface LinuxFunctionAppSlotSiteConfigAppServiceLogs { /** * The amount of disk space to use for logs. Valid values are between `25` and `100`. Defaults to `35`. */ diskQuotaMb?: pulumi.Input; /** * The retention period for logs in days. Valid values are between `0` and `99999`.(never delete). * * > **Note:** This block is not supported on Consumption plans. */ retentionPeriodDays?: pulumi.Input; } interface LinuxFunctionAppSlotSiteConfigApplicationStack { /** * a `docker` block as detailed below. */ dockers?: pulumi.Input[]>; /** * The version of .Net. Possible values are `3.1`, `6.0`, `7.0`, `8.0`, `9.0` and `10.0`. */ dotnetVersion?: pulumi.Input; /** * The version of Java to use. Possible values are `8`, `11`, `17` and `21`. */ javaVersion?: pulumi.Input; /** * The version of Node to use. Possible values include `12`, `14`, `16`, `18`, `20`, `22` and `24`. */ nodeVersion?: pulumi.Input; /** * The version of PowerShell Core to use. Possibles values are `7` , `7.2`, and `7.4`. */ powershellCoreVersion?: pulumi.Input; /** * The version of Python to use. Possible values are `3.14`, `3.13`, `3.12`, `3.11`, `3.10`, `3.9`, `3.8` and `3.7`. */ pythonVersion?: pulumi.Input; /** * Should the Linux Function App use a custom runtime? */ useCustomRuntime?: pulumi.Input; /** * Should the DotNet process use an isolated runtime. Defaults to `false`. */ useDotnetIsolatedRuntime?: pulumi.Input; } interface LinuxFunctionAppSlotSiteConfigApplicationStackDocker { /** * The name of the Docker image to use. */ imageName: pulumi.Input; /** * The image tag of the image to use. */ imageTag: pulumi.Input; /** * The password for the account to use to connect to the registry. * * > **Note:** This value is required if `containerRegistryUseManagedIdentity` is not set to `true`. */ registryPassword?: pulumi.Input; /** * The URL of the docker registry. */ registryUrl: pulumi.Input; /** * The username to use for connections to the registry. * * > **Note:** This value is required if `containerRegistryUseManagedIdentity` is not set to `true`. */ registryUsername?: pulumi.Input; } interface LinuxFunctionAppSlotSiteConfigCors { /** * Specifies a list of origins that should be allowed to make cross-origin calls. */ allowedOrigins?: pulumi.Input[]>; /** * Are credentials allowed in CORS requests? Defaults to `false`. */ supportCredentials?: pulumi.Input; } interface LinuxFunctionAppSlotSiteConfigIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * a `headers` block as detailed below. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface LinuxFunctionAppSlotSiteConfigIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface LinuxFunctionAppSlotSiteConfigScmIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * a `headers` block as detailed below. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface LinuxFunctionAppSlotSiteConfigScmIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface LinuxFunctionAppSlotSiteCredential { /** * The Site Credentials Username used for publishing. */ name?: pulumi.Input; /** * The Site Credentials Password used for publishing. */ password?: pulumi.Input; } interface LinuxFunctionAppSlotStorageAccount { /** * The Access key for the storage account. */ accessKey: pulumi.Input; /** * The Name of the Storage Account. */ accountName: pulumi.Input; /** * The path at which to mount the storage share. */ mountPath?: pulumi.Input; /** * The name which should be used for this Storage Account. */ name: pulumi.Input; /** * The Name of the File Share or Container Name for Blob storage. */ shareName: pulumi.Input; /** * The Azure Storage Type. Possible values include `AzureFiles` and `AzureBlob`. */ type: pulumi.Input; } interface LinuxFunctionAppStickySettings { /** * A list of `appSetting` names that the Linux Function App will not swap between Slots when a swap operation is triggered. */ appSettingNames?: pulumi.Input[]>; /** * A list of `connectionString` names that the Linux Function App will not swap between Slots when a swap operation is triggered. */ connectionStringNames?: pulumi.Input[]>; } interface LinuxFunctionAppStorageAccount { /** * The Access key for the storage account. */ accessKey: pulumi.Input; /** * The Name of the Storage Account. */ accountName: pulumi.Input; /** * The path at which to mount the storage share. */ mountPath?: pulumi.Input; /** * The name which should be used for this Storage Account. */ name: pulumi.Input; /** * The Name of the File Share or Container Name for Blob storage. */ shareName: pulumi.Input; /** * The Azure Storage Type. Possible values include `AzureFiles` and `AzureBlob`. */ type: pulumi.Input; } interface LinuxWebAppAuthSettings { /** * An `activeDirectory` block as defined above. */ activeDirectory?: pulumi.Input; /** * Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. */ additionalLoginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Linux Web App. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default authentication provider to use when multiple providers are configured. Possible values include: `BuiltInAuthenticationProviderAzureActiveDirectory`, `BuiltInAuthenticationProviderFacebook`, `BuiltInAuthenticationProviderGoogle`, `BuiltInAuthenticationProviderMicrosoftAccount`, `BuiltInAuthenticationProviderTwitter`, `BuiltInAuthenticationProviderGithub` * * > **Note:** This setting is only needed if multiple providers are configured, and the `unauthenticatedClientAction` is set to "RedirectToLoginPage". */ defaultProvider?: pulumi.Input; /** * Should the Authentication / Authorization feature be enabled for the Linux Web App? */ enabled: pulumi.Input; /** * A `facebook` block as defined below. */ facebook?: pulumi.Input; /** * A `github` block as defined below. */ github?: pulumi.Input; /** * A `google` block as defined below. */ google?: pulumi.Input; /** * The OpenID Connect Issuer URI that represents the entity that issues access tokens for this Linux Web App. * * > **Note:** When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * A `microsoft` block as defined below. */ microsoft?: pulumi.Input; /** * The RuntimeVersion of the Authentication / Authorization feature in use for the Linux Web App. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionHours?: pulumi.Input; /** * Should the Linux Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * A `twitter` block as defined below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. */ unauthenticatedClientAction?: pulumi.Input; } interface LinuxWebAppAuthSettingsActiveDirectory { /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** The `clientId` value is always considered an allowed audience. */ allowedAudiences?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret for the Client ID. Cannot be used with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. Cannot be used with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; } interface LinuxWebAppAuthSettingsFacebook { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. Cannot be specified with `appSecretSettingName`. */ appSecret?: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook login. Cannot be specified with `appSecret`. */ appSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook login authentication. */ oauthScopes?: pulumi.Input[]>; } interface LinuxWebAppAuthSettingsGithub { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The Client Secret of the GitHub app used for GitHub login. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub login authentication. */ oauthScopes?: pulumi.Input[]>; } interface LinuxWebAppAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, `openid`, `profile`, and `email` are used as default scopes. */ oauthScopes?: pulumi.Input[]>; } interface LinuxWebAppAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, "wl.basic" is used as the default scope. */ oauthScopes?: pulumi.Input[]>; } interface LinuxWebAppAuthSettingsTwitter { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecretSettingName`. */ consumerSecret?: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecret`. */ consumerSecretSettingName?: pulumi.Input; } interface LinuxWebAppAuthSettingsV2 { /** * An `activeDirectoryV2` block as defined below. */ activeDirectoryV2?: pulumi.Input; /** * An `appleV2` block as defined below. */ appleV2?: pulumi.Input; /** * Should the AuthV2 Settings be enabled. Defaults to `false`. */ authEnabled?: pulumi.Input; /** * An `azureStaticWebAppV2` block as defined below. */ azureStaticWebAppV2?: pulumi.Input; /** * The path to the App Auth settings. * * > **Note:** Relative Paths are evaluated from the Site Root directory. */ configFilePath?: pulumi.Input; /** * Zero or more `customOidcV2` blocks as defined below. */ customOidcV2s?: pulumi.Input[]>; /** * The Default Authentication Provider to use when the `unauthenticatedAction` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `customOidcV2` provider. * * > **Note:** Whilst any value will be accepted by the API for `defaultProvider`, it can leave the app in an unusable state if this value does not correspond to the name of a known provider (either built-in value, or customOidc name) as it is used to build the auth endpoint URI. */ defaultProvider?: pulumi.Input; /** * The paths which should be excluded from the `unauthenticatedAction` when it is set to `RedirectToLoginPage`. * * > **Note:** This list should be used instead of setting `WEBSITE_WARMUP_PATH` in `appSettings` as it takes priority. */ excludedPaths?: pulumi.Input[]>; /** * A `facebookV2` block as defined below. */ facebookV2?: pulumi.Input; /** * The convention used to determine the url of the request made. Possible values include `NoProxy`, `Standard`, `Custom`. Defaults to `NoProxy`. */ forwardProxyConvention?: pulumi.Input; /** * The name of the custom header containing the host of the request. */ forwardProxyCustomHostHeaderName?: pulumi.Input; /** * The name of the custom header containing the scheme of the request. */ forwardProxyCustomSchemeHeaderName?: pulumi.Input; /** * A `githubV2` block as defined below. */ githubV2?: pulumi.Input; /** * A `googleV2` block as defined below. */ googleV2?: pulumi.Input; /** * The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth`. */ httpRouteApiPrefix?: pulumi.Input; /** * A `login` block as defined below. */ login: pulumi.Input; /** * A `microsoftV2` block as defined below. */ microsoftV2?: pulumi.Input; /** * Should the authentication flow be used for all requests. */ requireAuthentication?: pulumi.Input; /** * Should HTTPS be required on connections? Defaults to `true`. */ requireHttps?: pulumi.Input; /** * The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1`. */ runtimeVersion?: pulumi.Input; /** * A `twitterV2` block as defined below. */ twitterV2?: pulumi.Input; /** * The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. */ unauthenticatedAction?: pulumi.Input; } interface LinuxWebAppAuthSettingsV2ActiveDirectoryV2 { /** * The list of allowed Applications for the Default Authorisation Policy. */ allowedApplications?: pulumi.Input[]>; /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ allowedAudiences?: pulumi.Input[]>; /** * The list of allowed Group Names for the Default Authorisation Policy. */ allowedGroups?: pulumi.Input[]>; /** * The list of allowed Identities for the Default Authorisation Policy. */ allowedIdentities?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The thumbprint of the certificate used for signing purposes. * * !> **Note:** If one `clientSecretSettingName` or `clientSecretCertificateThumbprint` is specified, terraform won't write the client secret or secret certificate thumbprint back to `appSetting`, so make sure they are existed in `appSettings` to function correctly. */ clientSecretCertificateThumbprint?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName?: pulumi.Input; /** * A list of Allowed Client Applications in the JWT Claim. */ jwtAllowedClientApplications?: pulumi.Input[]>; /** * A list of Allowed Groups in the JWT Claim. */ jwtAllowedGroups?: pulumi.Input[]>; /** * A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. */ loginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/{tenant-guid}/v2.0/` * * > **Note:** [Here](https://learn.microsoft.com/en-us/entra/identity-platform/authentication-national-cloud#microsoft-entra-authentication-endpoints) is a list of possible authentication endpoints based on the cloud environment. [Here](https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-tenant) is more information to better understand how to configure authentication for Azure App Service or Azure Functions. */ tenantAuthEndpoint: pulumi.Input; /** * Should the www-authenticate provider should be omitted from the request? Defaults to `false`. */ wwwAuthenticationDisabled?: pulumi.Input; } interface LinuxWebAppAuthSettingsV2AppleV2 { /** * The OpenID Connect Client ID for the Apple web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Apple Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * A list of Login Scopes provided by this Authentication Provider. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ loginScopes?: pulumi.Input[]>; } interface LinuxWebAppAuthSettingsV2AzureStaticWebAppV2 { /** * The ID of the Client to use to authenticate with Azure Static Web App Authentication. */ clientId: pulumi.Input; } interface LinuxWebAppAuthSettingsV2CustomOidcV2 { /** * The endpoint to make the Authorisation Request as supplied by `openidConfigurationEndpoint` response. */ authorisationEndpoint?: pulumi.Input; /** * The endpoint that provides the keys necessary to validate the token as supplied by `openidConfigurationEndpoint` response. */ certificationUri?: pulumi.Input; /** * The Client Credential Method used. */ clientCredentialMethod?: pulumi.Input; /** * The ID of the Client to use to authenticate with the Custom OIDC. */ clientId: pulumi.Input; /** * The App Setting name that contains the secret for this Custom OIDC Client. This is generated from `name` above and suffixed with `_PROVIDER_AUTHENTICATION_SECRET`. */ clientSecretSettingName?: pulumi.Input; /** * The endpoint that issued the Token as supplied by `openidConfigurationEndpoint` response. */ issuerEndpoint?: pulumi.Input; /** * The name of the Custom OIDC Authentication Provider. * * > **Note:** An `appSetting` matching this value in upper case with the suffix of `_PROVIDER_AUTHENTICATION_SECRET` is required. e.g. `MYOIDC_PROVIDER_AUTHENTICATION_SECRET` for a value of `myoidc`. */ name: pulumi.Input; /** * The name of the claim that contains the users name. */ nameClaimType?: pulumi.Input; /** * Specifies the endpoint used for OpenID Connect Discovery. For example `https://example.com/.well-known/openid-configuration`. */ openidConfigurationEndpoint: pulumi.Input; /** * The list of the scopes that should be requested while authenticating. */ scopes?: pulumi.Input[]>; /** * The endpoint used to request a Token as supplied by `openidConfigurationEndpoint` response. */ tokenEndpoint?: pulumi.Input; } interface LinuxWebAppAuthSettingsV2FacebookV2 { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ appSecretSettingName: pulumi.Input; /** * The version of the Facebook API to be used while logging in. */ graphApiVersion?: pulumi.Input; /** * The list of scopes that should be requested as part of Facebook Login authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxWebAppAuthSettingsV2GithubV2 { /** * The ID of the GitHub app used for login.. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of GitHub Login authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxWebAppAuthSettingsV2GoogleV2 { /** * Specifies a list of Allowed Audiences that should be requested as part of Google Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of Google Sign-In authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxWebAppAuthSettingsV2Login { /** * External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. * * > **Note:** URLs within the current domain are always implicitly allowed. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. */ cookieExpirationConvention?: pulumi.Input; /** * The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. */ cookieExpirationTime?: pulumi.Input; /** * The endpoint to which logout requests should be made. */ logoutEndpoint?: pulumi.Input; /** * The time after the request is made when the nonce should expire. Defaults to `00:05:00`. */ nonceExpirationTime?: pulumi.Input; /** * Should the fragments from the request be preserved after the login request is made. Defaults to `false`. */ preserveUrlFragmentsForLogins?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionTime?: pulumi.Input; /** * Should the Token Store configuration Enabled. Defaults to `false` */ tokenStoreEnabled?: pulumi.Input; /** * The directory path in the App Filesystem in which the tokens will be stored. */ tokenStorePath?: pulumi.Input; /** * The name of the app setting which contains the SAS URL of the blob storage containing the tokens. */ tokenStoreSasSettingName?: pulumi.Input; /** * Should the nonce be validated while completing the login flow. Defaults to `true`. */ validateNonce?: pulumi.Input; } interface LinuxWebAppAuthSettingsV2MicrosoftV2 { /** * Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of Login scopes that should be requested as part of Microsoft Account authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxWebAppAuthSettingsV2TwitterV2 { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ consumerSecretSettingName: pulumi.Input; } interface LinuxWebAppBackup { /** * Should this backup job be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The name which should be used for this Backup. */ name: pulumi.Input; /** * A `schedule` block as defined below. */ schedule: pulumi.Input; /** * The SAS URL to the container. */ storageAccountUrl: pulumi.Input; } interface LinuxWebAppBackupSchedule { /** * How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequencyUnit` should be set to `Day`). * * > **Note:** Not all intervals are supported on all Linux Web App SKUs. Please refer to the official documentation for appropriate values. */ frequencyInterval: pulumi.Input; /** * The unit of time for how often the backup should take place. Possible values include: `Day`, `Hour` */ frequencyUnit: pulumi.Input; /** * Should the service keep at least one backup, regardless of the age of backup? Defaults to `false`. */ keepAtLeastOneBackup?: pulumi.Input; /** * The time the backup was last attempted. */ lastExecutionTime?: pulumi.Input; /** * After how many days backups should be deleted. Defaults to `30`. */ retentionPeriodDays?: pulumi.Input; /** * When the schedule should start working in RFC-3339 format. */ startTime?: pulumi.Input; } interface LinuxWebAppConnectionString { /** * The name of the Connection String. */ name: pulumi.Input; /** * Type of database. Possible values include: `MySQL`, `SQLServer`, `SQLAzure`, `Custom`, `NotificationHub`, `ServiceBus`, `EventHub`, `APIHub`, `DocDb`, `RedisCache`, and `PostgreSQL`. */ type: pulumi.Input; /** * The connection string value. */ value: pulumi.Input; } interface LinuxWebAppIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Linux Web App. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Linux Web App. Possible values are `SystemAssigned`, `UserAssigned`, and `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface LinuxWebAppLogs { /** * A `applicationLogs` block as defined above. */ applicationLogs?: pulumi.Input; /** * Should detailed error messages be enabled? */ detailedErrorMessages?: pulumi.Input; /** * Should the failed request tracing be enabled? */ failedRequestTracing?: pulumi.Input; /** * An `httpLogs` block as defined above. */ httpLogs?: pulumi.Input; } interface LinuxWebAppLogsApplicationLogs { /** * An `azureBlobStorage` block as defined below. */ azureBlobStorage?: pulumi.Input; /** * Log level. Possible values include: `Off`, `Verbose`, `Information`, `Warning`, and `Error`. */ fileSystemLevel: pulumi.Input; } interface LinuxWebAppLogsApplicationLogsAzureBlobStorage { /** * The level at which to log. Possible values include `Error`, `Warning`, `Information`, `Verbose` and `Off`. **NOTE:** this field is not available for `httpLogs` */ level: pulumi.Input; /** * The time in days after which to remove blobs. A value of `0` means no retention. */ retentionInDays: pulumi.Input; /** * SAS url to an Azure blob container with read/write/list/delete permissions. * * > **Note:** There isn't enough information to for the provider to generate the `sasUrl` from `data.azurerm_storage_account_sas` and it should be built by hand (i.e. `https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}${data.azurerm_storage_account_sas.example.sas}&sr=b`). */ sasUrl: pulumi.Input; } interface LinuxWebAppLogsHttpLogs { /** * A `azureBlobStorageHttp` block as defined above. */ azureBlobStorage?: pulumi.Input; /** * A `fileSystem` block as defined above. */ fileSystem?: pulumi.Input; } interface LinuxWebAppLogsHttpLogsAzureBlobStorage { /** * The time in days after which to remove blobs. A value of `0` means no retention. */ retentionInDays?: pulumi.Input; /** * SAS url to an Azure blob container with read/write/list/delete permissions. * * > **Note:** There isn't enough information to for the provider to generate the `sasUrl` from `data.azurerm_storage_account_sas` and it should be built by hand (i.e. `https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}${data.azurerm_storage_account_sas.example.sas}&sr=b`). */ sasUrl: pulumi.Input; } interface LinuxWebAppLogsHttpLogsFileSystem { /** * The retention period in days. A value of `0` means no retention. */ retentionInDays: pulumi.Input; /** * The maximum size in megabytes that log files can use. */ retentionInMb: pulumi.Input; } interface LinuxWebAppSiteConfig { /** * If this Linux Web App is Always On enabled. Defaults to `true`. * * > **Note:** `alwaysOn` must be explicitly set to `false` when using `Free`, `F1`, `D1`, or `Shared` Service Plans. */ alwaysOn?: pulumi.Input; /** * The URL to the API Definition for this Linux Web App. */ apiDefinitionUrl?: pulumi.Input; /** * The API Management API ID this Linux Web App is associated with. */ apiManagementApiId?: pulumi.Input; /** * The App command line to launch. */ appCommandLine?: pulumi.Input; /** * A `applicationStack` block as defined above. */ applicationStack?: pulumi.Input; /** * A `autoHealSetting` block as defined above. Required with `autoHeal`. */ autoHealSetting?: pulumi.Input; /** * The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. */ containerRegistryManagedIdentityClientId?: pulumi.Input; /** * Should connections for Azure Container Registry use Managed Identity. */ containerRegistryUseManagedIdentity?: pulumi.Input; /** * A `cors` block as defined above. */ cors?: pulumi.Input; /** * Specifies a list of Default Documents for the Linux Web App. */ defaultDocuments?: pulumi.Input[]>; detailedErrorLoggingEnabled?: pulumi.Input; /** * The State of FTP / FTPS service. Possible values include `AllAllowed`, `FtpsOnly`, and `Disabled`. Defaults to `Disabled`. * * > **Note:** Azure defaults this value to `AllAllowed`, however, in the interests of security Terraform will default this to `Disabled` to ensure the user makes a conscious choice to enable it. */ ftpsState?: pulumi.Input; /** * The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Only valid in conjunction with `healthCheckPath`. */ healthCheckEvictionTimeInMin?: pulumi.Input; /** * The path to the Health Check. */ healthCheckPath?: pulumi.Input; /** * Should the HTTP2 be enabled? */ http2Enabled?: pulumi.Input; /** * The Default action for traffic that does not match any `ipRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ ipRestrictionDefaultAction?: pulumi.Input; /** * One or more `ipRestriction` blocks as defined above. */ ipRestrictions?: pulumi.Input[]>; linuxFxVersion?: pulumi.Input; /** * The Site load balancing. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. */ loadBalancingMode?: pulumi.Input; /** * Use Local MySQL. Defaults to `false`. */ localMysqlEnabled?: pulumi.Input; /** * Managed pipeline mode. Possible values include `Integrated`, and `Classic`. Defaults to `Integrated`. */ managedPipelineMode?: pulumi.Input; /** * The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ minimumTlsVersion?: pulumi.Input; /** * Should Remote Debugging be enabled? Defaults to `false`. */ remoteDebuggingEnabled?: pulumi.Input; /** * The Remote Debugging Version. Currently only `VS2022` is supported. */ remoteDebuggingVersion?: pulumi.Input; /** * The Default action for traffic that does not match any `scmIpRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ scmIpRestrictionDefaultAction?: pulumi.Input; /** * One or more `scmIpRestriction` blocks as defined above. */ scmIpRestrictions?: pulumi.Input[]>; /** * The configures the minimum version of TLS required for SSL requests to the SCM site Possible values are `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ scmMinimumTlsVersion?: pulumi.Input; scmType?: pulumi.Input; /** * Should the Linux Web App `ipRestriction` configuration be used for the SCM also. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the Linux Web App use a 32-bit worker? Defaults to `true`. */ use32BitWorker?: pulumi.Input; /** * Should all outbound traffic have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to `false`. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should Web Sockets be enabled? Defaults to `false`. */ websocketsEnabled?: pulumi.Input; /** * The number of Workers for this Linux App Service. */ workerCount?: pulumi.Input; } interface LinuxWebAppSiteConfigApplicationStack { /** * The docker image, including tag, to be used. e.g. `appsvc/staticsite:latest`. */ dockerImageName?: pulumi.Input; /** * The User Name to use for authentication against the registry to pull the image. * * > **Note:** `dockerRegistryUrl`, `dockerRegistryUsername`, and `dockerRegistryPassword` replace the use of the `appSettings` values of `DOCKER_REGISTRY_SERVER_URL`, `DOCKER_REGISTRY_SERVER_USERNAME` and `DOCKER_REGISTRY_SERVER_PASSWORD` respectively, these values will be managed by the provider and should not be specified in the `appSettings` map. */ dockerRegistryPassword?: pulumi.Input; /** * The URL of the container registry where the `dockerImageName` is located. e.g. `https://index.docker.io` or `https://mcr.microsoft.com`. This value is required with `dockerImageName`. */ dockerRegistryUrl?: pulumi.Input; /** * The User Name to use for authentication against the registry to pull the image. */ dockerRegistryUsername?: pulumi.Input; /** * The version of .NET to use. Possible values include `3.1`, `5.0`, `6.0`, `7.0`, `8.0`, `9.0`and `10.0`. */ dotnetVersion?: pulumi.Input; /** * The version of Go to use. Possible values include `1.18`, and `1.19`. */ goVersion?: pulumi.Input; /** * The Java server type. Possible values include `JAVA`, `TOMCAT`, and `JBOSSEAP`. * * > **Note:** `JBOSSEAP` requires a Premium Service Plan SKU to be a valid option. */ javaServer?: pulumi.Input; /** * The Version of the `javaServer` to use. */ javaServerVersion?: pulumi.Input; /** * The Version of Java to use. Possible values include `8`, `11`, `17`, `21` and `25`. * * > **Note:** The valid version combinations for `javaVersion`, `javaServer` and `javaServerVersion` can be checked from the command line via `az webapp list-runtimes --os-type linux`. * * > **Note:** `javaServer`, `javaServerVersion`, and `javaVersion` must all be specified if building a java app */ javaVersion?: pulumi.Input; /** * The version of Node to run. Possible values include `12-lts`, `14-lts`, `16-lts`, `18-lts`, `20-lts`, `22-lts` and `24-lts`. This property conflicts with `javaVersion`. * * > **Note:** 10.x versions have been/are being deprecated so may cease to work for new resources in the future and may be removed from the provider. */ nodeVersion?: pulumi.Input; /** * The version of PHP to run. Possible values are `7.4`, `8.0`, `8.1`, `8.2`, `8.3` and `8.4`. * * > **Note:** version `7.4` is deprecated and will be removed from the provider in a future version. */ phpVersion?: pulumi.Input; /** * The version of Python to run. Possible values include `3.14`, `3.13`, `3.12`, `3.11`, `3.10`, `3.9`, `3.8` and `3.7`. */ pythonVersion?: pulumi.Input; /** * The version of Ruby to run. Possible values include `2.6` and `2.7`. */ rubyVersion?: pulumi.Input; } interface LinuxWebAppSiteConfigAutoHealSetting { /** * A `action` block as defined above. */ action?: pulumi.Input; /** * A `trigger` block as defined below. */ trigger?: pulumi.Input; } interface LinuxWebAppSiteConfigAutoHealSettingAction { /** * Predefined action to be taken to an Auto Heal trigger. Possible values include: `Recycle`. */ actionType: pulumi.Input; /** * The minimum amount of time in `hh:mm:ss` the Linux Web App must have been running before the defined action will be run in the event of a trigger. */ minimumProcessExecutionTime?: pulumi.Input; } interface LinuxWebAppSiteConfigAutoHealSettingTrigger { /** * A `requests` block as defined above. */ requests?: pulumi.Input; /** * A `slowRequest` blocks as defined above. */ slowRequest?: pulumi.Input; /** * One or more `slowRequestWithPath` blocks as defined above. */ slowRequestWithPaths?: pulumi.Input[]>; /** * One or more `statusCode` blocks as defined above. */ statusCodes?: pulumi.Input[]>; } interface LinuxWebAppSiteConfigAutoHealSettingTriggerRequests { /** * The number of requests in the specified `interval` to trigger this rule. */ count: pulumi.Input; /** * The interval in `hh:mm:ss`. */ interval: pulumi.Input; } interface LinuxWebAppSiteConfigAutoHealSettingTriggerSlowRequest { /** * The number of Slow Requests in the time `interval` to trigger this rule. */ count: pulumi.Input; /** * The time interval in the form `hh:mm:ss`. */ interval: pulumi.Input; /** * The threshold of time passed to qualify as a Slow Request in `hh:mm:ss`. */ timeTaken: pulumi.Input; } interface LinuxWebAppSiteConfigAutoHealSettingTriggerSlowRequestWithPath { /** * The number of Slow Requests in the time `interval` to trigger this rule. */ count: pulumi.Input; /** * The time interval in the form `hh:mm:ss`. */ interval: pulumi.Input; /** * The path for which this slow request rule applies. */ path?: pulumi.Input; /** * The threshold of time passed to qualify as a Slow Request in `hh:mm:ss`. */ timeTaken: pulumi.Input; } interface LinuxWebAppSiteConfigAutoHealSettingTriggerStatusCode { /** * The number of occurrences of the defined `statusCode` in the specified `interval` on which to trigger this rule. */ count: pulumi.Input; /** * The time interval in the form `hh:mm:ss`. */ interval: pulumi.Input; /** * The path to which this rule status code applies. */ path?: pulumi.Input; /** * The status code for this rule, accepts single status codes and status code ranges. e.g. `500` or `400-499`. Possible values are integers between `101` and `599` */ statusCodeRange: pulumi.Input; /** * The Request Sub Status of the Status Code. */ subStatus?: pulumi.Input; /** * The Win32 Status Code of the Request. */ win32StatusCode?: pulumi.Input; } interface LinuxWebAppSiteConfigCors { /** * Specifies a list of origins that should be allowed to make cross-origin calls. */ allowedOrigins?: pulumi.Input[]>; /** * Whether CORS requests with credentials are allowed. Defaults to `false` */ supportCredentials?: pulumi.Input; } interface LinuxWebAppSiteConfigIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface LinuxWebAppSiteConfigIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface LinuxWebAppSiteConfigScmIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface LinuxWebAppSiteConfigScmIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface LinuxWebAppSiteCredential { /** * The name which should be used for this Linux Web App. Changing this forces a new Linux Web App to be created. * * > **Note:** Terraform will perform a name availability check as part of the creation progress, if this Web App is part of an App Service Environment terraform will require Read permission on the ASE for this to complete reliably. */ name?: pulumi.Input; /** * The Site Credentials Password used for publishing. */ password?: pulumi.Input; } interface LinuxWebAppSlotAuthSettings { /** * An `activeDirectory` block as defined above. */ activeDirectory?: pulumi.Input; /** * Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. */ additionalLoginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Linux Web App. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default authentication provider to use when multiple providers are configured. Possible values include: `BuiltInAuthenticationProviderAzureActiveDirectory`, `BuiltInAuthenticationProviderFacebook`, `BuiltInAuthenticationProviderGoogle`, `BuiltInAuthenticationProviderMicrosoftAccount`, `BuiltInAuthenticationProviderTwitter`, `BuiltInAuthenticationProviderGithub` * * > **Note:** This setting is only needed if multiple providers are configured, and the `unauthenticatedClientAction` is set to "RedirectToLoginPage". */ defaultProvider?: pulumi.Input; /** * Should the Authentication / Authorization feature be enabled for the Linux Web App? */ enabled: pulumi.Input; /** * A `facebook` block as defined below. */ facebook?: pulumi.Input; /** * A `github` block as defined below. */ github?: pulumi.Input; /** * A `google` block as defined below. */ google?: pulumi.Input; /** * The OpenID Connect Issuer URI that represents the entity that issues access tokens for this Linux Web App. * * > **Note:** When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * A `microsoft` block as defined below. */ microsoft?: pulumi.Input; /** * The RuntimeVersion of the Authentication / Authorization feature in use for the Linux Web App. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionHours?: pulumi.Input; /** * Should the Linux Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * A `twitter` block as defined below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. */ unauthenticatedClientAction?: pulumi.Input; } interface LinuxWebAppSlotAuthSettingsActiveDirectory { /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** The `clientId` value is always considered an allowed audience. */ allowedAudiences?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret for the Client ID. Cannot be used with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. Cannot be used with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; } interface LinuxWebAppSlotAuthSettingsFacebook { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. Cannot be specified with `appSecretSettingName`. */ appSecret?: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook login. Cannot be specified with `appSecret`. */ appSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook login authentication. */ oauthScopes?: pulumi.Input[]>; } interface LinuxWebAppSlotAuthSettingsGithub { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The Client Secret of the GitHub app used for GitHub login. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub login authentication. */ oauthScopes?: pulumi.Input[]>; } interface LinuxWebAppSlotAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, `openid`, `profile`, and `email` are used as default scopes. */ oauthScopes?: pulumi.Input[]>; } interface LinuxWebAppSlotAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, "wl.basic" is used as the default scope. */ oauthScopes?: pulumi.Input[]>; } interface LinuxWebAppSlotAuthSettingsTwitter { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecretSettingName`. */ consumerSecret?: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecret`. */ consumerSecretSettingName?: pulumi.Input; } interface LinuxWebAppSlotAuthSettingsV2 { /** * An `activeDirectoryV2` block as defined below. */ activeDirectoryV2?: pulumi.Input; /** * An `appleV2` block as defined below. */ appleV2?: pulumi.Input; /** * Should the AuthV2 Settings be enabled. Defaults to `false`. */ authEnabled?: pulumi.Input; /** * An `azureStaticWebAppV2` block as defined below. */ azureStaticWebAppV2?: pulumi.Input; /** * The path to the App Auth settings. * * > **Note:** Relative Paths are evaluated from the Site Root directory. */ configFilePath?: pulumi.Input; /** * Zero or more `customOidcV2` blocks as defined below. */ customOidcV2s?: pulumi.Input[]>; /** * The Default Authentication Provider to use when the `unauthenticatedAction` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `customOidcV2` provider. * * > **Note:** Whilst any value will be accepted by the API for `defaultProvider`, it can leave the app in an unusable state if this value does not correspond to the name of a known provider (either built-in value, or customOidc name) as it is used to build the auth endpoint URI. */ defaultProvider?: pulumi.Input; /** * The paths which should be excluded from the `unauthenticatedAction` when it is set to `RedirectToLoginPage`. * * > **Note:** This list should be used instead of setting `WEBSITE_WARMUP_PATH` in `appSettings` as it takes priority. */ excludedPaths?: pulumi.Input[]>; /** * A `facebookV2` block as defined below. */ facebookV2?: pulumi.Input; /** * The convention used to determine the url of the request made. Possible values include `NoProxy`, `Standard`, `Custom`. Defaults to `NoProxy`. */ forwardProxyConvention?: pulumi.Input; /** * The name of the custom header containing the host of the request. */ forwardProxyCustomHostHeaderName?: pulumi.Input; /** * The name of the custom header containing the scheme of the request. */ forwardProxyCustomSchemeHeaderName?: pulumi.Input; /** * A `githubV2` block as defined below. */ githubV2?: pulumi.Input; /** * A `googleV2` block as defined below. */ googleV2?: pulumi.Input; /** * The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth`. */ httpRouteApiPrefix?: pulumi.Input; /** * A `login` block as defined below. */ login: pulumi.Input; /** * A `microsoftV2` block as defined below. */ microsoftV2?: pulumi.Input; /** * Should the authentication flow be used for all requests. */ requireAuthentication?: pulumi.Input; /** * Should HTTPS be required on connections? Defaults to `true`. */ requireHttps?: pulumi.Input; /** * The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1`. */ runtimeVersion?: pulumi.Input; /** * A `twitterV2` block as defined below. */ twitterV2?: pulumi.Input; /** * The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. */ unauthenticatedAction?: pulumi.Input; } interface LinuxWebAppSlotAuthSettingsV2ActiveDirectoryV2 { /** * The list of allowed Applications for the Default Authorisation Policy. */ allowedApplications?: pulumi.Input[]>; /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ allowedAudiences?: pulumi.Input[]>; /** * The list of allowed Group Names for the Default Authorisation Policy. */ allowedGroups?: pulumi.Input[]>; /** * The list of allowed Identities for the Default Authorisation Policy. */ allowedIdentities?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The thumbprint of the certificate used for signing purposes. * * !> **Note:** If one `clientSecretSettingName` or `clientSecretCertificateThumbprint` is specified, terraform won't write the client secret or secret certificate thumbprint back to `appSetting`, so make sure they are existed in `appSettings` to function correctly. */ clientSecretCertificateThumbprint?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName?: pulumi.Input; /** * A list of Allowed Client Applications in the JWT Claim. */ jwtAllowedClientApplications?: pulumi.Input[]>; /** * A list of Allowed Groups in the JWT Claim. */ jwtAllowedGroups?: pulumi.Input[]>; /** * A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. */ loginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/{tenant-guid}/v2.0/` * * > **Note:** [Here](https://learn.microsoft.com/en-us/entra/identity-platform/authentication-national-cloud#microsoft-entra-authentication-endpoints) is a list of possible authentication endpoints based on the cloud environment. [Here](https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-tenant) is more information to better understand how to configure authentication for Azure App Service or Azure Functions. */ tenantAuthEndpoint: pulumi.Input; /** * Should the www-authenticate provider should be omitted from the request? Defaults to `false`. */ wwwAuthenticationDisabled?: pulumi.Input; } interface LinuxWebAppSlotAuthSettingsV2AppleV2 { /** * The OpenID Connect Client ID for the Apple web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Apple Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * A list of Login Scopes provided by this Authentication Provider. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ loginScopes?: pulumi.Input[]>; } interface LinuxWebAppSlotAuthSettingsV2AzureStaticWebAppV2 { /** * The ID of the Client to use to authenticate with Azure Static Web App Authentication. */ clientId: pulumi.Input; } interface LinuxWebAppSlotAuthSettingsV2CustomOidcV2 { /** * The endpoint to make the Authorisation Request as supplied by `openidConfigurationEndpoint` response. */ authorisationEndpoint?: pulumi.Input; /** * The endpoint that provides the keys necessary to validate the token as supplied by `openidConfigurationEndpoint` response. */ certificationUri?: pulumi.Input; /** * The Client Credential Method used. */ clientCredentialMethod?: pulumi.Input; /** * The ID of the Client to use to authenticate with the Custom OIDC. */ clientId: pulumi.Input; /** * The App Setting name that contains the secret for this Custom OIDC Client. This is generated from `name` above and suffixed with `_PROVIDER_AUTHENTICATION_SECRET`. */ clientSecretSettingName?: pulumi.Input; /** * The endpoint that issued the Token as supplied by `openidConfigurationEndpoint` response. */ issuerEndpoint?: pulumi.Input; /** * The name of the Custom OIDC Authentication Provider. * * > **Note:** An `appSetting` matching this value in upper case with the suffix of `_PROVIDER_AUTHENTICATION_SECRET` is required. e.g. `MYOIDC_PROVIDER_AUTHENTICATION_SECRET` for a value of `myoidc`. */ name: pulumi.Input; /** * The name of the claim that contains the users name. */ nameClaimType?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for the Custom OIDC Login. */ openidConfigurationEndpoint: pulumi.Input; /** * The list of the scopes that should be requested while authenticating. */ scopes?: pulumi.Input[]>; /** * The endpoint used to request a Token as supplied by `openidConfigurationEndpoint` response. */ tokenEndpoint?: pulumi.Input; } interface LinuxWebAppSlotAuthSettingsV2FacebookV2 { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ appSecretSettingName: pulumi.Input; /** * The version of the Facebook API to be used while logging in. */ graphApiVersion?: pulumi.Input; /** * The list of scopes that should be requested as part of Facebook Login authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxWebAppSlotAuthSettingsV2GithubV2 { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of GitHub Login authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxWebAppSlotAuthSettingsV2GoogleV2 { /** * Specifies a list of Allowed Audiences that should be requested as part of Google Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of Google Sign-In authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxWebAppSlotAuthSettingsV2Login { /** * External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. * * > **Note:** URLs within the current domain are always implicitly allowed. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. */ cookieExpirationConvention?: pulumi.Input; /** * The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. */ cookieExpirationTime?: pulumi.Input; /** * The endpoint to which logout requests should be made. */ logoutEndpoint?: pulumi.Input; /** * The time after the request is made when the nonce should expire. Defaults to `00:05:00`. */ nonceExpirationTime?: pulumi.Input; /** * Should the fragments from the request be preserved after the login request is made. Defaults to `false`. */ preserveUrlFragmentsForLogins?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionTime?: pulumi.Input; /** * Should the Token Store configuration Enabled. Defaults to `false` */ tokenStoreEnabled?: pulumi.Input; /** * The directory path in the App Filesystem in which the tokens will be stored. */ tokenStorePath?: pulumi.Input; /** * The name of the app setting which contains the SAS URL of the blob storage containing the tokens. */ tokenStoreSasSettingName?: pulumi.Input; /** * Should the nonce be validated while completing the login flow. Defaults to `true`. */ validateNonce?: pulumi.Input; } interface LinuxWebAppSlotAuthSettingsV2MicrosoftV2 { /** * Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of Login scopes that should be requested as part of Microsoft Account authentication. */ loginScopes?: pulumi.Input[]>; } interface LinuxWebAppSlotAuthSettingsV2TwitterV2 { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ consumerSecretSettingName: pulumi.Input; } interface LinuxWebAppSlotBackup { /** * Should this backup job be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The name which should be used for this Backup. */ name: pulumi.Input; /** * An `schedule` block as defined below. */ schedule: pulumi.Input; /** * The SAS URL to the container. */ storageAccountUrl: pulumi.Input; } interface LinuxWebAppSlotBackupSchedule { /** * How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequencyUnit` should be set to `Day`). * * > **Note:** Not all intervals are supported on all Linux Web App SKUs. Please refer to the official documentation for appropriate values. */ frequencyInterval: pulumi.Input; /** * The unit of time for how often the backup should take place. Possible values include: `Day`, `Hour` */ frequencyUnit: pulumi.Input; /** * Should the service keep at least one backup, regardless of the age of backup? Defaults to `false`. */ keepAtLeastOneBackup?: pulumi.Input; /** * The time the backup was last attempted. */ lastExecutionTime?: pulumi.Input; /** * After how many days backups should be deleted. Defaults to `30`. */ retentionPeriodDays?: pulumi.Input; /** * When the schedule should start working in RFC-3339 format. */ startTime?: pulumi.Input; } interface LinuxWebAppSlotConnectionString { /** * The name of the Connection String. */ name: pulumi.Input; /** * Type of database. Possible values include `APIHub`, `Custom`, `DocDb`, `EventHub`, `MySQL`, `NotificationHub`, `PostgreSQL`, `RedisCache`, `ServiceBus`, `SQLAzure`, and `SQLServer`. */ type: pulumi.Input; /** * The connection string value. */ value: pulumi.Input; } interface LinuxWebAppSlotIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Linux Web App Slot. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Linux Web App Slot. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface LinuxWebAppSlotLogs { /** * A `applicationLogs` block as defined above. */ applicationLogs?: pulumi.Input; /** * Should detailed error messages be enabled? */ detailedErrorMessages?: pulumi.Input; /** * Should the failed request tracing be enabled? */ failedRequestTracing?: pulumi.Input; /** * An `httpLogs` block as defined above. */ httpLogs?: pulumi.Input; } interface LinuxWebAppSlotLogsApplicationLogs { /** * An `azureBlobStorage` block as defined below. */ azureBlobStorage?: pulumi.Input; /** * Log level. Possible values include `Off`, `Verbose`, `Information`, `Warning`, and `Error`. */ fileSystemLevel: pulumi.Input; } interface LinuxWebAppSlotLogsApplicationLogsAzureBlobStorage { /** * The level at which to log. Possible values include `Error`, `Warning`, `Information`, `Verbose` and `Off`. **NOTE:** this field is not available for `httpLogs` */ level: pulumi.Input; /** * The time in days after which to remove blobs. A value of `0` means no retention. */ retentionInDays: pulumi.Input; /** * SAS URL to an Azure blob container with read/write/list/delete permissions. * * > **Note:** There isn't enough information to for the provider to generate the `sasUrl` from `data.azurerm_storage_account_sas` and it should be built by hand (i.e. `https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}${data.azurerm_storage_account_sas.example.sas}&sr=b`). */ sasUrl: pulumi.Input; } interface LinuxWebAppSlotLogsHttpLogs { /** * A `azureBlobStorageHttp` block as defined above. */ azureBlobStorage?: pulumi.Input; /** * A `fileSystem` block as defined above. */ fileSystem?: pulumi.Input; } interface LinuxWebAppSlotLogsHttpLogsAzureBlobStorage { /** * The time in days after which to remove blobs. A value of `0` means no retention. */ retentionInDays?: pulumi.Input; /** * SAS URL to an Azure blob container with read/write/list/delete permissions. * * > **Note:** There isn't enough information to for the provider to generate the `sasUrl` from `data.azurerm_storage_account_sas` and it should be built by hand (i.e. `https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}${data.azurerm_storage_account_sas.example.sas}&sr=b`). */ sasUrl: pulumi.Input; } interface LinuxWebAppSlotLogsHttpLogsFileSystem { /** * The retention period in days. A values of `0` means no retention. */ retentionInDays: pulumi.Input; /** * The maximum size in megabytes that log files can use. */ retentionInMb: pulumi.Input; } interface LinuxWebAppSlotSiteConfig { /** * If this Linux Web App is Always On enabled. Defaults to `true`. */ alwaysOn?: pulumi.Input; /** * The URL to the API Definition for this Linux Web App Slot. */ apiDefinitionUrl?: pulumi.Input; /** * The API Management API ID this Linux Web App Slot is associated with. */ apiManagementApiId?: pulumi.Input; /** * The App command line to launch. */ appCommandLine?: pulumi.Input; /** * A `applicationStack` block as defined above. */ applicationStack?: pulumi.Input; /** * A `autoHealSetting` block as defined above. Required with `autoHeal`. */ autoHealSetting?: pulumi.Input; /** * The Linux Web App Slot Name to automatically swap to when deployment to that slot is successfully completed. * * > **Note:** This must be a valid slot name on the target Linux Web App. */ autoSwapSlotName?: pulumi.Input; /** * The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. */ containerRegistryManagedIdentityClientId?: pulumi.Input; /** * Should connections for Azure Container Registry use Managed Identity. */ containerRegistryUseManagedIdentity?: pulumi.Input; /** * A `cors` block as defined above. */ cors?: pulumi.Input; /** * Specifies a list of Default Documents for the Linux Web App. */ defaultDocuments?: pulumi.Input[]>; detailedErrorLoggingEnabled?: pulumi.Input; /** * The State of FTP / FTPS service. Possible values include `AllAllowed`, `FtpsOnly`, and `Disabled`. Defaults to `Disabled`. * * > **Note:** Azure defaults this value to `AllAllowed`, however, in the interests of security Terraform will default this to `Disabled` to ensure the user makes a conscious choice to enable it. */ ftpsState?: pulumi.Input; /** * The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Only valid in conjunction with `healthCheckPath`. */ healthCheckEvictionTimeInMin?: pulumi.Input; /** * The path to the Health Check. */ healthCheckPath?: pulumi.Input; /** * Should the HTTP2 be enabled? */ http2Enabled?: pulumi.Input; /** * The Default action for traffic that does not match any `ipRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ ipRestrictionDefaultAction?: pulumi.Input; /** * One or more `ipRestriction` blocks as defined above. */ ipRestrictions?: pulumi.Input[]>; linuxFxVersion?: pulumi.Input; /** * The Site load balancing. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. */ loadBalancingMode?: pulumi.Input; /** * Use Local MySQL. Defaults to `false`. */ localMysqlEnabled?: pulumi.Input; /** * Managed pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. */ managedPipelineMode?: pulumi.Input; /** * The configures the minimum version of TLS required for SSL requests. Possible values are `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ minimumTlsVersion?: pulumi.Input; /** * Should Remote Debugging be enabled? Defaults to `false`. */ remoteDebuggingEnabled?: pulumi.Input; /** * The Remote Debugging Version. Currently only `VS2022` is supported. */ remoteDebuggingVersion?: pulumi.Input; /** * The Default action for traffic that does not match any `scmIpRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ scmIpRestrictionDefaultAction?: pulumi.Input; /** * One or more `scmIpRestriction` blocks as defined above. */ scmIpRestrictions?: pulumi.Input[]>; /** * The configures the minimum version of TLS required for SSL requests to the SCM site Possible values are `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ scmMinimumTlsVersion?: pulumi.Input; scmType?: pulumi.Input; /** * Should the Linux Web App `ipRestriction` configuration be used for the SCM also. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the Linux Web App use a 32-bit worker? Defaults to `true`. */ use32BitWorker?: pulumi.Input; /** * Should all outbound traffic have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to `false`. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should Web Sockets be enabled? Defaults to `false`. */ websocketsEnabled?: pulumi.Input; /** * The number of Workers for this Linux App Service Slot. */ workerCount?: pulumi.Input; } interface LinuxWebAppSlotSiteConfigApplicationStack { /** * The docker image, including tag, to be used. e.g. `appsvc/staticsite:latest`. */ dockerImageName?: pulumi.Input; /** * The User Name to use for authentication against the registry to pull the image. * * > **Note:** `dockerRegistryUrl`, `dockerRegistryUsername`, and `dockerRegistryPassword` replace the use of the `appSettings` values of `DOCKER_REGISTRY_SERVER_URL`, `DOCKER_REGISTRY_SERVER_USERNAME` and `DOCKER_REGISTRY_SERVER_PASSWORD` respectively, these values will be managed by the provider and should not be specified in the `appSettings` map. */ dockerRegistryPassword?: pulumi.Input; /** * The URL of the container registry where the `dockerImageName` is located. e.g. `https://index.docker.io` or `https://mcr.microsoft.com`. This value is required with `dockerImageName`. */ dockerRegistryUrl?: pulumi.Input; /** * The User Name to use for authentication against the registry to pull the image. */ dockerRegistryUsername?: pulumi.Input; /** * The version of .NET to use. Possible values include `3.1`, `5.0`, `6.0`, `7.0`, `8.0`, `9.0` and `10.0`. */ dotnetVersion?: pulumi.Input; /** * The version of Go to use. Possible values include `1.18`, and `1.19`. */ goVersion?: pulumi.Input; /** * The Java server type. Possible values include `JAVA`, `TOMCAT`, and `JBOSSEAP`. * * > **Note:** `JBOSSEAP` requires a Premium Service Plan SKU to be a valid option. */ javaServer?: pulumi.Input; /** * The Version of the `javaServer` to use. */ javaServerVersion?: pulumi.Input; /** * The Version of Java to use. Possible values are `8`, `11`, `17` and `21`. * * > **Note:** The valid version combinations for `javaVersion`, `javaServer` and `javaServerVersion` can be checked from the command line via `az webapp list-runtimes --os-type linux`. */ javaVersion?: pulumi.Input; /** * The version of Node to run. Possible values are `12-lts`, `14-lts`, `16-lts`, `18-lts`, `20-lts`, `22-lts` and `24-lts`. This property conflicts with `javaVersion`. * * > **Note:** 10.x versions have been/are being deprecated so may cease to work for new resources in the future and may be removed from the provider. */ nodeVersion?: pulumi.Input; /** * The version of PHP to run. Possible values are `7.4`, `8.0`, `8.1`, `8.2`, `8.3` and `8.4`. * * > **Note:** version `7.4` is deprecated and will be removed from the provider in a future version. */ phpVersion?: pulumi.Input; /** * The version of Python to run. Possible values include `3.14`, `3.13`, `3.12`, `3.11`, `3.10`, `3.9`, `3.8` and `3.7`. */ pythonVersion?: pulumi.Input; /** * The version of Ruby to run. Possible values include `2.6` and `2.7`. */ rubyVersion?: pulumi.Input; } interface LinuxWebAppSlotSiteConfigAutoHealSetting { /** * A `action` block as defined above. */ action?: pulumi.Input; /** * A `trigger` block as defined below. */ trigger?: pulumi.Input; } interface LinuxWebAppSlotSiteConfigAutoHealSettingAction { /** * Predefined action to be taken to an Auto Heal trigger. Possible values include: `Recycle`. */ actionType: pulumi.Input; /** * The minimum amount of time in `hh:mm:ss` the Linux Web App must have been running before the defined action will be run in the event of a trigger. */ minimumProcessExecutionTime?: pulumi.Input; } interface LinuxWebAppSlotSiteConfigAutoHealSettingTrigger { /** * A `requests` block as defined above. */ requests?: pulumi.Input; /** * A `slowRequest` block as defined above. */ slowRequest?: pulumi.Input; /** * One or more `slowRequestWithPath` blocks as defined above. */ slowRequestWithPaths?: pulumi.Input[]>; /** * One or more `statusCode` blocks as defined above. */ statusCodes?: pulumi.Input[]>; } interface LinuxWebAppSlotSiteConfigAutoHealSettingTriggerRequests { /** * The number of requests in the specified `interval` to trigger this rule. */ count: pulumi.Input; /** * The interval in `hh:mm:ss`. */ interval: pulumi.Input; } interface LinuxWebAppSlotSiteConfigAutoHealSettingTriggerSlowRequest { /** * The number of Slow Requests in the time `interval` to trigger this rule. */ count: pulumi.Input; /** * The time interval in the form `hh:mm:ss`. */ interval: pulumi.Input; /** * The threshold of time passed to qualify as a Slow Request in `hh:mm:ss`. */ timeTaken: pulumi.Input; } interface LinuxWebAppSlotSiteConfigAutoHealSettingTriggerSlowRequestWithPath { /** * The number of Slow Requests in the time `interval` to trigger this rule. */ count: pulumi.Input; /** * The time interval in the form `hh:mm:ss`. */ interval: pulumi.Input; /** * The path for which this slow request rule applies. */ path?: pulumi.Input; /** * The threshold of time passed to qualify as a Slow Request in `hh:mm:ss`. */ timeTaken: pulumi.Input; } interface LinuxWebAppSlotSiteConfigAutoHealSettingTriggerStatusCode { /** * The number of occurrences of the defined `statusCode` in the specified `interval` on which to trigger this rule. */ count: pulumi.Input; /** * The time interval in the form `hh:mm:ss`. */ interval: pulumi.Input; /** * The path to which this rule status code applies. */ path?: pulumi.Input; /** * The status code for this rule, accepts single status codes and status code ranges. e.g. `500` or `400-499`. Possible values are integers between `101` and `599` */ statusCodeRange: pulumi.Input; /** * The Request Sub Status of the Status Code. */ subStatus?: pulumi.Input; /** * The Win32 Status Code of the Request. */ win32StatusCode?: pulumi.Input; } interface LinuxWebAppSlotSiteConfigCors { /** * Specifies a list of origins that should be allowed to make cross-origin calls. */ allowedOrigins?: pulumi.Input[]>; /** * Whether CORS requests with credentials are allowed. Defaults to `false` */ supportCredentials?: pulumi.Input; } interface LinuxWebAppSlotSiteConfigIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface LinuxWebAppSlotSiteConfigIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface LinuxWebAppSlotSiteConfigScmIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface LinuxWebAppSlotSiteConfigScmIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface LinuxWebAppSlotSiteCredential { /** * The name which should be used for this Linux Web App Slot. Changing this forces a new Linux Web App Slot to be created. * * > **Note:** Terraform will perform a name availability check as part of the creation progress, if this Web App is part of an App Service Environment terraform will require Read permission on the ASE for this to complete reliably. */ name?: pulumi.Input; /** * The Site Credentials Password used for publishing. */ password?: pulumi.Input; } interface LinuxWebAppSlotStorageAccount { /** * The Access key for the storage account. */ accessKey: pulumi.Input; /** * The Name of the Storage Account. */ accountName: pulumi.Input; /** * The path at which to mount the storage share. */ mountPath?: pulumi.Input; /** * The name which should be used for this Storage Account. */ name: pulumi.Input; /** * The Name of the File Share or Container Name for Blob storage. */ shareName: pulumi.Input; /** * The Azure Storage Type. Possible values include `AzureFiles` and `AzureBlob` */ type: pulumi.Input; } interface LinuxWebAppStickySettings { /** * A list of `appSetting` names that the Linux Web App will not swap between Slots when a swap operation is triggered. */ appSettingNames?: pulumi.Input[]>; /** * A list of `connectionString` names that the Linux Web App will not swap between Slots when a swap operation is triggered. */ connectionStringNames?: pulumi.Input[]>; } interface LinuxWebAppStorageAccount { /** * The Access key for the storage account. */ accessKey: pulumi.Input; /** * The Name of the Storage Account. */ accountName: pulumi.Input; /** * The path at which to mount the storage share. */ mountPath?: pulumi.Input; /** * The name which should be used for this Storage Account. */ name: pulumi.Input; /** * The Name of the File Share or Container Name for Blob storage. */ shareName: pulumi.Input; /** * The Azure Storage Type. Possible values include `AzureFiles` and `AzureBlob` */ type: pulumi.Input; } interface PlanSku { /** * Specifies the number of workers associated with this App Service Plan. */ capacity?: pulumi.Input; /** * Specifies the plan's instance size. */ size: pulumi.Input; /** * Specifies the plan's pricing tier. */ tier: pulumi.Input; } interface SlotAuthSettings { /** * A `activeDirectory` block as defined below. */ activeDirectory?: pulumi.Input; /** * Login parameters to send to the OpenID Connect authorization endpoint when a user logs in. Each parameter must be in the form "key=value". */ additionalLoginParams?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * External URLs that can be redirected to as part of logging in or logging out of the app. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default provider to use when multiple providers have been set up. Possible values are `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount` and `Twitter`. * * > **NOTE:** When using multiple providers, the default provider must be set for settings like `unauthenticatedClientAction` to work. */ defaultProvider?: pulumi.Input; /** * Is Authentication enabled? */ enabled: pulumi.Input; /** * A `facebook` block as defined below. */ facebook?: pulumi.Input; /** * A `google` block as defined below. */ google?: pulumi.Input; /** * Issuer URI. When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * A `microsoft` block as defined below. */ microsoft?: pulumi.Input; /** * The runtime version of the Authentication/Authorization module. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72`. */ tokenRefreshExtensionHours?: pulumi.Input; /** * If enabled the module will durably store platform-specific security tokens that are obtained during login flows. Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * A `twitter` block as defined below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values are `AllowAnonymous` and `RedirectToLoginPage`. */ unauthenticatedClientAction?: pulumi.Input; } interface SlotAuthSettingsActiveDirectory { /** * Allowed audience values to consider when validating JWTs issued by Azure Active Directory. */ allowedAudiences?: pulumi.Input[]>; /** * The Client ID of this relying party application. Enables OpenIDConnection authentication with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret of this relying party application. If no secret is provided, implicit flow will be used. */ clientSecret?: pulumi.Input; } interface SlotAuthSettingsFacebook { /** * The App ID of the Facebook app used for login */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. */ appSecret: pulumi.Input; /** * The OAuth 2.0 scopes that will be requested as part of Facebook login authentication. */ oauthScopes?: pulumi.Input[]>; } interface SlotAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. */ clientSecret: pulumi.Input; /** * The OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. */ oauthScopes?: pulumi.Input[]>; } interface SlotAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. */ clientSecret: pulumi.Input; /** * The OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. */ oauthScopes?: pulumi.Input[]>; } interface SlotAuthSettingsTwitter { /** * The consumer key of the Twitter app used for login */ consumerKey: pulumi.Input; /** * The consumer secret of the Twitter app used for login. */ consumerSecret: pulumi.Input; } interface SlotConnectionString { /** * The name of the Connection String. */ name: pulumi.Input; /** * The type of the Connection String. Possible values are `APIHub`, `Custom`, `DocDb`, `EventHub`, `MySQL`, `NotificationHub`, `PostgreSQL`, `RedisCache`, `ServiceBus`, `SQLAzure`, and `SQLServer`. */ type: pulumi.Input; /** * The value for the Connection String. */ value: pulumi.Input; } interface SlotIdentity { /** * Specifies a list of user managed identity ids to be assigned. Required if `type` is `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this App Service slot. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this App Service slot. */ tenantId?: pulumi.Input; /** * Specifies the identity type of the App Service. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you), `UserAssigned` where you can specify the Service Principal IDs in the `identityIds` field, and `SystemAssigned, UserAssigned` which assigns both a system managed identity as well as the specified user assigned identities. * * > **NOTE:** When `type` is set to `SystemAssigned`, The assigned `principalId` and `tenantId` can be retrieved after the App Service has been created. More details are available below. */ type: pulumi.Input; } interface SlotLogs { /** * An `applicationLogs` block as defined below. */ applicationLogs?: pulumi.Input; /** * Should `Detailed error messages` be enabled on this App Service slot? Defaults to `false`. */ detailedErrorMessagesEnabled?: pulumi.Input; /** * Should `Failed request tracing` be enabled on this App Service slot? Defaults to `false`. */ failedRequestTracingEnabled?: pulumi.Input; /** * An `httpLogs` block as defined below. */ httpLogs?: pulumi.Input; } interface SlotLogsApplicationLogs { /** * An `azureBlobStorage` block as defined below. */ azureBlobStorage?: pulumi.Input; /** * The file system log level. Possible values are `Off`, `Error`, `Warning`, `Information`, and `Verbose`. Defaults to `Off`. */ fileSystemLevel?: pulumi.Input; } interface SlotLogsApplicationLogsAzureBlobStorage { /** * The level at which to log. Possible values include `Error`, `Warning`, `Information`, `Verbose` and `Off`. **NOTE:** this field is not available for `httpLogs` */ level: pulumi.Input; /** * The number of days to retain logs for. */ retentionInDays: pulumi.Input; /** * The URL to the storage container, with a Service SAS token appended. * * > **Note:** There isn't enough information to for the provider to generate the `sasUrl` from `data.azurerm_storage_account_sas` and it should be built by hand (i.e. `https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}${data.azurerm_storage_account_sas.example.sas}&sr=b`). */ sasUrl: pulumi.Input; } interface SlotLogsHttpLogs { /** * An `azureBlobStorage` block as defined below. */ azureBlobStorage?: pulumi.Input; /** * A `fileSystem` block as defined below. */ fileSystem?: pulumi.Input; } interface SlotLogsHttpLogsAzureBlobStorage { /** * The number of days to retain logs for. */ retentionInDays: pulumi.Input; /** * The URL to the storage container, with a Service SAS token appended. * * > **Note:** There isn't enough information to for the provider to generate the `sasUrl` from `data.azurerm_storage_account_sas` and it should be built by hand (i.e. `https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}${data.azurerm_storage_account_sas.example.sas}&sr=b`). */ sasUrl: pulumi.Input; } interface SlotLogsHttpLogsFileSystem { /** * The number of days to retain logs for. */ retentionInDays: pulumi.Input; /** * The maximum size in megabytes that HTTP log files can use before being removed. */ retentionInMb: pulumi.Input; } interface SlotSiteConfig { /** * Are Managed Identity Credentials used for Azure Container Registry pull */ acrUseManagedIdentityCredentials?: pulumi.Input; /** * If using User Managed Identity, the User Managed Identity Client Id * * > **NOTE:** When using User Managed Identity with Azure Container Registry the Identity will need to have the [ACRPull role assigned](https://docs.microsoft.com/azure/container-registry/container-registry-authentication-managed-identity#example-1-access-with-a-user-assigned-identity) */ acrUserManagedIdentityClientId?: pulumi.Input; /** * Should the slot be loaded at all times? Defaults to `false`. * * > **NOTE:** when using an App Service Plan in the `Free` or `Shared` Tiers `alwaysOn` must be set to `false`. */ alwaysOn?: pulumi.Input; /** * App command line to launch, e.g. `/sbin/myserver -b 0.0.0.0`. */ appCommandLine?: pulumi.Input; /** * The name of the slot to automatically swap to during deployment */ autoSwapSlotName?: pulumi.Input; /** * A `cors` block as defined below. */ cors?: pulumi.Input; /** * The ordering of default documents to load, if an address isn't specified. */ defaultDocuments?: pulumi.Input[]>; /** * The version of the .NET framework's CLR used in this App Service Slot. Possible values are `v2.0` (which will use the latest version of the .NET framework for the .NET CLR v2 - currently `.net 3.5`), `v4.0` (which corresponds to the latest version of the .NET CLR v4 - which at the time of writing is `.net 4.7.1`), `v5.0` and `v6.0`. [For more information on which .NET CLR version to use based on the .NET framework you're targeting - please see this table](https://en.wikipedia.org/wiki/.NET_Framework_version_history#Overview). Defaults to `v4.0`. */ dotnetFrameworkVersion?: pulumi.Input; /** * State of FTP / FTPS service for this App Service Slot. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. */ ftpsState?: pulumi.Input; /** * The health check path to be pinged by App Service Slot. [For more information - please see App Service health check announcement](https://azure.github.io/AppService/2020/08/24/healthcheck-on-app-service.html). */ healthCheckPath?: pulumi.Input; /** * Is HTTP2 Enabled on this App Service? Defaults to `false`. */ http2Enabled?: pulumi.Input; /** * A list of objects representing ip restrictions as defined below. * * > **NOTE** User has to explicitly set `ipRestriction` to empty slice (`[]`) to remove it. */ ipRestrictions?: pulumi.Input[]>; /** * The Java Container to use. If specified `javaVersion` and `javaContainerVersion` must also be specified. Possible values are `JAVA`, `JETTY`, and `TOMCAT`. */ javaContainer?: pulumi.Input; /** * The version of the Java Container to use. If specified `javaVersion` and `javaContainer` must also be specified. */ javaContainerVersion?: pulumi.Input; /** * The version of Java to use. If specified `javaContainer` and `javaContainerVersion` must also be specified. Possible values are `1.7`, `1.8`, and `11` and their specific versions - except for Java 11 (e.g. `1.7.0_80`, `1.8.0_181`, `11`) */ javaVersion?: pulumi.Input; /** * Linux App Framework and version for the App Service Slot. Possible options are a Docker container (`DOCKER|`), a base-64 encoded Docker Compose file (`COMPOSE|${filebase64("compose.yml")}`) or a base-64 encoded Kubernetes Manifest (`KUBE|${filebase64("kubernetes.yml")}`). * * > **NOTE:** To set this property the App Service Plan to which the App belongs must be configured with `kind = "Linux"`, and `reserved = true` or the API will reject any value supplied. */ linuxFxVersion?: pulumi.Input; /** * Is "MySQL In App" Enabled? This runs a local MySQL instance with your app and shares resources from the App Service plan. * * > **NOTE:** MySQL In App is not intended for production environments and will not scale beyond a single instance. Instead you may wish to use Azure Database for MySQL. */ localMysqlEnabled?: pulumi.Input; /** * The Managed Pipeline Mode. Possible values are `Integrated` and `Classic`. Defaults to `Integrated`. */ managedPipelineMode?: pulumi.Input; /** * The minimum supported TLS version for the app service. Possible values are `1.0`, `1.1`, and `1.2`. Defaults to `1.2` for new app services. */ minTlsVersion?: pulumi.Input; /** * The scaled number of workers (for per site scaling) of this App Service Slot. Requires that `perSiteScaling` is enabled on the `azure.appservice.Plan`. [For more information - please see Microsoft documentation on high-density hosting](https://docs.microsoft.com/azure/app-service/manage-scale-per-app). */ numberOfWorkers?: pulumi.Input; /** * The version of PHP to use in this App Service Slot. Possible values are `5.5`, `5.6`, `7.0`, `7.1`, `7.2`, `7.3`, and `7.4`. */ phpVersion?: pulumi.Input; /** * The version of Python to use in this App Service Slot. Possible values are `2.7` and `3.4`. */ pythonVersion?: pulumi.Input; /** * Is Remote Debugging Enabled? Defaults to `false`. */ remoteDebuggingEnabled?: pulumi.Input; /** * Which version of Visual Studio should the Remote Debugger be compatible with? Currently only `VS2022` is supported. */ remoteDebuggingVersion?: pulumi.Input; /** * A list of `scmIpRestriction` objects representing IP restrictions as defined below. * * > **NOTE** User has to explicitly set `scmIpRestriction` to empty slice (`[]`) to remove it. */ scmIpRestrictions?: pulumi.Input[]>; /** * The type of Source Control enabled for this App Service Slot. Defaults to `None`. Possible values are: `BitbucketGit`, `BitbucketHg`, `CodePlexGit`, `CodePlexHg`, `Dropbox`, `ExternalGit`, `ExternalHg`, `GitHub`, `LocalGit`, `None`, `OneDrive`, `Tfs`, `VSO`, and `VSTSRM` */ scmType?: pulumi.Input; /** * IP security restrictions for scm to use main. Defaults to `false`. * * > **NOTE** Any `scmIpRestriction` blocks configured are ignored by the service when `scmUseMainIpRestriction` is set to `true`. Any scm restrictions will become active if this is subsequently set to `false` or removed. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the App Service Slot run in 32 bit mode, rather than 64 bit mode? * * > **NOTE:** when using an App Service Plan in the `Free` or `Shared` Tiers `use32BitWorkerProcess` must be set to `true`. */ use32BitWorkerProcess?: pulumi.Input; /** * Should all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied? Defaults to `false`. * * > **NOTE:** This setting supersedes the previous mechanism of setting the `appSettings` value of `WEBSITE_VNET_ROUTE_ALL`. However, to prevent older configurations breaking Terraform will update this value if it not explicitly set to the value in `app_settings.WEBSITE_VNET_ROUTE_ALL`. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should WebSockets be enabled? */ websocketsEnabled?: pulumi.Input; /** * The Windows Docker container image (`DOCKER|`) * * Additional examples of how to run Containers via the `azure.appservice.Slot` resource can be found in the `./examples/app-service` directory within the GitHub Repository. */ windowsFxVersion?: pulumi.Input; } interface SlotSiteConfigCors { /** * A list of origins which should be able to make cross-origin calls. `*` can be used to allow all calls. */ allowedOrigins: pulumi.Input[]>; /** * Are credentials supported? */ supportCredentials?: pulumi.Input; } interface SlotSiteConfigIpRestriction { /** * Does this restriction `Allow` or `Deny` access for this IP range. Defaults to `Allow`. */ action?: pulumi.Input; /** * The `headers` block for this specific `ipRestriction` as defined below. The HTTP header filters are evaluated after the rule itself and both conditions must be true for the rule to apply. */ headers?: pulumi.Input; /** * The IP Address used for this IP Restriction in CIDR notation. */ ipAddress?: pulumi.Input; /** * The name for this IP Restriction. */ name?: pulumi.Input; /** * The priority for this IP Restriction. Restrictions are enforced in priority order. By default, priority is set to 65000 if not specified. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **NOTE:** One of either `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified */ virtualNetworkSubnetId?: pulumi.Input; } interface SlotSiteConfigIpRestrictionHeaders { /** * A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8. */ xAzureFdids?: pulumi.Input[]>; /** * A list to allow the Azure FrontDoor health probe header. Only allowed value is "1". */ xFdHealthProbe?: pulumi.Input; /** * A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8 */ xForwardedFors?: pulumi.Input[]>; /** * A list of allowed 'X-Forwarded-Host' domains with a maximum of 8. */ xForwardedHosts?: pulumi.Input[]>; } interface SlotSiteConfigScmIpRestriction { /** * Allow or Deny access for this IP range. Defaults to `Allow`. */ action?: pulumi.Input; /** * The `headers` block for this specific `scmIpRestriction` as defined below. */ headers?: pulumi.Input; /** * The IP Address used for this IP Restriction in CIDR notation. */ ipAddress?: pulumi.Input; /** * The name for this IP Restriction. */ name?: pulumi.Input; /** * The priority for this IP Restriction. Restrictions are enforced in priority order. By default, priority is set to 65000 if not specified. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **NOTE:** One of either `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified */ virtualNetworkSubnetId?: pulumi.Input; } interface SlotSiteConfigScmIpRestrictionHeaders { /** * A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8. */ xAzureFdids?: pulumi.Input[]>; /** * A list to allow the Azure FrontDoor health probe header. Only allowed value is "1". */ xFdHealthProbe?: pulumi.Input; /** * A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8 */ xForwardedFors?: pulumi.Input[]>; /** * A list of allowed 'X-Forwarded-Host' domains with a maximum of 8. */ xForwardedHosts?: pulumi.Input[]>; } interface SlotSiteCredential { /** * The password associated with the username, which can be used to publish to this App Service. */ password?: pulumi.Input; /** * The username which can be used to publish to this App Service */ username?: pulumi.Input; } interface SlotStorageAccount { /** * The access key for the storage account. */ accessKey: pulumi.Input; /** * The name of the storage account. */ accountName: pulumi.Input; /** * The path to mount the storage within the site's runtime environment. */ mountPath?: pulumi.Input; /** * The name of the storage account identifier. */ name: pulumi.Input; /** * The name of the file share (container name, for Blob storage). */ shareName: pulumi.Input; /** * The type of storage. Possible values are `AzureBlob` and `AzureFiles`. */ type: pulumi.Input; } interface SourceControlGithubActionConfiguration { /** * A `codeConfiguration` block as defined above. Changing this forces a new resource to be created. */ codeConfiguration?: pulumi.Input; /** * A `containerConfiguration` block as defined above. */ containerConfiguration?: pulumi.Input; /** * Whether to generate the GitHub work flow file. Defaults to `true`. Changing this forces a new resource to be created. */ generateWorkflowFile?: pulumi.Input; /** * Denotes this action uses a Linux base image. */ linuxAction?: pulumi.Input; } interface SourceControlGithubActionConfigurationCodeConfiguration { /** * The value to use for the Runtime Stack in the workflow file content for code base apps. Possible values are `dotnetcore`, `spring`, `tomcat`, `node` and `python`. Changing this forces a new resource to be created. */ runtimeStack: pulumi.Input; /** * The value to use for the Runtime Version in the workflow file content for code base apps. Changing this forces a new resource to be created. */ runtimeVersion: pulumi.Input; } interface SourceControlGithubActionConfigurationContainerConfiguration { /** * The image name for the build. Changing this forces a new resource to be created. */ imageName: pulumi.Input; /** * The password used to upload the image to the container registry. Changing this forces a new resource to be created. */ registryPassword?: pulumi.Input; /** * The server URL for the container registry where the build will be hosted. Changing this forces a new resource to be created. */ registryUrl: pulumi.Input; /** * The username used to upload the image to the container registry. Changing this forces a new resource to be created. */ registryUsername?: pulumi.Input; } interface SourceControlSlotGithubActionConfiguration { /** * A `codeConfiguration` block as detailed below. Changing this forces a new resource to be created. */ codeConfiguration?: pulumi.Input; /** * A `containerConfiguration` block as detailed below. */ containerConfiguration?: pulumi.Input; /** * Should the service generate the GitHub Action Workflow file. Defaults to `true` Changing this forces a new resource to be created. */ generateWorkflowFile?: pulumi.Input; /** * Denotes this action uses a Linux base image. */ linuxAction?: pulumi.Input; } interface SourceControlSlotGithubActionConfigurationCodeConfiguration { /** * The value to use for the Runtime Stack in the workflow file content for code base apps. Changing this forces a new resource to be created. Possible values are `dotnetcore`, `spring`, `tomcat`, `node` and `python`. */ runtimeStack: pulumi.Input; /** * The value to use for the Runtime Version in the workflow file content for code base apps. Changing this forces a new resource to be created. */ runtimeVersion: pulumi.Input; } interface SourceControlSlotGithubActionConfigurationContainerConfiguration { /** * The image name for the build. Changing this forces a new resource to be created. */ imageName: pulumi.Input; /** * The password used to upload the image to the container registry. Changing this forces a new resource to be created. */ registryPassword?: pulumi.Input; /** * The server URL for the container registry where the build will be hosted. Changing this forces a new resource to be created. */ registryUrl: pulumi.Input; /** * The username used to upload the image to the container registry. Changing this forces a new resource to be created. */ registryUsername?: pulumi.Input; } interface StaticSiteIdentity { /** * A list of Managed Identity IDs which should be assigned to this Static Site resource. */ identityIds?: pulumi.Input[]>; /** * (Optional) The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * The Type of Managed Identity assigned to this Static Site resource. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface StaticWebAppBasicAuth { /** * The Environment types to use the Basic Auth for access. Possible values include `AllEnvironments` and `StagingEnvironments`. */ environments: pulumi.Input; /** * The password for the basic authentication access. */ password: pulumi.Input; } interface StaticWebAppIdentity { /** * A list of Managed Identity IDs which should be assigned to this Static Web App resource. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * The Type of Managed Identity assigned to this Static Web App resource. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface WindowsFunctionAppAuthSettings { /** * An `activeDirectory` block as defined above. */ activeDirectory?: pulumi.Input; /** * Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. */ additionalLoginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Windows Function App. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github` * * > **Note:** This setting is only needed if multiple providers are configured, and the `unauthenticatedClientAction` is set to "RedirectToLoginPage". */ defaultProvider?: pulumi.Input; /** * Should the Authentication / Authorization feature be enabled for the Windows Function App? */ enabled: pulumi.Input; /** * A `facebook` block as defined below. */ facebook?: pulumi.Input; /** * A `github` block as defined below. */ github?: pulumi.Input; /** * A `google` block as defined below. */ google?: pulumi.Input; /** * The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Windows Function App. * * > **Note:** When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * A `microsoft` block as defined below. */ microsoft?: pulumi.Input; /** * The Runtime Version of the Authentication / Authorization feature in use for the Windows Function App. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionHours?: pulumi.Input; /** * Should the Windows Function App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * A `twitter` block as defined below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. */ unauthenticatedClientAction?: pulumi.Input; } interface WindowsFunctionAppAuthSettingsActiveDirectory { /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** The `clientId` value is always considered an allowed audience. */ allowedAudiences?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret for the Client ID. Cannot be used with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. Cannot be used with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; } interface WindowsFunctionAppAuthSettingsFacebook { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. Cannot be specified with `appSecretSettingName`. */ appSecret?: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook login. Cannot be specified with `appSecret`. */ appSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook login authentication. */ oauthScopes?: pulumi.Input[]>; } interface WindowsFunctionAppAuthSettingsGithub { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The Client Secret of the GitHub app used for GitHub login. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub login authentication. */ oauthScopes?: pulumi.Input[]>; } interface WindowsFunctionAppAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, `openid`, `profile`, and `email` are used as default scopes. */ oauthScopes?: pulumi.Input[]>; } interface WindowsFunctionAppAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, `wl.basic` is used as the default scope. */ oauthScopes?: pulumi.Input[]>; } interface WindowsFunctionAppAuthSettingsTwitter { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecretSettingName`. */ consumerSecret?: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecret`. */ consumerSecretSettingName?: pulumi.Input; } interface WindowsFunctionAppAuthSettingsV2 { /** * An `activeDirectoryV2` block as defined below. */ activeDirectoryV2?: pulumi.Input; /** * An `appleV2` block as defined below. */ appleV2?: pulumi.Input; /** * Should the AuthV2 Settings be enabled. Defaults to `false`. */ authEnabled?: pulumi.Input; /** * An `azureStaticWebAppV2` block as defined below. */ azureStaticWebAppV2?: pulumi.Input; /** * The path to the App Auth settings. * * > **Note:** Relative Paths are evaluated from the Site Root directory. */ configFilePath?: pulumi.Input; /** * Zero or more `customOidcV2` blocks as defined below. */ customOidcV2s?: pulumi.Input[]>; /** * The Default Authentication Provider to use when the `unauthenticatedAction` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `customOidcV2` provider. * * > **Note:** Whilst any value will be accepted by the API for `defaultProvider`, it can leave the app in an unusable state if this value does not correspond to the name of a known provider (either built-in value, or customOidc name) as it is used to build the auth endpoint URI. */ defaultProvider?: pulumi.Input; /** * The paths which should be excluded from the `unauthenticatedAction` when it is set to `RedirectToLoginPage`. * * > **Note:** This list should be used instead of setting `WEBSITE_WARMUP_PATH` in `appSettings` as it takes priority. */ excludedPaths?: pulumi.Input[]>; /** * A `facebookV2` block as defined below. */ facebookV2?: pulumi.Input; /** * The convention used to determine the url of the request made. Possible values include `NoProxy`, `Standard`, `Custom`. Defaults to `NoProxy`. */ forwardProxyConvention?: pulumi.Input; /** * The name of the custom header containing the host of the request. */ forwardProxyCustomHostHeaderName?: pulumi.Input; /** * The name of the custom header containing the scheme of the request. */ forwardProxyCustomSchemeHeaderName?: pulumi.Input; /** * A `githubV2` block as defined below. */ githubV2?: pulumi.Input; /** * A `googleV2` block as defined below. */ googleV2?: pulumi.Input; /** * The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth`. */ httpRouteApiPrefix?: pulumi.Input; /** * A `login` block as defined below. */ login: pulumi.Input; /** * A `microsoftV2` block as defined below. */ microsoftV2?: pulumi.Input; /** * Should the authentication flow be used for all requests. */ requireAuthentication?: pulumi.Input; /** * Should HTTPS be required on connections? Defaults to `true`. */ requireHttps?: pulumi.Input; /** * The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1`. */ runtimeVersion?: pulumi.Input; /** * A `twitterV2` block as defined below. */ twitterV2?: pulumi.Input; /** * The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. */ unauthenticatedAction?: pulumi.Input; } interface WindowsFunctionAppAuthSettingsV2ActiveDirectoryV2 { /** * The list of allowed Applications for the Default Authorisation Policy. */ allowedApplications?: pulumi.Input[]>; /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ allowedAudiences?: pulumi.Input[]>; /** * The list of allowed Group Names for the Default Authorisation Policy. */ allowedGroups?: pulumi.Input[]>; /** * The list of allowed Identities for the Default Authorisation Policy. */ allowedIdentities?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The thumbprint of the certificate used for signing purposes. * * !> **Note:** If one `clientSecretSettingName` or `clientSecretCertificateThumbprint` is specified, terraform won't write the client secret or secret certificate thumbprint back to `appSetting`, so make sure they are existed in `appSettings` to function correctly. */ clientSecretCertificateThumbprint?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName?: pulumi.Input; /** * A list of Allowed Client Applications in the JWT Claim. */ jwtAllowedClientApplications?: pulumi.Input[]>; /** * A list of Allowed Groups in the JWT Claim. */ jwtAllowedGroups?: pulumi.Input[]>; /** * A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. */ loginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/{tenant-guid}/v2.0/` * * > **Note:** [Here](https://learn.microsoft.com/en-us/entra/identity-platform/authentication-national-cloud#microsoft-entra-authentication-endpoints) is a list of possible authentication endpoints based on the cloud environment. [Here](https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-tenant) is more information to better understand how to configure authentication for Azure App Service or Azure Functions. */ tenantAuthEndpoint: pulumi.Input; /** * Should the www-authenticate provider should be omitted from the request? Defaults to `false`. */ wwwAuthenticationDisabled?: pulumi.Input; } interface WindowsFunctionAppAuthSettingsV2AppleV2 { /** * The OpenID Connect Client ID for the Apple web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Apple Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * A list of Login Scopes provided by this Authentication Provider. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ loginScopes?: pulumi.Input[]>; } interface WindowsFunctionAppAuthSettingsV2AzureStaticWebAppV2 { /** * The ID of the Client to use to authenticate with Azure Static Web App Authentication. */ clientId: pulumi.Input; } interface WindowsFunctionAppAuthSettingsV2CustomOidcV2 { /** * The endpoint to make the Authorisation Request as supplied by `openidConfigurationEndpoint` response. */ authorisationEndpoint?: pulumi.Input; /** * The endpoint that provides the keys necessary to validate the token as supplied by `openidConfigurationEndpoint` response. */ certificationUri?: pulumi.Input; /** * The Client Credential Method used. */ clientCredentialMethod?: pulumi.Input; /** * The ID of the Client to use to authenticate with the Custom OIDC. */ clientId: pulumi.Input; /** * The App Setting name that contains the secret for this Custom OIDC Client. This is generated from `name` above and suffixed with `_PROVIDER_AUTHENTICATION_SECRET`. */ clientSecretSettingName?: pulumi.Input; /** * The endpoint that issued the Token as supplied by `openidConfigurationEndpoint` response. */ issuerEndpoint?: pulumi.Input; /** * The name of the Custom OIDC Authentication Provider. * * > **Note:** An `appSetting` matching this value in upper case with the suffix of `_PROVIDER_AUTHENTICATION_SECRET` is required. e.g. `MYOIDC_PROVIDER_AUTHENTICATION_SECRET` for a value of `myoidc`. */ name: pulumi.Input; /** * The name of the claim that contains the users name. */ nameClaimType?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for the Custom OIDC Login. */ openidConfigurationEndpoint: pulumi.Input; /** * The list of the scopes that should be requested while authenticating. */ scopes?: pulumi.Input[]>; /** * The endpoint used to request a Token as supplied by `openidConfigurationEndpoint` response. */ tokenEndpoint?: pulumi.Input; } interface WindowsFunctionAppAuthSettingsV2FacebookV2 { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ appSecretSettingName: pulumi.Input; /** * The version of the Facebook API to be used while logging in. */ graphApiVersion?: pulumi.Input; /** * The list of scopes that should be requested as part of Facebook Login authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsFunctionAppAuthSettingsV2GithubV2 { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of GitHub Login authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsFunctionAppAuthSettingsV2GoogleV2 { /** * Specifies a list of Allowed Audiences that should be requested as part of Google Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of Google Sign-In authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsFunctionAppAuthSettingsV2Login { /** * External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. * * > **Note:** URLs within the current domain are always implicitly allowed. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. */ cookieExpirationConvention?: pulumi.Input; /** * The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. */ cookieExpirationTime?: pulumi.Input; /** * The endpoint to which logout requests should be made. */ logoutEndpoint?: pulumi.Input; /** * The time after the request is made when the nonce should expire. Defaults to `00:05:00`. */ nonceExpirationTime?: pulumi.Input; /** * Should the fragments from the request be preserved after the login request is made. Defaults to `false`. */ preserveUrlFragmentsForLogins?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionTime?: pulumi.Input; /** * Should the Token Store configuration Enabled. Defaults to `false` */ tokenStoreEnabled?: pulumi.Input; /** * The directory path in the App Filesystem in which the tokens will be stored. */ tokenStorePath?: pulumi.Input; /** * The name of the app setting which contains the SAS URL of the blob storage containing the tokens. */ tokenStoreSasSettingName?: pulumi.Input; /** * Should the nonce be validated while completing the login flow. Defaults to `true`. */ validateNonce?: pulumi.Input; } interface WindowsFunctionAppAuthSettingsV2MicrosoftV2 { /** * Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of Login scopes that should be requested as part of Microsoft Account authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsFunctionAppAuthSettingsV2TwitterV2 { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ consumerSecretSettingName: pulumi.Input; } interface WindowsFunctionAppBackup { /** * Should this backup job be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The name which should be used for this Backup. */ name: pulumi.Input; /** * A `schedule` block as defined below. */ schedule: pulumi.Input; /** * The SAS URL to the container. */ storageAccountUrl: pulumi.Input; } interface WindowsFunctionAppBackupSchedule { /** * How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequencyUnit` should be set to `Day`). * * > **Note:** Not all intervals are supported on all Windows Function App SKUs. Please refer to the official documentation for appropriate values. */ frequencyInterval: pulumi.Input; /** * The unit of time for how often the backup should take place. Possible values include: `Day` and `Hour`. */ frequencyUnit: pulumi.Input; /** * Should the service keep at least one backup, regardless of age of backup. Defaults to `false`. */ keepAtLeastOneBackup?: pulumi.Input; /** * The time the backup was last attempted. */ lastExecutionTime?: pulumi.Input; /** * After how many days backups should be deleted. Defaults to `30`. */ retentionPeriodDays?: pulumi.Input; /** * When the schedule should start working in RFC-3339 format. */ startTime?: pulumi.Input; } interface WindowsFunctionAppConnectionString { /** * The name which should be used for this Connection. */ name: pulumi.Input; /** * Type of database. Possible values include: `APIHub`, `Custom`, `DocDb`, `EventHub`, `MySQL`, `NotificationHub`, `PostgreSQL`, `RedisCache`, `ServiceBus`, `SQLAzure`, and `SQLServer`. */ type: pulumi.Input; /** * The connection string value. */ value: pulumi.Input; } interface WindowsFunctionAppIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Windows Function App. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Windows Function App. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface WindowsFunctionAppSiteConfig { /** * If this Windows Function App is Always On enabled. Defaults to `false`. * * > **Note:** when running in a Consumption or Premium Plan, `alwaysOn` feature should be turned off. Please turn it off before upgrading the service plan from standard to premium. */ alwaysOn?: pulumi.Input; /** * The URL of the API definition that describes this Windows Function App. */ apiDefinitionUrl?: pulumi.Input; /** * The ID of the API Management API for this Windows Function App. */ apiManagementApiId?: pulumi.Input; /** * The App command line to launch. */ appCommandLine?: pulumi.Input; /** * The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. */ appScaleLimit?: pulumi.Input; /** * An `appServiceLogs` block as defined above. */ appServiceLogs?: pulumi.Input; /** * The Connection String for linking the Windows Function App to Application Insights. */ applicationInsightsConnectionString?: pulumi.Input; /** * The Instrumentation Key for connecting the Windows Function App to Application Insights. */ applicationInsightsKey?: pulumi.Input; /** * An `applicationStack` block as defined above. * * > **Note:** If this is set, there must not be an application setting `FUNCTIONS_WORKER_RUNTIME`. */ applicationStack?: pulumi.Input; /** * A `cors` block as defined above. */ cors?: pulumi.Input; /** * Specifies a list of Default Documents for the Windows Function App. */ defaultDocuments?: pulumi.Input[]>; /** * Is detailed error logging enabled */ detailedErrorLoggingEnabled?: pulumi.Input; /** * The number of minimum instances for this Windows Function App. Only affects apps on Elastic Premium plans. */ elasticInstanceMinimum?: pulumi.Input; /** * State of FTP / FTPS service for this Windows Function App. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`. */ ftpsState?: pulumi.Input; /** * The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Only valid in conjunction with `healthCheckPath`. */ healthCheckEvictionTimeInMin?: pulumi.Input; /** * The path to be checked for this Windows Function App health. */ healthCheckPath?: pulumi.Input; /** * Specifies if the HTTP2 protocol should be enabled. Defaults to `false`. */ http2Enabled?: pulumi.Input; /** * The Default action for traffic that does not match any `ipRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ ipRestrictionDefaultAction?: pulumi.Input; /** * One or more `ipRestriction` blocks as defined above. */ ipRestrictions?: pulumi.Input[]>; /** * The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. */ loadBalancingMode?: pulumi.Input; /** * Managed pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. */ managedPipelineMode?: pulumi.Input; /** * Configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ minimumTlsVersion?: pulumi.Input; /** * The number of pre-warmed instances for this Windows Function App. Only affects apps on an Elastic Premium plan. */ preWarmedInstanceCount?: pulumi.Input; /** * Should Remote Debugging be enabled. Defaults to `false`. */ remoteDebuggingEnabled?: pulumi.Input; /** * The Remote Debugging Version. Currently only `VS2022` is supported. */ remoteDebuggingVersion?: pulumi.Input; /** * Should Scale Monitoring of the Functions Runtime be enabled? * * > **Note:** Functions runtime scale monitoring can only be enabled for Elastic Premium Function Apps or Workflow Standard Logic Apps and requires a minimum prewarmed instance count of 1. */ runtimeScaleMonitoringEnabled?: pulumi.Input; /** * The Default action for traffic that does not match any `scmIpRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ scmIpRestrictionDefaultAction?: pulumi.Input; /** * One or more `scmIpRestriction` blocks as defined above. */ scmIpRestrictions?: pulumi.Input[]>; /** * Configures the minimum version of TLS required for SSL requests to the SCM site. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ scmMinimumTlsVersion?: pulumi.Input; /** * The SCM Type in use by the Windows Function App. */ scmType?: pulumi.Input; /** * Should the Windows Function App `ipRestriction` configuration be used for the SCM also. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the Windows Function App use a 32-bit worker process. Defaults to `true`. */ use32BitWorker?: pulumi.Input; /** * Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to `false`. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should Web Sockets be enabled. Defaults to `false`. */ websocketsEnabled?: pulumi.Input; /** * The Windows FX Version string. */ windowsFxVersion?: pulumi.Input; /** * The number of Workers for this Windows Function App. */ workerCount?: pulumi.Input; } interface WindowsFunctionAppSiteConfigAppServiceLogs { /** * The amount of disk space to use for logs. Valid values are between `25` and `100`. Defaults to `35`. */ diskQuotaMb?: pulumi.Input; /** * The retention period for logs in days. Valid values are between `0` and `99999`.(never delete). * * > **Note:** This block is not supported on Consumption plans. */ retentionPeriodDays?: pulumi.Input; } interface WindowsFunctionAppSiteConfigApplicationStack { /** * The version of .NET to use. Possible values include `v3.0`, `v4.0` `v6.0`, `v7.0`, `v8.0`, `v9.0` and `v10.0`. Defaults to `v4.0`. */ dotnetVersion?: pulumi.Input; /** * The Version of Java to use. Supported versions include `1.8`, `11`, `17`, `21`, `25` (In-Preview). */ javaVersion?: pulumi.Input; /** * The version of Node to run. Possible values include `~12`, `~14`, `~16`, `~18` `~20`, `~22` and `~24`. */ nodeVersion?: pulumi.Input; /** * The version of PowerShell Core to run. Possible values are `7`, `7.2`, and `7.4`. * * > **Note:** A value of `7` will provide the latest stable version. `7.2` is in preview at the time of writing. */ powershellCoreVersion?: pulumi.Input; /** * Should the Windows Function App use a custom runtime? */ useCustomRuntime?: pulumi.Input; /** * Should the DotNet process use an isolated runtime. Defaults to `false`. */ useDotnetIsolatedRuntime?: pulumi.Input; } interface WindowsFunctionAppSiteConfigCors { /** * Specifies a list of origins that should be allowed to make cross-origin calls. */ allowedOrigins?: pulumi.Input[]>; /** * Are credentials allowed in CORS requests? Defaults to `false`. */ supportCredentials?: pulumi.Input; } interface WindowsFunctionAppSiteConfigIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface WindowsFunctionAppSiteConfigIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface WindowsFunctionAppSiteConfigScmIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface WindowsFunctionAppSiteConfigScmIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface WindowsFunctionAppSiteCredential { /** * The name which should be used for this Windows Function App. Changing this forces a new Windows Function App to be created. Limit the function name to 32 characters to avoid naming collisions. For more information about [Function App naming rule](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules#microsoftweb) and [Host ID Collisions](https://github.com/Azure/azure-functions-host/wiki/Host-IDs#host-id-collisions) */ name?: pulumi.Input; /** * The Site Credentials Password used for publishing. */ password?: pulumi.Input; } interface WindowsFunctionAppSlotAuthSettings { /** * an `activeDirectory` block as detailed below. */ activeDirectory?: pulumi.Input; /** * Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. */ additionalLoginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Windows Web App. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github`. * * > **Note:** This setting is only needed if multiple providers are configured, and the `unauthenticatedClientAction` is set to "RedirectToLoginPage". */ defaultProvider?: pulumi.Input; /** * Should the Authentication / Authorization feature be enabled? */ enabled: pulumi.Input; /** * a `facebook` block as detailed below. */ facebook?: pulumi.Input; /** * a `github` block as detailed below. */ github?: pulumi.Input; /** * a `google` block as detailed below. */ google?: pulumi.Input; /** * The OpenID Connect Issuer URI that represents the entity which issues access tokens. * * > **Note:** When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * a `microsoft` block as detailed below. */ microsoft?: pulumi.Input; /** * The RuntimeVersion of the Authentication / Authorization feature in use. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionHours?: pulumi.Input; /** * Should the Windows Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * a `twitter` block as detailed below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. */ unauthenticatedClientAction?: pulumi.Input; } interface WindowsFunctionAppSlotAuthSettingsActiveDirectory { /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** The `clientId` value is always considered an allowed audience. */ allowedAudiences?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret for the Client ID. Cannot be used with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. Cannot be used with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; } interface WindowsFunctionAppSlotAuthSettingsFacebook { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. Cannot be specified with `appSecretSettingName`. */ appSecret?: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook login. Cannot be specified with `appSecret`. */ appSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook Login authentication. */ oauthScopes?: pulumi.Input[]>; } interface WindowsFunctionAppSlotAuthSettingsGithub { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The Client Secret of the GitHub app used for GitHub login. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * an `oauthScopes`. */ oauthScopes?: pulumi.Input[]>; } interface WindowsFunctionAppSlotAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, "openid", "profile", and "email" are used as default scopes. */ oauthScopes?: pulumi.Input[]>; } interface WindowsFunctionAppSlotAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, `wl.basic` is used as the default scope. */ oauthScopes?: pulumi.Input[]>; } interface WindowsFunctionAppSlotAuthSettingsTwitter { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecretSettingName`. */ consumerSecret?: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecret`. */ consumerSecretSettingName?: pulumi.Input; } interface WindowsFunctionAppSlotAuthSettingsV2 { /** * An `activeDirectoryV2` block as defined below. */ activeDirectoryV2?: pulumi.Input; /** * An `appleV2` block as defined below. */ appleV2?: pulumi.Input; /** * Should the AuthV2 Settings be enabled. Defaults to `false`. */ authEnabled?: pulumi.Input; /** * An `azureStaticWebAppV2` block as defined below. */ azureStaticWebAppV2?: pulumi.Input; /** * The path to the App Auth settings. * * > **Note:** Relative Paths are evaluated from the Site Root directory. */ configFilePath?: pulumi.Input; /** * Zero or more `customOidcV2` blocks as defined below. */ customOidcV2s?: pulumi.Input[]>; /** * The Default Authentication Provider to use when the `unauthenticatedAction` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `customOidcV2` provider. * * > **Note:** Whilst any value will be accepted by the API for `defaultProvider`, it can leave the app in an unusable state if this value does not correspond to the name of a known provider (either built-in value, or customOidc name) as it is used to build the auth endpoint URI. */ defaultProvider?: pulumi.Input; /** * The paths which should be excluded from the `unauthenticatedAction` when it is set to `RedirectToLoginPage`. * * > **Note:** This list should be used instead of setting `WEBSITE_WARMUP_PATH` in `appSettings` as it takes priority. */ excludedPaths?: pulumi.Input[]>; /** * A `facebookV2` block as defined below. */ facebookV2?: pulumi.Input; /** * The convention used to determine the url of the request made. Possible values include `NoProxy`, `Standard`, `Custom`. Defaults to `NoProxy`. */ forwardProxyConvention?: pulumi.Input; /** * The name of the custom header containing the host of the request. */ forwardProxyCustomHostHeaderName?: pulumi.Input; /** * The name of the custom header containing the scheme of the request. */ forwardProxyCustomSchemeHeaderName?: pulumi.Input; /** * A `githubV2` block as defined below. */ githubV2?: pulumi.Input; /** * A `googleV2` block as defined below. */ googleV2?: pulumi.Input; /** * The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth`. */ httpRouteApiPrefix?: pulumi.Input; /** * A `login` block as defined below. */ login: pulumi.Input; /** * A `microsoftV2` block as defined below. */ microsoftV2?: pulumi.Input; /** * Should the authentication flow be used for all requests. */ requireAuthentication?: pulumi.Input; /** * Should HTTPS be required on connections? Defaults to `true`. */ requireHttps?: pulumi.Input; /** * The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1`. */ runtimeVersion?: pulumi.Input; /** * A `twitterV2` block as defined below. */ twitterV2?: pulumi.Input; /** * The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. */ unauthenticatedAction?: pulumi.Input; } interface WindowsFunctionAppSlotAuthSettingsV2ActiveDirectoryV2 { /** * The list of allowed Applications for the Default Authorisation Policy. */ allowedApplications?: pulumi.Input[]>; /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ allowedAudiences?: pulumi.Input[]>; /** * The list of allowed Group Names for the Default Authorisation Policy. */ allowedGroups?: pulumi.Input[]>; /** * The list of allowed Identities for the Default Authorisation Policy. */ allowedIdentities?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The thumbprint of the certificate used for signing purposes. * * !> **Note:** If one `clientSecretSettingName` or `clientSecretCertificateThumbprint` is specified, terraform won't write the client secret or secret certificate thumbprint back to `appSetting`, so make sure they are existed in `appSettings` to function correctly. */ clientSecretCertificateThumbprint?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName?: pulumi.Input; /** * A list of Allowed Client Applications in the JWT Claim. */ jwtAllowedClientApplications?: pulumi.Input[]>; /** * A list of Allowed Groups in the JWT Claim. */ jwtAllowedGroups?: pulumi.Input[]>; /** * A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. */ loginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/{tenant-guid}/v2.0/` * * > **Note:** [Here](https://learn.microsoft.com/en-us/entra/identity-platform/authentication-national-cloud#microsoft-entra-authentication-endpoints) is a list of possible authentication endpoints based on the cloud environment. [Here](https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-tenant) is more information to better understand how to configure authentication for Azure App Service or Azure Functions. */ tenantAuthEndpoint: pulumi.Input; /** * Should the www-authenticate provider should be omitted from the request? Defaults to `false`. */ wwwAuthenticationDisabled?: pulumi.Input; } interface WindowsFunctionAppSlotAuthSettingsV2AppleV2 { /** * The OpenID Connect Client ID for the Apple web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Apple Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * A list of Login Scopes provided by this Authentication Provider. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ loginScopes?: pulumi.Input[]>; } interface WindowsFunctionAppSlotAuthSettingsV2AzureStaticWebAppV2 { /** * The ID of the Client to use to authenticate with Azure Static Web App Authentication. */ clientId: pulumi.Input; } interface WindowsFunctionAppSlotAuthSettingsV2CustomOidcV2 { /** * The endpoint to make the Authorisation Request as supplied by `openidConfigurationEndpoint` response. */ authorisationEndpoint?: pulumi.Input; /** * The endpoint that provides the keys necessary to validate the token as supplied by `openidConfigurationEndpoint` response. */ certificationUri?: pulumi.Input; /** * The Client Credential Method used. */ clientCredentialMethod?: pulumi.Input; /** * The ID of the Client to use to authenticate with the Custom OIDC. */ clientId: pulumi.Input; /** * The App Setting name that contains the secret for this Custom OIDC Client. This is generated from `name` above and suffixed with `_PROVIDER_AUTHENTICATION_SECRET`. */ clientSecretSettingName?: pulumi.Input; /** * The endpoint that issued the Token as supplied by `openidConfigurationEndpoint` response. */ issuerEndpoint?: pulumi.Input; /** * The name of the Custom OIDC Authentication Provider. * * > **Note:** An `appSetting` matching this value in upper case with the suffix of `_PROVIDER_AUTHENTICATION_SECRET` is required. e.g. `MYOIDC_PROVIDER_AUTHENTICATION_SECRET` for a value of `myoidc`. */ name: pulumi.Input; /** * The name of the claim that contains the users name. */ nameClaimType?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for the Custom OIDC Login. */ openidConfigurationEndpoint: pulumi.Input; /** * The list of the scopes that should be requested while authenticating. */ scopes?: pulumi.Input[]>; /** * The endpoint used to request a Token as supplied by `openidConfigurationEndpoint` response. */ tokenEndpoint?: pulumi.Input; } interface WindowsFunctionAppSlotAuthSettingsV2FacebookV2 { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ appSecretSettingName: pulumi.Input; /** * The version of the Facebook API to be used while logging in. */ graphApiVersion?: pulumi.Input; /** * The list of scopes that should be requested as part of Facebook Login authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsFunctionAppSlotAuthSettingsV2GithubV2 { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of GitHub Login authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsFunctionAppSlotAuthSettingsV2GoogleV2 { /** * Specifies a list of Allowed Audiences that should be requested as part of Google Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of Google Sign-In authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsFunctionAppSlotAuthSettingsV2Login { /** * External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. * * > **Note:** URLs within the current domain are always implicitly allowed. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. */ cookieExpirationConvention?: pulumi.Input; /** * The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. */ cookieExpirationTime?: pulumi.Input; /** * The endpoint to which logout requests should be made. */ logoutEndpoint?: pulumi.Input; /** * The time after the request is made when the nonce should expire. Defaults to `00:05:00`. */ nonceExpirationTime?: pulumi.Input; /** * Should the fragments from the request be preserved after the login request is made. Defaults to `false`. */ preserveUrlFragmentsForLogins?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionTime?: pulumi.Input; /** * Should the Token Store configuration Enabled. Defaults to `false` */ tokenStoreEnabled?: pulumi.Input; /** * The directory path in the App Filesystem in which the tokens will be stored. */ tokenStorePath?: pulumi.Input; /** * The name of the app setting which contains the SAS URL of the blob storage containing the tokens. */ tokenStoreSasSettingName?: pulumi.Input; /** * Should the nonce be validated while completing the login flow. Defaults to `true`. */ validateNonce?: pulumi.Input; } interface WindowsFunctionAppSlotAuthSettingsV2MicrosoftV2 { /** * Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of Login scopes that should be requested as part of Microsoft Account authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsFunctionAppSlotAuthSettingsV2TwitterV2 { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ consumerSecretSettingName: pulumi.Input; } interface WindowsFunctionAppSlotBackup { /** * Should this backup job be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The name which should be used for this Backup. */ name: pulumi.Input; /** * a `schedule` block as detailed below. */ schedule: pulumi.Input; /** * The SAS URL to the container. */ storageAccountUrl: pulumi.Input; } interface WindowsFunctionAppSlotBackupSchedule { /** * How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequencyUnit` should be set to `Day`). * * > **Note:** Not all intervals are supported on all SKUs. Please refer to the official documentation for appropriate values. */ frequencyInterval: pulumi.Input; /** * The unit of time for how often the backup should take place. Possible values include: `Day` and `Hour`. */ frequencyUnit: pulumi.Input; /** * Should the service keep at least one backup, regardless of age of backup. Defaults to `false`. */ keepAtLeastOneBackup?: pulumi.Input; /** * The time the backup was last attempted. */ lastExecutionTime?: pulumi.Input; /** * After how many days backups should be deleted. Defaults to `30`. */ retentionPeriodDays?: pulumi.Input; /** * When the schedule should start working in RFC-3339 format. */ startTime?: pulumi.Input; } interface WindowsFunctionAppSlotConnectionString { /** * The name which should be used for this Connection. */ name: pulumi.Input; /** * Type of database. Possible values include: `APIHub`, `Custom`, `DocDb`, `EventHub`, `MySQL`, `NotificationHub`, `PostgreSQL`, `RedisCache`, `ServiceBus`, `SQLAzure`, and `SQLServer`. */ type: pulumi.Input; /** * The connection string value. */ value: pulumi.Input; } interface WindowsFunctionAppSlotIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Windows Function App Slot. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Windows Function App Slot. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface WindowsFunctionAppSlotSiteConfig { /** * If this Windows Web App is Always On enabled. Defaults to `false`. */ alwaysOn?: pulumi.Input; /** * The URL of the API definition that describes this Windows Function App. */ apiDefinitionUrl?: pulumi.Input; /** * The ID of the API Management API for this Windows Function App. */ apiManagementApiId?: pulumi.Input; /** * The program and any arguments used to launch this app via the command line. (Example `node myapp.js`). */ appCommandLine?: pulumi.Input; /** * The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. */ appScaleLimit?: pulumi.Input; /** * an `appServiceLogs` block as detailed below. */ appServiceLogs?: pulumi.Input; /** * The Connection String for linking the Windows Function App to Application Insights. */ applicationInsightsConnectionString?: pulumi.Input; /** * The Instrumentation Key for connecting the Windows Function App to Application Insights. */ applicationInsightsKey?: pulumi.Input; /** * an `applicationStack` block as detailed below. */ applicationStack?: pulumi.Input; /** * The name of the slot to automatically swap with when this slot is successfully deployed. */ autoSwapSlotName?: pulumi.Input; /** * a `cors` block as detailed below. */ cors?: pulumi.Input; /** * Specifies a list of Default Documents for the Windows Web App. */ defaultDocuments?: pulumi.Input[]>; /** * Is detailed error logging enabled */ detailedErrorLoggingEnabled?: pulumi.Input; /** * The number of minimum instances for this Windows Function App. Only affects apps on Elastic Premium plans. */ elasticInstanceMinimum?: pulumi.Input; /** * State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`. */ ftpsState?: pulumi.Input; /** * The amount of time in minutes that a node is unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Defaults to `0`. Only valid in conjunction with `healthCheckPath`. */ healthCheckEvictionTimeInMin?: pulumi.Input; /** * The path to be checked for this function app health. */ healthCheckPath?: pulumi.Input; /** * Specifies if the HTTP2 protocol should be enabled. Defaults to `false`. */ http2Enabled?: pulumi.Input; /** * The Default action for traffic that does not match any `ipRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ ipRestrictionDefaultAction?: pulumi.Input; /** * an `ipRestriction` block as detailed below. */ ipRestrictions?: pulumi.Input[]>; /** * The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. */ loadBalancingMode?: pulumi.Input; /** * The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. */ managedPipelineMode?: pulumi.Input; /** * The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ minimumTlsVersion?: pulumi.Input; /** * The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. */ preWarmedInstanceCount?: pulumi.Input; /** * Should Remote Debugging be enabled. Defaults to `false`. */ remoteDebuggingEnabled?: pulumi.Input; /** * The Remote Debugging Version. Currently only `VS2022` is supported. */ remoteDebuggingVersion?: pulumi.Input; /** * Should Scale Monitoring of the Functions Runtime be enabled? * * > **Note:** Functions runtime scale monitoring can only be enabled for Elastic Premium Function Apps or Workflow Standard Logic Apps and requires a minimum prewarmed instance count of 1. */ runtimeScaleMonitoringEnabled?: pulumi.Input; /** * The Default action for traffic that does not match any `scmIpRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ scmIpRestrictionDefaultAction?: pulumi.Input; /** * a `scmIpRestriction` block as detailed below. */ scmIpRestrictions?: pulumi.Input[]>; /** * Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ scmMinimumTlsVersion?: pulumi.Input; /** * The SCM Type in use by the Windows Function App. */ scmType?: pulumi.Input; /** * Should the Windows Function App `ipRestriction` configuration be used for the SCM also. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the Windows Web App use a 32-bit worker. Defaults to `true`. */ use32BitWorker?: pulumi.Input; /** * Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to `false`. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should Web Sockets be enabled. Defaults to `false`. */ websocketsEnabled?: pulumi.Input; /** * The Windows FX Version string. */ windowsFxVersion?: pulumi.Input; /** * The number of Workers for this Windows Function App. */ workerCount?: pulumi.Input; } interface WindowsFunctionAppSlotSiteConfigAppServiceLogs { /** * The amount of disk space to use for logs. Valid values are between `25` and `100`. Defaults to `35`. */ diskQuotaMb?: pulumi.Input; /** * The retention period for logs in days. Valid values are between `0` and `99999`.(never delete). * * > **Note:** This block is not supported on Consumption plans. */ retentionPeriodDays?: pulumi.Input; } interface WindowsFunctionAppSlotSiteConfigApplicationStack { /** * The version of .Net. Possible values are `v3.0`, `v4.0`, `v6.0`, `v7.0`, `v8.0`, `v9.0` and `v10.0`. Defaults to `v4.0`. */ dotnetVersion?: pulumi.Input; /** * The version of Java to use. Possible values are `1.8`, `11`, `17` and `21`. */ javaVersion?: pulumi.Input; /** * The version of Node to use. Possible values are `~12`, `~14`, `~16`, `~18`, `~20`, `~22` and `~24`. */ nodeVersion?: pulumi.Input; /** * The PowerShell Core version to use. Possible values are `7`, `7.2`, and `7.4`. */ powershellCoreVersion?: pulumi.Input; /** * Does the Function App use a custom Application Stack? */ useCustomRuntime?: pulumi.Input; /** * Should the DotNet process use an isolated runtime. Defaults to `false`. */ useDotnetIsolatedRuntime?: pulumi.Input; } interface WindowsFunctionAppSlotSiteConfigCors { /** * Specifies a list of origins that should be allowed to make cross-origin calls. */ allowedOrigins?: pulumi.Input[]>; /** * Are credentials allowed in CORS requests? Defaults to `false`. */ supportCredentials?: pulumi.Input; } interface WindowsFunctionAppSlotSiteConfigIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * a `headers` block as detailed below. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface WindowsFunctionAppSlotSiteConfigIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface WindowsFunctionAppSlotSiteConfigScmIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * a `headers` block as detailed below. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** Exactly one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface WindowsFunctionAppSlotSiteConfigScmIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface WindowsFunctionAppSlotSiteCredential { /** * The Site Credentials Username used for publishing. */ name?: pulumi.Input; /** * The Site Credentials Password used for publishing. */ password?: pulumi.Input; } interface WindowsFunctionAppSlotStorageAccount { /** * The Access key for the storage account. */ accessKey: pulumi.Input; /** * The Name of the Storage Account. */ accountName: pulumi.Input; /** * The path at which to mount the storage share. */ mountPath?: pulumi.Input; /** * The name which should be used for this Storage Account. */ name: pulumi.Input; /** * The Name of the File Share or Container Name for Blob storage. */ shareName: pulumi.Input; /** * The Azure Storage Type. Possible values include `AzureFiles`. */ type: pulumi.Input; } interface WindowsFunctionAppStickySettings { /** * A list of `appSetting` names that the Windows Function App will not swap between Slots when a swap operation is triggered. */ appSettingNames?: pulumi.Input[]>; /** * A list of `connectionString` names that the Windows Function App will not swap between Slots when a swap operation is triggered. */ connectionStringNames?: pulumi.Input[]>; } interface WindowsFunctionAppStorageAccount { /** * The Access key for the storage account. */ accessKey: pulumi.Input; /** * The Name of the Storage Account. */ accountName: pulumi.Input; /** * The path at which to mount the storage share. */ mountPath?: pulumi.Input; /** * The name which should be used for this Storage Account. */ name: pulumi.Input; /** * The Name of the File Share or Container Name for Blob storage. */ shareName: pulumi.Input; /** * The Azure Storage Type. Possible values include `AzureFiles`. */ type: pulumi.Input; } interface WindowsWebAppAuthSettings { /** * An `activeDirectory` block as defined above. */ activeDirectory?: pulumi.Input; /** * Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. */ additionalLoginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Windows Web App. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github` * * > **Note:** This setting is only needed if multiple providers are configured, and the `unauthenticatedClientAction` is set to "RedirectToLoginPage". */ defaultProvider?: pulumi.Input; /** * Should the Authentication / Authorization feature is enabled for the Windows Web App be enabled? */ enabled: pulumi.Input; /** * A `facebook` block as defined below. */ facebook?: pulumi.Input; /** * A `github` block as defined below. */ github?: pulumi.Input; /** * A `google` block as defined below. */ google?: pulumi.Input; /** * The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Windows Web App. * * > **Note:** When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * A `microsoft` block as defined below. */ microsoft?: pulumi.Input; /** * The RuntimeVersion of the Authentication / Authorization feature in use for the Windows Web App. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionHours?: pulumi.Input; /** * Should the Windows Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * A `twitter` block as defined below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. */ unauthenticatedClientAction?: pulumi.Input; } interface WindowsWebAppAuthSettingsActiveDirectory { /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** The `clientId` value is always considered an allowed audience. */ allowedAudiences?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret for the Client ID. Cannot be used with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. Cannot be used with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; } interface WindowsWebAppAuthSettingsFacebook { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. Cannot be specified with `appSecretSettingName`. */ appSecret?: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook login. Cannot be specified with `appSecret`. */ appSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook login authentication. */ oauthScopes?: pulumi.Input[]>; } interface WindowsWebAppAuthSettingsGithub { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The Client Secret of the GitHub app used for GitHub login. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub login authentication. */ oauthScopes?: pulumi.Input[]>; } interface WindowsWebAppAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, `openid`, `profile`, and `email` are used as default scopes. */ oauthScopes?: pulumi.Input[]>; } interface WindowsWebAppAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, "wl.basic" is used as the default scope. */ oauthScopes?: pulumi.Input[]>; } interface WindowsWebAppAuthSettingsTwitter { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecretSettingName`. */ consumerSecret?: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecret`. */ consumerSecretSettingName?: pulumi.Input; } interface WindowsWebAppAuthSettingsV2 { /** * An `activeDirectoryV2` block as defined below. */ activeDirectoryV2?: pulumi.Input; /** * An `appleV2` block as defined below. */ appleV2?: pulumi.Input; /** * Should the AuthV2 Settings be enabled. Defaults to `false`. */ authEnabled?: pulumi.Input; /** * An `azureStaticWebAppV2` block as defined below. */ azureStaticWebAppV2?: pulumi.Input; /** * The path to the App Auth settings. * * > **Note:** Relative Paths are evaluated from the Site Root directory. */ configFilePath?: pulumi.Input; /** * Zero or more `customOidcV2` blocks as defined below. */ customOidcV2s?: pulumi.Input[]>; /** * The Default Authentication Provider to use when the `unauthenticatedAction` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `customOidcV2` provider. * * > **Note:** Whilst any value will be accepted by the API for `defaultProvider`, it can leave the app in an unusable state if this value does not correspond to the name of a known provider (either built-in value, or customOidc name) as it is used to build the auth endpoint URI. */ defaultProvider?: pulumi.Input; /** * The paths which should be excluded from the `unauthenticatedAction` when it is set to `RedirectToLoginPage`. * * > **Note:** This list should be used instead of setting `WEBSITE_WARMUP_PATH` in `appSettings` as it takes priority. */ excludedPaths?: pulumi.Input[]>; /** * A `facebookV2` block as defined below. */ facebookV2?: pulumi.Input; /** * The convention used to determine the url of the request made. Possible values include `NoProxy`, `Standard`, `Custom`. Defaults to `NoProxy`. */ forwardProxyConvention?: pulumi.Input; /** * The name of the custom header containing the host of the request. */ forwardProxyCustomHostHeaderName?: pulumi.Input; /** * The name of the custom header containing the scheme of the request. */ forwardProxyCustomSchemeHeaderName?: pulumi.Input; /** * A `githubV2` block as defined below. */ githubV2?: pulumi.Input; /** * A `googleV2` block as defined below. */ googleV2?: pulumi.Input; /** * The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth`. */ httpRouteApiPrefix?: pulumi.Input; /** * A `login` block as defined below. */ login: pulumi.Input; /** * A `microsoftV2` block as defined below. */ microsoftV2?: pulumi.Input; /** * Should the authentication flow be used for all requests. */ requireAuthentication?: pulumi.Input; /** * Should HTTPS be required on connections? Defaults to `true`. */ requireHttps?: pulumi.Input; /** * The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1`. */ runtimeVersion?: pulumi.Input; /** * A `twitterV2` block as defined below. */ twitterV2?: pulumi.Input; /** * The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. */ unauthenticatedAction?: pulumi.Input; } interface WindowsWebAppAuthSettingsV2ActiveDirectoryV2 { /** * The list of allowed Applications for the Default Authorisation Policy. */ allowedApplications?: pulumi.Input[]>; /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ allowedAudiences?: pulumi.Input[]>; /** * The list of allowed Group Names for the Default Authorisation Policy. */ allowedGroups?: pulumi.Input[]>; /** * The list of allowed Identities for the Default Authorisation Policy. */ allowedIdentities?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The thumbprint of the certificate used for signing purposes. * * !> **Note:** If one `clientSecretSettingName` or `clientSecretCertificateThumbprint` is specified, terraform won't write the client secret or secret certificate thumbprint back to `appSetting`, so make sure they are existed in `appSettings` to function correctly. */ clientSecretCertificateThumbprint?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName?: pulumi.Input; /** * A list of Allowed Client Applications in the JWT Claim. */ jwtAllowedClientApplications?: pulumi.Input[]>; /** * A list of Allowed Groups in the JWT Claim. */ jwtAllowedGroups?: pulumi.Input[]>; /** * A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. */ loginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/{tenant-guid}/v2.0/` * * > **Note:** [Here](https://learn.microsoft.com/en-us/entra/identity-platform/authentication-national-cloud#microsoft-entra-authentication-endpoints) is a list of possible authentication endpoints based on the cloud environment. [Here](https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-tenant) is more information to better understand how to configure authentication for Azure App Service or Azure Functions. */ tenantAuthEndpoint: pulumi.Input; /** * Should the www-authenticate provider should be omitted from the request? Defaults to `false`. */ wwwAuthenticationDisabled?: pulumi.Input; } interface WindowsWebAppAuthSettingsV2AppleV2 { /** * The OpenID Connect Client ID for the Apple web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Apple Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * A list of Login Scopes provided by this Authentication Provider. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ loginScopes?: pulumi.Input[]>; } interface WindowsWebAppAuthSettingsV2AzureStaticWebAppV2 { /** * The ID of the Client to use to authenticate with Azure Static Web App Authentication. */ clientId: pulumi.Input; } interface WindowsWebAppAuthSettingsV2CustomOidcV2 { /** * The endpoint to make the Authorisation Request as supplied by `openidConfigurationEndpoint` response. */ authorisationEndpoint?: pulumi.Input; /** * The endpoint that provides the keys necessary to validate the token as supplied by `openidConfigurationEndpoint` response. */ certificationUri?: pulumi.Input; /** * The Client Credential Method used. */ clientCredentialMethod?: pulumi.Input; /** * The ID of the Client to use to authenticate with the Custom OIDC. */ clientId: pulumi.Input; /** * The App Setting name that contains the secret for this Custom OIDC Client. This is generated from `name` above and suffixed with `_PROVIDER_AUTHENTICATION_SECRET`. */ clientSecretSettingName?: pulumi.Input; /** * The endpoint that issued the Token as supplied by `openidConfigurationEndpoint` response. */ issuerEndpoint?: pulumi.Input; /** * The name of the Custom OIDC Authentication Provider. * * > **Note:** An `appSetting` matching this value in upper case with the suffix of `_PROVIDER_AUTHENTICATION_SECRET` is required. e.g. `MYOIDC_PROVIDER_AUTHENTICATION_SECRET` for a value of `myoidc`. */ name: pulumi.Input; /** * The name of the claim that contains the users name. */ nameClaimType?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for the Custom OIDC Login. */ openidConfigurationEndpoint: pulumi.Input; /** * The list of the scopes that should be requested while authenticating. */ scopes?: pulumi.Input[]>; /** * The endpoint used to request a Token as supplied by `openidConfigurationEndpoint` response. */ tokenEndpoint?: pulumi.Input; } interface WindowsWebAppAuthSettingsV2FacebookV2 { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ appSecretSettingName: pulumi.Input; /** * The version of the Facebook API to be used while logging in. */ graphApiVersion?: pulumi.Input; /** * The list of scopes that should be requested as part of Facebook Login authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsWebAppAuthSettingsV2GithubV2 { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of GitHub Login authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsWebAppAuthSettingsV2GoogleV2 { /** * Specifies a list of Allowed Audiences that should be requested as part of Google Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of Google Sign-In authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsWebAppAuthSettingsV2Login { /** * External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. * * > **Note:** URLs within the current domain are always implicitly allowed. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. */ cookieExpirationConvention?: pulumi.Input; /** * The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. */ cookieExpirationTime?: pulumi.Input; /** * The endpoint to which logout requests should be made. */ logoutEndpoint?: pulumi.Input; /** * The time after the request is made when the nonce should expire. Defaults to `00:05:00`. */ nonceExpirationTime?: pulumi.Input; /** * Should the fragments from the request be preserved after the login request is made. Defaults to `false`. */ preserveUrlFragmentsForLogins?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionTime?: pulumi.Input; /** * Should the Token Store configuration Enabled. Defaults to `false` */ tokenStoreEnabled?: pulumi.Input; /** * The directory path in the App Filesystem in which the tokens will be stored. */ tokenStorePath?: pulumi.Input; /** * The name of the app setting which contains the SAS URL of the blob storage containing the tokens. */ tokenStoreSasSettingName?: pulumi.Input; /** * Should the nonce be validated while completing the login flow. Defaults to `true`. */ validateNonce?: pulumi.Input; } interface WindowsWebAppAuthSettingsV2MicrosoftV2 { /** * Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of Login scopes that should be requested as part of Microsoft Account authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsWebAppAuthSettingsV2TwitterV2 { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ consumerSecretSettingName: pulumi.Input; } interface WindowsWebAppBackup { /** * Should this backup job be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The name which should be used for this Backup. */ name: pulumi.Input; /** * A `schedule` block as defined below. */ schedule: pulumi.Input; /** * The SAS URL to the container. */ storageAccountUrl: pulumi.Input; } interface WindowsWebAppBackupSchedule { /** * How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequencyUnit` should be set to `Day`). * * > **Note:** Not all intervals are supported on all Windows Web App SKUs. Please refer to the official documentation for appropriate values. */ frequencyInterval: pulumi.Input; /** * The unit of time for how often the backup should take place. Possible values include: `Day`, `Hour` */ frequencyUnit: pulumi.Input; /** * Should the service keep at least one backup, regardless of age of backup. Defaults to `false`. */ keepAtLeastOneBackup?: pulumi.Input; /** * The time the backup was last attempted. */ lastExecutionTime?: pulumi.Input; /** * After how many days backups should be deleted. Defaults to `30`. */ retentionPeriodDays?: pulumi.Input; /** * When the schedule should start working in RFC-3339 format. */ startTime?: pulumi.Input; } interface WindowsWebAppConnectionString { /** * The name of the Connection String. */ name: pulumi.Input; /** * Type of database. Possible values include: `APIHub`, `Custom`, `DocDb`, `EventHub`, `MySQL`, `NotificationHub`, `PostgreSQL`, `RedisCache`, `ServiceBus`, `SQLAzure`, and `SQLServer`. */ type: pulumi.Input; /** * The connection string value. */ value: pulumi.Input; } interface WindowsWebAppIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Windows Web App. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Windows Web App. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface WindowsWebAppLogs { /** * A `applicationLogs` block as defined above. */ applicationLogs?: pulumi.Input; /** * Should detailed error messages be enabled. */ detailedErrorMessages?: pulumi.Input; /** * Should tracing be enabled for failed requests. */ failedRequestTracing?: pulumi.Input; /** * A `httpLogs` block as defined above. */ httpLogs?: pulumi.Input; } interface WindowsWebAppLogsApplicationLogs { /** * An `azureBlobStorage` block as defined below. */ azureBlobStorage?: pulumi.Input; /** * Log level. Possible values include: `Off`, `Verbose`, `Information`, `Warning`, and `Error`. */ fileSystemLevel: pulumi.Input; } interface WindowsWebAppLogsApplicationLogsAzureBlobStorage { /** * The level at which to log. Possible values include `Error`, `Warning`, `Information`, `Verbose` and `Off`. **NOTE:** this field is not available for `httpLogs` */ level: pulumi.Input; /** * The time in days after which to remove blobs. A value of `0` means no retention. */ retentionInDays: pulumi.Input; /** * SAS url to an Azure blob container with read/write/list/delete permissions. * * > **Note:** There isn't enough information to for the provider to generate the `sasUrl` from `data.azurerm_storage_account_sas` and it should be built by hand (i.e. `https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}${data.azurerm_storage_account_sas.example.sas}&sr=b`). */ sasUrl: pulumi.Input; } interface WindowsWebAppLogsHttpLogs { /** * A `azureBlobStorageHttp` block as defined below. */ azureBlobStorage?: pulumi.Input; /** * A `fileSystem` block as defined above. */ fileSystem?: pulumi.Input; } interface WindowsWebAppLogsHttpLogsAzureBlobStorage { /** * The time in days after which to remove blobs. A value of `0` means no retention. */ retentionInDays?: pulumi.Input; /** * SAS url to an Azure blob container with read/write/list/delete permissions. * * > **Note:** There isn't enough information to for the provider to generate the `sasUrl` from `data.azurerm_storage_account_sas` and it should be built by hand (i.e. `https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}${data.azurerm_storage_account_sas.example.sas}&sr=b`). */ sasUrl: pulumi.Input; } interface WindowsWebAppLogsHttpLogsFileSystem { /** * The retention period in days. A values of `0` means no retention. */ retentionInDays: pulumi.Input; /** * The maximum size in megabytes that log files can use. */ retentionInMb: pulumi.Input; } interface WindowsWebAppSiteConfig { /** * If this Windows Web App is Always On enabled. Defaults to `true`. * * > **Note:** `alwaysOn` must be explicitly set to `false` when using `Free`, `F1`, `D1`, or `Shared` Service Plans. */ alwaysOn?: pulumi.Input; /** * The URL to the API Definition for this Windows Web App. */ apiDefinitionUrl?: pulumi.Input; /** * The API Management API ID this Windows Web App Slot is associated with. */ apiManagementApiId?: pulumi.Input; /** * The App command line to launch. */ appCommandLine?: pulumi.Input; /** * A `applicationStack` block as defined above. */ applicationStack?: pulumi.Input; /** * A `autoHealSetting` block as defined above. Required with `autoHeal`. */ autoHealSetting?: pulumi.Input; /** * The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. */ containerRegistryManagedIdentityClientId?: pulumi.Input; /** * Should connections for Azure Container Registry use Managed Identity. */ containerRegistryUseManagedIdentity?: pulumi.Input; /** * A `cors` block as defined above. */ cors?: pulumi.Input; /** * Specifies a list of Default Documents for the Windows Web App. */ defaultDocuments?: pulumi.Input[]>; detailedErrorLoggingEnabled?: pulumi.Input; /** * The State of FTP / FTPS service. Possible values include: `AllAllowed`, `FtpsOnly`, `Disabled`. Defaults to `Disabled`. * * > **Note:** Azure defaults this value to `AllAllowed`, however, in the interests of security Terraform will default this to `Disabled` to ensure the user makes a conscious choice to enable it. */ ftpsState?: pulumi.Input; /** * One or more `handlerMapping` blocks as defined below. */ handlerMappings?: pulumi.Input[]>; /** * The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Only valid in conjunction with `healthCheckPath`. */ healthCheckEvictionTimeInMin?: pulumi.Input; /** * The path to the Health Check. */ healthCheckPath?: pulumi.Input; /** * Should the HTTP2 be enabled? */ http2Enabled?: pulumi.Input; /** * The Default action for traffic that does not match any `ipRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ ipRestrictionDefaultAction?: pulumi.Input; /** * One or more `ipRestriction` blocks as defined above. */ ipRestrictions?: pulumi.Input[]>; linuxFxVersion?: pulumi.Input; /** * The Site load balancing. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. */ loadBalancingMode?: pulumi.Input; /** * Use Local MySQL. Defaults to `false`. */ localMysqlEnabled?: pulumi.Input; /** * Managed pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. */ managedPipelineMode?: pulumi.Input; /** * The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ minimumTlsVersion?: pulumi.Input; /** * Should Remote Debugging be enabled. Defaults to `false`. */ remoteDebuggingEnabled?: pulumi.Input; /** * The Remote Debugging Version. Currently only `VS2022` is supported. */ remoteDebuggingVersion?: pulumi.Input; /** * The Default action for traffic that does not match any `scmIpRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ scmIpRestrictionDefaultAction?: pulumi.Input; /** * One or more `scmIpRestriction` blocks as defined above. */ scmIpRestrictions?: pulumi.Input[]>; /** * The configures the minimum version of TLS required for SSL requests to the SCM site Possible values are `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2`. */ scmMinimumTlsVersion?: pulumi.Input; scmType?: pulumi.Input; /** * Should the Windows Web App `ipRestriction` configuration be used for the SCM also. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the Windows Web App use a 32-bit worker. Defaults to `true`. */ use32BitWorker?: pulumi.Input; /** * One or more `virtualApplication` blocks as defined below. */ virtualApplications?: pulumi.Input[]>; /** * Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to `false`. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should Web Sockets be enabled. Defaults to `false`. */ websocketsEnabled?: pulumi.Input; windowsFxVersion?: pulumi.Input; /** * The number of Workers for this Windows App Service. */ workerCount?: pulumi.Input; } interface WindowsWebAppSiteConfigApplicationStack { /** * The Application Stack for the Windows Web App. Possible values include `dotnet`, `dotnetcore`, `node`, `python`, `php`, and `java`. * * > **Note:** Whilst this property is Optional omitting it can cause unexpected behaviour, in particular for display of settings in the Azure Portal. * * > **Note:** Windows Web apps can configure multiple `appStack` properties, it is recommended to always configure this `Optional` value and set it to the primary application stack of your app to ensure correct operation of this resource and display the correct metadata in the Azure Portal. */ currentStack?: pulumi.Input; /** * The docker image, including tag, to be used. e.g. `azure-app-service/windows/parkingpage:latest`. */ dockerImageName?: pulumi.Input; /** * The User Name to use for authentication against the registry to pull the image. * * > **Note:** `dockerRegistryUrl`, `dockerRegistryUsername`, and `dockerRegistryPassword` replace the use of the `appSettings` values of `DOCKER_REGISTRY_SERVER_URL`, `DOCKER_REGISTRY_SERVER_USERNAME` and `DOCKER_REGISTRY_SERVER_PASSWORD` respectively, these values will be managed by the provider and should not be specified in the `appSettings` map. */ dockerRegistryPassword?: pulumi.Input; /** * The URL of the container registry where the `dockerImageName` is located. e.g. `https://index.docker.io` or `https://mcr.microsoft.com`. This value is required with `dockerImageName`. */ dockerRegistryUrl?: pulumi.Input; /** * The User Name to use for authentication against the registry to pull the image. */ dockerRegistryUsername?: pulumi.Input; /** * The version of .NET to use when `currentStack` is set to `dotnetcore`. Possible values include `v4.0`. */ dotnetCoreVersion?: pulumi.Input; /** * The version of .NET to use when `currentStack` is set to `dotnet`. Possible values include `v2.0`,`v3.0`, `v4.0`, `v5.0`, `v6.0`, `v7.0`, `v8.0`, `v9.0` and `v10.0`. * * > **Note:** The Portal displayed values and the actual underlying API values differ for this setting, as follows: * Portal Value | API value * :--|--: * ASP.NET V3.5 | v2.0 * ASP.NET V4.8 | v4.0 * .NET 6 (LTS) | v6.0 * .NET 7 (STS) | v7.0 * .NET 8 (LTS) | v8.0 * .NET 9 (STS) | v9.0 * .NET 10 (LTS) | v10.0 */ dotnetVersion?: pulumi.Input; /** * @deprecated this property has been deprecated in favour of `tomcatVersion` and `javaEmbeddedServerEnabled` */ javaContainer?: pulumi.Input; /** * @deprecated This property has been deprecated in favour of `tomcatVersion` and `javaEmbeddedServerEnabled` */ javaContainerVersion?: pulumi.Input; /** * Should the Java Embedded Server (Java SE) be used to run the app. */ javaEmbeddedServerEnabled?: pulumi.Input; /** * The version of Java to use when `currentStack` is set to `java`. * * > **Note:** For currently supported versions, please see the official documentation. Some example values include: `1.8`, `1.8.0_322`, `11`, `11.0.14`, `17`, `17.0.2`, `21` and `25` */ javaVersion?: pulumi.Input; /** * The version of node to use when `currentStack` is set to `node`. Possible values are `~12`, `~14`, `~16`, `~18`, `~20` and `~22`. * * > **Note:** This property conflicts with `javaVersion`. */ nodeVersion?: pulumi.Input; /** * The version of PHP to use when `currentStack` is set to `php`. Possible values are `7.1`, `7.4` and `Off`. * * > **Note:** The value `Off` is used to signify latest supported by the service. */ phpVersion?: pulumi.Input; /** * Specifies whether this is a Python app. Defaults to `false`. */ python?: pulumi.Input; /** * The version of Tomcat the Java App should use. Conflicts with `javaEmbeddedServerEnabled` * * > **Note:** See the official documentation for current supported versions. Some example values include: `10.0`, `10.0.20`. */ tomcatVersion?: pulumi.Input; } interface WindowsWebAppSiteConfigAutoHealSetting { /** * An `action` block as defined above. */ action: pulumi.Input; /** * A `trigger` block as defined below. */ trigger: pulumi.Input; } interface WindowsWebAppSiteConfigAutoHealSettingAction { /** * Predefined action to be taken to an Auto Heal trigger. Possible values include: `Recycle`, `LogEvent`, and `CustomAction`. */ actionType: pulumi.Input; /** * A `customAction` block as defined below. */ customAction?: pulumi.Input; /** * The minimum amount of time in `hh:mm:ss` the Windows Web App must have been running before the defined action will be run in the event of a trigger. */ minimumProcessExecutionTime?: pulumi.Input; } interface WindowsWebAppSiteConfigAutoHealSettingActionCustomAction { /** * The executable to run for the `customAction`. */ executable: pulumi.Input; /** * The parameters to pass to the specified `executable`. */ parameters?: pulumi.Input; } interface WindowsWebAppSiteConfigAutoHealSettingTrigger { /** * The amount of Private Memory to be consumed for this rule to trigger. Possible values are between `102400` and `13631488`. */ privateMemoryKb?: pulumi.Input; /** * A `requests` block as defined above. */ requests?: pulumi.Input; /** * A `slowRequest` block as defined above. */ slowRequest?: pulumi.Input; /** * One or more `slowRequestWithPath` blocks as defined above. */ slowRequestWithPaths?: pulumi.Input[]>; /** * One or more `statusCode` blocks as defined above. */ statusCodes?: pulumi.Input[]>; } interface WindowsWebAppSiteConfigAutoHealSettingTriggerRequests { /** * The number of requests in the specified `interval` to trigger this rule. */ count: pulumi.Input; /** * The interval in `hh:mm:ss`. */ interval: pulumi.Input; } interface WindowsWebAppSiteConfigAutoHealSettingTriggerSlowRequest { /** * The number of Slow Requests in the time `interval` to trigger this rule. */ count: pulumi.Input; /** * The time interval in the form `hh:mm:ss`. */ interval: pulumi.Input; /** * The threshold of time passed to qualify as a Slow Request in `hh:mm:ss`. */ timeTaken: pulumi.Input; } interface WindowsWebAppSiteConfigAutoHealSettingTriggerSlowRequestWithPath { /** * The number of Slow Requests in the time `interval` to trigger this rule. */ count: pulumi.Input; /** * The time interval in the form `hh:mm:ss`. */ interval: pulumi.Input; /** * The path for which this slow request rule applies. */ path?: pulumi.Input; /** * The threshold of time passed to qualify as a Slow Request in `hh:mm:ss`. */ timeTaken: pulumi.Input; } interface WindowsWebAppSiteConfigAutoHealSettingTriggerStatusCode { /** * The number of occurrences of the defined `statusCode` in the specified `interval` on which to trigger this rule. */ count: pulumi.Input; /** * The time interval in the form `hh:mm:ss`. */ interval: pulumi.Input; /** * The path to which this rule status code applies. */ path?: pulumi.Input; /** * The status code for this rule, accepts single status codes and status code ranges. e.g. `500` or `400-499`. Possible values are integers between `101` and `599` */ statusCodeRange: pulumi.Input; /** * The Request Sub Status of the Status Code. */ subStatus?: pulumi.Input; /** * The Win32 Status Code of the Request. */ win32StatusCode?: pulumi.Input; } interface WindowsWebAppSiteConfigCors { /** * Specifies a list of origins that should be allowed to make cross-origin calls. */ allowedOrigins?: pulumi.Input[]>; /** * Whether CORS requests with credentials are allowed. Defaults to `false` */ supportCredentials?: pulumi.Input; } interface WindowsWebAppSiteConfigHandlerMapping { /** * Specifies the command-line arguments to be passed to the script processor. */ arguments?: pulumi.Input; /** * Specifies which extension to be handled by the specified FastCGI application. */ extension: pulumi.Input; /** * Specifies the absolute path to the FastCGI application. */ scriptProcessorPath: pulumi.Input; } interface WindowsWebAppSiteConfigIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface WindowsWebAppSiteConfigIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface WindowsWebAppSiteConfigScmIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface WindowsWebAppSiteConfigScmIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface WindowsWebAppSiteConfigVirtualApplication { /** * The physical path for the Virtual Application. */ physicalPath: pulumi.Input; /** * Should pre-loading be enabled. */ preload: pulumi.Input; /** * One or more `virtualDirectory` blocks as defined below. */ virtualDirectories?: pulumi.Input[]>; /** * The Virtual Path for the Virtual Application. */ virtualPath: pulumi.Input; } interface WindowsWebAppSiteConfigVirtualApplicationVirtualDirectory { /** * The physical path for the Virtual Application. */ physicalPath?: pulumi.Input; /** * The Virtual Path for the Virtual Application. */ virtualPath?: pulumi.Input; } interface WindowsWebAppSiteCredential { /** * The name which should be used for this Windows Web App. Changing this forces a new Windows Web App to be created. */ name?: pulumi.Input; /** * The Site Credentials Password used for publishing. */ password?: pulumi.Input; } interface WindowsWebAppSlotAuthSettings { /** * An `activeDirectory` block as defined above. */ activeDirectory?: pulumi.Input; /** * Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. */ additionalLoginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Windows Web App Slot. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github`. * * > **Note:** This setting is only needed if multiple providers are configured, and the `unauthenticatedClientAction` is set to "RedirectToLoginPage". */ defaultProvider?: pulumi.Input; /** * Should the Authentication / Authorization feature be enabled for the Windows Web App? */ enabled: pulumi.Input; /** * A `facebook` block as defined below. */ facebook?: pulumi.Input; /** * A `github` block as defined below. */ github?: pulumi.Input; /** * A `google` block as defined below. */ google?: pulumi.Input; /** * The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Windows Web App Slot. * * > **Note:** When using Azure Active Directory, this value is the URI of the directory tenant, e.g. . */ issuer?: pulumi.Input; /** * A `microsoft` block as defined below. */ microsoft?: pulumi.Input; /** * The RuntimeVersion of the Authentication / Authorization feature in use for the Windows Web App Slot. */ runtimeVersion?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionHours?: pulumi.Input; /** * Should the Windows Web App Slot durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. */ tokenStoreEnabled?: pulumi.Input; /** * A `twitter` block as defined below. */ twitter?: pulumi.Input; /** * The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. */ unauthenticatedClientAction?: pulumi.Input; } interface WindowsWebAppSlotAuthSettingsActiveDirectory { /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** The `clientId` value is always considered an allowed audience, so should not be included. */ allowedAudiences?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The Client Secret for the Client ID. Cannot be used with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. Cannot be used with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; } interface WindowsWebAppSlotAuthSettingsFacebook { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The App Secret of the Facebook app used for Facebook login. Cannot be specified with `appSecretSettingName`. */ appSecret?: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook login. Cannot be specified with `appSecret`. */ appSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook login authentication. */ oauthScopes?: pulumi.Input[]>; } interface WindowsWebAppSlotAuthSettingsGithub { /** * The ID of the GitHub app used for login. */ clientId: pulumi.Input; /** * The Client Secret of the GitHub app used for GitHub login. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub login authentication. */ oauthScopes?: pulumi.Input[]>; } interface WindowsWebAppSlotAuthSettingsGoogle { /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The client secret associated with the Google web application. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google login. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, `openid`, `profile`, and `email` are used as default scopes. */ oauthScopes?: pulumi.Input[]>; } interface WindowsWebAppSlotAuthSettingsMicrosoft { /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecretSettingName`. */ clientSecret?: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `clientSecret`. */ clientSecretSettingName?: pulumi.Input; /** * Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, "wl.basic" is used as the default scope. */ oauthScopes?: pulumi.Input[]>; } interface WindowsWebAppSlotAuthSettingsTwitter { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecretSettingName`. */ consumerSecret?: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumerSecret`. */ consumerSecretSettingName?: pulumi.Input; } interface WindowsWebAppSlotAuthSettingsV2 { /** * An `activeDirectoryV2` block as defined below. */ activeDirectoryV2?: pulumi.Input; /** * An `appleV2` block as defined below. */ appleV2?: pulumi.Input; /** * Should the AuthV2 Settings be enabled. Defaults to `false`. */ authEnabled?: pulumi.Input; /** * An `azureStaticWebAppV2` block as defined below. */ azureStaticWebAppV2?: pulumi.Input; /** * The path to the App Auth settings. * * > **Note:** Relative Paths are evaluated from the Site Root directory. */ configFilePath?: pulumi.Input; /** * Zero or more `customOidcV2` blocks as defined below. */ customOidcV2s?: pulumi.Input[]>; /** * The Default Authentication Provider to use when the `unauthenticatedAction` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `customOidcV2` provider. * * > **Note:** Whilst any value will be accepted by the API for `defaultProvider`, it can leave the app in an unusable state if this value does not correspond to the name of a known provider (either built-in value, or customOidc name) as it is used to build the auth endpoint URI. */ defaultProvider?: pulumi.Input; /** * The paths which should be excluded from the `unauthenticatedAction` when it is set to `RedirectToLoginPage`. * * > **Note:** This list should be used instead of setting `WEBSITE_WARMUP_PATH` in `appSettings` as it takes priority. */ excludedPaths?: pulumi.Input[]>; /** * A `facebookV2` block as defined below. */ facebookV2?: pulumi.Input; /** * The convention used to determine the url of the request made. Possible values include `NoProxy`, `Standard`, `Custom`. Defaults to `NoProxy`. */ forwardProxyConvention?: pulumi.Input; /** * The name of the custom header containing the host of the request. */ forwardProxyCustomHostHeaderName?: pulumi.Input; /** * The name of the custom header containing the scheme of the request. */ forwardProxyCustomSchemeHeaderName?: pulumi.Input; /** * A `githubV2` block as defined below. */ githubV2?: pulumi.Input; /** * A `googleV2` block as defined below. */ googleV2?: pulumi.Input; /** * The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth`. */ httpRouteApiPrefix?: pulumi.Input; /** * A `login` block as defined below. */ login: pulumi.Input; /** * A `microsoftV2` block as defined below. */ microsoftV2?: pulumi.Input; /** * Should the authentication flow be used for all requests. */ requireAuthentication?: pulumi.Input; /** * Should HTTPS be required on connections? Defaults to `true`. */ requireHttps?: pulumi.Input; /** * The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1`. */ runtimeVersion?: pulumi.Input; /** * A `twitterV2` block as defined below. */ twitterV2?: pulumi.Input; /** * The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. */ unauthenticatedAction?: pulumi.Input; } interface WindowsWebAppSlotAuthSettingsV2ActiveDirectoryV2 { /** * The list of allowed Applications for the Default Authorisation Policy. */ allowedApplications?: pulumi.Input[]>; /** * Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ allowedAudiences?: pulumi.Input[]>; /** * The list of allowed Group Names for the Default Authorisation Policy. */ allowedGroups?: pulumi.Input[]>; /** * The list of allowed Identities for the Default Authorisation Policy. */ allowedIdentities?: pulumi.Input[]>; /** * The ID of the Client to use to authenticate with Azure Active Directory. */ clientId: pulumi.Input; /** * The thumbprint of the certificate used for signing purposes. * * !> **Note:** If one `clientSecretSettingName` or `clientSecretCertificateThumbprint` is specified, terraform won't write the client secret or secret certificate thumbprint back to `appSetting`, so make sure they are existed in `appSettings` to function correctly. */ clientSecretCertificateThumbprint?: pulumi.Input; /** * The App Setting name that contains the client secret of the Client. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName?: pulumi.Input; /** * A list of Allowed Client Applications in the JWT Claim. */ jwtAllowedClientApplications?: pulumi.Input[]>; /** * A list of Allowed Groups in the JWT Claim. */ jwtAllowedGroups?: pulumi.Input[]>; /** * A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. */ loginParameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/{tenant-guid}/v2.0/` * * > **Note:** [Here](https://learn.microsoft.com/en-us/entra/identity-platform/authentication-national-cloud#microsoft-entra-authentication-endpoints) is a list of possible authentication endpoints based on the cloud environment. [Here](https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-tenant) is more information to better understand how to configure authentication for Azure App Service or Azure Functions. */ tenantAuthEndpoint: pulumi.Input; /** * Should the www-authenticate provider should be omitted from the request? Defaults to `false`. */ wwwAuthenticationDisabled?: pulumi.Input; } interface WindowsWebAppSlotAuthSettingsV2AppleV2 { /** * The OpenID Connect Client ID for the Apple web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Apple Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * A list of Login Scopes provided by this Authentication Provider. * * > **Note:** This is configured on the Authentication Provider side and is Read Only here. */ loginScopes?: pulumi.Input[]>; } interface WindowsWebAppSlotAuthSettingsV2AzureStaticWebAppV2 { /** * The ID of the Client to use to authenticate with Azure Static Web App Authentication. */ clientId: pulumi.Input; } interface WindowsWebAppSlotAuthSettingsV2CustomOidcV2 { /** * The endpoint to make the Authorisation Request as supplied by `openidConfigurationEndpoint` response. */ authorisationEndpoint?: pulumi.Input; /** * The endpoint that provides the keys necessary to validate the token as supplied by `openidConfigurationEndpoint` response. */ certificationUri?: pulumi.Input; /** * The Client Credential Method used. */ clientCredentialMethod?: pulumi.Input; /** * The ID of the Client to use to authenticate with the Custom OIDC. */ clientId: pulumi.Input; /** * The App Setting name that contains the secret for this Custom OIDC Client. This is generated from `name` above and suffixed with `_PROVIDER_AUTHENTICATION_SECRET`. */ clientSecretSettingName?: pulumi.Input; /** * The endpoint that issued the Token as supplied by `openidConfigurationEndpoint` response. */ issuerEndpoint?: pulumi.Input; /** * The name of the Custom OIDC Authentication Provider. * * > **Note:** An `appSetting` matching this value in upper case with the suffix of `_PROVIDER_AUTHENTICATION_SECRET` is required. e.g. `MYOIDC_PROVIDER_AUTHENTICATION_SECRET` for a value of `myoidc`. */ name: pulumi.Input; /** * The name of the claim that contains the users name. */ nameClaimType?: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for the Custom OIDC Login. */ openidConfigurationEndpoint: pulumi.Input; /** * The list of the scopes that should be requested while authenticating. */ scopes?: pulumi.Input[]>; /** * The endpoint used to request a Token as supplied by `openidConfigurationEndpoint` response. */ tokenEndpoint?: pulumi.Input; } interface WindowsWebAppSlotAuthSettingsV2FacebookV2 { /** * The App ID of the Facebook app used for login. */ appId: pulumi.Input; /** * The app setting name that contains the `appSecret` value used for Facebook Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ appSecretSettingName: pulumi.Input; /** * The version of the Facebook API to be used while logging in. */ graphApiVersion?: pulumi.Input; /** * The list of scopes that should be requested as part of Facebook Login authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsWebAppSlotAuthSettingsV2GithubV2 { /** * The ID of the GitHub app used for login.. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for GitHub Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of GitHub Login authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsWebAppSlotAuthSettingsV2GoogleV2 { /** * Specifies a list of Allowed Audiences that should be requested as part of Google Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OpenID Connect Client ID for the Google web application. */ clientId: pulumi.Input; /** * The app setting name that contains the `clientSecret` value used for Google Login. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of OAuth 2.0 scopes that should be requested as part of Google Sign-In authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsWebAppSlotAuthSettingsV2Login { /** * External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. * * > **Note:** URLs within the current domain are always implicitly allowed. */ allowedExternalRedirectUrls?: pulumi.Input[]>; /** * The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. */ cookieExpirationConvention?: pulumi.Input; /** * The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. */ cookieExpirationTime?: pulumi.Input; /** * The endpoint to which logout requests should be made. */ logoutEndpoint?: pulumi.Input; /** * The time after the request is made when the nonce should expire. Defaults to `00:05:00`. */ nonceExpirationTime?: pulumi.Input; /** * Should the fragments from the request be preserved after the login request is made. Defaults to `false`. */ preserveUrlFragmentsForLogins?: pulumi.Input; /** * The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. */ tokenRefreshExtensionTime?: pulumi.Input; /** * Should the Token Store configuration Enabled. Defaults to `false` */ tokenStoreEnabled?: pulumi.Input; /** * The directory path in the App Filesystem in which the tokens will be stored. */ tokenStorePath?: pulumi.Input; /** * The name of the app setting which contains the SAS URL of the blob storage containing the tokens. */ tokenStoreSasSettingName?: pulumi.Input; /** * Should the nonce be validated while completing the login flow. Defaults to `true`. */ validateNonce?: pulumi.Input; } interface WindowsWebAppSlotAuthSettingsV2MicrosoftV2 { /** * Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. */ allowedAudiences?: pulumi.Input[]>; /** * The OAuth 2.0 client ID that was created for the app used for authentication. */ clientId: pulumi.Input; /** * The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ clientSecretSettingName: pulumi.Input; /** * The list of Login scopes that should be requested as part of Microsoft Account authentication. */ loginScopes?: pulumi.Input[]>; } interface WindowsWebAppSlotAuthSettingsV2TwitterV2 { /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. */ consumerKey: pulumi.Input; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. * * !> **Note:** A setting with this name must exist in `appSettings` to function correctly. */ consumerSecretSettingName: pulumi.Input; } interface WindowsWebAppSlotBackup { /** * Should this backup job be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The name which should be used for this Backup. */ name: pulumi.Input; /** * A `schedule` block as defined below. */ schedule: pulumi.Input; /** * The SAS URL to the container. */ storageAccountUrl: pulumi.Input; } interface WindowsWebAppSlotBackupSchedule { /** * How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequencyUnit` should be set to `Day`). * * > **Note:** Not all intervals are supported on all Windows Web App SKUs. Please refer to the official documentation for appropriate values. */ frequencyInterval: pulumi.Input; /** * The unit of time for how often the backup should take place. Possible values include: `Day`, `Hour` */ frequencyUnit: pulumi.Input; /** * Should the service keep at least one backup, regardless of age of backup. Defaults to `false`. */ keepAtLeastOneBackup?: pulumi.Input; /** * The time the backup was last attempted. */ lastExecutionTime?: pulumi.Input; /** * After how many days backups should be deleted. Defaults to `30`. */ retentionPeriodDays?: pulumi.Input; /** * When the schedule should start working in RFC-3339 format. */ startTime?: pulumi.Input; } interface WindowsWebAppSlotConnectionString { /** * The name of the connection String. */ name: pulumi.Input; /** * Type of database. Possible values include: `APIHub`, `Custom`, `DocDb`, `EventHub`, `MySQL`, `NotificationHub`, `PostgreSQL`, `RedisCache`, `ServiceBus`, `SQLAzure`, and `SQLServer`. */ type: pulumi.Input; /** * The connection string value. */ value: pulumi.Input; } interface WindowsWebAppSlotIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Windows Web App Slot. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Windows Web App Slot. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface WindowsWebAppSlotLogs { /** * A `applicationLogs` block as defined above. */ applicationLogs?: pulumi.Input; /** * Should detailed error messages be enabled. */ detailedErrorMessages?: pulumi.Input; /** * Should failed request tracing be enabled. */ failedRequestTracing?: pulumi.Input; /** * An `httpLogs` block as defined above. */ httpLogs?: pulumi.Input; } interface WindowsWebAppSlotLogsApplicationLogs { /** * An `azureBlobStorage` block as defined below. */ azureBlobStorage?: pulumi.Input; /** * Log level. Possible values include: `Off`, `Verbose`, `Information`, `Warning`, and `Error`. */ fileSystemLevel: pulumi.Input; } interface WindowsWebAppSlotLogsApplicationLogsAzureBlobStorage { /** * The level at which to log. Possible values include `Error`, `Warning`, `Information`, `Verbose` and `Off`. **NOTE:** this field is not available for `httpLogs` */ level: pulumi.Input; /** * The time in days after which to remove blobs. A value of `0` means no retention. */ retentionInDays: pulumi.Input; /** * SAS url to an Azure blob container with read/write/list/delete permissions. * * > **Note:** There isn't enough information to for the provider to generate the `sasUrl` from `data.azurerm_storage_account_sas` and it should be built by hand (i.e. `https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}${data.azurerm_storage_account_sas.example.sas}&sr=b`). */ sasUrl: pulumi.Input; } interface WindowsWebAppSlotLogsHttpLogs { /** * A `azureBlobStorageHttp` block as defined above. */ azureBlobStorage?: pulumi.Input; /** * A `fileSystem` block as defined above. */ fileSystem?: pulumi.Input; } interface WindowsWebAppSlotLogsHttpLogsAzureBlobStorage { /** * The time in days after which to remove blobs. A value of `0` means no retention. */ retentionInDays?: pulumi.Input; /** * SAS url to an Azure blob container with read/write/list/delete permissions. * * > **Note:** There isn't enough information to for the provider to generate the `sasUrl` from `data.azurerm_storage_account_sas` and it should be built by hand (i.e. `https://${azurerm_storage_account.example.name}.blob.core.windows.net/${azurerm_storage_container.example.name}${data.azurerm_storage_account_sas.example.sas}&sr=b`). */ sasUrl: pulumi.Input; } interface WindowsWebAppSlotLogsHttpLogsFileSystem { /** * The retention period in days. A values of `0` means no retention. */ retentionInDays: pulumi.Input; /** * The maximum size in megabytes that log files can use. */ retentionInMb: pulumi.Input; } interface WindowsWebAppSlotSiteConfig { /** * If this Windows Web App Slot is Always On enabled. Defaults to `true`. */ alwaysOn?: pulumi.Input; /** * The URL to the API Definition for this Windows Web App Slot. */ apiDefinitionUrl?: pulumi.Input; /** * The API Management API ID this Windows Web App Slot os associated with. */ apiManagementApiId?: pulumi.Input; /** * The App command line to launch. */ appCommandLine?: pulumi.Input; /** * A `applicationStack` block as defined above. */ applicationStack?: pulumi.Input; /** * A `autoHealSetting` block as defined above. Required with `autoHeal`. */ autoHealSetting?: pulumi.Input; /** * The Windows Web App Slot Name to automatically swap to when deployment to that slot is successfully completed. * * > **Note:** This must be a valid slot name on the target Windows Web App Slot. */ autoSwapSlotName?: pulumi.Input; /** * The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. */ containerRegistryManagedIdentityClientId?: pulumi.Input; /** * Should connections for Azure Container Registry use Managed Identity. */ containerRegistryUseManagedIdentity?: pulumi.Input; /** * A `cors` block as defined above. */ cors?: pulumi.Input; /** * Specifies a list of Default Documents for the Windows Web App Slot. */ defaultDocuments?: pulumi.Input[]>; detailedErrorLoggingEnabled?: pulumi.Input; /** * The State of FTP / FTPS service. Possible values include: `AllAllowed`, `FtpsOnly`, `Disabled`. Defaults to `Disabled`. * * > **Note:** Azure defaults this value to `AllAllowed`, however, in the interests of security Terraform will default this to `Disabled` to ensure the user makes a conscious choice to enable it. */ ftpsState?: pulumi.Input; /** * One or more `handlerMapping` blocks as defined below. */ handlerMappings?: pulumi.Input[]>; /** * The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Only valid in conjunction with `healthCheckPath`. */ healthCheckEvictionTimeInMin?: pulumi.Input; /** * The path to the Health Check. */ healthCheckPath?: pulumi.Input; /** * Should the HTTP2 be enabled? */ http2Enabled?: pulumi.Input; /** * The Default action for traffic that does not match any `ipRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ ipRestrictionDefaultAction?: pulumi.Input; /** * One or more `ipRestriction` blocks as defined above. */ ipRestrictions?: pulumi.Input[]>; /** * The Site load balancing. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. */ loadBalancingMode?: pulumi.Input; /** * Use Local MySQL. Defaults to `false`. */ localMysqlEnabled?: pulumi.Input; /** * Managed pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. */ managedPipelineMode?: pulumi.Input; /** * The configures the minimum version of TLS required for SSL requests. Possible values are `1.1`, `1.3`, `1.2` and `1.0`. Defaults to `1.2`. */ minimumTlsVersion?: pulumi.Input; /** * Should Remote Debugging be enabled. Defaults to `false`. */ remoteDebuggingEnabled?: pulumi.Input; /** * The Remote Debugging Version. Currently only `VS2022` is supported. */ remoteDebuggingVersion?: pulumi.Input; /** * The Default action for traffic that does not match any `scmIpRestriction` rule. possible values include `Allow` and `Deny`. Defaults to `Allow`. */ scmIpRestrictionDefaultAction?: pulumi.Input; /** * One or more `scmIpRestriction` blocks as defined above. */ scmIpRestrictions?: pulumi.Input[]>; /** * The configures the minimum version of TLS required for SSL requests to the SCM site Possible values are `1.1`, `1.3`, `1.2` and `1.0`. Defaults to `1.2`. */ scmMinimumTlsVersion?: pulumi.Input; scmType?: pulumi.Input; /** * Should the Windows Web App Slot `ipRestriction` configuration be used for the SCM also. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the Windows Web App Slot use a 32-bit worker. The default value varies from different service plans. */ use32BitWorker?: pulumi.Input; /** * One or more `virtualApplication` blocks as defined below. */ virtualApplications?: pulumi.Input[]>; /** * Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to `false`. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should Web Sockets be enabled. Defaults to `false`. */ websocketsEnabled?: pulumi.Input; windowsFxVersion?: pulumi.Input; /** * The number of Workers for this Windows App Service Slot. */ workerCount?: pulumi.Input; } interface WindowsWebAppSlotSiteConfigApplicationStack { /** * The Application Stack for the Windows Web App. Possible values include `dotnet`, `dotnetcore`, `node`, `python`, `php`, and `java`. * * > **Note:** Whilst this property is Optional omitting it can cause unexpected behaviour, in particular for display of settings in the Azure Portal. */ currentStack?: pulumi.Input; /** * The docker image, including tag, to be used. e.g. `azure-app-service/windows/parkingpage:latest`. */ dockerImageName?: pulumi.Input; /** * The User Name to use for authentication against the registry to pull the image. * * > **Note:** `dockerRegistryUrl`, `dockerRegistryUsername`, and `dockerRegistryPassword` replace the use of the `appSettings` values of `DOCKER_REGISTRY_SERVER_URL`, `DOCKER_REGISTRY_SERVER_USERNAME` and `DOCKER_REGISTRY_SERVER_PASSWORD` respectively, these values will be managed by the provider and should not be specified in the `appSettings` map. */ dockerRegistryPassword?: pulumi.Input; /** * The URL of the container registry where the `dockerImageName` is located. e.g. `https://index.docker.io` or `https://mcr.microsoft.com`. This value is required with `dockerImageName`. */ dockerRegistryUrl?: pulumi.Input; /** * The User Name to use for authentication against the registry to pull the image. */ dockerRegistryUsername?: pulumi.Input; /** * The version of .NET to use when `currentStack` is set to `dotnetcore`. Possible values include `v4.0`. */ dotnetCoreVersion?: pulumi.Input; /** * The version of .NET to use when `currentStack` is set to `dotnet`. Possible values include `v2.0`,`v3.0`, `v4.0`, `v5.0`, `v6.0`, `v7.0`, `v8.0`, `v9.0` and `v10.0`. */ dotnetVersion?: pulumi.Input; /** * @deprecated this property has been deprecated in favour of `tomcatVersion` and `javaEmbeddedServerEnabled` */ javaContainer?: pulumi.Input; /** * @deprecated This property has been deprecated in favour of `tomcatVersion` and `javaEmbeddedServerEnabled` */ javaContainerVersion?: pulumi.Input; /** * Should the Java Embedded Server (Java SE) be used to run the app. */ javaEmbeddedServerEnabled?: pulumi.Input; /** * The version of Java to use when `currentStack` is set to `java`. Possible values include `1.7`, `1.8`, `11` and `17`. Required with `javaContainer` and `javaContainerVersion`. * * > **Note:** For compatible combinations of `javaVersion`, `javaContainer` and `javaContainerVersion` users can use `az webapp list-runtimes` from command line. */ javaVersion?: pulumi.Input; /** * The version of node to use when `currentStack` is set to `node`. Possible values include `~12`, `~14`, `~16`, `~18`, `~20` and `~22`. * * > **Note:** This property conflicts with `javaVersion`. */ nodeVersion?: pulumi.Input; /** * The version of PHP to use when `currentStack` is set to `php`. Possible values are `7.1`, `7.4` and `Off`. * * > **Note:** The value `Off` is used to signify latest supported by the service. */ phpVersion?: pulumi.Input; /** * The app is a Python app. Defaults to `false`. */ python?: pulumi.Input; /** * The version of Tomcat the Java App should use. * * > **Note:** See the official documentation for current supported versions. */ tomcatVersion?: pulumi.Input; } interface WindowsWebAppSlotSiteConfigAutoHealSetting { /** * A `action` block as defined above. */ action: pulumi.Input; /** * A `trigger` block as defined below. */ trigger: pulumi.Input; } interface WindowsWebAppSlotSiteConfigAutoHealSettingAction { /** * Predefined action to be taken to an Auto Heal trigger. Possible values are `CustomAction`, `LogEvent` and `Recycle`. */ actionType: pulumi.Input; /** * A `customAction` block as defined below. */ customAction?: pulumi.Input; /** * The minimum amount of time in `hh:mm:ss` the Windows Web App Slot must have been running before the defined action will be run in the event of a trigger. */ minimumProcessExecutionTime?: pulumi.Input; } interface WindowsWebAppSlotSiteConfigAutoHealSettingActionCustomAction { /** * The executable to run for the `customAction`. */ executable: pulumi.Input; /** * The parameters to pass to the specified `executable`. */ parameters?: pulumi.Input; } interface WindowsWebAppSlotSiteConfigAutoHealSettingTrigger { /** * The amount of Private Memory to be consumed for this rule to trigger. Possible values are between `102400` and `13631488`. */ privateMemoryKb?: pulumi.Input; /** * A `requests` block as defined above. */ requests?: pulumi.Input; /** * A `slowRequest` block as defined above. */ slowRequest?: pulumi.Input; /** * One or more `slowRequestWithPath` blocks as defined above. */ slowRequestWithPaths?: pulumi.Input[]>; /** * One or more `statusCode` blocks as defined above. */ statusCodes?: pulumi.Input[]>; } interface WindowsWebAppSlotSiteConfigAutoHealSettingTriggerRequests { /** * The number of requests in the specified `interval` to trigger this rule. */ count: pulumi.Input; /** * The interval in `hh:mm:ss`. */ interval: pulumi.Input; } interface WindowsWebAppSlotSiteConfigAutoHealSettingTriggerSlowRequest { /** * The number of Slow Requests in the time `interval` to trigger this rule. */ count: pulumi.Input; /** * The time interval in the form `hh:mm:ss`. */ interval: pulumi.Input; /** * The threshold of time passed to qualify as a Slow Request in `hh:mm:ss`. */ timeTaken: pulumi.Input; } interface WindowsWebAppSlotSiteConfigAutoHealSettingTriggerSlowRequestWithPath { /** * The number of Slow Requests in the time `interval` to trigger this rule. */ count: pulumi.Input; /** * The time interval in the form `hh:mm:ss`. */ interval: pulumi.Input; /** * The path for which this slow request rule applies. */ path?: pulumi.Input; /** * The threshold of time passed to qualify as a Slow Request in `hh:mm:ss`. */ timeTaken: pulumi.Input; } interface WindowsWebAppSlotSiteConfigAutoHealSettingTriggerStatusCode { /** * The number of occurrences of the defined `statusCode` in the specified `interval` on which to trigger this rule. */ count: pulumi.Input; /** * The time interval in the form `hh:mm:ss`. */ interval: pulumi.Input; /** * The path to which this rule status code applies. */ path?: pulumi.Input; /** * The status code for this rule, accepts single status codes and status code ranges. e.g. `500` or `400-499`. Possible values are integers between `101` and `599` */ statusCodeRange: pulumi.Input; /** * The Request Sub Status of the Status Code. */ subStatus?: pulumi.Input; /** * The Win32 Status Code of the Request. */ win32StatusCode?: pulumi.Input; } interface WindowsWebAppSlotSiteConfigCors { /** * Specifies a list of origins that should be allowed to make cross-origin calls. */ allowedOrigins?: pulumi.Input[]>; /** * Whether CORS requests with credentials are allowed. Defaults to `false` */ supportCredentials?: pulumi.Input; } interface WindowsWebAppSlotSiteConfigHandlerMapping { /** * Specify the command-line arguments to be passed to the script processor. */ arguments?: pulumi.Input; /** * Specify which extension to be handled by the specified FastCGI application. */ extension: pulumi.Input; /** * Specify the absolute path to the FastCGI application. */ scriptProcessorPath: pulumi.Input; } interface WindowsWebAppSlotSiteConfigIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface WindowsWebAppSlotSiteConfigIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface WindowsWebAppSlotSiteConfigScmIpRestriction { /** * The action to take. Possible values are `Allow` or `Deny`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * A `headers` block as defined above. */ headers?: pulumi.Input; /** * The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` */ ipAddress?: pulumi.Input; /** * The name which should be used for this `ipRestriction`. */ name?: pulumi.Input; /** * The priority value of this `ipRestriction`. Defaults to `65000`. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One and only one of `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface WindowsWebAppSlotSiteConfigScmIpRestrictionHeaders { /** * Specifies a list of Azure Front Door IDs. */ xAzureFdids?: pulumi.Input[]>; /** * Specifies if a Front Door Health Probe should be expected. The only possible value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * Specifies a list of addresses for which matching should be applied. Omitting this value means allow any. */ xForwardedFors?: pulumi.Input[]>; /** * Specifies a list of Hosts for which matching should be applied. */ xForwardedHosts?: pulumi.Input[]>; } interface WindowsWebAppSlotSiteConfigVirtualApplication { /** * The physical path for the Virtual Application. */ physicalPath: pulumi.Input; /** * Should pre-loading be enabled. */ preload: pulumi.Input; /** * One or more `virtualDirectory` blocks as defined below. */ virtualDirectories?: pulumi.Input[]>; /** * The Virtual Path for the Virtual Application. */ virtualPath: pulumi.Input; } interface WindowsWebAppSlotSiteConfigVirtualApplicationVirtualDirectory { /** * The physical path for the Virtual Application. */ physicalPath?: pulumi.Input; /** * The Virtual Path for the Virtual Application. */ virtualPath?: pulumi.Input; } interface WindowsWebAppSlotSiteCredential { /** * The name which should be used for this Windows Web App Slot. Changing this forces a new Windows Web App Slot to be created. * * > **Note:** Terraform will perform a name availability check as part of the creation progress, if this Web App is part of an App Service Environment terraform will require Read permission on the App Service Environment for this to complete reliably. */ name?: pulumi.Input; /** * The Site Credentials Password used for publishing. */ password?: pulumi.Input; } interface WindowsWebAppSlotStorageAccount { /** * The Access key for the storage account. */ accessKey: pulumi.Input; /** * The Name of the Storage Account. */ accountName: pulumi.Input; /** * The path at which to mount the storage share. */ mountPath?: pulumi.Input; /** * The name which should be used for this Storage Account. */ name: pulumi.Input; /** * The Name of the File Share or Container Name for Blob storage. */ shareName: pulumi.Input; /** * The Azure Storage Type. Possible values include `AzureFiles` and `AzureBlob` */ type: pulumi.Input; } interface WindowsWebAppStickySettings { /** * A list of `appSetting` names that the Windows Web App will not swap between Slots when a swap operation is triggered. */ appSettingNames?: pulumi.Input[]>; /** * A list of `connectionString` names that the Windows Web App will not swap between Slots when a swap operation is triggered. */ connectionStringNames?: pulumi.Input[]>; } interface WindowsWebAppStorageAccount { /** * The Access key for the storage account. */ accessKey: pulumi.Input; /** * The Name of the Storage Account. */ accountName: pulumi.Input; /** * The path at which to mount the storage share. */ mountPath?: pulumi.Input; /** * The name which should be used for this TODO. */ name: pulumi.Input; /** * The Name of the File Share or Container Name for Blob storage. */ shareName: pulumi.Input; /** * The Azure Storage Type. Possible values include `AzureFiles` and `AzureBlob` */ type: pulumi.Input; } } export declare namespace arc { interface ResourceBridgeApplianceIdentity { /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Arc Resource Bridge Appliance. The only possible value is `SystemAssigned`. Changing this forces a new resource to be created. */ type: pulumi.Input; } } export declare namespace arckubernetes { interface ClusterExtensionIdentity { /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity. The only possible value is `SystemAssigned`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface ClusterIdentity { /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity assigned to this Arc Kubernetes Cluster. At this time the only possible value is `SystemAssigned`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface FluxConfigurationBlobStorage { /** * Specifies the account key (shared key) to access the storage account. */ accountKey?: pulumi.Input; /** * Specifies the Azure Blob container ID. */ containerId: pulumi.Input; /** * Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. */ localAuthReference?: pulumi.Input; /** * Specifies the shared access token to access the storage container. */ sasToken?: pulumi.Input; /** * A `servicePrincipal` block as defined below. */ servicePrincipal?: pulumi.Input; /** * Specifies the interval at which to re-reconcile the cluster Azure Blob source with the remote. */ syncIntervalInSeconds?: pulumi.Input; /** * Specifies the maximum time to attempt to reconcile the cluster Azure Blob source with the remote. */ timeoutInSeconds?: pulumi.Input; } interface FluxConfigurationBlobStorageServicePrincipal { /** * Base64-encoded certificate used to authenticate a Service Principal . */ clientCertificateBase64?: pulumi.Input; /** * Specifies the password for the certificate used to authenticate a Service Principal . */ clientCertificatePassword?: pulumi.Input; /** * Specifies whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the client certificate. */ clientCertificateSendChain?: pulumi.Input; /** * Specifies the client ID for authenticating a Service Principal. */ clientId: pulumi.Input; /** * Specifies the client secret for authenticating a Service Principal. */ clientSecret?: pulumi.Input; /** * Specifies the tenant ID for authenticating a Service Principal. */ tenantId: pulumi.Input; } interface FluxConfigurationBucket { /** * Specifies the plaintext access key used to securely access the S3 bucket. */ accessKey?: pulumi.Input; /** * Specifies the bucket name to sync from the url endpoint for the flux configuration. */ bucketName: pulumi.Input; /** * Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. */ localAuthReference?: pulumi.Input; /** * Specifies the Base64-encoded secret key used to authenticate with the bucket source. */ secretKeyBase64?: pulumi.Input; /** * Specifies the interval at which to re-reconcile the cluster git repository source with the remote. Defaults to `600`. */ syncIntervalInSeconds?: pulumi.Input; /** * Specifies the maximum time to attempt to reconcile the cluster git repository source with the remote. Defaults to `600`. */ timeoutInSeconds?: pulumi.Input; /** * Specify whether to communicate with a bucket using TLS is enabled. Defaults to `true`. */ tlsEnabled?: pulumi.Input; /** * Specifies the URL to sync for the flux configuration S3 bucket. It must start with `http://` or `https://`. */ url: pulumi.Input; } interface FluxConfigurationGitRepository { /** * Specifies the Base64-encoded HTTPS certificate authority contents used to access git private git repositories over HTTPS. */ httpsCaCertBase64?: pulumi.Input; /** * Specifies the Base64-encoded HTTPS personal access token or password that will be used to access the repository. */ httpsKeyBase64?: pulumi.Input; /** * Specifies the plaintext HTTPS username used to access private git repositories over HTTPS. */ httpsUser?: pulumi.Input; /** * Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. It must be between 1 and 63 characters. It can contain only lowercase letters, numbers, and hyphens (-). It must start and end with a lowercase letter or number. */ localAuthReference?: pulumi.Input; /** * Specifies the source reference type for the GitRepository object. Possible values are `branch`, `commit`, `semver` and `tag`. */ referenceType: pulumi.Input; /** * Specifies the source reference value for the GitRepository object. */ referenceValue: pulumi.Input; /** * Specifies the Base64-encoded knownHosts value containing public SSH keys required to access private git repositories over SSH. */ sshKnownHostsBase64?: pulumi.Input; /** * Specifies the Base64-encoded SSH private key in PEM format. */ sshPrivateKeyBase64?: pulumi.Input; /** * Specifies the interval at which to re-reconcile the cluster git repository source with the remote. Defaults to `600`. */ syncIntervalInSeconds?: pulumi.Input; /** * Specifies the maximum time to attempt to reconcile the cluster git repository source with the remote. Defaults to `600`. */ timeoutInSeconds?: pulumi.Input; /** * Specifies the URL to sync for the flux configuration git repository. It must start with `http://`, `https://`, `git@` or `ssh://`. */ url: pulumi.Input; } interface FluxConfigurationKustomization { /** * Specifies other kustomizations that this kustomization depends on. This kustomization will not reconcile until all dependencies have completed their reconciliation. */ dependsOns?: pulumi.Input[]>; /** * Whether garbage collections of Kubernetes objects created by this kustomization is enabled. Defaults to `false`. */ garbageCollectionEnabled?: pulumi.Input; /** * Specifies the name of the kustomization. */ name: pulumi.Input; /** * Specifies the path in the source reference to reconcile on the cluster. */ path?: pulumi.Input; /** * Whether re-creating Kubernetes resources on the cluster is enabled when patching fails due to an immutable field change. Defaults to `false`. */ recreatingEnabled?: pulumi.Input; /** * The interval at which to re-reconcile the kustomization on the cluster in the event of failure on reconciliation. Defaults to `600`. */ retryIntervalInSeconds?: pulumi.Input; /** * The interval at which to re-reconcile the kustomization on the cluster. Defaults to `600`. */ syncIntervalInSeconds?: pulumi.Input; /** * The maximum time to attempt to reconcile the kustomization on the cluster. Defaults to `600`. */ timeoutInSeconds?: pulumi.Input; } interface ProvisionedClusterAzureActiveDirectory { /** * A list of IDs of Microsoft Entra ID Groups. All members of the specified Microsoft Entra ID Groups have the cluster administrator access to the Kubernetes cluster. */ adminGroupObjectIds?: pulumi.Input[]>; /** * Whether to enable Azure RBAC for Kubernetes authorization. Defaults to `false`. */ azureRbacEnabled?: pulumi.Input; /** * The Tenant ID to use for authentication. If not specified, the Tenant of the Arc Kubernetes Cluster will be used. */ tenantId?: pulumi.Input; } interface ProvisionedClusterIdentity { /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * The type of the Managed Identity. The only possible value is `SystemAssigned`. Changing this forces a new Arc Kubernetes Provisioned Cluster to be created. */ type: pulumi.Input; } } export declare namespace arcmachine { interface ArcMachineIdentity { /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity assigned to this Arc Machine. At this time the only possible value is `SystemAssigned`. */ type: pulumi.Input; } } export declare namespace authorization { interface RoleDefinitionPermission { /** * One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. */ actions?: pulumi.Input[]>; /** * One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. */ dataActions?: pulumi.Input[]>; /** * One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. */ notActions?: pulumi.Input[]>; /** * One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. */ notDataActions?: pulumi.Input[]>; } } export declare namespace automanage { interface ConfigurationAntimalware { /** * A `exclusions` block as defined below. */ exclusions?: pulumi.Input; /** * Whether the real time protection is enabled. Defaults to `false`. */ realTimeProtectionEnabled?: pulumi.Input; /** * The day of the scheduled scan. Possible values are `0` to `8` where `0` is daily, `1` to `7` are the days of the week and `8` is Disabled. Defaults to `8`. */ scheduledScanDay?: pulumi.Input; /** * Whether the scheduled scan is enabled. Defaults to `false`. */ scheduledScanEnabled?: pulumi.Input; /** * The time of the scheduled scan in minutes. Possible values are `0` to `1439` where `0` is 12:00 AM and `1439` is 11:59 PM. */ scheduledScanTimeInMinutes?: pulumi.Input; /** * The type of the scheduled scan. Possible values are `Quick` and `Full`. Defaults to `Quick`. */ scheduledScanType?: pulumi.Input; } interface ConfigurationAntimalwareExclusions { /** * The extensions to exclude from the antimalware scan, separated by `;`. For example `.ext1;.ext2`. */ extensions?: pulumi.Input; /** * The paths to exclude from the antimalware scan, separated by `;`. For example `C:\\Windows\\Temp;D:\\Temp`. */ paths?: pulumi.Input; /** * The processes to exclude from the antimalware scan, separated by `;`. For example `svchost.exe;notepad.exe`. */ processes?: pulumi.Input; } interface ConfigurationAzureSecurityBaseline { /** * The assignment type of the azure security baseline. Possible values are `ApplyAndAutoCorrect`, `ApplyAndMonitor`, `Audit` and `DeployAndAutoCorrect`. Defaults to `ApplyAndAutoCorrect`. */ assignmentType?: pulumi.Input; } interface ConfigurationBackup { /** * The retention range in days of the backup policy. Defaults to `5`. */ instantRpRetentionRangeInDays?: pulumi.Input; /** * The name of the backup policy. */ policyName?: pulumi.Input; /** * A `retentionPolicy` block as defined below. */ retentionPolicy?: pulumi.Input; /** * A `schedulePolicy` block as defined below. */ schedulePolicy?: pulumi.Input; /** * The timezone of the backup policy. Defaults to `UTC`. */ timeZone?: pulumi.Input; } interface ConfigurationBackupRetentionPolicy { /** * A `dailySchedule` block as defined below. */ dailySchedule?: pulumi.Input; /** * The retention policy type of the backup policy. Possible value is `LongTermRetentionPolicy`. Defaults to `LongTermRetentionPolicy`. */ retentionPolicyType?: pulumi.Input; /** * A `weeklySchedule` block as defined below. */ weeklySchedule?: pulumi.Input; } interface ConfigurationBackupRetentionPolicyDailySchedule { /** * A `retentionDuration` block as defined below. */ retentionDuration?: pulumi.Input; /** * The retention times of the backup policy. */ retentionTimes?: pulumi.Input[]>; } interface ConfigurationBackupRetentionPolicyDailyScheduleRetentionDuration { /** * The count of the retention duration of the backup policy. Valid value inside `dailySchedule` is `7` to `9999` and inside `weeklySchedule` is `1` to `5163`. */ count?: pulumi.Input; /** * The duration type of the retention duration of the backup policy. Valid value inside `dailySchedule` is `Days` and inside `weeklySchedule` is `Weeks`. Defaults to `Days`. */ durationType?: pulumi.Input; } interface ConfigurationBackupRetentionPolicyWeeklySchedule { /** * A `retentionDuration` block as defined below. */ retentionDuration?: pulumi.Input; /** * The retention times of the backup policy. */ retentionTimes?: pulumi.Input[]>; } interface ConfigurationBackupRetentionPolicyWeeklyScheduleRetentionDuration { /** * The count of the retention duration of the backup policy. Valid value inside `dailySchedule` is `7` to `9999` and inside `weeklySchedule` is `1` to `5163`. */ count?: pulumi.Input; /** * The duration type of the retention duration of the backup policy. Valid value inside `dailySchedule` is `Days` and inside `weeklySchedule` is `Weeks`. Defaults to `Days`. */ durationType?: pulumi.Input; } interface ConfigurationBackupSchedulePolicy { /** * The schedule policy type of the backup policy. Possible value is `SimpleSchedulePolicy`. Defaults to `SimpleSchedulePolicy`. */ schedulePolicyType?: pulumi.Input; /** * The schedule run days of the backup policy. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` and `Saturday`. */ scheduleRunDays?: pulumi.Input[]>; /** * The schedule run frequency of the backup policy. Possible values are `Daily` and `Weekly`. Defaults to `Daily`. */ scheduleRunFrequency?: pulumi.Input; /** * The schedule run times of the backup policy. */ scheduleRunTimes?: pulumi.Input[]>; } } export declare namespace automation { interface AccountEncryption { /** * @deprecated `encryption.key_source` has been deprecated and will be removed in v5.0 of the AzureRM Provider. To disable encryption, omit the `encryption` block */ keySource?: pulumi.Input; /** * The ID of the Key Vault Key which should be used to Encrypt the data in this Automation Account. */ keyVaultKeyId: pulumi.Input; /** * The User Assigned Managed Identity ID to be used for accessing the Customer Managed Key for encryption. */ userAssignedIdentityId?: pulumi.Input; } interface AccountIdentity { /** * The ID of the User Assigned Identity which should be assigned to this Automation Account. * * > **Note:** `identityIds` is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * The type of identity used for this Automation Account. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface AccountPrivateEndpointConnection { /** * The ID of the Automation Account. */ id?: pulumi.Input; /** * Specifies the name of the Automation Account. Changing this forces a new resource to be created. */ name?: pulumi.Input; } interface ConnectionTypeField { /** * Whether to set the isEncrypted flag of the connection field definition. */ isEncrypted?: pulumi.Input; /** * Whether to set the isOptional flag of the connection field definition. */ isOptional?: pulumi.Input; /** * The name which should be used for this connection field definition. */ name: pulumi.Input; /** * The type of the connection field definition. */ type: pulumi.Input; } interface ModuleModuleLink { /** * A `hash` block as defined below. */ hash?: pulumi.Input; /** * The URI of the module content (zip or nupkg). */ uri: pulumi.Input; } interface ModuleModuleLinkHash { /** * Specifies the algorithm used for the hash content. */ algorithm: pulumi.Input; /** * The hash value of the content. */ value: pulumi.Input; } interface Powershell72ModuleModuleLink { /** * A `hash` block as defined below. */ hash?: pulumi.Input; /** * The URI of the module content (zip or nupkg). */ uri: pulumi.Input; } interface Powershell72ModuleModuleLinkHash { /** * Specifies the algorithm used for the hash content. */ algorithm: pulumi.Input; /** * The hash value of the content. */ value: pulumi.Input; } interface RunBookDraft { /** * A `publishContentLink` block as defined above. */ contentLink?: pulumi.Input; creationTime?: pulumi.Input; /** * Whether the draft in edit mode. */ editModeEnabled?: pulumi.Input; lastModifiedTime?: pulumi.Input; /** * Specifies the output types of the runbook. */ outputTypes?: pulumi.Input[]>; /** * A list of `parameters` block as defined below. */ parameters?: pulumi.Input[]>; } interface RunBookDraftContentLink { /** * A `hash` block as defined below. */ hash?: pulumi.Input; /** * The URI of the runbook content. */ uri: pulumi.Input; /** * Specifies the version of the content */ version?: pulumi.Input; } interface RunBookDraftContentLinkHash { /** * Specifies the hash algorithm used to hash the content. */ algorithm: pulumi.Input; /** * Specifies the expected hash value of the content. */ value: pulumi.Input; } interface RunBookDraftParameter { /** * Specifies the default value of the parameter. */ defaultValue?: pulumi.Input; /** * The name of the parameter. */ key: pulumi.Input; /** * Whether this parameter is mandatory. */ mandatory?: pulumi.Input; /** * Specifies the position of the parameter. */ position?: pulumi.Input; /** * Specifies the type of this parameter. */ type: pulumi.Input; } interface RunBookJobSchedule { /** * The UUID of automation runbook job schedule ID. */ jobScheduleId?: pulumi.Input; /** * A map of key/value pairs corresponding to the arguments that can be passed to the Runbook. * * > **Note:** The parameter keys/names must strictly be in lowercase, even if this is not the case in the runbook. This is due to a limitation in Azure Automation where the parameter names are normalized. The values specified don't have this limitation. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Name of a Hybrid Worker Group the Runbook will be executed on. */ runOn?: pulumi.Input; /** * The name of the Schedule. */ scheduleName: pulumi.Input; } interface RunBookPublishContentLink { /** * A `hash` block as defined below. */ hash?: pulumi.Input; /** * The URI of the runbook content. */ uri: pulumi.Input; /** * Specifies the version of the content */ version?: pulumi.Input; } interface RunBookPublishContentLinkHash { /** * Specifies the hash algorithm used to hash the content. */ algorithm: pulumi.Input; /** * Specifies the expected hash value of the content. */ value: pulumi.Input; } interface ScheduleMonthlyOccurrence { /** * Day of the occurrence. Must be one of `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday`, `Sunday`. */ day: pulumi.Input; /** * Occurrence of the week within the month. Must be between `1` and `5`. `-1` for last week within the month. */ occurrence: pulumi.Input; } interface SoftwareUpdateConfigurationLinux { /** * Specifies the list of update classifications included in the Software Update Configuration. Possible values are `Unclassified`, `Critical`, `Security` and `Other`. */ classificationsIncludeds: pulumi.Input[]>; /** * Specifies a list of packages to excluded from the Software Update Configuration. */ excludedPackages?: pulumi.Input[]>; /** * Specifies a list of packages to included from the Software Update Configuration. */ includedPackages?: pulumi.Input[]>; /** * Specifies the reboot settings after software update, possible values are `IfRequired`, `Never`, `RebootOnly` and `Always`. Defaults to `IfRequired`. */ reboot?: pulumi.Input; } interface SoftwareUpdateConfigurationPostTask { /** * Specifies a map of parameters for the task. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The name of the runbook for the post task. */ source?: pulumi.Input; } interface SoftwareUpdateConfigurationPreTask { /** * Specifies a map of parameters for the task. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The name of the runbook for the pre task. */ source?: pulumi.Input; } interface SoftwareUpdateConfigurationSchedule { /** * List of days of the month that the job should execute on. Must be between `1` and `31`. `-1` for last day of the month. Only valid when frequency is `Month`. */ advancedMonthDays?: pulumi.Input[]>; /** * List of days of the week that the job should execute on. Only valid when frequency is `Week`. Possible values include `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday`, and `Sunday`. */ advancedWeekDays?: pulumi.Input[]>; creationTime?: pulumi.Input; /** * A description for this Schedule. */ description?: pulumi.Input; /** * The end time of the schedule. */ expiryTime?: pulumi.Input; /** * The time offset in minutes for the expiry time. */ expiryTimeOffsetMinutes?: pulumi.Input; /** * The frequency of the schedule. - can be either `OneTime`, `Day`, `Hour`, `Week`, or `Month`. */ frequency: pulumi.Input; /** * The number of `frequency`s between runs. Only valid when frequency is `Day`, `Hour`, `Week`, or `Month`. */ interval?: pulumi.Input; /** * Whether the schedule is enabled. Defaults to `true`. */ isEnabled?: pulumi.Input; lastModifiedTime?: pulumi.Input; /** * List of `monthlyOccurrence` blocks as defined below to specifies occurrences of days within a month. Only valid when frequency is `Month`. The `monthlyOccurrence` block supports fields as defined below. */ monthlyOccurrence?: pulumi.Input; nextRun?: pulumi.Input; /** * The time offset in minutes for the next run time. */ nextRunOffsetMinutes?: pulumi.Input; /** * Start time of the schedule. Must be at least five minutes in the future. Defaults to seven minutes in the future from the time the resource is created. */ startTime?: pulumi.Input; /** * The time offset in minutes for the start time. */ startTimeOffsetMinutes?: pulumi.Input; /** * The timezone of the start time. Defaults to `Etc/UTC`. For possible values see: */ timeZone?: pulumi.Input; } interface SoftwareUpdateConfigurationScheduleMonthlyOccurrence { /** * Day of the occurrence. Must be one of `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday`, `Sunday`. */ day: pulumi.Input; /** * Occurrence of the week within the month. Must be between `1` and `4`. `-1` for last week within the month. */ occurrence: pulumi.Input; } interface SoftwareUpdateConfigurationTarget { /** * One or more `azureQuery` blocks as defined above. */ azureQueries?: pulumi.Input[]>; /** * One or more `nonAzureQuery` blocks as defined above. */ nonAzureQueries?: pulumi.Input[]>; } interface SoftwareUpdateConfigurationTargetAzureQuery { /** * Specifies a list of locations to scope the query to. */ locations?: pulumi.Input[]>; /** * Specifies a list of Subscription or Resource Group ARM Ids to query. */ scopes?: pulumi.Input[]>; /** * Specifies how the specified tags to filter VMs. Possible values are `Any` and `All`. */ tagFilter?: pulumi.Input; /** * A mapping of tags used for query filter. One or more `tags` block as defined below. */ tags?: pulumi.Input[]>; } interface SoftwareUpdateConfigurationTargetAzureQueryTag { /** * Specifies the name of the tag to filter. */ tag: pulumi.Input; /** * Specifies a list of values for this tag key. */ values: pulumi.Input[]>; } interface SoftwareUpdateConfigurationTargetNonAzureQuery { /** * Specifies the Log Analytics save search name. */ functionAlias?: pulumi.Input; /** * The workspace id for Log Analytics in which the saved search in. */ workspaceId?: pulumi.Input; } interface SoftwareUpdateConfigurationWindows { /** * Specifies the list of update classification. Possible values are `Unclassified`, `Critical`, `Security`, `UpdateRollup`, `FeaturePack`, `ServicePack`, `Definition`, `Tools` and `Updates`. */ classificationsIncludeds: pulumi.Input[]>; /** * Specifies a list of knowledge base numbers excluded. */ excludedKnowledgeBaseNumbers?: pulumi.Input[]>; /** * Specifies a list of knowledge base numbers included. */ includedKnowledgeBaseNumbers?: pulumi.Input[]>; /** * Specifies the reboot settings after software update, possible values are `IfRequired`, `Never`, `RebootOnly` and `Always`. Defaults to `IfRequired`. */ reboot?: pulumi.Input; } interface SourceControlSecurity { /** * The refresh token of specified rpeo. */ refreshToken?: pulumi.Input; /** * The access token of specified repo. */ token: pulumi.Input; /** * Specify the token type, possible values are `PersonalAccessToken` and `Oauth`. */ tokenType: pulumi.Input; } } export declare namespace avs { interface PrivateCloudCircuit { /** * The ID of the ExpressRoute Circuit. */ expressRouteId?: pulumi.Input; /** * The ID of the ExpressRoute Circuit private peering. */ expressRoutePrivatePeeringId?: pulumi.Input; /** * The CIDR of the primary subnet. */ primarySubnetCidr?: pulumi.Input; /** * The CIDR of the secondary subnet. */ secondarySubnetCidr?: pulumi.Input; } interface PrivateCloudManagementCluster { /** * A list of hosts in the management cluster. */ hosts?: pulumi.Input[]>; /** * The ID of the management cluster. */ id?: pulumi.Input; /** * The size of the management cluster. This field can not updated with `internetConnectionEnabled` together. */ size: pulumi.Input; } } export declare namespace backup { interface PolicyFileShareBackup { /** * Sets the backup frequency. Possible values are `Daily` and `Hourly`. * * > **Note:** This argument is made available for consistency with VM backup policies and to allow for potential future support of weekly backups */ frequency: pulumi.Input; /** * A `hourly` block defined as below. This is required when `frequency` is set to `Hourly`. */ hourly?: pulumi.Input; /** * The time of day to perform the backup in 24-hour format. Times must be either on the hour or half hour (e.g. 12:00, 12:30, 13:00, etc.) * * > **Note:** `time` is required when `frequency` is set to `Daily`. */ time?: pulumi.Input; } interface PolicyFileShareBackupHourly { /** * Specifies the interval at which backup needs to be triggered. Possible values are `4`, `6`, `8` and `12`. */ interval: pulumi.Input; /** * Specifies the start time of the hourly backup. The time format should be in 24-hour format. Times must be either on the hour or half hour (e.g. 12:00, 12:30, 13:00, etc.). */ startTime: pulumi.Input; /** * Species the duration of the backup window in hours. Details could be found [here](https://learn.microsoft.com/en-us/azure/backup/backup-azure-files-faq#what-does-the-duration-attribute-in-azure-files-backup-policy-signify-). */ windowDuration: pulumi.Input; } interface PolicyFileShareRetentionDaily { /** * The number of daily backups to keep. Must be between `1` and `200` (inclusive) */ count: pulumi.Input; } interface PolicyFileShareRetentionMonthly { /** * The number of monthly backups to keep. Must be between `1` and `120` */ count: pulumi.Input; /** * The days of the month to retain backups of. Must be between `1` and `31`. */ days?: pulumi.Input[]>; /** * Including the last day of the month, default to `false`. * * > **Note:** Either `weekdays` and `weeks` or `days` and `includeLastDays` must be specified. */ includeLastDays?: pulumi.Input; /** * The weekday backups to retain . Must be one of `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` or `Saturday`. */ weekdays?: pulumi.Input[]>; /** * The weeks of the month to retain backups of. Must be one of `First`, `Second`, `Third`, `Fourth`, `Last`. */ weeks?: pulumi.Input[]>; } interface PolicyFileShareRetentionWeekly { /** * The number of daily backups to keep. Must be between `1` and `200` (inclusive) */ count: pulumi.Input; /** * The weekday backups to retain. Must be one of `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` or `Saturday`. */ weekdays: pulumi.Input[]>; } interface PolicyFileShareRetentionYearly { /** * The number of yearly backups to keep. Must be between `1` and `10` */ count: pulumi.Input; /** * The days of the month to retain backups of. Must be between `1` and `31`. */ days?: pulumi.Input[]>; /** * Including the last day of the month, default to `false`. * * > **Note:** Either `weekdays` and `weeks` or `days` and `includeLastDays` must be specified. */ includeLastDays?: pulumi.Input; /** * The months of the year to retain backups of. Must be one of `January`, `February`, `March`, `April`, `May`, `June`, `July`, `Augest`, `September`, `October`, `November` and `December`. */ months: pulumi.Input[]>; /** * The weekday backups to retain . Must be one of `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` or `Saturday`. */ weekdays?: pulumi.Input[]>; /** * The weeks of the month to retain backups of. Must be one of `First`, `Second`, `Third`, `Fourth`, `Last`. */ weeks?: pulumi.Input[]>; } interface PolicyVMBackup { /** * Sets the backup frequency. Possible values are `Hourly`, `Daily` and `Weekly`. */ frequency: pulumi.Input; /** * Duration of the backup window in hours. Possible values are between `4` and `24` This is used when `frequency` is `Hourly`. * * > **Note:** `hourDuration` must be multiplier of `hourInterval` */ hourDuration?: pulumi.Input; /** * Interval in hour at which backup is triggered. Possible values are `4`, `6`, `8` and `12`. This is used when `frequency` is `Hourly`. */ hourInterval?: pulumi.Input; /** * The time of day to perform the backup in 24hour format. */ time: pulumi.Input; /** * The days of the week to perform backups on. Must be one of `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` or `Saturday`. This is used when `frequency` is `Weekly`. */ weekdays?: pulumi.Input[]>; } interface PolicyVMInstantRestoreResourceGroup { /** * The prefix for the `instantRestoreResourceGroup` name. */ prefix: pulumi.Input; /** * The suffix for the `instantRestoreResourceGroup` name. */ suffix?: pulumi.Input; } interface PolicyVMRetentionDaily { /** * The number of daily backups to keep. Must be between `7` and `9999`. * * > **Note:** Azure previously allows this field to be set to a minimum of 1 (day) - but for new resources/to update this value on existing Backup Policies - this value must now be at least 7 (days). */ count: pulumi.Input; } interface PolicyVMRetentionMonthly { /** * The number of monthly backups to keep. Must be between `1` and `9999` */ count: pulumi.Input; /** * The days of the month to retain backups of. Must be between `1` and `31`. */ days?: pulumi.Input[]>; /** * Including the last day of the month, default to `false`. * * > **Note:** Either `weekdays` and `weeks` or `days` and `includeLastDays` must be specified. */ includeLastDays?: pulumi.Input; /** * The weekday backups to retain . Must be one of `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` or `Saturday`. */ weekdays?: pulumi.Input[]>; /** * The weeks of the month to retain backups of. Must be one of `First`, `Second`, `Third`, `Fourth`, `Last`. */ weeks?: pulumi.Input[]>; } interface PolicyVMRetentionWeekly { /** * The number of weekly backups to keep. Must be between `1` and `9999` */ count: pulumi.Input; /** * The weekday backups to retain. Must be one of `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` or `Saturday`. */ weekdays: pulumi.Input[]>; } interface PolicyVMRetentionYearly { /** * The number of yearly backups to keep. Must be between `1` and `9999` */ count: pulumi.Input; /** * The days of the month to retain backups of. Must be between `1` and `31`. */ days?: pulumi.Input[]>; /** * Including the last day of the month, default to `false`. * * > **Note:** Either `weekdays` and `weeks` or `days` and `includeLastDays` must be specified. */ includeLastDays?: pulumi.Input; /** * The months of the year to retain backups of. Must be one of `January`, `February`, `March`, `April`, `May`, `June`, `July`, `August`, `September`, `October`, `November` and `December`. */ months: pulumi.Input[]>; /** * The weekday backups to retain . Must be one of `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` or `Saturday`. */ weekdays?: pulumi.Input[]>; /** * The weeks of the month to retain backups of. Must be one of `First`, `Second`, `Third`, `Fourth`, `Last`. */ weeks?: pulumi.Input[]>; } interface PolicyVMTieringPolicy { /** * An `archivedRestorePoint` block as defined below. */ archivedRestorePoint: pulumi.Input; } interface PolicyVMTieringPolicyArchivedRestorePoint { /** * The number of days/weeks/months/years to retain backups in current tier before tiering. */ duration?: pulumi.Input; /** * The retention duration type. Possible values are `Days`, `Weeks`, `Months` and `Years`. */ durationType?: pulumi.Input; /** * The tiering mode to control automatic tiering of recovery points. Possible values are `TierAfter` and `TierRecommended`. */ mode: pulumi.Input; } interface PolicyVMWorkloadProtectionPolicy { /** * A `backup` block as defined below. */ backup: pulumi.Input; /** * The type of the VM Workload Backup Policy. Possible values are `Differential`, `Full`, `Incremental` and `Log`. */ policyType: pulumi.Input; /** * A `retentionDaily` block as defined below. */ retentionDaily?: pulumi.Input; /** * A `retentionMonthly` block as defined below. */ retentionMonthly?: pulumi.Input; /** * A `retentionWeekly` block as defined below. */ retentionWeekly?: pulumi.Input; /** * A `retentionYearly` block as defined below. */ retentionYearly?: pulumi.Input; /** * A `simpleRetention` block as defined below. */ simpleRetention?: pulumi.Input; } interface PolicyVMWorkloadProtectionPolicyBackup { /** * The backup frequency for the VM Workload Backup Policy. Possible values are `Daily` and `Weekly`. */ frequency?: pulumi.Input; /** * The backup frequency in minutes for the VM Workload Backup Policy. Possible values are `15`, `30`, `60`, `120`, `240`, `480`, `720` and `1440`. */ frequencyInMinutes?: pulumi.Input; /** * The time of day to perform the backup in 24hour format. */ time?: pulumi.Input; /** * The days of the week to perform backups on. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` or `Saturday`. This is used when `frequency` is `Weekly`. */ weekdays?: pulumi.Input[]>; } interface PolicyVMWorkloadProtectionPolicyRetentionDaily { /** * The number of daily backups to keep. Possible values are between `7` and `9999`. */ count: pulumi.Input; } interface PolicyVMWorkloadProtectionPolicyRetentionMonthly { /** * The number of monthly backups to keep. Must be between `1` and `1188`. */ count: pulumi.Input; /** * The retention schedule format type for monthly retention policy. Possible values are `Daily` and `Weekly`. */ formatType: pulumi.Input; /** * The monthday backups to retain. Possible values are between `0` and `28`. */ monthdays?: pulumi.Input[]>; /** * The weekday backups to retain. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` or `Saturday`. */ weekdays?: pulumi.Input[]>; /** * The weeks of the month to retain backups of. Possible values are `First`, `Second`, `Third`, `Fourth` and `Last`. */ weeks?: pulumi.Input[]>; } interface PolicyVMWorkloadProtectionPolicyRetentionWeekly { /** * The number of weekly backups to keep. Possible values are between `1` and `5163`. */ count: pulumi.Input; /** * The weekday backups to retain. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` or `Saturday`. */ weekdays: pulumi.Input[]>; } interface PolicyVMWorkloadProtectionPolicyRetentionYearly { /** * The number of yearly backups to keep. Possible values are between `1` and `99` */ count: pulumi.Input; /** * The retention schedule format type for yearly retention policy. Possible values are `Daily` and `Weekly`. */ formatType: pulumi.Input; /** * The monthday backups to retain. Possible values are between `0` and `28`. */ monthdays?: pulumi.Input[]>; /** * The months of the year to retain backups of. Possible values are `January`, `February`, `March`, `April`, `May`, `June`, `July`, `August`, `September`, `October`, `November` and `December`. */ months: pulumi.Input[]>; /** * The weekday backups to retain. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` or `Saturday`. */ weekdays?: pulumi.Input[]>; /** * The weeks of the month to retain backups of. Possible values are `First`, `Second`, `Third`, `Fourth`, `Last`. */ weeks?: pulumi.Input[]>; } interface PolicyVMWorkloadProtectionPolicySimpleRetention { /** * The count that is used to count retention duration with duration type `Days`. Possible values are between `7` and `35`. */ count: pulumi.Input; } interface PolicyVMWorkloadSettings { /** * The compression setting for the VM Workload Backup Policy. Defaults to `false`. */ compressionEnabled?: pulumi.Input; /** * The timezone for the VM Workload Backup Policy. [The possible values are defined here](https://jackstromberg.com/2017/01/list-of-time-zones-consumed-by-azure/). */ timeZone: pulumi.Input; } } export declare namespace batch { interface AccountEncryption { /** * The full URL path to the Azure key vault key id that should be used to encrypt data, as documented [here](https://docs.microsoft.com/azure/batch/batch-customer-managed-key). Both versioned and versionless keys are supported. */ keyVaultKeyId: pulumi.Input; } interface AccountIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Batch Account. * * > **NOTE:** This is required when `type` is set to `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Batch Account. Possible values are `SystemAssigned` or `UserAssigned`. */ type: pulumi.Input; } interface AccountKeyVaultReference { /** * The Azure identifier of the Azure KeyVault to use. */ id: pulumi.Input; /** * The HTTPS URL of the Azure KeyVault to use. */ url: pulumi.Input; } interface AccountNetworkProfile { /** * An `accountAccess` block as defined below. */ accountAccess?: pulumi.Input; /** * A `nodeManagementAccess` block as defined below. * * > **NOTE:** At least one of `accountAccess` or `nodeManagementAccess` must be specified. */ nodeManagementAccess?: pulumi.Input; } interface AccountNetworkProfileAccountAccess { /** * Specifies the default action for the account access. Possible values are `Allow` and `Deny`. Defaults to `Deny`. */ defaultAction?: pulumi.Input; /** * One or more `ipRule` blocks as defined below. */ ipRules?: pulumi.Input[]>; } interface AccountNetworkProfileAccountAccessIpRule { /** * Specifies the action of the ip rule. The only possible value is `Allow`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The CIDR block from which requests will match the rule. */ ipRange: pulumi.Input; } interface AccountNetworkProfileNodeManagementAccess { /** * Specifies the default action for the node management access. Possible values are `Allow` and `Deny`. Defaults to `Deny`. */ defaultAction?: pulumi.Input; /** * One or more `ipRule` blocks as defined below. */ ipRules?: pulumi.Input[]>; } interface AccountNetworkProfileNodeManagementAccessIpRule { /** * Specifies the action of the ip rule. The only possible value is `Allow`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The CIDR block from which requests will match the rule. */ ipRange: pulumi.Input; } interface PoolAutoScale { /** * The interval to wait before evaluating if the pool needs to be scaled. Defaults to `PT15M`. */ evaluationInterval?: pulumi.Input; /** * The autoscale formula that needs to be used for scaling the Batch pool. */ formula: pulumi.Input; } interface PoolCertificate { /** * The ID of the Batch Pool. */ id: pulumi.Input; storeLocation: pulumi.Input; storeName?: pulumi.Input; visibilities?: pulumi.Input[]>; } interface PoolContainerConfiguration { /** * A list of container image names to use, as would be specified by `docker pull`. Changing this forces a new resource to be created. */ containerImageNames?: pulumi.Input[]>; /** * One or more `containerRegistries` blocks as defined below. Additional container registries from which container images can be pulled by the pool's VMs. Changing this forces a new resource to be created. */ containerRegistries?: pulumi.Input[]>; /** * The type of container configuration. Possible value is `DockerCompatible`. */ type?: pulumi.Input; } interface PoolContainerConfigurationContainerRegistry { /** * The password to log into the registry server. Changing this forces a new resource to be created. */ password?: pulumi.Input; /** * The container registry URL. Changing this forces a new resource to be created. */ registryServer: pulumi.Input; /** * The reference to the user assigned identity to use to access an Azure Container Registry instead of username and password. Changing this forces a new resource to be created. */ userAssignedIdentityId?: pulumi.Input; /** * The user name to log into the registry server. Changing this forces a new resource to be created. */ userName?: pulumi.Input; } interface PoolDataDisk { /** * Values are: "none" - The caching mode for the disk is not enabled. "readOnly" - The caching mode for the disk is read only. "readWrite" - The caching mode for the disk is read and write. For information about the caching options see: . Possible values are `None`, `ReadOnly` and `ReadWrite`. Defaults to `ReadOnly`. */ caching?: pulumi.Input; /** * The initial disk size in GB when creating new data disk. */ diskSizeGb: pulumi.Input; /** * The lun is used to uniquely identify each data disk. If attaching multiple disks, each should have a distinct lun. The value must be between 0 and 63, inclusive. */ lun: pulumi.Input; /** * The storage account type to be used for the data disk. Values are: Possible values are `Standard_LRS` - The data disk should use standard locally redundant storage. `Premium_LRS` - The data disk should use premium locally redundant storage. Defaults to `Standard_LRS`. */ storageAccountType?: pulumi.Input; } interface PoolDiskEncryption { /** * On Linux pool, only \"TemporaryDisk\" is supported; on Windows pool, \"OsDisk\" and \"TemporaryDisk\" must be specified. */ diskEncryptionTarget: pulumi.Input; } interface PoolExtension { /** * Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. */ autoUpgradeMinorVersion?: pulumi.Input; /** * Indicates whether the extension should be automatically upgraded by the platform if there is a newer version available. Supported values are `true` and `false`. * * > **Note:** When `automaticUpgradeEnabled` is set to `true`, the `typeHandlerVersion` is automatically updated by the Azure platform when a new version is available and any change in `typeHandlerVersion` should be manually ignored by user. */ automaticUpgradeEnabled?: pulumi.Input; /** * The name of the virtual machine extension. */ name: pulumi.Input; /** * JSON formatted protected settings for the extension, the value should be encoded with `jsonencode` function. The extension can contain either `protectedSettings` or `provisionAfterExtensions` or no protected settings at all. */ protectedSettings?: pulumi.Input; /** * The collection of extension names. Collection of extension names after which this extension needs to be provisioned. */ provisionAfterExtensions?: pulumi.Input[]>; /** * The name of the extension handler publisher.The name of the extension handler publisher. */ publisher: pulumi.Input; /** * JSON formatted public settings for the extension, the value should be encoded with `jsonencode` function. */ settingsJson?: pulumi.Input; /** * The type of the extensions. */ type: pulumi.Input; /** * The version of script handler. */ typeHandlerVersion?: pulumi.Input; } interface PoolFixedScale { /** * It determines what to do with a node and its running task(s) if the pool size is decreasing. Values are `Requeue`, `RetainedData`, `TaskCompletion` and `Terminate`. */ nodeDeallocationMethod?: pulumi.Input; /** * The timeout for resize operations. Defaults to `PT15M`. */ resizeTimeout?: pulumi.Input; /** * The number of nodes in the Batch pool. Defaults to `1`. */ targetDedicatedNodes?: pulumi.Input; /** * The number of low priority nodes in the Batch pool. Defaults to `0`. */ targetLowPriorityNodes?: pulumi.Input; } interface PoolIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Batch Account. */ identityIds: pulumi.Input[]>; /** * Specifies the type of Managed Service Identity that should be configured on this Batch Account. Only possible value is `UserAssigned`. */ type: pulumi.Input; } interface PoolMount { /** * A `azureBlobFileSystem` block defined as below. */ azureBlobFileSystem?: pulumi.Input; /** * A `azureFileShare` block defined as below. */ azureFileShares?: pulumi.Input[]>; /** * A `cifsMount` block defined as below. */ cifsMounts?: pulumi.Input[]>; /** * A `nfsMount` block defined as below. */ nfsMounts?: pulumi.Input[]>; } interface PoolMountAzureBlobFileSystem { /** * The Azure Storage Account key. This property is mutually exclusive with both `sasKey` and `identityId`; exactly one must be specified. */ accountKey?: pulumi.Input; /** * The Azure Storage Account name. */ accountName: pulumi.Input; /** * Additional command line options to pass to the mount command. These are 'net use' options in Windows and 'mount' options in Linux. */ blobfuseOptions?: pulumi.Input; /** * The Azure Blob Storage Container name. */ containerName: pulumi.Input; /** * The ARM resource id of the user assigned identity. This property is mutually exclusive with both `accountKey` and `sasKey`; exactly one must be specified. */ identityId?: pulumi.Input; /** * The relative path on compute node where the file system will be mounted All file systems are mounted relative to the Batch mounts directory, accessible via the `AZ_BATCH_NODE_MOUNTS_DIR` environment variable. */ relativeMountPath: pulumi.Input; /** * The Azure Storage SAS token. This property is mutually exclusive with both `accountKey` and `identityId`; exactly one must be specified. */ sasKey?: pulumi.Input; } interface PoolMountAzureFileShare { /** * The Azure Storage Account key. */ accountKey: pulumi.Input; /** * The Azure Storage Account name. */ accountName: pulumi.Input; /** * The Azure Files URL. This is of the form 'https://{account}.file.core.windows.net/'. */ azureFileUrl: pulumi.Input; /** * Additional command line options to pass to the mount command. These are 'net use' options in Windows and 'mount' options in Linux. */ mountOptions?: pulumi.Input; /** * The relative path on compute node where the file system will be mounted All file systems are mounted relative to the Batch mounts directory, accessible via the `AZ_BATCH_NODE_MOUNTS_DIR` environment variable. */ relativeMountPath: pulumi.Input; } interface PoolMountCifsMount { /** * Additional command line options to pass to the mount command. These are 'net use' options in Windows and 'mount' options in Linux. */ mountOptions?: pulumi.Input; /** * The password to use for authentication against the CIFS file system. */ password: pulumi.Input; /** * The relative path on compute node where the file system will be mounted All file systems are mounted relative to the Batch mounts directory, accessible via the `AZ_BATCH_NODE_MOUNTS_DIR` environment variable. */ relativeMountPath: pulumi.Input; /** * The URI of the file system to mount. */ source: pulumi.Input; /** * The user to use for authentication against the CIFS file system. */ userName: pulumi.Input; } interface PoolMountNfsMount { /** * Additional command line options to pass to the mount command. These are 'net use' options in Windows and 'mount' options in Linux. */ mountOptions?: pulumi.Input; /** * The relative path on compute node where the file system will be mounted All file systems are mounted relative to the Batch mounts directory, accessible via the `AZ_BATCH_NODE_MOUNTS_DIR` environment variable. */ relativeMountPath: pulumi.Input; /** * The URI of the file system to mount. */ source: pulumi.Input; } interface PoolNetworkConfiguration { /** * Whether to enable accelerated networking. Possible values are `true` and `false`. Defaults to `false`. Changing this forces a new resource to be created. */ acceleratedNetworkingEnabled?: pulumi.Input; /** * The scope of dynamic vnet assignment. Allowed values: `none`, `job`. Changing this forces a new resource to be created. Defaults to `none`. */ dynamicVnetAssignmentScope?: pulumi.Input; /** * A list of `endpointConfiguration` blocks that can be used to address specific ports on an individual compute node externally as defined below. Set as documented in the inboundNatPools block below. Changing this forces a new resource to be created. */ endpointConfigurations?: pulumi.Input[]>; /** * Type of public IP address provisioning. Supported values are `BatchManaged`, `UserManaged` and `NoPublicIPAddresses`. */ publicAddressProvisioningType?: pulumi.Input; /** * A list of public IP ids that will be allocated to nodes. Changing this forces a new resource to be created. */ publicIps?: pulumi.Input[]>; /** * The ARM resource identifier of the virtual network subnet which the compute nodes of the pool will join. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; } interface PoolNetworkConfigurationEndpointConfiguration { /** * The port number on the compute node. Acceptable values are between `1` and `65535` except for `29876`, `29877` as these are reserved. Changing this forces a new resource to be created. */ backendPort: pulumi.Input; /** * The range of external ports that will be used to provide inbound access to the backendPort on individual compute nodes in the format of `1000-1100`. Acceptable values range between `1` and `65534` except ports from `50000` to `55000` which are reserved by the Batch service. All ranges within a pool must be distinct and cannot overlap. Values must be a range of at least `100` nodes. Changing this forces a new resource to be created. */ frontendPortRange: pulumi.Input; /** * The name of the endpoint. The name must be unique within a Batch pool, can contain letters, numbers, underscores, periods, and hyphens. Names must start with a letter or number, must end with a letter, number, or underscore, and cannot exceed 77 characters. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * A list of `networkSecurityGroupRules` blocks as defined below that will be applied to the endpoint. The maximum number of rules that can be specified across all the endpoints on a Batch pool is `25`. If no network security group rules are specified, a default rule will be created to allow inbound access to the specified backendPort. Set as documented in the networkSecurityGroupRules block below. Changing this forces a new resource to be created. */ networkSecurityGroupRules?: pulumi.Input[]>; /** * The protocol of the endpoint. Acceptable values are `TCP` and `UDP`. Changing this forces a new resource to be created. */ protocol: pulumi.Input; } interface PoolNetworkConfigurationEndpointConfigurationNetworkSecurityGroupRule { /** * The action that should be taken for a specified IP address, subnet range or tag. Acceptable values are `Allow` and `Deny`. Changing this forces a new resource to be created. */ access: pulumi.Input; /** * The priority for this rule. The value must be at least `150`. Changing this forces a new resource to be created. */ priority: pulumi.Input; /** * The source address prefix or tag to match for the rule. Changing this forces a new resource to be created. */ sourceAddressPrefix: pulumi.Input; /** * The source port ranges to match for the rule. Valid values are `*` (for all ports 0 - 65535) or arrays of ports or port ranges (i.e. `100-200`). The ports should in the range of 0 to 65535 and the port ranges or ports can't overlap. If any other values are provided the request fails with HTTP status code 400. Default value will be `*`. Changing this forces a new resource to be created. */ sourcePortRanges?: pulumi.Input[]>; } interface PoolNodePlacement { /** * The placement policy for allocating nodes in the pool. Values are: "Regional": All nodes in the pool will be allocated in the same region; "Zonal": Nodes in the pool will be spread across different zones with the best effort balancing. Defaults to `Regional`. */ policy?: pulumi.Input; } interface PoolSecurityProfile { /** * Whether to enable host encryption for the Virtual Machine or Virtual Machine Scale Set. This will enable the encryption for all the disks including Resource/Temp disk at host itself. Possible values are `true` and `false`. Changing this forces a new resource to be created. */ hostEncryptionEnabled?: pulumi.Input; /** * Whether to enable secure boot for the Virtual Machine or Virtual Machine Scale Set. Possible values are `true` and `false`. Changing this forces a new resource to be created. */ secureBootEnabled?: pulumi.Input; /** * The security type of the Virtual Machine. Possible values are `confidentialVM` and `trustedLaunch`. Changing this forces a new resource to be created. */ securityType?: pulumi.Input; /** * Whether to enable virtual trusted platform module (vTPM) for the Virtual Machine or Virtual Machine Scale Set. Possible values are `true` and `false`. Changing this forces a new resource to be created. * * > **Note:** `securityProfile` block can only be specified during creation and does not support updates. * * > **Note:** `securityType` must be specified to set UEFI related properties including `secureBootEnabled` and `vtpmEnabled`. */ vtpmEnabled?: pulumi.Input; } interface PoolStartTask { /** * The command line executed by the start task. */ commandLine: pulumi.Input; /** * A map of strings (key,value) that represents the environment variables to set in the start task. */ commonEnvironmentProperties?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * A `container` block is the settings for the container under which the start task runs as defined below. When this is specified, all directories recursively below the `AZ_BATCH_NODE_ROOT_DIR` (the root of Azure Batch directories on the node) are mapped into the container, all task environment variables are mapped into the container, and the task command line is executed in the container. */ containers?: pulumi.Input[]>; /** * One or more `resourceFile` blocks that describe the files to be downloaded to a compute node as defined below. */ resourceFiles?: pulumi.Input[]>; /** * The number of retry count. If this is set to `0`, the Batch service does not retry Tasks. If this is set to `-1`, the Batch service retries Batch Tasks without limit. */ taskRetryMaximum?: pulumi.Input; /** * A `userIdentity` block that describes the user identity under which the start task runs as defined below. */ userIdentity: pulumi.Input; /** * A flag that indicates if the Batch pool should wait for the start task to be completed. Default to `false`. */ waitForSuccess?: pulumi.Input; } interface PoolStartTaskContainer { /** * The image to use to create the container in which the task will run. This is the full image reference, as would be specified to "docker pull". If no tag is provided as part of the image name, the tag ":latest" is used as a default. */ imageName: pulumi.Input; /** * The `containerRegistries` block defined as below. */ registries?: pulumi.Input[]>; /** * Additional options to the container create command. These additional options are supplied as arguments to the "docker create" command, in addition to those controlled by the Batch Service. */ runOptions?: pulumi.Input; /** * A flag to indicate where the container task working directory is. Possible values are `TaskWorkingDirectory` and `ContainerImageDefault`. */ workingDirectory?: pulumi.Input; } interface PoolStartTaskContainerRegistry { password?: pulumi.Input; /** * The container registry URL. Changing this forces a new resource to be created. */ registryServer: pulumi.Input; /** * The User Assigned Identity to use for Container Registry access. */ userAssignedIdentityId?: pulumi.Input; userName?: pulumi.Input; } interface PoolStartTaskResourceFile { /** * The storage container name in the auto storage account. */ autoStorageContainerName?: pulumi.Input; /** * The blob prefix to use when downloading blobs from an Azure Storage container. Only the blobs whose names begin with the specified prefix will be downloaded. The property is valid only when `autoStorageContainerName` or `storageContainerUrl` is used. This prefix can be a partial filename or a subdirectory. If a prefix is not specified, all the files in the container will be downloaded. */ blobPrefix?: pulumi.Input; /** * The file permission mode represented as a string in octal format (e.g. `"0644"`). This property applies only to files being downloaded to Linux compute nodes. It will be ignored if it is specified for a `resourceFile` which will be downloaded to a Windows node. If this property is not specified for a Linux node, then a default value of 0770 is applied to the file. */ fileMode?: pulumi.Input; /** * The location on the compute node to which to download the file, relative to the task's working directory. If the `httpUrl` property is specified, the `filePath` is required and describes the path which the file will be downloaded to, including the filename. Otherwise, if the `autoStorageContainerName` or `storageContainerUrl` property is specified, `filePath` is optional and is the directory to download the files to. In the case where `filePath` is used as a directory, any directory structure already associated with the input data will be retained in full and appended to the specified filePath directory. The specified relative path cannot break out of the task's working directory (for example by using '..'). */ filePath?: pulumi.Input; /** * The URL of the file to download. If the URL is Azure Blob Storage, it must be readable using anonymous access; that is, the Batch service does not present any credentials when downloading the blob. There are two ways to get such a URL for a blob in Azure storage: include a Shared Access Signature (SAS) granting read permissions on the blob, or set the ACL for the blob or its container to allow public access. */ httpUrl?: pulumi.Input; /** * The URL of the blob container within Azure Blob Storage. This URL must be readable and listable using anonymous access; that is, the Batch service does not present any credentials when downloading the blob. There are two ways to get such a URL for a blob in Azure storage: include a Shared Access Signature (SAS) granting read and list permissions on the blob, or set the ACL for the blob or its container to allow public access. */ storageContainerUrl?: pulumi.Input; /** * An identity reference from pool's user assigned managed identity list. * * > **Note:** Exactly one of `autoStorageContainerName`, `storageContainerUrl` and `autoUser` must be specified. */ userAssignedIdentityId?: pulumi.Input; } interface PoolStartTaskUserIdentity { /** * A `autoUser` block that describes the user identity under which the start task runs as defined below. * * > **Note:** `userName` and `autoUser` blocks cannot be used both at the same time, but you need to define one or the other. */ autoUser?: pulumi.Input; /** * The username to be used by the Batch pool start task. */ userName?: pulumi.Input; } interface PoolStartTaskUserIdentityAutoUser { /** * The elevation level of the user identity under which the start task runs. Possible values are `Admin` or `NonAdmin`. Defaults to `NonAdmin`. */ elevationLevel?: pulumi.Input; /** * The scope of the user identity under which the start task runs. Possible values are `Task` or `Pool`. Defaults to `Task`. */ scope?: pulumi.Input; } interface PoolStorageImageReference { /** * Specifies the ID of the Custom Image which the virtual machines should be created from. Changing this forces a new resource to be created. See [official documentation](https://docs.microsoft.com/azure/batch/batch-custom-images) for more details. */ id?: pulumi.Input; /** * Specifies the offer of the image used to create the virtual machines. Changing this forces a new resource to be created. */ offer?: pulumi.Input; /** * Specifies the publisher of the image used to create the virtual machines. Changing this forces a new resource to be created. */ publisher?: pulumi.Input; /** * Specifies the SKU of the image used to create the virtual machines. Changing this forces a new resource to be created. */ sku?: pulumi.Input; /** * Specifies the version of the image used to create the virtual machines. Changing this forces a new resource to be created. * * To provision a Custom Image, the following fields are applicable: */ version?: pulumi.Input; } interface PoolTaskSchedulingPolicy { /** * Supported values are "Pack" and "Spread". "Pack" means as many tasks as possible (taskSlotsPerNode) should be assigned to each node in the pool before any tasks are assigned to the next node in the pool. "Spread" means that tasks should be assigned evenly across all nodes in the pool. */ nodeFillType?: pulumi.Input; } interface PoolUserAccount { /** * The elevation level of the user account. "NonAdmin" - The auto user is a standard user without elevated access. "Admin" - The auto user is a user with elevated access and operates with full Administrator permissions. The default value is nonAdmin. */ elevationLevel: pulumi.Input; /** * The `linuxUserConfiguration` block defined below is a linux-specific user configuration for the user account. This property is ignored if specified on a Windows pool. If not specified, the user is created with the default options. */ linuxUserConfigurations?: pulumi.Input[]>; /** * The name of the user account. */ name: pulumi.Input; /** * The password for the user account. */ password: pulumi.Input; /** * The `windowsUserConfiguration` block defined below is a windows-specific user configuration for the user account. This property can only be specified if the user is on a Windows pool. If not specified and on a Windows pool, the user is created with the default options. */ windowsUserConfigurations?: pulumi.Input[]>; } interface PoolUserAccountLinuxUserConfiguration { /** * The user ID of the user account. The `uid` and `gid` properties must be specified together or not at all. If not specified the underlying operating system picks the uid. */ gid?: pulumi.Input; /** * The SSH private key for the user account. The private key must not be password protected. The private key is used to automatically configure asymmetric-key based authentication for SSH between nodes in a Linux pool when the pool's enableInterNodeCommunication property is true (it is ignored if enableInterNodeCommunication is false). It does this by placing the key pair into the user's .ssh directory. If not specified, password-less SSH is not configured between nodes (no modification of the user's .ssh directory is done). */ sshPrivateKey?: pulumi.Input; /** * The group ID for the user account. The `uid` and `gid` properties must be specified together or not at all. If not specified the underlying operating system picks the gid. */ uid?: pulumi.Input; } interface PoolUserAccountWindowsUserConfiguration { /** * Specifies login mode for the user. The default value for VirtualMachineConfiguration pools is interactive mode and for CloudServiceConfiguration pools is batch mode. Values supported are "Batch" and "Interactive". */ loginMode: pulumi.Input; } interface PoolWindow { /** * Whether automatic updates are enabled on the virtual machine. Defaults to `true`. */ enableAutomaticUpdates?: pulumi.Input; } } export declare namespace billing { interface AccountCostManagementExportExportDataOptions { /** * The time frame for pulling data for the query. If custom, then a specific time period must be provided. Possible values include: `WeekToDate`, `MonthToDate`, `BillingMonthToDate`, `TheLast7Days`, `TheLastMonth`, `TheLastBillingMonth`, `Custom`. */ timeFrame: pulumi.Input; /** * The type of the query. Possible values are `ActualCost`, `AmortizedCost` and `Usage`. */ type: pulumi.Input; } interface AccountCostManagementExportExportDataStorageLocation { /** * The Resource Manager ID of the container where exports will be uploaded. Changing this forces a new resource to be created. */ containerId: pulumi.Input; /** * The path of the directory where exports will be uploaded. Changing this forces a new resource to be created. * * > **Note:** The Resource Manager ID of a Storage Container is exposed via the `resourceManagerId` attribute of the `azure.storage.Container` resource. */ rootFolderPath: pulumi.Input; } } export declare namespace blueprint { interface AssignmentIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Blueprint. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Blueprint. Possible values are `SystemAssigned` and `UserAssigned`. */ type: pulumi.Input; } } export declare namespace bot { interface ChannelDirectLineSite { /** * Enables/Disables this site. Defaults to `true`. */ enabled?: pulumi.Input; /** * Is the endpoint parameters enabled for this site? */ endpointParametersEnabled?: pulumi.Input; /** * Enables additional security measures for this site, see [Enhanced Directline Authentication Features](https://blog.botframework.com/2018/09/25/enhanced-direct-line-authentication-features). Disabled by default. */ enhancedAuthenticationEnabled?: pulumi.Input; /** * Id for the site */ id?: pulumi.Input; /** * Primary key for accessing this site */ key?: pulumi.Input; /** * Secondary key for accessing this site */ key2?: pulumi.Input; /** * The name of the site */ name: pulumi.Input; /** * Is the storage site enabled for detailed logging? Defaults to `true`. */ storageEnabled?: pulumi.Input; /** * This field is required when `isSecureSiteEnabled` is enabled. Determines which origins can establish a Directline conversation for this site. */ trustedOrigins?: pulumi.Input[]>; /** * Is the user upload enabled for this site? Defaults to `true`. */ userUploadEnabled?: pulumi.Input; /** * Enables v1 of the Directline protocol for this site. Defaults to `true`. */ v1Allowed?: pulumi.Input; /** * Enables v3 of the Directline protocol for this site. Defaults to `true`. */ v3Allowed?: pulumi.Input; } interface ChannelFacebookPage { /** * The Facebook Page Access Token for the Facebook Channel. */ accessToken: pulumi.Input; /** * The Facebook Page ID for the Facebook Channel. */ id: pulumi.Input; } interface ChannelLineLineChannel { /** * The access token which is used to call the Line Channel API. */ accessToken: pulumi.Input; /** * The secret which is used to access the Line Channel. */ secret: pulumi.Input; } interface ChannelWebChatSite { /** * Is the endpoint parameters enabled for this site? */ endpointParametersEnabled?: pulumi.Input; /** * The name of the site. */ name: pulumi.Input; /** * Is the storage site enabled for detailed logging? Defaults to `true`. */ storageEnabled?: pulumi.Input; /** * Is the user upload enabled for this site? Defaults to `true`. */ userUploadEnabled?: pulumi.Input; } } export declare namespace cdn { interface EndpointCustomDomainCdnManagedHttps { /** * The type of HTTPS certificate. Possible values are `Shared` and `Dedicated`. */ certificateType: pulumi.Input; /** * The type of protocol. Possible values are `ServerNameIndication` and `IPBased`. */ protocolType: pulumi.Input; /** * The minimum TLS protocol version that is used for HTTPS. Possible values are `TLS10` (representing TLS 1.0/1.1), `TLS12` (representing TLS 1.2) and `None` (representing no minimums). Defaults to `TLS12`. * * > **Note:** Azure Services will require TLS 1.2+ by August 2025, please see this [announcement](https://azure.microsoft.com/en-us/updates/v2/update-retirement-tls1-0-tls1-1-versions-azure-services/) for more. */ tlsVersion?: pulumi.Input; } interface EndpointCustomDomainUserManagedHttps { /** * The ID of the Key Vault Secret that contains the HTTPS certificate. */ keyVaultSecretId: pulumi.Input; /** * The minimum TLS protocol version that is used for HTTPS. Possible values are `TLS10` (representing TLS 1.0/1.1), `TLS12` (representing TLS 1.2) and `None` (representing no minimums). Defaults to `TLS12`. * * > **Note:** Azure Services will require TLS 1.2+ by August 2025, please see this [announcement](https://azure.microsoft.com/en-us/updates/v2/update-retirement-tls1-0-tls1-1-versions-azure-services/) for more. */ tlsVersion?: pulumi.Input; } interface EndpointDeliveryRule { /** * A `cacheExpirationAction` block as defined above. */ cacheExpirationAction?: pulumi.Input; /** * A `cacheKeyQueryStringAction` block as defined above. */ cacheKeyQueryStringAction?: pulumi.Input; /** * A `cookiesCondition` block as defined above. */ cookiesConditions?: pulumi.Input[]>; /** * A `deviceCondition` block as defined below. */ deviceCondition?: pulumi.Input; /** * A `httpVersionCondition` block as defined below. */ httpVersionConditions?: pulumi.Input[]>; /** * A `modifyRequestHeaderAction` block as defined below. */ modifyRequestHeaderActions?: pulumi.Input[]>; /** * A `modifyResponseHeaderAction` block as defined below. */ modifyResponseHeaderActions?: pulumi.Input[]>; /** * The Name which should be used for this Delivery Rule. */ name: pulumi.Input; /** * The order used for this rule. The order values should be sequential and begin at `1`. */ order: pulumi.Input; /** * A `postArgCondition` block as defined below. */ postArgConditions?: pulumi.Input[]>; /** * A `queryStringCondition` block as defined below. */ queryStringConditions?: pulumi.Input[]>; /** * A `remoteAddressCondition` block as defined below. */ remoteAddressConditions?: pulumi.Input[]>; /** * A `requestBodyCondition` block as defined below. */ requestBodyConditions?: pulumi.Input[]>; /** * A `requestHeaderCondition` block as defined below. */ requestHeaderConditions?: pulumi.Input[]>; /** * A `requestMethodCondition` block as defined below. */ requestMethodCondition?: pulumi.Input; /** * A `requestSchemeCondition` block as defined below. */ requestSchemeCondition?: pulumi.Input; /** * A `requestUriCondition` block as defined below. */ requestUriConditions?: pulumi.Input[]>; /** * A `urlFileExtensionCondition` block as defined below. */ urlFileExtensionConditions?: pulumi.Input[]>; /** * A `urlFileNameCondition` block as defined below. */ urlFileNameConditions?: pulumi.Input[]>; /** * A `urlPathCondition` block as defined below. */ urlPathConditions?: pulumi.Input[]>; /** * A `urlRedirectAction` block as defined below. */ urlRedirectAction?: pulumi.Input; /** * A `urlRewriteAction` block as defined below. */ urlRewriteAction?: pulumi.Input; } interface EndpointDeliveryRuleCacheExpirationAction { /** * The behavior of the cache. Valid values are `BypassCache`, `Override` and `SetIfMissing`. */ behavior: pulumi.Input; /** * Duration of the cache. Only allowed when `behavior` is set to `Override` or `SetIfMissing`. Format: `[d.]hh:mm:ss` */ duration?: pulumi.Input; } interface EndpointDeliveryRuleCacheKeyQueryStringAction { /** * The behavior of the cache key for query strings. Valid values are `Exclude`, `ExcludeAll`, `Include` and `IncludeAll`. */ behavior: pulumi.Input; /** * Comma separated list of parameter values. */ parameters?: pulumi.Input; } interface EndpointDeliveryRuleCookiesCondition { /** * List of values for the cookie. This is required if `operator` is not `Any`. */ matchValues?: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Any`, `BeginsWith`, `Contains`, `EndsWith`, `Equal`, `GreaterThan`, `GreaterThanOrEqual`, `LessThan` and `LessThanOrEqual`. */ operator: pulumi.Input; /** * Name of the cookie. */ selector: pulumi.Input; /** * A list of transforms. Valid values are `Lowercase` and `Uppercase`. */ transforms?: pulumi.Input[]>; } interface EndpointDeliveryRuleDeviceCondition { /** * Valid values are `Desktop` and `Mobile`. */ matchValues: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Equal`. Defaults to `Equal`. */ operator?: pulumi.Input; } interface EndpointDeliveryRuleHttpVersionCondition { /** * Valid values are `0.9`, `1.0`, `1.1` and `2.0`. */ matchValues: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Equal`. Defaults to `Equal`. */ operator?: pulumi.Input; } interface EndpointDeliveryRuleModifyRequestHeaderAction { /** * Action to be executed on a header value. Valid values are `Append`, `Delete` and `Overwrite`. */ action: pulumi.Input; /** * The header name. */ name: pulumi.Input; /** * The value of the header. Only needed when `action` is set to `Append` or `overwrite`. */ value?: pulumi.Input; } interface EndpointDeliveryRuleModifyResponseHeaderAction { /** * Action to be executed on a header value. Valid values are `Append`, `Delete` and `Overwrite`. */ action: pulumi.Input; /** * The header name. */ name: pulumi.Input; /** * The value of the header. Only needed when `action` is set to `Append` or `overwrite`. */ value?: pulumi.Input; } interface EndpointDeliveryRulePostArgCondition { /** * List of string values. This is required if `operator` is not `Any`. */ matchValues?: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Any`, `BeginsWith`, `Contains`, `EndsWith`, `Equal`, `GreaterThan`, `GreaterThanOrEqual`, `LessThan` and `LessThanOrEqual`. */ operator: pulumi.Input; /** * Name of the post arg. */ selector: pulumi.Input; /** * A list of transforms. Valid values are `Lowercase` and `Uppercase`. */ transforms?: pulumi.Input[]>; } interface EndpointDeliveryRuleQueryStringCondition { /** * List of string values. This is required if `operator` is not `Any`. */ matchValues?: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Any`, `BeginsWith`, `Contains`, `EndsWith`, `Equal`, `GreaterThan`, `GreaterThanOrEqual`, `LessThan` and `LessThanOrEqual`. */ operator: pulumi.Input; /** * A list of transforms. Valid values are `Lowercase` and `Uppercase`. */ transforms?: pulumi.Input[]>; } interface EndpointDeliveryRuleRemoteAddressCondition { /** * List of string values. For `GeoMatch` `operator` this should be a list of country codes (e.g. `US` or `DE`). List of IP address if `operator` equals to `IPMatch`. This is required if `operator` is not `Any`. */ matchValues?: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Any`, `GeoMatch` and `IPMatch`. */ operator: pulumi.Input; } interface EndpointDeliveryRuleRequestBodyCondition { /** * List of string values. This is required if `operator` is not `Any`. */ matchValues?: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Any`, `BeginsWith`, `Contains`, `EndsWith`, `Equal`, `GreaterThan`, `GreaterThanOrEqual`, `LessThan` and `LessThanOrEqual`. */ operator: pulumi.Input; /** * A list of transforms. Valid values are `Lowercase` and `Uppercase`. */ transforms?: pulumi.Input[]>; } interface EndpointDeliveryRuleRequestHeaderCondition { /** * List of header values. This is required if `operator` is not `Any`. */ matchValues?: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Any`, `BeginsWith`, `Contains`, `EndsWith`, `Equal`, `GreaterThan`, `GreaterThanOrEqual`, `LessThan` and `LessThanOrEqual`. */ operator: pulumi.Input; /** * Header name. */ selector: pulumi.Input; /** * A list of transforms. Valid values are `Lowercase` and `Uppercase`. */ transforms?: pulumi.Input[]>; } interface EndpointDeliveryRuleRequestMethodCondition { /** * Valid values are `DELETE`, `GET`, `HEAD`, `OPTIONS`, `POST` and `PUT`. */ matchValues: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Equal`. Defaults to `Equal`. */ operator?: pulumi.Input; } interface EndpointDeliveryRuleRequestSchemeCondition { /** * Valid values are `HTTP` and `HTTPS`. */ matchValues: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Equal`. Defaults to `Equal`. */ operator?: pulumi.Input; } interface EndpointDeliveryRuleRequestUriCondition { /** * List of string values. This is required if `operator` is not `Any`. */ matchValues?: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Any`, `BeginsWith`, `Contains`, `EndsWith`, `Equal`, `GreaterThan`, `GreaterThanOrEqual`, `LessThan` and `LessThanOrEqual`. */ operator: pulumi.Input; /** * A list of transforms. Valid values are `Lowercase` and `Uppercase`. */ transforms?: pulumi.Input[]>; } interface EndpointDeliveryRuleUrlFileExtensionCondition { /** * List of string values. This is required if `operator` is not `Any`. */ matchValues?: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Any`, `BeginsWith`, `Contains`, `EndsWith`, `Equal`, `GreaterThan`, `GreaterThanOrEqual`, `LessThan` and `LessThanOrEqual`. */ operator: pulumi.Input; /** * A list of transforms. Valid values are `Lowercase` and `Uppercase`. */ transforms?: pulumi.Input[]>; } interface EndpointDeliveryRuleUrlFileNameCondition { /** * List of string values. This is required if `operator` is not `Any`. */ matchValues?: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Any`, `BeginsWith`, `Contains`, `EndsWith`, `Equal`, `GreaterThan`, `GreaterThanOrEqual`, `LessThan` and `LessThanOrEqual`. */ operator: pulumi.Input; /** * A list of transforms. Valid values are `Lowercase` and `Uppercase`. */ transforms?: pulumi.Input[]>; } interface EndpointDeliveryRuleUrlPathCondition { /** * List of string values. This is required if `operator` is not `Any`. */ matchValues?: pulumi.Input[]>; /** * Defaults to `false`. */ negateCondition?: pulumi.Input; /** * Valid values are `Any`, `BeginsWith`, `Contains`, `EndsWith`, `Equal`, `GreaterThan`, `GreaterThanOrEqual`, `LessThan`, `LessThanOrEqual`, `RegEx` and `Wildcard`. */ operator: pulumi.Input; /** * A list of transforms. Valid values are `Lowercase` and `Uppercase`. */ transforms?: pulumi.Input[]>; } interface EndpointDeliveryRuleUrlRedirectAction { /** * Specifies the fragment part of the URL. This value must not start with a `#`. */ fragment?: pulumi.Input; /** * Specifies the hostname part of the URL. */ hostname?: pulumi.Input; /** * Specifies the path part of the URL. This value must begin with a `/`. */ path?: pulumi.Input; /** * Specifies the protocol part of the URL. Valid values are `MatchRequest`, `Http` and `Https`. Defaults to `MatchRequest`. */ protocol?: pulumi.Input; /** * Specifies the query string part of the URL. This value must not start with a `?` or `&` and must be in `=` format separated by `&`. */ queryString?: pulumi.Input; /** * Type of the redirect. Valid values are `Found`, `Moved`, `PermanentRedirect` and `TemporaryRedirect`. */ redirectType: pulumi.Input; } interface EndpointDeliveryRuleUrlRewriteAction { /** * This value must start with a `/` and can't be longer than 260 characters. */ destination: pulumi.Input; /** * Whether preserve an unmatched path. Defaults to `true`. */ preserveUnmatchedPath?: pulumi.Input; /** * This value must start with a `/` and can't be longer than 260 characters. */ sourcePattern: pulumi.Input; } interface EndpointGeoFilter { /** * The Action of the Geo Filter. Possible values include `Allow` and `Block`. */ action: pulumi.Input; /** * A List of two letter country codes (e.g. `US`, `GB`) to be associated with this Geo Filter. */ countryCodes: pulumi.Input[]>; /** * The relative path applicable to geo filter. */ relativePath: pulumi.Input; } interface EndpointGlobalDeliveryRule { /** * A `cacheExpirationAction` block as defined above. */ cacheExpirationAction?: pulumi.Input; /** * A `cacheKeyQueryStringAction` block as defined above. */ cacheKeyQueryStringAction?: pulumi.Input; /** * A `modifyRequestHeaderAction` block as defined below. */ modifyRequestHeaderActions?: pulumi.Input[]>; /** * A `modifyResponseHeaderAction` block as defined below. */ modifyResponseHeaderActions?: pulumi.Input[]>; /** * A `urlRedirectAction` block as defined below. */ urlRedirectAction?: pulumi.Input; /** * A `urlRewriteAction` block as defined below. */ urlRewriteAction?: pulumi.Input; } interface EndpointGlobalDeliveryRuleCacheExpirationAction { /** * The behavior of the cache. Valid values are `BypassCache`, `Override` and `SetIfMissing`. */ behavior: pulumi.Input; /** * Duration of the cache. Only allowed when `behavior` is set to `Override` or `SetIfMissing`. Format: `[d.]hh:mm:ss` */ duration?: pulumi.Input; } interface EndpointGlobalDeliveryRuleCacheKeyQueryStringAction { /** * The behavior of the cache key for query strings. Valid values are `Exclude`, `ExcludeAll`, `Include` and `IncludeAll`. */ behavior: pulumi.Input; /** * Comma separated list of parameter values. */ parameters?: pulumi.Input; } interface EndpointGlobalDeliveryRuleModifyRequestHeaderAction { /** * Action to be executed on a header value. Valid values are `Append`, `Delete` and `Overwrite`. */ action: pulumi.Input; /** * The header name. */ name: pulumi.Input; /** * The value of the header. Only needed when `action` is set to `Append` or `overwrite`. */ value?: pulumi.Input; } interface EndpointGlobalDeliveryRuleModifyResponseHeaderAction { /** * Action to be executed on a header value. Valid values are `Append`, `Delete` and `Overwrite`. */ action: pulumi.Input; /** * The header name. */ name: pulumi.Input; /** * The value of the header. Only needed when `action` is set to `Append` or `overwrite`. */ value?: pulumi.Input; } interface EndpointGlobalDeliveryRuleUrlRedirectAction { /** * Specifies the fragment part of the URL. This value must not start with a `#`. */ fragment?: pulumi.Input; /** * Specifies the hostname part of the URL. */ hostname?: pulumi.Input; /** * Specifies the path part of the URL. This value must begin with a `/`. */ path?: pulumi.Input; /** * Specifies the protocol part of the URL. Valid values are `MatchRequest`, `Http` and `Https`. Defaults to `MatchRequest`. */ protocol?: pulumi.Input; /** * Specifies the query string part of the URL. This value must not start with a `?` or `&` and must be in `=` format separated by `&`. */ queryString?: pulumi.Input; /** * Type of the redirect. Valid values are `Found`, `Moved`, `PermanentRedirect` and `TemporaryRedirect`. */ redirectType: pulumi.Input; } interface EndpointGlobalDeliveryRuleUrlRewriteAction { /** * This value must start with a `/` and can't be longer than 260 characters. */ destination: pulumi.Input; /** * Whether preserve an unmatched path. Defaults to `true`. */ preserveUnmatchedPath?: pulumi.Input; /** * This value must start with a `/` and can't be longer than 260 characters. */ sourcePattern: pulumi.Input; } interface EndpointOrigin { /** * A string that determines the hostname/IP address of the origin server. This string can be a domain name, Storage Account endpoint, Web App endpoint, IPv4 address or IPv6 address. Changing this forces a new resource to be created. */ hostName: pulumi.Input; /** * The HTTP port of the origin. Defaults to `80`. Changing this forces a new resource to be created. */ httpPort?: pulumi.Input; /** * The HTTPS port of the origin. Defaults to `443`. Changing this forces a new resource to be created. */ httpsPort?: pulumi.Input; /** * The name of the origin. This is an arbitrary value. However, this value needs to be unique under the endpoint. Changing this forces a new resource to be created. */ name: pulumi.Input; } interface FrontdoorCustomDomainTls { /** * Resource ID of the Front Door Secret. */ cdnFrontdoorSecretId?: pulumi.Input; /** * Defines the source of the SSL certificate. Possible values include `CustomerCertificate` and `ManagedCertificate`. Defaults to `ManagedCertificate`. * * > **Note:** It may take up to 15 minutes for the Front Door Service to validate the state and Domain ownership of the Custom Domain. */ certificateType?: pulumi.Input; /** * TLS protocol version that will be used for Https. Possible values are `TLS12`. Defaults to `TLS12`. * * > **Note:** On March 1, 2025, support for Transport Layer Security (TLS) 1.0 and 1.1 will be retired for Azure Front Door, all connections to Azure Front Door must employ `TLS 1.2` or later, please see the product [announcement](https://azure.microsoft.com/en-us/updates/v2/update-retirement-tls1-0-tls1-1-versions-azure-services/) for more details. * * @deprecated As of March 1, 2025, support for 'TLS10' will be retired from Azure Front Door, therefore the 'TLS10' property value will be removed in v5.0 of the provider. */ minimumTlsVersion?: pulumi.Input; } interface FrontdoorFirewallPolicyCustomRule { /** * The action to perform when the rule is matched. Possible values are `Allow`, `Block`, `Log`, `Redirect`, `JSChallenge`, or `CAPTCHA`. * * !> **Note:** Setting the `action` field to `JSChallenge` or `CAPTCHA` is currently in **PREVIEW**. Please see the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. */ action: pulumi.Input; /** * Is the rule is enabled or disabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * One or more `matchCondition` block defined below. Can support up to `10` `matchCondition` blocks. */ matchConditions?: pulumi.Input[]>; /** * Gets name of the resource that is unique within a policy. This name can be used to access the resource. */ name: pulumi.Input; /** * The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to `1`. */ priority?: pulumi.Input; /** * The rate limit duration in minutes. Defaults to `1`. */ rateLimitDurationInMinutes?: pulumi.Input; /** * The rate limit threshold. Defaults to `10`. */ rateLimitThreshold?: pulumi.Input; /** * The type of rule. Possible values are `MatchRule` or `RateLimitRule`. */ type: pulumi.Input; } interface FrontdoorFirewallPolicyCustomRuleMatchCondition { /** * Up to `600` possible values to match. Limit is in total across all `matchCondition` blocks and `matchValues` arguments. String value itself can be up to `256` characters in length. */ matchValues: pulumi.Input[]>; /** * The request variable to compare with. Possible values are `Cookies`, `PostArgs`, `QueryString`, `RemoteAddr`, `RequestBody`, `RequestHeader`, `RequestMethod`, `RequestUri`, or `SocketAddr`. */ matchVariable: pulumi.Input; /** * Should the result of the condition be negated. */ negationCondition?: pulumi.Input; /** * Comparison type to use for matching with the variable value. Possible values are `Any`, `BeginsWith`, `Contains`, `EndsWith`, `Equal`, `GeoMatch`, `GreaterThan`, `GreaterThanOrEqual`, `IPMatch`, `LessThan`, `LessThanOrEqual`, or `RegEx`. */ operator: pulumi.Input; /** * Match against a specific key if the `matchVariable` is `QueryString`, `PostArgs`, `RequestHeader`, or `Cookies`. */ selector?: pulumi.Input; /** * Up to `5` transforms to apply. Possible values are `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `URLDecode`, or `URLEncode`. */ transforms?: pulumi.Input[]>; } interface FrontdoorFirewallPolicyLogScrubbing { /** * Is log scrubbing enabled? Possible values are `true` or `false`. Defaults to `true`. */ enabled?: pulumi.Input; /** * One or more `scrubbingRule` blocks as defined below. * * > **Note:** For more information on masking sensitive data in Azure Front Door please see the [product documentation](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-sensitive-data-protection-configure-frontdoor). */ scrubbingRules: pulumi.Input[]>; } interface FrontdoorFirewallPolicyLogScrubbingScrubbingRule { /** * Is this `scrubbingRule` enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The variable to be scrubbed from the logs. Possible values include `QueryStringArgNames`, `RequestBodyJsonArgNames`, `RequestBodyPostArgNames`, `RequestCookieNames`, `RequestHeaderNames`, `RequestIPAddress`, or `RequestUri`. * * > **Note:** `RequestIPAddress` and `RequestUri` must use the `EqualsAny` `operator`. */ matchVariable: pulumi.Input; /** * When the `matchVariable` is a collection, operate on the `selector` to specify which elements in the collection this `scrubbingRule` applies to. Possible values are `Equals` or `EqualsAny`. Defaults to `Equals`. */ operator?: pulumi.Input; /** * When the `matchVariable` is a collection, the `operator` is used to specify which elements in the collection this `scrubbingRule` applies to. * * > **Note:** The `selector` field cannot be set if the `operator` is set to `EqualsAny`. */ selector?: pulumi.Input; } interface FrontdoorFirewallPolicyManagedRule { /** * The action to perform for all default rule set rules when the managed rule is matched or when the anomaly score is 5 or greater depending on which version of the default rule set you are using. Possible values include `Allow`, `Log`, `Block`, or `Redirect`. */ action: pulumi.Input; /** * One or more `exclusion` blocks as defined below. */ exclusions?: pulumi.Input[]>; /** * One or more `override` blocks as defined below. */ overrides?: pulumi.Input[]>; /** * The name of the managed rule to use with this resource. Possible values include `DefaultRuleSet`, `Microsoft_DefaultRuleSet`, `BotProtection`, or `Microsoft_BotManagerRuleSet`. */ type: pulumi.Input; /** * The version of the managed rule to use with this resource. Possible values depends on which default rule set type you are using, for the `DefaultRuleSet` type the possible values include `1.0` or `preview-0.1`. For `Microsoft_DefaultRuleSet` the possible values include `1.1`, `2.0`, or `2.1`. For `BotProtection` the value must be `preview-0.1` and for `Microsoft_BotManagerRuleSet` the possible values include `1.0` and `1.1`. */ version: pulumi.Input; } interface FrontdoorFirewallPolicyManagedRuleExclusion { /** * The variable type to be excluded. Possible values are `QueryStringArgNames`, `RequestBodyPostArgNames`, `RequestCookieNames`, `RequestHeaderNames`, `RequestBodyJsonArgNames` * * > **Note:** `RequestBodyJsonArgNames` is only available on Default Rule Set (DRS) 2.0 or later */ matchVariable: pulumi.Input; /** * Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: `Equals`, `Contains`, `StartsWith`, `EndsWith`, or `EqualsAny`. */ operator: pulumi.Input; /** * Selector for the value in the `matchVariable` attribute this exclusion applies to. * * > **Note:** `selector` must be set to `*` if `operator` is set to `EqualsAny`. */ selector: pulumi.Input; } interface FrontdoorFirewallPolicyManagedRuleOverride { /** * One or more `exclusion` blocks as defined below. */ exclusions?: pulumi.Input[]>; /** * The managed rule group to override. */ ruleGroupName: pulumi.Input; /** * One or more `rule` blocks as defined below. If none are specified, all of the rules in the group will be disabled. */ rules?: pulumi.Input[]>; } interface FrontdoorFirewallPolicyManagedRuleOverrideExclusion { /** * The variable type to be excluded. Possible values are `QueryStringArgNames`, `RequestBodyPostArgNames`, `RequestCookieNames`, `RequestHeaderNames`, `RequestBodyJsonArgNames` * * > **Note:** `RequestBodyJsonArgNames` is only available on Default Rule Set (DRS) 2.0 or later */ matchVariable: pulumi.Input; /** * Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: `Equals`, `Contains`, `StartsWith`, `EndsWith`, or `EqualsAny`. */ operator: pulumi.Input; /** * Selector for the value in the `matchVariable` attribute this exclusion applies to. * * > **Note:** `selector` must be set to `*` if `operator` is set to `EqualsAny`. */ selector: pulumi.Input; } interface FrontdoorFirewallPolicyManagedRuleOverrideRule { /** * The action to be applied when the managed rule matches or when the anomaly score is 5 or greater. Possible values are `Allow`, `CAPTCHA`, `Log`, `Block`, `Redirect`, `AnomalyScoring` and `JSChallenge`. * * > **Note:** Possible values for `DefaultRuleSet 1.1` and below are `Allow`, `Log`, `Block`, or `Redirect`. * * > **Note:** Possible values for `DefaultRuleSet 2.0` and above are `Log` or `AnomalyScoring`. * * > **Note:** Possible values for `Microsoft_BotManagerRuleSet` are `Allow`, `Log`, `Block`, `Redirect`, or `JSChallenge`. * * > **Note:** Please see the `DefaultRuleSet` [product documentation](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-drs?tabs=drs20#anomaly-scoring-mode) or the `Microsoft_BotManagerRuleSet` [product documentation](https://learn.microsoft.com/azure/web-application-firewall/afds/afds-overview) for more information. * * !> **Note:** Setting the `action` field to `JSChallenge` is currently in **PREVIEW**. Please see the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. */ action: pulumi.Input; /** * Is the managed rule override enabled or disabled. Defaults to `false` */ enabled?: pulumi.Input; /** * One or more `exclusion` blocks as defined below. */ exclusions?: pulumi.Input[]>; /** * Identifier for the managed rule. */ ruleId: pulumi.Input; } interface FrontdoorFirewallPolicyManagedRuleOverrideRuleExclusion { /** * The variable type to be excluded. Possible values are `QueryStringArgNames`, `RequestBodyPostArgNames`, `RequestCookieNames`, `RequestHeaderNames`, `RequestBodyJsonArgNames` * * > **Note:** `RequestBodyJsonArgNames` is only available on Default Rule Set (DRS) 2.0 or later */ matchVariable: pulumi.Input; /** * Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: `Equals`, `Contains`, `StartsWith`, `EndsWith`, or `EqualsAny`. */ operator: pulumi.Input; /** * Selector for the value in the `matchVariable` attribute this exclusion applies to. * * > **Note:** `selector` must be set to `*` if `operator` is set to `EqualsAny`. */ selector: pulumi.Input; } interface FrontdoorOriginGroupHealthProbe { /** * Specifies the number of seconds between health probes. Possible values are between `1` and `255` seconds (inclusive). */ intervalInSeconds: pulumi.Input; /** * Specifies the path relative to the origin that is used to determine the health of the origin. Defaults to `/`. * * > **Note:** Health probes can only be disabled if there is a single enabled origin in a single enabled origin group. For more information about the `healthProbe` settings please see the [product documentation](https://docs.microsoft.com/azure/frontdoor/health-probes). */ path?: pulumi.Input; /** * Specifies the protocol to use for health probe. Possible values are `Http` and `Https`. */ protocol: pulumi.Input; /** * Specifies the type of health probe request that is made. Possible values are `GET` and `HEAD`. Defaults to `HEAD`. */ requestType?: pulumi.Input; } interface FrontdoorOriginGroupLoadBalancing { /** * Specifies the additional latency in milliseconds for probes to fall into the lowest latency bucket. Possible values are between `0` and `1000` milliseconds (inclusive). Defaults to `50`. */ additionalLatencyInMilliseconds?: pulumi.Input; /** * Specifies the number of samples to consider for load balancing decisions. Possible values are between `0` and `255` (inclusive). Defaults to `4`. */ sampleSize?: pulumi.Input; /** * Specifies the number of samples within the sample period that must succeed. Possible values are between `0` and `255` (inclusive). Defaults to `3`. */ successfulSamplesRequired?: pulumi.Input; } interface FrontdoorOriginPrivateLink { /** * Specifies the location where the Private Link resource should exist. Changing this forces a new resource to be created. */ location: pulumi.Input; /** * The ID of the Azure Resource to connect to via the Private Link. * * > **Note:** the `privateLinkTargetId` property must specify the Resource ID of the Private Link Service when using Load Balancer as an Origin. */ privateLinkTargetId: pulumi.Input; /** * Specifies the request message that will be submitted to the `privateLinkTargetId` when requesting the private link endpoint connection. Values must be between `1` and `140` characters in length. Defaults to `Access request for CDN FrontDoor Private Link Origin`. */ requestMessage?: pulumi.Input; /** * Specifies the type of target for this Private Link Endpoint. Possible values are `blob`, `blobSecondary`, `Gateway`, `managedEnvironments`, `sites`, `web` and `webSecondary`. * * > **Note:** `targetType` cannot be specified when using a Load Balancer as an Origin. */ targetType?: pulumi.Input; } interface FrontdoorProfileIdentity { /** * A list of one or more Resource IDs for User Assigned Managed identities to assign. Required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * The type of managed identity to assign. Possible values are `SystemAssigned`, `UserAssigned` or `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface FrontdoorProfileLogScrubbingRule { /** * The variable to be scrubbed from the logs. Possible values are `QueryStringArgNames`, `RequestIPAddress`, and `RequestUri`. * * > **Note:** The `operator` field is implicitly set to `EqualsAny`, as it is the sole supported value, and is therefore not exposed as a configurable option in the provider schema. */ matchVariable: pulumi.Input; } interface FrontdoorRouteCache { /** * Is content compression enabled? Possible values are `true` or `false`. Defaults to `false`. * * > **Note:** Content won't be compressed when the requested content is smaller than `1 KB` or larger than `8 MB`(inclusive). */ compressionEnabled?: pulumi.Input; /** * A list of one or more `Content types` (formerly known as `MIME types`) to compress. Possible values include `application/eot`, `application/font`, `application/font-sfnt`, `application/javascript`, `application/json`, `application/opentype`, `application/otf`, `application/pkcs7-mime`, `application/truetype`, `application/ttf`, `application/vnd.ms-fontobject`, `application/xhtml+xml`, `application/xml`, `application/xml+rss`, `application/x-font-opentype`, `application/x-font-truetype`, `application/x-font-ttf`, `application/x-httpd-cgi`, `application/x-mpegurl`, `application/x-opentype`, `application/x-otf`, `application/x-perl`, `application/x-ttf`, `application/x-javascript`, `font/eot`, `font/ttf`, `font/otf`, `font/opentype`, `image/svg+xml`, `text/css`, `text/csv`, `text/html`, `text/javascript`, `text/js`, `text/plain`, `text/richtext`, `text/tab-separated-values`, `text/xml`, `text/x-script`, `text/x-component` or `text/x-java-source`. */ contentTypesToCompresses?: pulumi.Input[]>; /** * Defines how the Front Door Route will cache requests that include query strings. Possible values include `IgnoreQueryString`, `IgnoreSpecifiedQueryStrings`, `IncludeSpecifiedQueryStrings` or `UseQueryString`. Defaults to `IgnoreQueryString`. * * > **Note:** The value of the `queryStringCachingBehavior` determines if the `queryStrings` field will be used as an include list or an ignore list. */ queryStringCachingBehavior?: pulumi.Input; /** * Query strings to include or ignore. */ queryStrings?: pulumi.Input[]>; } interface FrontdoorRuleActions { /** * A `requestHeaderAction` block as defined below. */ requestHeaderActions?: pulumi.Input[]>; /** * A `responseHeaderAction` block as defined below. */ responseHeaderActions?: pulumi.Input[]>; /** * A `routeConfigurationOverrideAction` block as defined below. */ routeConfigurationOverrideAction?: pulumi.Input; /** * A `urlRedirectAction` block as defined below. You may **not** have a `urlRedirectAction` **and** a `urlRewriteAction` defined in the same `actions` block. */ urlRedirectAction?: pulumi.Input; /** * A `urlRewriteAction` block as defined below. You may **not** have a `urlRewriteAction` **and** a `urlRedirectAction` defined in the same `actions` block. */ urlRewriteAction?: pulumi.Input; } interface FrontdoorRuleActionsRequestHeaderAction { /** * The action to be taken on the specified `headerName`. Possible values include `Append`, `Overwrite` or `Delete`. * * > **Note:** `Append` causes the specified header to be added to the request with the specified value. If the header is already present, the value is appended to the existing header value using string concatenation. No delimiters are added. `Overwrite` causes specified header to be added to the request with the specified value. If the header is already present, the specified value overwrites the existing value. `Delete` causes the header to be deleted from the request. */ headerAction: pulumi.Input; /** * The name of the header to modify. */ headerName: pulumi.Input; /** * The value to append or overwrite. * * > **Note:** `value` is required if the `headerAction` is set to `Append` or `Overwrite`. */ value?: pulumi.Input; } interface FrontdoorRuleActionsResponseHeaderAction { /** * The action to be taken on the specified `headerName`. Possible values include `Append`, `Overwrite` or `Delete`. * * > **Note:** `Append` causes the specified header to be added to the request with the specified value. If the header is already present, the value is appended to the existing header value using string concatenation. No delimiters are added. `Overwrite` causes specified header to be added to the request with the specified value. If the header is already present, the specified value overwrites the existing value. `Delete` causes the header to be deleted from the request. */ headerAction: pulumi.Input; /** * The name of the header to modify. */ headerName: pulumi.Input; /** * The value to append or overwrite. * * > **Note:** `value` is required if the `headerAction` is set to `Append` or `Overwrite`. */ value?: pulumi.Input; } interface FrontdoorRuleActionsRouteConfigurationOverrideAction { /** * `HonorOrigin` the Front Door will always honor origin response header directive. If the origin directive is missing, Front Door will cache contents anywhere from `1` to `3` days. `OverrideAlways` the TTL value returned from your Front Door Origin is overwritten with the value specified in the action. This behavior will only be applied if the response is cacheable. `OverrideIfOriginMissing` if no TTL value gets returned from your Front Door Origin, the rule sets the TTL to the value specified in the action. This behavior will only be applied if the response is cacheable. `Disabled` the Front Door will not cache the response contents, irrespective of Front Door Origin response directives. Possible values include `HonorOrigin`, `OverrideAlways`, `OverrideIfOriginMissing` or `Disabled`. */ cacheBehavior?: pulumi.Input; /** * When Cache behavior is set to `Override` or `SetIfMissing`, this field specifies the cache duration to use. The maximum duration is 366 days specified in the `d.HH:MM:SS` format(e.g. `365.23:59:59`). If the desired maximum cache duration is less than 1 day then the maximum cache duration should be specified in the `HH:MM:SS` format(e.g. `23:59:59`). */ cacheDuration?: pulumi.Input; /** * The Front Door Origin Group resource ID that the request should be routed to. This overrides the configuration specified in the Front Door Endpoint route. */ cdnFrontdoorOriginGroupId?: pulumi.Input; /** * Should the Front Door dynamically compress the content? Possible values include `true` or `false`. * * > **Note:** Content won't be compressed on AzureFrontDoor when requested content is smaller than `1 byte` or larger than `1 MB`. */ compressionEnabled?: pulumi.Input; /** * The forwarding protocol the request will be redirected as. This overrides the configuration specified in the route to be associated with. Possible values include `MatchRequest`, `HttpOnly` or `HttpsOnly`. * * > **Note:** If the `cdnFrontdoorOriginGroupId` is not defined you cannot set the `forwardingProtocol`. */ forwardingProtocol?: pulumi.Input; /** * `IncludeSpecifiedQueryStrings` query strings specified in the `queryStringParameters` field get included when the cache key gets generated. `UseQueryString` cache every unique URL, each unique URL will have its own cache key. `IgnoreSpecifiedQueryStrings` query strings specified in the `queryStringParameters` field get excluded when the cache key gets generated. `IgnoreQueryString` query strings aren't considered when the cache key gets generated. Possible values include `IgnoreQueryString`, `UseQueryString`, `IgnoreSpecifiedQueryStrings` or `IncludeSpecifiedQueryStrings`. */ queryStringCachingBehavior?: pulumi.Input; /** * A list of query string parameter names. * * > **Note:** `queryStringParameters` is a required field when the `queryStringCachingBehavior` is set to `IncludeSpecifiedQueryStrings` or `IgnoreSpecifiedQueryStrings`. */ queryStringParameters?: pulumi.Input[]>; } interface FrontdoorRuleActionsUrlRedirectAction { /** * The fragment to use in the redirect. The value must be a string between `0` and `1024` characters in length, leave blank to preserve the incoming fragment. Defaults to `""`. */ destinationFragment?: pulumi.Input; /** * The host name you want the request to be redirected to. The value must be a string between `0` and `2048` characters in length, leave blank to preserve the incoming host. */ destinationHostname: pulumi.Input; /** * The path to use in the redirect. The value must be a string and include the leading `/`, leave blank to preserve the incoming path. Defaults to `""`. */ destinationPath?: pulumi.Input; /** * The query string used in the redirect URL. The value must be in the <key>=<value> or <key>={`actionServerVariable`} format and must not include the leading `?`, leave blank to preserve the incoming query string. Maximum allowed length for this field is `2048` characters. Defaults to `""`. */ queryString?: pulumi.Input; /** * The protocol the request will be redirected as. Possible values include `MatchRequest`, `Http` or `Https`. Defaults to `MatchRequest`. */ redirectProtocol?: pulumi.Input; /** * The response type to return to the requestor. Possible values include `Moved`, `Found` , `TemporaryRedirect` or `PermanentRedirect`. */ redirectType: pulumi.Input; } interface FrontdoorRuleActionsUrlRewriteAction { /** * The destination path to use in the rewrite. The destination path overwrites the source pattern. */ destination: pulumi.Input; /** * Append the remaining path after the source pattern to the new destination path? Possible values `true` or `false`. Defaults to `false`. */ preserveUnmatchedPath?: pulumi.Input; /** * The source pattern in the URL path to replace. This uses prefix-based matching. For example, to match all URL paths use a forward slash `"/"` as the source pattern value. */ sourcePattern: pulumi.Input; } interface FrontdoorRuleConditions { /** * A `clientPortCondition` block as defined below. */ clientPortConditions?: pulumi.Input[]>; /** * A `cookiesCondition` block as defined below. */ cookiesConditions?: pulumi.Input[]>; /** * A `hostNameCondition` block as defined below. */ hostNameConditions?: pulumi.Input[]>; /** * A `httpVersionCondition` block as defined below. */ httpVersionConditions?: pulumi.Input[]>; /** * A `isDeviceCondition` block as defined below. */ isDeviceConditions?: pulumi.Input[]>; /** * A `postArgsCondition` block as defined below. */ postArgsConditions?: pulumi.Input[]>; /** * A `queryStringCondition` block as defined below. */ queryStringConditions?: pulumi.Input[]>; /** * A `remoteAddressCondition` block as defined below. */ remoteAddressConditions?: pulumi.Input[]>; /** * A `requestBodyCondition` block as defined below. */ requestBodyConditions?: pulumi.Input[]>; /** * A `requestHeaderCondition` block as defined below. */ requestHeaderConditions?: pulumi.Input[]>; /** * A `requestMethodCondition` block as defined below. */ requestMethodConditions?: pulumi.Input[]>; /** * A `requestSchemeCondition` block as defined below. */ requestSchemeConditions?: pulumi.Input[]>; /** * A `requestUriCondition` block as defined below. */ requestUriConditions?: pulumi.Input[]>; /** * A `serverPortCondition` block as defined below. */ serverPortConditions?: pulumi.Input[]>; /** * A `socketAddressCondition` block as defined below. */ socketAddressConditions?: pulumi.Input[]>; /** * A `sslProtocolCondition` block as defined below. */ sslProtocolConditions?: pulumi.Input[]>; /** * A `urlFileExtensionCondition` block as defined below. */ urlFileExtensionConditions?: pulumi.Input[]>; /** * A `urlFilenameCondition` block as defined below. */ urlFilenameConditions?: pulumi.Input[]>; /** * A `urlPathCondition` block as defined below. */ urlPathConditions?: pulumi.Input[]>; } interface FrontdoorRuleConditionsClientPortCondition { /** * One or more integer values(e.g. "1") representing the value of the client port to match. If multiple values are specified, they're evaluated using `OR` logic. */ matchValues?: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * A Conditional operator. Possible values include `Any`, `Equal`, `Contains`, `BeginsWith`, `EndsWith`, `LessThan`, `LessThanOrEqual`, `GreaterThan`, `GreaterThanOrEqual` or `RegEx`. Details can be found in the `Condition Operator List` below. */ operator: pulumi.Input; } interface FrontdoorRuleConditionsCookiesCondition { /** * A string value representing the name of the cookie. */ cookieName: pulumi.Input; /** * One or more string or integer values(e.g. "1") representing the value of the request header to match. If multiple values are specified, they're evaluated using `OR` logic. */ matchValues?: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * A Conditional operator. Possible values include `Any`, `Equal`, `Contains`, `BeginsWith`, `EndsWith`, `LessThan`, `LessThanOrEqual`, `GreaterThan`, `GreaterThanOrEqual` or `RegEx`. Details can be found in the `Condition Operator List` below. */ operator: pulumi.Input; /** * A Conditional operator. Possible values include `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `UrlDecode` or `UrlEncode`. Details can be found in the `Condition Transform List` below. */ transforms?: pulumi.Input[]>; } interface FrontdoorRuleConditionsHostNameCondition { /** * A list of one or more string values representing the value of the request hostname to match. If multiple values are specified, they're evaluated using `OR` logic. */ matchValues?: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * A Conditional operator. Possible values include `Any`, `Equal`, `Contains`, `BeginsWith`, `EndsWith`, `LessThan`, `LessThanOrEqual`, `GreaterThan`, `GreaterThanOrEqual` or `RegEx`. Details can be found in the `Condition Operator List` below. */ operator: pulumi.Input; /** * A Conditional operator. Possible values include `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `UrlDecode` or `UrlEncode`. Details can be found in the `Condition Transform List` below. */ transforms?: pulumi.Input[]>; } interface FrontdoorRuleConditionsHttpVersionCondition { /** * What HTTP version should this condition match? Possible values `2.0`, `1.1`, `1.0` or `0.9`. */ matchValues: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * Possible value `Equal`. Defaults to `Equal`. */ operator?: pulumi.Input; } interface FrontdoorRuleConditionsIsDeviceCondition { /** * Which device should this rule match on? Possible values `Mobile` or `Desktop`. */ matchValues?: pulumi.Input; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * Possible value `Equal`. Defaults to `Equal`. */ operator?: pulumi.Input; } interface FrontdoorRuleConditionsPostArgsCondition { /** * One or more string or integer values(e.g. "1") representing the value of the `POST` argument to match. If multiple values are specified, they're evaluated using `OR` logic. */ matchValues?: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * A Conditional operator. Possible values include `Any`, `Equal`, `Contains`, `BeginsWith`, `EndsWith`, `LessThan`, `LessThanOrEqual`, `GreaterThan`, `GreaterThanOrEqual` or `RegEx`. Details can be found in the `Condition Operator List` below. */ operator: pulumi.Input; /** * A string value representing the name of the `POST` argument. */ postArgsName: pulumi.Input; /** * A Conditional operator. Possible values include `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `UrlDecode` or `UrlEncode`. Details can be found in the `Condition Transform List` below. */ transforms?: pulumi.Input[]>; } interface FrontdoorRuleConditionsQueryStringCondition { /** * One or more string or integer values(e.g. "1") representing the value of the query string to match. If multiple values are specified, they're evaluated using `OR` logic. */ matchValues?: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * A Conditional operator. Possible values include `Any`, `Equal`, `Contains`, `BeginsWith`, `EndsWith`, `LessThan`, `LessThanOrEqual`, `GreaterThan`, `GreaterThanOrEqual` or `RegEx`. Details can be found in the `Condition Operator List` below. */ operator: pulumi.Input; /** * A Conditional operator. Possible values include `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `UrlDecode` or `UrlEncode`. Details can be found in the `Condition Transform List` below. */ transforms?: pulumi.Input[]>; } interface FrontdoorRuleConditionsRemoteAddressCondition { /** * For the IP Match or IP Not Match operators: specify one or more IP address ranges. If multiple IP address ranges are specified, they're evaluated using `OR` logic. For the Geo Match or Geo Not Match operators: specify one or more locations using their country code. * * > **Note:** See the `Specifying IP Address Ranges` section below on how to correctly define the `matchValues` field. */ matchValues?: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * The type of the remote address to match. Possible values include `Any`, `GeoMatch` or `IPMatch`. Use the `negateCondition` to specify Not `GeoMatch` or Not `IPMatch`. Defaults to `IPMatch`. */ operator?: pulumi.Input; } interface FrontdoorRuleConditionsRequestBodyCondition { /** * A list of one or more string or integer values(e.g. "1") representing the value of the request body text to match. If multiple values are specified, they're evaluated using `OR` logic. */ matchValues: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * A Conditional operator. Possible values include `Any`, `Equal`, `Contains`, `BeginsWith`, `EndsWith`, `LessThan`, `LessThanOrEqual`, `GreaterThan`, `GreaterThanOrEqual` or `RegEx`. Details can be found in the `Condition Operator List` below. */ operator: pulumi.Input; /** * A Conditional operator. Possible values include `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `UrlDecode` or `UrlEncode`. Details can be found in the `Condition Transform List` below. */ transforms?: pulumi.Input[]>; } interface FrontdoorRuleConditionsRequestHeaderCondition { /** * A string value representing the name of the `POST` argument. */ headerName: pulumi.Input; /** * One or more string or integer values(e.g. "1") representing the value of the request header to match. If multiple values are specified, they're evaluated using `OR` logic. */ matchValues?: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * A Conditional operator. Possible values include `Any`, `Equal`, `Contains`, `BeginsWith`, `EndsWith`, `LessThan`, `LessThanOrEqual`, `GreaterThan`, `GreaterThanOrEqual` or `RegEx`. Details can be found in the `Condition Operator List` below. */ operator: pulumi.Input; /** * A Conditional operator. Possible values include `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `UrlDecode` or `UrlEncode`. Details can be found in the `Condition Transform List` below. */ transforms?: pulumi.Input[]>; } interface FrontdoorRuleConditionsRequestMethodCondition { /** * A list of one or more HTTP methods. Possible values include `GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONS` or `TRACE`. If multiple values are specified, they're evaluated using `OR` logic. */ matchValues: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * Possible value `Equal`. Defaults to `Equal`. */ operator?: pulumi.Input; } interface FrontdoorRuleConditionsRequestSchemeCondition { /** * The requests protocol to match. Possible values include `HTTP` or `HTTPS`. */ matchValues?: pulumi.Input; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * Possible value `Equal`. Defaults to `Equal`. */ operator?: pulumi.Input; } interface FrontdoorRuleConditionsRequestUriCondition { /** * One or more string or integer values(e.g. "1") representing the value of the request URL to match. If multiple values are specified, they're evaluated using `OR` logic. */ matchValues?: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * A Conditional operator. Possible values include `Any`, `Equal`, `Contains`, `BeginsWith`, `EndsWith`, `LessThan`, `LessThanOrEqual`, `GreaterThan`, `GreaterThanOrEqual` or `RegEx`. Details can be found in the `Condition Operator List` below. */ operator: pulumi.Input; /** * A Conditional operator. Possible values include `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `UrlDecode` or `UrlEncode`. Details can be found in the `Condition Transform List` below. */ transforms?: pulumi.Input[]>; } interface FrontdoorRuleConditionsServerPortCondition { /** * A list of one or more integer values(e.g. "1") representing the value of the client port to match. Possible values include `80` or `443`. If multiple values are specified, they're evaluated using `OR` logic. */ matchValues: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * A Conditional operator. Possible values include `Any`, `Equal`, `Contains`, `BeginsWith`, `EndsWith`, `LessThan`, `LessThanOrEqual`, `GreaterThan`, `GreaterThanOrEqual` or `RegEx`. Details can be found in the `Condition Operator List` below. */ operator: pulumi.Input; } interface FrontdoorRuleConditionsSocketAddressCondition { /** * Specify one or more IP address ranges. If multiple IP address ranges are specified, they're evaluated using `OR` logic. * * > **Note:** See the `Specifying IP Address Ranges` section below on how to correctly define the `matchValues` field. */ matchValues?: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * The type of match. The Possible values are `IpMatch` or `Any`. Defaults to `IPMatch`. * * > **Note:** If the value of the `operator` field is set to `IpMatch` then the `matchValues` field is also required. */ operator?: pulumi.Input; } interface FrontdoorRuleConditionsSslProtocolCondition { /** * A list of one or more HTTP methods. Possible values are `TLSv1`, `TLSv1.1` and `TLSv1.2` logic. */ matchValues: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * Possible value `Equal`. Defaults to `Equal`. */ operator?: pulumi.Input; } interface FrontdoorRuleConditionsUrlFileExtensionCondition { /** * A list of one or more string or integer values(e.g. "1") representing the value of the request file extension to match. If multiple values are specified, they're evaluated using `OR` logic. */ matchValues: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * A Conditional operator. Possible values include `Any`, `Equal`, `Contains`, `BeginsWith`, `EndsWith`, `LessThan`, `LessThanOrEqual`, `GreaterThan`, `GreaterThanOrEqual` or `RegEx`. Details can be found in the `Condition Operator List` below. */ operator: pulumi.Input; /** * A Conditional operator. Possible values include `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `UrlDecode` or `UrlEncode`. Details can be found in the `Condition Transform List` below. */ transforms?: pulumi.Input[]>; } interface FrontdoorRuleConditionsUrlFilenameCondition { /** * A list of one or more string or integer values(e.g. "1") representing the value of the request file name to match. If multiple values are specified, they're evaluated using `OR` logic. * * > **Note:** The `matchValues` field is only optional if the `operator` is set to `Any`. */ matchValues?: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * A Conditional operator. Possible values include `Any`, `Equal`, `Contains`, `BeginsWith`, `EndsWith`, `LessThan`, `LessThanOrEqual`, `GreaterThan`, `GreaterThanOrEqual` or `RegEx`. Details can be found in the `Condition Operator List` below. */ operator: pulumi.Input; /** * A Conditional operator. Possible values include `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `UrlDecode` or `UrlEncode`. Details can be found in the `Condition Transform List` below. */ transforms?: pulumi.Input[]>; } interface FrontdoorRuleConditionsUrlPathCondition { /** * One or more string or integer values(e.g. "1") representing the value of the request path to match. Don't include the leading slash (`/`). If multiple values are specified, they're evaluated using `OR` logic. */ matchValues?: pulumi.Input[]>; /** * If `true` operator becomes the opposite of its value. Possible values `true` or `false`. Defaults to `false`. Details can be found in the `Condition Operator List` below. */ negateCondition?: pulumi.Input; /** * A Conditional operator. Possible values include `Any`, `Equal`, `Contains`, `BeginsWith`, `EndsWith`, `LessThan`, `LessThanOrEqual`, `GreaterThan`, `GreaterThanOrEqual`, `RegEx` or `Wildcard`. Details can be found in the `Condition Operator List` below. */ operator: pulumi.Input; /** * A Conditional operator. Possible values include `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `UrlDecode` or `UrlEncode`. Details can be found in the `Condition Transform List` below. */ transforms?: pulumi.Input[]>; } interface FrontdoorSecretSecret { /** * A `customerCertificate` block as defined below. Changing this forces a new Front Door Secret to be created. */ customerCertificates: pulumi.Input[]>; } interface FrontdoorSecretSecretCustomerCertificate { /** * The ID of the Key Vault certificate resource to use. Changing this forces a new Front Door Secret to be created. * * > **Note:** If you would like to use the **latest version** of the Key Vault Certificate use the Key Vault Certificates `versionlessId` attribute as the `keyVaultCertificateId` fields value(e.g. `keyVaultCertificateId = azurerm_key_vault_certificate.example.versionless_id`). */ keyVaultCertificateId: pulumi.Input; /** * One or more `subject alternative names` contained within the key vault certificate. */ subjectAlternativeNames?: pulumi.Input[]>; } interface FrontdoorSecurityPolicySecurityPolicies { /** * An `firewall` block as defined below. */ firewall: pulumi.Input; } interface FrontdoorSecurityPolicySecurityPoliciesFirewall { /** * An `association` block as defined below. */ association: pulumi.Input; /** * The Resource Id of the Front Door Firewall Policy that should be linked to this Front Door Security Policy. Changing this forces a new Front Door Security Policy to be created. */ cdnFrontdoorFirewallPolicyId: pulumi.Input; } interface FrontdoorSecurityPolicySecurityPoliciesFirewallAssociation { /** * One or more `domain` blocks as defined below. */ domains: pulumi.Input[]>; /** * The list of paths to match for this firewall policy. Possible value includes `/*`. Changing this forces a new Front Door Security Policy to be created. */ patternsToMatch: pulumi.Input; } interface FrontdoorSecurityPolicySecurityPoliciesFirewallAssociationDomain { /** * Is the Front Door Custom Domain/Endpoint activated? */ active?: pulumi.Input; /** * The Resource Id of the **Front Door Custom Domain** or **Front Door Endpoint** that should be bound to this Front Door Security Policy. */ cdnFrontdoorDomainId: pulumi.Input; } } export declare namespace chaosstudio { interface ExperimentIdentity { /** * A list of User Managed Identity IDs which should be assigned to the Policy Definition. * * > **Note:** This is required when `type` is set to `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * The Type of Managed Identity which should be added to this Policy Definition. Possible values are `SystemAssigned` and `UserAssigned`. */ type: pulumi.Input; } interface ExperimentSelector { /** * A list of Chaos Studio Target IDs that should be part of this Selector. */ chaosStudioTargetIds: pulumi.Input[]>; /** * The name of this Selector. */ name: pulumi.Input; } interface ExperimentStep { /** * One or more `branch` blocks as defined above. */ branches: pulumi.Input[]>; /** * The name of the Step. */ name: pulumi.Input; } interface ExperimentStepBranch { /** * One or more `actions` blocks as defined above. */ actions: pulumi.Input[]>; /** * The name of the branch. */ name: pulumi.Input; } interface ExperimentStepBranchAction { /** * The type of action that should be added to the experiment. Possible values are `continuous`, `delay` and `discrete`. */ actionType: pulumi.Input; /** * An ISO8601 formatted string specifying the duration for a `delay` or `continuous` action. */ duration?: pulumi.Input; /** * A key-value map of additional parameters to configure the action. The values that are accepted by this depend on the `urn` i.e. the capability/fault that is applied. Possible parameter values can be found in this [documentation](https://learn.microsoft.com/azure/chaos-studio/chaos-studio-fault-library) */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The name of the Selector to which this action should apply to. This must be specified if the `actionType` is `continuous` or `discrete`. */ selectorName?: pulumi.Input; /** * The Unique Resource Name of the action, this value is provided by the `azure.chaosstudio.Capability` resource e.g. `azurerm_chaos_studio_capability.example.urn`. This must be specified if the `actionType` is `continuous` or `discrete`. */ urn?: pulumi.Input; } } export declare namespace cognitive { interface AIServicesCustomerManagedKey { /** * The Client ID of the User Assigned Identity that has access to the key. This property only needs to be specified when there are multiple identities attached to the Azure AI Service. */ identityClientId?: pulumi.Input; /** * The ID of the Key Vault Key which should be used to encrypt the data in this AI Services Account. Exactly one of `keyVaultKeyId`, `managedHsmKeyId` must be specified. */ keyVaultKeyId?: pulumi.Input; /** * The ID of the managed HSM Key which should be used to encrypt the data in this AI Services Account. Exactly one of `keyVaultKeyId`, `managedHsmKeyId` must be specified. */ managedHsmKeyId?: pulumi.Input; } interface AIServicesIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this AI Services Account. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this AI Services Account. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` */ type: pulumi.Input; } interface AIServicesNetworkAcls { /** * Whether to allow trusted Azure Services to access the service. Possible values are `None` and `AzureServices`. Defaults to `AzureServices`. */ bypass?: pulumi.Input; /** * The Default Action to use when no rules match from `ipRules` / `virtualNetworkRules`. Possible values are `Allow` and `Deny`. */ defaultAction: pulumi.Input; /** * One or more IP Addresses, or CIDR Blocks which should be able to access the AI Services Account. */ ipRules?: pulumi.Input[]>; /** * A `virtualNetworkRules` block as defined below. */ virtualNetworkRules?: pulumi.Input[]>; } interface AIServicesNetworkAclsVirtualNetworkRule { /** * Whether to ignore a missing Virtual Network Service Endpoint or not. Default to `false`. */ ignoreMissingVnetServiceEndpoint?: pulumi.Input; /** * The ID of the subnet which should be able to access this AI Services Account. */ subnetId: pulumi.Input; } interface AIServicesStorage { /** * The client ID of the Managed Identity associated with the Storage Account. */ identityClientId?: pulumi.Input; /** * The ID of the Storage Account. */ storageAccountId: pulumi.Input; } interface AccountCustomerManagedKey { /** * The Client ID of the User Assigned Identity that has access to the key. This property only needs to be specified when there're multiple identities attached to the Cognitive Account. * * > **Note:** When `projectManagementEnabled` is set to `true`, removing this block forces a new resource to be created. */ identityClientId?: pulumi.Input; /** * The ID of the Key Vault Key which should be used to Encrypt the data in this Cognitive Account. */ keyVaultKeyId: pulumi.Input; } interface AccountIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Cognitive Account. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Cognitive Account. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface AccountNetworkAcls { /** * Whether to allow trusted Azure Services to access the service. Possible values are `None` and `AzureServices`. * * > **Note:** `bypass` can only be set when `kind` is set to `OpenAI`, `AIServices`, or `TextAnalytics`. */ bypass?: pulumi.Input; /** * The Default Action to use when no rules match from `ipRules` / `virtualNetworkRules`. Possible values are `Allow` and `Deny`. */ defaultAction: pulumi.Input; /** * One or more IP Addresses, or CIDR Blocks which should be able to access the Cognitive Account. */ ipRules?: pulumi.Input[]>; /** * A `virtualNetworkRules` block as defined below. */ virtualNetworkRules?: pulumi.Input[]>; } interface AccountNetworkAclsVirtualNetworkRule { /** * Whether ignore missing vnet service endpoint or not. Defaults to `false`. */ ignoreMissingVnetServiceEndpoint?: pulumi.Input; /** * The ID of the subnet which should be able to access this Cognitive Account. */ subnetId: pulumi.Input; } interface AccountNetworkInjection { /** * Specifies what features network injection applies to. The only possible value is `agent`. */ scenario: pulumi.Input; /** * The ID of the subnet which the Agent Client is injected into. * * > **Note:** The agent subnet must use an address space in the 172.* or 192.* ranges. */ subnetId: pulumi.Input; } interface AccountProjectIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Cognitive Account Project. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Cognitive Account Project. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface AccountRaiPolicyContentFilter { /** * Whether the filter should block content. Possible values are `true` or `false`. */ blockEnabled: pulumi.Input; /** * Whether the filter is enabled. Possible values are `true` or `false`. */ filterEnabled: pulumi.Input; /** * The name of the content filter. */ name: pulumi.Input; /** * The severity threshold for the filter. Possible values are `Low`, `Medium` or `High`. */ severityThreshold: pulumi.Input; /** * Content source to apply the content filter. Possible values are `Prompt` or `Completion`. */ source: pulumi.Input; } interface AccountStorage { /** * The client ID of the managed identity associated with the storage resource. * * > **Note:** Not all `kind` support a `storage` block. For example the `kind` `OpenAI` does not support it. */ identityClientId?: pulumi.Input; /** * Full resource id of a Microsoft.Storage resource. */ storageAccountId: pulumi.Input; } interface DeploymentModel { /** * The format of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. * * > **Note:** Possible values of `format` can be found by running the command `az cognitiveservices account list-models`. The available values may vary by region or due to quota limitations. These could include models from `AI21 Labs`, `Black Forest Labs`, `Cohere`, `Core42`, `DeepSeek`, `Meta`, `Microsoft`, `Mistral AI`, `OpenAI`, and `xAI`. */ format: pulumi.Input; /** * The name of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * The version of Cognitive Services Account Deployment model. If `version` is not specified, the default version of the model at the time will be assigned. */ version?: pulumi.Input; } interface DeploymentSku { /** * Tokens-per-Minute (TPM). The unit of measure for this field is in the thousands of Tokens-per-Minute. Defaults to `1` which means that the limitation is `1000` tokens per minute. If the resources SKU supports scale in/out then the capacity field should be included in the resources' configuration. If the scale in/out is not supported by the resources SKU then this field can be safely omitted. For more information about TPM please see the [product documentation](https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest). */ capacity?: pulumi.Input; /** * If the service has different generations of hardware, for the same SKU, then that can be captured here. Changing this forces a new resource to be created. */ family?: pulumi.Input; /** * The name of the SKU. Possible values include `Standard`, `DataZoneBatch`, `DataZoneStandard`, `DataZoneProvisionedManaged`, `GlobalBatch`, `GlobalProvisionedManaged`, `GlobalStandard`, and `ProvisionedManaged`. Changing this forces a new resource to be created. * * > **Note:** `DataZoneProvisionedManaged`, `GlobalProvisionedManaged`, and `ProvisionedManaged` are purchased on-demand at an hourly basis based on the number of deployed PTUs, with substantial term discount available via the purchase of Azure Reservations. Currently, this step cannot be completed using Terraform. For more details, please refer to the [provisioned throughput onboarding documentation](https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/provisioned-throughput-onboarding). */ name: pulumi.Input; /** * The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. Changing this forces a new resource to be created. */ size?: pulumi.Input; /** * Possible values are `Free`, `Basic`, `Standard`, `Premium`, `Enterprise`. This property is required only when multiple tiers are available with the SKU name. Changing this forces a new resource to be created. */ tier?: pulumi.Input; } } export declare namespace communication { interface EmailServiceDomainVerificationRecord { /** * (Optional) An `dkim2` block as defined below. */ dkim2s?: pulumi.Input[]>; /** * (Optional) An `dkim` block as defined below. */ dkims?: pulumi.Input[]>; /** * (Optional) An `dmarc` block as defined below. */ dmarcs?: pulumi.Input[]>; /** * (Optional) An `domain` block as defined below. */ domains?: pulumi.Input[]>; /** * (Optional) An `spf` block as defined below. */ spfs?: pulumi.Input[]>; } interface EmailServiceDomainVerificationRecordDkim { /** * The name of the Email Communication Service resource. If `domainManagement` is `AzureManaged`, the name must be `AzureManagedDomain`. Changing this forces a new Email Communication Service to be created. */ name?: pulumi.Input; /** * Represents an expiry time in seconds to represent how long this entry can be cached by the resolver, default = 3600sec. */ ttl?: pulumi.Input; /** * Type of the DNS record. Example: TXT */ type?: pulumi.Input; /** * Value of the DNS record. */ value?: pulumi.Input; } interface EmailServiceDomainVerificationRecordDkim2 { /** * The name of the Email Communication Service resource. If `domainManagement` is `AzureManaged`, the name must be `AzureManagedDomain`. Changing this forces a new Email Communication Service to be created. */ name?: pulumi.Input; /** * Represents an expiry time in seconds to represent how long this entry can be cached by the resolver, default = 3600sec. */ ttl?: pulumi.Input; /** * Type of the DNS record. Example: TXT */ type?: pulumi.Input; /** * Value of the DNS record. */ value?: pulumi.Input; } interface EmailServiceDomainVerificationRecordDmarc { /** * The name of the Email Communication Service resource. If `domainManagement` is `AzureManaged`, the name must be `AzureManagedDomain`. Changing this forces a new Email Communication Service to be created. */ name?: pulumi.Input; /** * Represents an expiry time in seconds to represent how long this entry can be cached by the resolver, default = 3600sec. */ ttl?: pulumi.Input; /** * Type of the DNS record. Example: TXT */ type?: pulumi.Input; /** * Value of the DNS record. */ value?: pulumi.Input; } interface EmailServiceDomainVerificationRecordDomain { /** * The name of the Email Communication Service resource. If `domainManagement` is `AzureManaged`, the name must be `AzureManagedDomain`. Changing this forces a new Email Communication Service to be created. */ name?: pulumi.Input; /** * Represents an expiry time in seconds to represent how long this entry can be cached by the resolver, default = 3600sec. */ ttl?: pulumi.Input; /** * Type of the DNS record. Example: TXT */ type?: pulumi.Input; /** * Value of the DNS record. */ value?: pulumi.Input; } interface EmailServiceDomainVerificationRecordSpf { /** * The name of the Email Communication Service resource. If `domainManagement` is `AzureManaged`, the name must be `AzureManagedDomain`. Changing this forces a new Email Communication Service to be created. */ name?: pulumi.Input; /** * Represents an expiry time in seconds to represent how long this entry can be cached by the resolver, default = 3600sec. */ ttl?: pulumi.Input; /** * Type of the DNS record. Example: TXT */ type?: pulumi.Input; /** * Value of the DNS record. */ value?: pulumi.Input; } } export declare namespace compute { interface BastionHostIpConfiguration { /** * The name of the IP configuration. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Reference to a Public IP Address to associate with this Bastion Host. Changing this forces a new resource to be created. * * > **Note:** `publicIpAddressId` is required when `sku` is `Basic` or `Standard`. When `sku` is `Premium` and `publicIpAddressId` is omitted, the Bastion Host is deployed in Private-Only mode (`privateOnlyEnabled` will be `true`). */ publicIpAddressId?: pulumi.Input; /** * Reference to a subnet in which this Bastion Host has been created. Changing this forces a new resource to be created. * * > **Note:** The Subnet used for the Bastion Host must have the name `AzureBastionSubnet` and the subnet mask must be at least a `/26`. */ subnetId: pulumi.Input; } interface CapacityReservationSku { /** * Specifies the number of instances to be reserved. It must be greater than or equal to `0` and not exceed the quota in the subscription. */ capacity: pulumi.Input; /** * Name of the sku, such as `Standard_F2`. Changing this forces a new resource to be created. */ name: pulumi.Input; } interface DiskEncryptionSetIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Disk Encryption Set. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The (Client) ID of the Service Principal. */ principalId?: pulumi.Input; /** * The ID of the Tenant the Service Principal is assigned in. */ tenantId?: pulumi.Input; /** * The type of Managed Service Identity that is configured on this Disk Encryption Set. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface ExtensionProtectedSettingsFromKeyVault { /** * The URL to the Key Vault Secret which stores the protected settings. */ secretUrl: pulumi.Input; /** * The ID of the source Key Vault. */ sourceVaultId: pulumi.Input; } interface GalleryApplicationVersionManageAction { /** * The command to install the Gallery Application. Changing this forces a new resource to be created. */ install: pulumi.Input; /** * The command to remove the Gallery Application. Changing this forces a new resource to be created. */ remove: pulumi.Input; /** * The command to update the Gallery Application. Changing this forces a new resource to be created. */ update?: pulumi.Input; } interface GalleryApplicationVersionSource { /** * The Storage Blob URI of the default configuration. Changing this forces a new resource to be created. */ defaultConfigurationLink?: pulumi.Input; /** * The Storage Blob URI of the source application package. Changing this forces a new resource to be created. */ mediaLink: pulumi.Input; } interface GalleryApplicationVersionTargetRegion { /** * Specifies whether this Gallery Application Version should be excluded from the `latest` filter. If set to `true`, this Gallery Application Version won't be returned for the `latest` version. Defaults to `false`. */ excludeFromLatest?: pulumi.Input; /** * The Azure Region in which the Gallery Application Version exists. */ name: pulumi.Input; /** * The number of replicas of the Gallery Application Version to be created per region. Possible values are between `1` and `10`. */ regionalReplicaCount: pulumi.Input; /** * The storage account type for the Gallery Application Version. Possible values are `Standard_LRS`, `Premium_LRS` and `Standard_ZRS`. Defaults to `Standard_LRS`. */ storageAccountType?: pulumi.Input; } interface ImageDataDisk { /** * Specifies the URI in Azure storage of the blob that you want to use to create the image. */ blobUri?: pulumi.Input; /** * Specifies the caching mode as `ReadWrite`, `ReadOnly`, or `None`. Defaults to `None`. */ caching?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to encrypt this disk. Changing this forces a new resource to be created. */ diskEncryptionSetId?: pulumi.Input; /** * Specifies the logical unit number of the data disk. */ lun?: pulumi.Input; /** * Specifies the ID of the managed disk resource that you want to use to create the image. Changing this forces a new resource to be created. */ managedDiskId?: pulumi.Input; /** * Specifies the size of the image to be created. The target size can't be smaller than the source size. */ sizeGb?: pulumi.Input; /** * The type of Storage Disk to use. Possible values are `Premium_LRS`, `PremiumV2_LRS`, `Premium_ZRS`, `Standard_LRS`, `StandardSSD_LRS`, `StandardSSD_ZRS` and `UltraSSD_LRS`. Changing this forces a new resource to be created. */ storageType: pulumi.Input; } interface ImageOsDisk { /** * Specifies the URI in Azure storage of the blob that you want to use to create the image. Changing this forces a new resource to be created. */ blobUri?: pulumi.Input; /** * Specifies the caching mode as `ReadWrite`, `ReadOnly`, or `None`. The default is `None`. */ caching?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to encrypt this disk. Changing this forces a new resource to be created. */ diskEncryptionSetId?: pulumi.Input; /** * Specifies the ID of the managed disk resource that you want to use to create the image. */ managedDiskId?: pulumi.Input; /** * Specifies the state of the operating system contained in the blob. Currently, the only value is Generalized. Possible values are `Generalized` and `Specialized`. */ osState?: pulumi.Input; /** * Specifies the type of operating system contained in the virtual machine image. Possible values are: `Windows` or `Linux`. */ osType?: pulumi.Input; /** * Specifies the size of the image to be created. Changing this forces a new resource to be created. */ sizeGb?: pulumi.Input; /** * The type of Storage Disk to use. Possible values are `Premium_LRS`, `PremiumV2_LRS`, `Premium_ZRS`, `Standard_LRS`, `StandardSSD_LRS`, `StandardSSD_ZRS` and `UltraSSD_LRS`. Changing this forces a new resource to be created. */ storageType: pulumi.Input; } interface LinuxVirtualMachineAdditionalCapabilities { /** * Whether to enable the hibernation capability or not. */ hibernationEnabled?: pulumi.Input; /** * Should the capacity to enable Data Disks of the `UltraSSD_LRS` storage account type be supported on this Virtual Machine? Defaults to `false`. */ ultraSsdEnabled?: pulumi.Input; } interface LinuxVirtualMachineAdminSshKey { /** * The Public Key which should be used for authentication, which needs to be in `ssh-rsa` format with at least 2048-bit or in `ssh-ed25519` format. Changing this forces a new resource to be created. */ publicKey: pulumi.Input; /** * The Username for which this Public SSH Key should be configured. Changing this forces a new resource to be created. * * > **NOTE:** The Azure VM Agent only allows creating SSH Keys at the path `/home/{username}/.ssh/authorized_keys` - as such this public key will be written to the authorized keys file. */ username: pulumi.Input; } interface LinuxVirtualMachineBootDiagnostics { /** * The Primary/Secondary Endpoint for the Azure Storage Account which should be used to store Boot Diagnostics, including Console Output and Screenshots from the Hypervisor. * * > **NOTE:** Passing a null value will utilize a Managed Storage Account to store Boot Diagnostics */ storageAccountUri?: pulumi.Input; } interface LinuxVirtualMachineGalleryApplication { /** * Specifies whether the version will be automatically updated for the VM when a new Gallery Application version is available in PIR/SIG. Defaults to `false`. */ automaticUpgradeEnabled?: pulumi.Input; /** * Specifies the URI to an Azure Blob that will replace the default configuration for the package if provided. */ configurationBlobUri?: pulumi.Input; /** * Specifies the order in which the packages have to be installed. Possible values are between `0` and `2147483647`. Defaults to `0`. */ order?: pulumi.Input; /** * Specifies a passthrough value for more generic context. This field can be any valid `string` value. */ tag?: pulumi.Input; /** * Specifies whether any failure for any operation in the VmApplication will fail the deployment of the VM. Defaults to `false`. */ treatFailureAsDeploymentFailureEnabled?: pulumi.Input; /** * Specifies the Gallery Application Version resource ID. */ versionId: pulumi.Input; } interface LinuxVirtualMachineIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Linux Virtual Machine. * * > **NOTE:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Linux Virtual Machine. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface LinuxVirtualMachineOsDisk { /** * The Type of Caching which should be used for the Internal OS Disk. Possible values are `None`, `ReadOnly` and `ReadWrite`. */ caching: pulumi.Input; /** * A `diffDiskSettings` block as defined above. Changing this forces a new resource to be created. * * > **NOTE:** `diffDiskSettings` can only be set when `caching` is set to `ReadOnly`. More information can be found [here](https://docs.microsoft.com/azure/virtual-machines/ephemeral-os-disks-deploy#vm-template-deployment). Additionally, this property cannot be set when an existing Managed Disk is used to create the Virtual Machine by setting `osManagedDiskId`. */ diffDiskSettings?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk. Conflicts with `secureVmDiskEncryptionSetId`. * * > **NOTE:** The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault */ diskEncryptionSetId?: pulumi.Input; /** * The Size of the Internal OS Disk in GB, if you wish to vary from the size used in the image this Virtual Machine is sourced from. * * > **NOTE:** If specified this must be equal to or larger than the size of the Image the Virtual Machine is based on. When creating a larger disk than exists in the image you'll need to repartition the disk to use the remaining space. */ diskSizeGb?: pulumi.Input; /** * The ID of the OS disk. */ id?: pulumi.Input; /** * The name which should be used for the Internal OS Disk. Changing this forces a new resource to be created. * * > **Note:** a value for `name` cannot be specified if/when the Virtual Machine is/has been created using an existing Managed Disk for the OS by setting `osManagedDiskId`. */ name?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk when the Virtual Machine is a Confidential VM. Conflicts with `diskEncryptionSetId`. Changing this forces a new resource to be created. * * > **NOTE:** `secureVmDiskEncryptionSetId` can only be specified when `securityEncryptionType` is set to `DiskWithVMGuestState`. */ secureVmDiskEncryptionSetId?: pulumi.Input; /** * Encryption Type when the Virtual Machine is a Confidential VM. Possible values are `VMGuestStateOnly` and `DiskWithVMGuestState`. Changing this forces a new resource to be created. * * > **NOTE:** `vtpmEnabled` must be set to `true` when `securityEncryptionType` is specified. * * > **NOTE:** `encryptionAtHostEnabled` cannot be set to `true` when `securityEncryptionType` is set to `DiskWithVMGuestState`. */ securityEncryptionType?: pulumi.Input; /** * The Type of Storage Account which should back this the Internal OS Disk. Possible values are `Standard_LRS`, `StandardSSD_LRS`, `Premium_LRS`, `StandardSSD_ZRS` and `Premium_ZRS`. Changing this forces a new resource to be created. * * > **Note:** This is required unless using an existing OS Managed Disk by specifying `osManagedDiskId`. */ storageAccountType?: pulumi.Input; /** * Should Write Accelerator be Enabled for this OS Disk? Defaults to `false`. * * > **NOTE:** This requires that the `storageAccountType` is set to `Premium_LRS` and that `caching` is set to `None`. */ writeAcceleratorEnabled?: pulumi.Input; } interface LinuxVirtualMachineOsDiskDiffDiskSettings { /** * Specifies the Ephemeral Disk Settings for the OS Disk. At this time the only possible value is `Local`. Changing this forces a new resource to be created. */ option: pulumi.Input; /** * Specifies where to store the Ephemeral Disk. Possible values are `CacheDisk`, `ResourceDisk` and `NvmeDisk`. Defaults to `CacheDisk`. Changing this forces a new resource to be created. * * > **Note:** `NvmeDisk` can only be used for v6 VMs in combination with a supported `sourceImageReference`. More information can be found [here](https://learn.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks) */ placement?: pulumi.Input; } interface LinuxVirtualMachineOsImageNotification { /** * Length of time a notification to be sent to the VM on the instance metadata server till the VM gets OS upgraded. The only possible value is `PT15M`. Defaults to `PT15M`. */ timeout?: pulumi.Input; } interface LinuxVirtualMachinePlan { /** * Specifies the Name of the Marketplace Image this Virtual Machine should be created from. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specifies the Product of the Marketplace Image this Virtual Machine should be created from. Changing this forces a new resource to be created. */ product: pulumi.Input; /** * Specifies the Publisher of the Marketplace Image this Virtual Machine should be created from. Changing this forces a new resource to be created. */ publisher: pulumi.Input; } interface LinuxVirtualMachineScaleSetAdditionalCapabilities { /** * Should the capacity to enable Data Disks of the `UltraSSD_LRS` storage account type be supported on this Virtual Machine Scale Set? Possible values are `true` or `false`. Defaults to `false`. Changing this forces a new resource to be created. */ ultraSsdEnabled?: pulumi.Input; } interface LinuxVirtualMachineScaleSetAdminSshKey { /** * The Public Key which should be used for authentication, which needs to be in `ssh-rsa` format with at least 2048-bit or in `ssh-ed25519` format. */ publicKey: pulumi.Input; /** * The Username for which this Public SSH Key should be configured. * * > **Note:** The Azure VM Agent only allows creating SSH Keys at the path `/home/{username}/.ssh/authorized_keys` - as such this public key will be added/appended to the authorized keys file. */ username: pulumi.Input; } interface LinuxVirtualMachineScaleSetAutomaticInstanceRepair { /** * The repair action that will be used for repairing unhealthy virtual machines in the scale set. Possible values include `Replace`, `Restart`, `Reimage`. * * > **Note:** Once the `action` field has been set it will always return the last value it was assigned if it is removed from the configuration file. * * > **Note:** If you wish to update the repair `action` of an existing `automaticInstanceRepair` policy, you must first `disable` the `automaticInstanceRepair` policy before you can re-enable the `automaticInstanceRepair` policy with the new repair `action` defined. */ action?: pulumi.Input; /** * Should the automatic instance repair be enabled on this Virtual Machine Scale Set? */ enabled: pulumi.Input; /** * Amount of time for which automatic repairs will be delayed. The grace period starts right after the VM is found unhealthy. Possible values are between `10` and `90` minutes. The time duration should be specified in `ISO 8601` format (e.g. `PT10M` to `PT90M`). * * > **Note:** Once the `gracePeriod` field has been set it will always return the last value it was assigned if it is removed from the configuration file. */ gracePeriod?: pulumi.Input; } interface LinuxVirtualMachineScaleSetAutomaticOsUpgradePolicy { /** * Should automatic rollbacks be disabled? */ disableAutomaticRollback: pulumi.Input; /** * Should OS Upgrades automatically be applied to Scale Set instances in a rolling fashion when a newer version of the OS Image becomes available? */ enableAutomaticOsUpgrade: pulumi.Input; } interface LinuxVirtualMachineScaleSetBootDiagnostics { /** * The Primary/Secondary Endpoint for the Azure Storage Account which should be used to store Boot Diagnostics, including Console Output and Screenshots from the Hypervisor. * * > **Note:** Passing a null value will utilize a Managed Storage Account to store Boot Diagnostics. */ storageAccountUri?: pulumi.Input; } interface LinuxVirtualMachineScaleSetDataDisk { /** * The type of Caching which should be used for this Data Disk. Possible values are `None`, `ReadOnly` and `ReadWrite`. */ caching: pulumi.Input; /** * The create option which should be used for this Data Disk. Possible values are `Empty` and `FromImage`. Defaults to `Empty`. (`FromImage` should only be used if the source image includes data disks). */ createOption?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to encrypt this Data Disk. Changing this forces a new resource to be created. * * > **Note:** The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault * * > **Note:** Disk Encryption Sets are in Public Preview in a limited set of regions */ diskEncryptionSetId?: pulumi.Input; /** * The size of the Data Disk which should be created. */ diskSizeGb: pulumi.Input; /** * The Logical Unit Number of the Data Disk, which must be unique within the Virtual Machine. */ lun: pulumi.Input; /** * The name of the Data Disk. */ name?: pulumi.Input; /** * The Type of Storage Account which should back this Data Disk. Possible values include `Standard_LRS`, `StandardSSD_LRS`, `StandardSSD_ZRS`, `Premium_LRS`, `PremiumV2_LRS`, `Premium_ZRS` and `UltraSSD_LRS`. * * > **Note:** `UltraSSD_LRS` is only supported when `ultraSsdEnabled` within the `additionalCapabilities` block is enabled. */ storageAccountType: pulumi.Input; /** * Specifies the Read-Write IOPS for this Data Disk. Only settable when `storageAccountType` is `PremiumV2_LRS` or `UltraSSD_LRS`. */ ultraSsdDiskIopsReadWrite?: pulumi.Input; /** * Specifies the bandwidth in MB per second for this Data Disk. Only settable when `storageAccountType` is `PremiumV2_LRS` or `UltraSSD_LRS`. */ ultraSsdDiskMbpsReadWrite?: pulumi.Input; /** * Should Write Accelerator be enabled for this Data Disk? Defaults to `false`. * * > **Note:** This requires that the `storageAccountType` is set to `Premium_LRS` and that `caching` is set to `None`. */ writeAcceleratorEnabled?: pulumi.Input; } interface LinuxVirtualMachineScaleSetExtension { /** * Should the latest version of the Extension be used at Deployment Time, if one is available? This won't auto-update the extension on existing installation. Defaults to `true`. */ autoUpgradeMinorVersion?: pulumi.Input; /** * Should the Extension be automatically updated whenever the Publisher releases a new version of this VM Extension? */ automaticUpgradeEnabled?: pulumi.Input; /** * A value which, when different to the previous value can be used to force-run the Extension even if the Extension Configuration hasn't changed. */ forceUpdateTag?: pulumi.Input; /** * The name for the Virtual Machine Scale Set Extension. */ name: pulumi.Input; /** * A JSON String which specifies Sensitive Settings (such as Passwords) for the Extension. * * > **Note:** Keys within the `protectedSettings` block are notoriously case-sensitive, where the casing required (e.g. TitleCase vs snakeCase) depends on the Extension being used. Please refer to the documentation for the specific Virtual Machine Extension you're looking to use for more information. */ protectedSettings?: pulumi.Input; /** * A `protectedSettingsFromKeyVault` block as defined below. * * > **Note:** `protectedSettingsFromKeyVault` cannot be used with `protectedSettings` */ protectedSettingsFromKeyVault?: pulumi.Input; /** * An ordered list of Extension names which this should be provisioned after. */ provisionAfterExtensions?: pulumi.Input[]>; /** * Specifies the Publisher of the Extension. */ publisher: pulumi.Input; /** * A JSON String which specifies Settings for the Extension. * * > **Note:** Keys within the `settings` block are notoriously case-sensitive, where the casing required (e.g. TitleCase vs snakeCase) depends on the Extension being used. Please refer to the documentation for the specific Virtual Machine Extension you're looking to use for more information. */ settings?: pulumi.Input; /** * Specifies the Type of the Extension. */ type: pulumi.Input; /** * Specifies the version of the extension to use, available versions can be found using the Azure CLI. */ typeHandlerVersion: pulumi.Input; } interface LinuxVirtualMachineScaleSetExtensionProtectedSettingsFromKeyVault { /** * The URL to the Key Vault Secret which stores the protected settings. */ secretUrl: pulumi.Input; /** * The ID of the source Key Vault. */ sourceVaultId: pulumi.Input; } interface LinuxVirtualMachineScaleSetGalleryApplication { /** * Specifies the URI to an Azure Blob that will replace the default configuration for the package if provided. Changing this forces a new resource to be created. */ configurationBlobUri?: pulumi.Input; /** * Specifies the order in which the packages have to be installed. Possible values are between `0` and `2147483647`. Defaults to `0`. Changing this forces a new resource to be created. */ order?: pulumi.Input; /** * Specifies a passthrough value for more generic context. This field can be any valid `string` value. Changing this forces a new resource to be created. */ tag?: pulumi.Input; /** * Specifies the Gallery Application Version resource ID. Changing this forces a new resource to be created. */ versionId: pulumi.Input; } interface LinuxVirtualMachineScaleSetIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Linux Virtual Machine Scale Set. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Linux Virtual Machine Scale Set. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface LinuxVirtualMachineScaleSetNetworkInterface { /** * Specifies the auxiliary mode used to enable network high-performance feature on Network Virtual Appliances (NVAs). This feature offers competitive performance in Connections Per Second (CPS) optimization, along with improvements to handling large amounts of simultaneous connections. Possible values are `AcceleratedConnections` and `Floating`. * * > **Note:** `auxiliaryMode` is in **Preview** and requires that the prerequisites are enabled - [more information can be found in the Azure documentation](https://learn.microsoft.com/azure/networking/nva-accelerated-connections#prerequisites). */ auxiliaryMode?: pulumi.Input; /** * Specifies the SKU used for the network high-performance feature on Network Virtual Appliances (NVAs). Possible values are `A1`, `A2`, `A4` and `A8`. * * > **Note:** `auxiliarySku` is in **Preview** and requires that the prerequisites are enabled - [more information can be found in the Azure documentation](https://learn.microsoft.com/azure/networking/nva-accelerated-connections#prerequisites). */ auxiliarySku?: pulumi.Input; /** * A list of IP Addresses of DNS Servers which should be assigned to the Network Interface. */ dnsServers?: pulumi.Input[]>; /** * Does this Network Interface support Accelerated Networking? Defaults to `false`. */ enableAcceleratedNetworking?: pulumi.Input; /** * Does this Network Interface support IP Forwarding? Defaults to `false`. */ enableIpForwarding?: pulumi.Input; /** * One or more `ipConfiguration` blocks as defined above. */ ipConfigurations: pulumi.Input[]>; /** * The Name which should be used for this Network Interface. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * The ID of a Network Security Group which should be assigned to this Network Interface. */ networkSecurityGroupId?: pulumi.Input; /** * Is this the Primary IP Configuration? * * > **Note:** If multiple `networkInterface` blocks are specified, one must be set to `primary`. */ primary?: pulumi.Input; } interface LinuxVirtualMachineScaleSetNetworkInterfaceIpConfiguration { /** * A list of Backend Address Pools ID's from a Application Gateway which this Virtual Machine Scale Set should be connected to. */ applicationGatewayBackendAddressPoolIds?: pulumi.Input[]>; /** * A list of Application Security Group ID's which this Virtual Machine Scale Set should be connected to. */ applicationSecurityGroupIds?: pulumi.Input[]>; /** * A list of Backend Address Pools ID's from a Load Balancer which this Virtual Machine Scale Set should be connected to. * * > **Note:** When the Virtual Machine Scale Set is configured to have public IPs per instance are created with a load balancer, the SKU of the Virtual Machine instance IPs is determined by the SKU of the Virtual Machine Scale Sets Load Balancer (e.g. `Basic` or `Standard`). Alternatively, you may use the `publicIpPrefixId` field to generate instance-level IPs in a virtual machine scale set as well. The zonal properties of the prefix will be passed to the Virtual Machine instance IPs, though they will not be shown in the output. To view the public IP addresses assigned to the Virtual Machine Scale Sets Virtual Machine instances use the **az vmss list-instance-public-ips --resource-group `ResourceGroupName` --name `VirtualMachineScaleSetName`** CLI command. * * > **Note:** When using this field you'll also need to configure a Rule for the Load Balancer, and use a `dependsOn` between this resource and the Load Balancer Rule. */ loadBalancerBackendAddressPoolIds?: pulumi.Input[]>; /** * A list of NAT Rule ID's from a Load Balancer which this Virtual Machine Scale Set should be connected to. * * > **Note:** When using this field you'll also need to configure a Rule for the Load Balancer, and use a `dependsOn` between this resource and the Load Balancer Rule. */ loadBalancerInboundNatRulesIds?: pulumi.Input[]>; /** * The Name which should be used for this IP Configuration. */ name: pulumi.Input; /** * Is this the Primary IP Configuration for this Network Interface? Defaults to `false`. * * > **Note:** One `ipConfiguration` block must be marked as Primary for each Network Interface. */ primary?: pulumi.Input; /** * A `publicIpAddress` block as defined below. */ publicIpAddresses?: pulumi.Input[]>; /** * The ID of the Subnet which this IP Configuration should be connected to. * * > **Note:** `subnetId` is required if `version` is set to `IPv4`. */ subnetId?: pulumi.Input; /** * The Internet Protocol Version which should be used for this IP Configuration. Possible values are `IPv4` and `IPv6`. Defaults to `IPv4`. */ version?: pulumi.Input; } interface LinuxVirtualMachineScaleSetNetworkInterfaceIpConfigurationPublicIpAddress { /** * The Prefix which should be used for the Domain Name Label for each Virtual Machine Instance. Azure concatenates the Domain Name Label and Virtual Machine Index to create a unique Domain Name Label for each Virtual Machine. */ domainNameLabel?: pulumi.Input; /** * The Idle Timeout in Minutes for the Public IP Address. Possible values are in the range `4` to `32`. */ idleTimeoutInMinutes?: pulumi.Input; /** * One or more `ipTag` blocks as defined above. Changing this forces a new resource to be created. */ ipTags?: pulumi.Input[]>; /** * The Name of the Public IP Address Configuration. */ name: pulumi.Input; /** * The ID of the Public IP Address Prefix from where Public IP Addresses should be allocated. Changing this forces a new resource to be created. * * > **Note:** This functionality is in Preview and must be opted into via `az feature register --namespace Microsoft.Network --name AllowBringYourOwnPublicIpAddress` and then `az provider register -n Microsoft.Network`. */ publicIpPrefixId?: pulumi.Input; /** * The Internet Protocol Version which should be used for this public IP address. Possible values are `IPv4` and `IPv6`. Defaults to `IPv4`. Changing this forces a new resource to be created. */ version?: pulumi.Input; } interface LinuxVirtualMachineScaleSetNetworkInterfaceIpConfigurationPublicIpAddressIpTag { /** * The IP Tag associated with the Public IP, such as `SQL` or `Storage`. Changing this forces a new resource to be created. */ tag: pulumi.Input; /** * The Type of IP Tag, such as `FirstPartyUsage`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface LinuxVirtualMachineScaleSetOsDisk { /** * The Type of Caching which should be used for the Internal OS Disk. Possible values are `None`, `ReadOnly` and `ReadWrite`. */ caching: pulumi.Input; /** * A `diffDiskSettings` block as defined above. Changing this forces a new resource to be created. */ diffDiskSettings?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to encrypt this OS Disk. Conflicts with `secureVmDiskEncryptionSetId`. Changing this forces a new resource to be created. * * > **Note:** The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault * * > **Note:** Disk Encryption Sets are in Public Preview in a limited set of regions */ diskEncryptionSetId?: pulumi.Input; /** * The Size of the Internal OS Disk in GB, if you wish to vary from the size used in the image this Virtual Machine Scale Set is sourced from. * * > **Note:** If specified this must be equal to or larger than the size of the Image the VM Scale Set is based on. When creating a larger disk than exists in the image you'll need to repartition the disk to use the remaining space. */ diskSizeGb?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to Encrypt the OS Disk when the Virtual Machine Scale Set is Confidential VMSS. Conflicts with `diskEncryptionSetId`. Changing this forces a new resource to be created. * * > **Note:** `secureVmDiskEncryptionSetId` can only be specified when `securityEncryptionType` is set to `DiskWithVMGuestState`. */ secureVmDiskEncryptionSetId?: pulumi.Input; /** * Encryption Type when the Virtual Machine Scale Set is Confidential VMSS. Possible values are `VMGuestStateOnly` and `DiskWithVMGuestState`. Changing this forces a new resource to be created. * * > **Note:** `vtpmEnabled` must be set to `true` when `securityEncryptionType` is specified. * * > **Note:** `encryptionAtHostEnabled` cannot be set to `true` when `securityEncryptionType` is set to `DiskWithVMGuestState`. */ securityEncryptionType?: pulumi.Input; /** * The Type of Storage Account which should back this the Internal OS Disk. Possible values include `Standard_LRS`, `StandardSSD_LRS`, `StandardSSD_ZRS`, `Premium_LRS` and `Premium_ZRS`. Changing this forces a new resource to be created. */ storageAccountType: pulumi.Input; /** * Should Write Accelerator be Enabled for this OS Disk? Defaults to `false`. * * > **Note:** This requires that the `storageAccountType` is set to `Premium_LRS` and that `caching` is set to `None`. */ writeAcceleratorEnabled?: pulumi.Input; } interface LinuxVirtualMachineScaleSetOsDiskDiffDiskSettings { /** * Specifies the Ephemeral Disk Settings for the OS Disk. At this time the only possible value is `Local`. Changing this forces a new resource to be created. */ option: pulumi.Input; /** * Specifies where to store the Ephemeral Disk. Possible values are `CacheDisk` and `ResourceDisk`. Defaults to `CacheDisk`. Changing this forces a new resource to be created. */ placement?: pulumi.Input; } interface LinuxVirtualMachineScaleSetPlan { /** * Specifies the name of the image from the marketplace. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specifies the product of the image from the marketplace. Changing this forces a new resource to be created. */ product: pulumi.Input; /** * Specifies the publisher of the image. Changing this forces a new resource to be created. */ publisher: pulumi.Input; } interface LinuxVirtualMachineScaleSetRollingUpgradePolicy { /** * Should the Virtual Machine Scale Set ignore the Azure Zone boundaries when constructing upgrade batches? Possible values are `true` or `false`. */ crossZoneUpgradesEnabled?: pulumi.Input; /** * The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. */ maxBatchInstancePercent: pulumi.Input; /** * The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. */ maxUnhealthyInstancePercent: pulumi.Input; /** * The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. */ maxUnhealthyUpgradedInstancePercent: pulumi.Input; /** * Create new virtual machines to upgrade the scale set, rather than updating the existing virtual machines. Existing virtual machines will be deleted once the new virtual machines are created for each batch. Possible values are `true` or `false`. * * > **Note:** `overprovision` must be set to `false` when `maximumSurgeInstancesEnabled` is specified. */ maximumSurgeInstancesEnabled?: pulumi.Input; /** * The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. */ pauseTimeBetweenBatches: pulumi.Input; /** * Upgrade all unhealthy instances in a scale set before any healthy instances. Possible values are `true` or `false`. */ prioritizeUnhealthyInstancesEnabled?: pulumi.Input; } interface LinuxVirtualMachineScaleSetScaleIn { /** * Should the virtual machines chosen for removal be force deleted when the virtual machine scale set is being scaled-in? Possible values are `true` or `false`. Defaults to `false`. */ forceDeletionEnabled?: pulumi.Input; /** * The scale-in policy rule that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled in. Possible values for the scale-in policy rules are `Default`, `NewestVM` and `OldestVM`, defaults to `Default`. For more information about scale in policy, please [refer to this doc](https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-scale-in-policy). */ rule?: pulumi.Input; } interface LinuxVirtualMachineScaleSetSecret { /** * One or more `certificate` blocks as defined above. */ certificates: pulumi.Input[]>; /** * The ID of the Key Vault from which all Secrets should be sourced. */ keyVaultId: pulumi.Input; } interface LinuxVirtualMachineScaleSetSecretCertificate { /** * The Secret URL of a Key Vault Certificate. * * > **Note:** This can be sourced from the `secretId` field within the `azure.keyvault.Certificate` Resource. * * > **Note:** The certificate must have been uploaded/created in PFX format, PEM certificates are not currently supported by Azure. */ url: pulumi.Input; } interface LinuxVirtualMachineScaleSetSourceImageReference { /** * Specifies the offer of the image used to create the virtual machines. Changing this forces a new resource to be created. */ offer: pulumi.Input; /** * Specifies the publisher of the image used to create the virtual machines. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * Specifies the SKU of the image used to create the virtual machines. */ sku: pulumi.Input; /** * Specifies the version of the image used to create the virtual machines. */ version: pulumi.Input; } interface LinuxVirtualMachineScaleSetSpotRestore { /** * Should the Spot-Try-Restore feature be enabled? The Spot-Try-Restore feature will attempt to automatically restore the evicted Spot Virtual Machine Scale Set VM instances opportunistically based on capacity availability and pricing constraints. Possible values are `true` or `false`. Defaults to `false`. Changing this forces a new resource to be created. */ enabled?: pulumi.Input; /** * The length of time that the Virtual Machine Scale Set should attempt to restore the Spot VM instances which have been evicted. The time duration should be between `15` minutes and `120` minutes (inclusive). The time duration should be specified in the ISO 8601 format. Defaults to `PT1H`. Changing this forces a new resource to be created. */ timeout?: pulumi.Input; } interface LinuxVirtualMachineScaleSetTerminationNotification { /** * Should the termination notification be enabled on this Virtual Machine Scale Set? */ enabled: pulumi.Input; /** * Length of time (in minutes, between 5 and 15) a notification to be sent to the VM on the instance metadata server till the VM gets deleted. The time duration should be specified in ISO 8601 format. Defaults to `PT5M`. * * > **Note:** For more information about the termination notification, please [refer to this doc](https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-terminate-notification). */ timeout?: pulumi.Input; } interface LinuxVirtualMachineSecret { /** * One or more `certificate` blocks as defined above. */ certificates: pulumi.Input[]>; /** * The ID of the Key Vault from which all Secrets should be sourced. */ keyVaultId: pulumi.Input; } interface LinuxVirtualMachineSecretCertificate { /** * The Secret URL of a Key Vault Certificate. * * > **NOTE:** This can be sourced from the `secretId` field within the `azure.keyvault.Certificate` Resource. */ url: pulumi.Input; } interface LinuxVirtualMachineSourceImageReference { /** * Specifies the offer of the image used to create the virtual machines. Changing this forces a new resource to be created. */ offer: pulumi.Input; /** * Specifies the publisher of the image used to create the virtual machines. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * Specifies the SKU of the image used to create the virtual machines. Changing this forces a new resource to be created. */ sku: pulumi.Input; /** * Specifies the version of the image used to create the virtual machines. Changing this forces a new resource to be created. */ version: pulumi.Input; } interface LinuxVirtualMachineTerminationNotification { /** * Should the termination notification be enabled on this Virtual Machine? */ enabled: pulumi.Input; /** * Length of time (in minutes, between `5` and `15`) a notification to be sent to the VM on the instance metadata server till the VM gets deleted. The time duration should be specified in ISO 8601 format. Defaults to `PT5M`. * * > **NOTE:** For more information about the termination notification, please [refer to this doc](https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-terminate-notification). */ timeout?: pulumi.Input; } interface ManagedDiskEncryptionSettings { /** * A `diskEncryptionKey` block as defined above. */ diskEncryptionKey: pulumi.Input; /** * A `keyEncryptionKey` block as defined below. */ keyEncryptionKey?: pulumi.Input; } interface ManagedDiskEncryptionSettingsDiskEncryptionKey { /** * The URL to the Key Vault Secret used as the Disk Encryption Key. This can be found as `id` on the `azure.keyvault.Secret` resource. */ secretUrl: pulumi.Input; /** * The ID of the source Key Vault. This can be found as `id` on the `azure.keyvault.KeyVault` resource. */ sourceVaultId: pulumi.Input; } interface ManagedDiskEncryptionSettingsKeyEncryptionKey { /** * The URL to the Key Vault Key used as the Key Encryption Key. This can be found as `id` on the `azure.keyvault.Key` resource. */ keyUrl: pulumi.Input; /** * The ID of the source Key Vault. This can be found as `id` on the `azure.keyvault.KeyVault` resource. */ sourceVaultId: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetAdditionalCapabilities { /** * Should the capacity to enable Data Disks of the `UltraSSD_LRS` storage account type be supported on this Virtual Machine Scale Set? Defaults to `false`. Changing this forces a new resource to be created. */ ultraSsdEnabled?: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetAutomaticInstanceRepair { /** * The repair action that will be used for repairing unhealthy virtual machines in the scale set. Possible values include `Replace`, `Restart`, `Reimage`. * * > **Note:** Once the `action` field has been set it will always return the last value it was assigned if it is removed from the configuration file. * * > **Note:** If you wish to update the repair `action` of an existing `automaticInstanceRepair` policy, you must first `disable` the `automaticInstanceRepair` policy before you can re-enable the `automaticInstanceRepair` policy with the new repair `action` defined. */ action?: pulumi.Input; /** * Should the automatic instance repair be enabled on this Virtual Machine Scale Set? Possible values are `true` and `false`. */ enabled: pulumi.Input; /** * Amount of time for which automatic repairs will be delayed. The grace period starts right after the VM is found unhealthy. Possible values are between `10` and `90` minutes. The time duration should be specified in `ISO 8601` format (e.g. `PT10M` to `PT90M`). * * > **Note:** Once the `gracePeriod` field has been set it will always return the last value it was assigned if it is removed from the configuration file. */ gracePeriod?: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetBootDiagnostics { /** * The Primary/Secondary Endpoint for the Azure Storage Account which should be used to store Boot Diagnostics, including Console Output and Screenshots from the Hypervisor. By including a `bootDiagnostics` block without passing the `storageAccountUri` field will cause the API to utilize a Managed Storage Account to store the Boot Diagnostics output. */ storageAccountUri?: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetDataDisk { /** * The type of Caching which should be used for this Data Disk. Possible values are None, ReadOnly and ReadWrite. */ caching: pulumi.Input; /** * The create option which should be used for this Data Disk. Possible values are Empty and FromImage. Defaults to `Empty`. (FromImage should only be used if the source image includes data disks). */ createOption?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to encrypt the Data Disk. Changing this forces a new resource to be created. */ diskEncryptionSetId?: pulumi.Input; /** * The size of the Data Disk which should be created. Required if `createOption` is specified as `Empty`. */ diskSizeGb?: pulumi.Input; /** * The Logical Unit Number of the Data Disk, which must be unique within the Virtual Machine. Required if `createOption` is specified as `Empty`. */ lun?: pulumi.Input; /** * The Type of Storage Account which should back this Data Disk. Possible values include `Standard_LRS`, `StandardSSD_LRS`, `StandardSSD_ZRS`, `Premium_LRS`, `PremiumV2_LRS`, `Premium_ZRS` and `UltraSSD_LRS`. */ storageAccountType: pulumi.Input; /** * Specifies the Read-Write IOPS for this Data Disk. Only settable when `storageAccountType` is `PremiumV2_LRS` or `UltraSSD_LRS`. */ ultraSsdDiskIopsReadWrite?: pulumi.Input; /** * Specifies the bandwidth in MB per second for this Data Disk. Only settable when `storageAccountType` is `PremiumV2_LRS` or `UltraSSD_LRS`. */ ultraSsdDiskMbpsReadWrite?: pulumi.Input; /** * Specifies if Write Accelerator is enabled on the Data Disk. Defaults to `false`. */ writeAcceleratorEnabled?: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetExtension { /** * Should the latest version of the Extension be used at Deployment Time, if one is available? This won't auto-update the extension on existing installation. Defaults to `true`. */ autoUpgradeMinorVersionEnabled?: pulumi.Input; /** * An ordered list of Extension names which Virtual Machine Scale Set should provision after VM creation. */ extensionsToProvisionAfterVmCreations?: pulumi.Input[]>; /** * Should failures from the extension be suppressed? Possible values are `true` or `false`. * * > **Note:** Operational failures such as not connecting to the VM will not be suppressed regardless of the `failureSuppressionEnabled` value. */ failureSuppressionEnabled?: pulumi.Input; /** * A value which, when different to the previous value can be used to force-run the Extension even if the Extension Configuration hasn't changed. */ forceExtensionExecutionOnChange?: pulumi.Input; /** * The name for the Virtual Machine Scale Set Extension. */ name: pulumi.Input; /** * A JSON String which specifies Sensitive Settings (such as Passwords) for the Extension. * * > **Note:** Keys within the `protectedSettings` block are notoriously case-sensitive, where the casing required (e.g. `TitleCase` vs `snakeCase`) depends on the Extension being used. Please refer to the documentation for the specific Virtual Machine Extension you're looking to use for more information. */ protectedSettings?: pulumi.Input; /** * A `protectedSettingsFromKeyVault` block as defined below. * * > **Note:** `protectedSettingsFromKeyVault` cannot be used with `protectedSettings` */ protectedSettingsFromKeyVault?: pulumi.Input; /** * Specifies the Publisher of the Extension. */ publisher: pulumi.Input; /** * A JSON String which specifies Settings for the Extension. */ settings?: pulumi.Input; /** * Specifies the Type of the Extension. */ type: pulumi.Input; /** * Specifies the version of the extension to use, available versions can be found using the Azure CLI. */ typeHandlerVersion: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetExtensionProtectedSettingsFromKeyVault { /** * The URL to the Key Vault Secret which stores the protected settings. */ secretUrl: pulumi.Input; /** * The ID of the source Key Vault. */ sourceVaultId: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetIdentity { /** * Specifies a list of User Managed Identity IDs to be assigned to this Windows Virtual Machine Scale Set. */ identityIds: pulumi.Input[]>; /** * The type of Managed Identity that should be configured on this Windows Virtual Machine Scale Set. Only possible value is `UserAssigned`. */ type: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetNetworkInterface { /** * Specifies the auxiliary mode used to enable network high-performance feature on Network Virtual Appliances (NVAs). This feature offers competitive performance in Connections Per Second (CPS) optimization, along with improvements to handling large amounts of simultaneous connections. Possible values are `AcceleratedConnections` and `Floating`. * * > **Note:** `auxiliaryMode` is in **Preview** and requires that the prerequisites are enabled - [more information can be found in the Azure documentation](https://learn.microsoft.com/azure/networking/nva-accelerated-connections#prerequisites). */ auxiliaryMode?: pulumi.Input; /** * Specifies the SKU used for the network high-performance feature on Network Virtual Appliances (NVAs). Possible values are `A1`, `A2`, `A4` and `A8`. * * > **Note:** `auxiliarySku` is in **Preview** and requires that the prerequisites are enabled - [more information can be found in the Azure documentation](https://learn.microsoft.com/azure/networking/nva-accelerated-connections#prerequisites). */ auxiliarySku?: pulumi.Input; /** * A list of IP Addresses of DNS Servers which should be assigned to the Network Interface. */ dnsServers?: pulumi.Input[]>; /** * Does this Network Interface support Accelerated Networking? Possible values are `true` and `false`. Defaults to `false`. */ enableAcceleratedNetworking?: pulumi.Input; /** * Does this Network Interface support IP Forwarding? Possible values are `true` and `false`. Defaults to `false`. */ enableIpForwarding?: pulumi.Input; /** * One or more `ipConfiguration` blocks as defined above. */ ipConfigurations: pulumi.Input[]>; /** * The Name which should be used for this Network Interface. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * The ID of a Network Security Group which should be assigned to this Network Interface. */ networkSecurityGroupId?: pulumi.Input; /** * Is this the Primary IP Configuration? Possible values are `true` and `false`. Defaults to `false`. * * > **Note:** If multiple `networkInterface` blocks are specified, one must be set to `primary`. */ primary?: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetNetworkInterfaceIpConfiguration { /** * A list of Backend Address Pools IDs from a Application Gateway which this Virtual Machine Scale Set should be connected to. */ applicationGatewayBackendAddressPoolIds?: pulumi.Input[]>; /** * A list of Application Security Group IDs which this Virtual Machine Scale Set should be connected to. */ applicationSecurityGroupIds?: pulumi.Input[]>; /** * A list of Backend Address Pools IDs from a Load Balancer which this Virtual Machine Scale Set should be connected to. * * > **Note:** When using this field you'll also need to configure a Rule for the Load Balancer, and use a dependsOn between this resource and the Load Balancer Rule. */ loadBalancerBackendAddressPoolIds?: pulumi.Input[]>; /** * The Name which should be used for this IP Configuration. */ name: pulumi.Input; /** * Is this the Primary IP Configuration for this Network Interface? Possible values are `true` and `false`. Defaults to `false`. * * > **Note:** One `ipConfiguration` block must be marked as Primary for each Network Interface. */ primary?: pulumi.Input; /** * A `publicIpAddress` block as defined below. */ publicIpAddresses?: pulumi.Input[]>; /** * The ID of the Subnet which this IP Configuration should be connected to. * * > **Note:** `subnetId` is required if version is set to `IPv4`. */ subnetId?: pulumi.Input; /** * The Internet Protocol Version which should be used for this IP Configuration. Possible values are `IPv4` and `IPv6`. Defaults to `IPv4`. */ version?: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetNetworkInterfaceIpConfigurationPublicIpAddress { /** * The Prefix which should be used for the Domain Name Label for each Virtual Machine Instance. Azure concatenates the Domain Name Label and Virtual Machine Index to create a unique Domain Name Label for each Virtual Machine. Valid values must be between `1` and `26` characters long, start with a lower case letter, end with a lower case letter or number and contains only `a-z`, `0-9` and `hyphens`. */ domainNameLabel?: pulumi.Input; /** * The Idle Timeout in Minutes for the Public IP Address. Possible values are in the range `4` to `32`. */ idleTimeoutInMinutes?: pulumi.Input; /** * One or more `ipTag` blocks as defined above. Changing this forces a new resource to be created. */ ipTags?: pulumi.Input[]>; /** * The Name of the Public IP Address Configuration. */ name: pulumi.Input; /** * The ID of the Public IP Address Prefix from where Public IP Addresses should be allocated. Changing this forces a new resource to be created. */ publicIpPrefixId?: pulumi.Input; /** * Specifies what Public IP Address SKU the Public IP Address should be provisioned as. Possible vaules include `Basic_Regional`, `Basic_Global`, `Standard_Regional` or `Standard_Global`. For more information about Public IP Address SKU's and their capabilities, please see the [product documentation](https://docs.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#sku). Changing this forces a new resource to be created. */ skuName?: pulumi.Input; /** * The Internet Protocol Version which should be used for this public IP address. Possible values are `IPv4` and `IPv6`. Defaults to `IPv4`. Changing this forces a new resource to be created. */ version?: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetNetworkInterfaceIpConfigurationPublicIpAddressIpTag { /** * The IP Tag associated with the Public IP, such as `SQL` or `Storage`. Changing this forces a new resource to be created. */ tag: pulumi.Input; /** * The Type of IP Tag, such as `FirstPartyUsage`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetOsDisk { /** * The Type of Caching which should be used for the Internal OS Disk. Possible values are `None`, `ReadOnly` and `ReadWrite`. */ caching: pulumi.Input; /** * A `diffDiskSettings` block as defined above. Changing this forces a new resource to be created. */ diffDiskSettings?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to encrypt this OS Disk. Changing this forces a new resource to be created. * * > **Note:** Disk Encryption Sets are in Public Preview in a limited set of regions */ diskEncryptionSetId?: pulumi.Input; /** * The Size of the Internal OS Disk in GB, if you wish to vary from the size used in the image this Virtual Machine Scale Set is sourced from. */ diskSizeGb?: pulumi.Input; /** * The Type of Storage Account which should back this the Internal OS Disk. Possible values include `Standard_LRS`, `StandardSSD_LRS`, `StandardSSD_ZRS`, `Premium_LRS` and `Premium_ZRS`. Changing this forces a new resource to be created. */ storageAccountType: pulumi.Input; /** * Specifies if Write Accelerator is enabled on the OS Disk. Defaults to `false`. */ writeAcceleratorEnabled?: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetOsDiskDiffDiskSettings { /** * Specifies the Ephemeral Disk Settings for the OS Disk. At this time the only possible value is `Local`. Changing this forces a new resource to be created. */ option: pulumi.Input; /** * Specifies where to store the Ephemeral Disk. Possible values are `CacheDisk` and `ResourceDisk`. Defaults to `CacheDisk`. Changing this forces a new resource to be created. */ placement?: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetOsProfile { /** * The Base64-Encoded Custom Data which should be used for this Virtual Machine Scale Set. * * > **Note:** When Custom Data has been configured, it's not possible to remove it without tainting the Virtual Machine Scale Set, due to a limitation of the Azure API. */ customData?: pulumi.Input; /** * A `linuxConfiguration` block as documented below. */ linuxConfiguration?: pulumi.Input; /** * A `windowsConfiguration` block as documented below. */ windowsConfiguration?: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetOsProfileLinuxConfiguration { /** * The Password which should be used for the local-administrator on this Virtual Machine. Changing this forces a new resource to be created. */ adminPassword?: pulumi.Input; /** * A `adminSshKey` block as documented below. */ adminSshKeys?: pulumi.Input[]>; /** * The username of the local administrator on each Virtual Machine Scale Set instance. Changing this forces a new resource to be created. */ adminUsername: pulumi.Input; /** * The prefix which should be used for the name of the Virtual Machines in this Scale Set. If unspecified this defaults to the value for the name field. If the value of the name field is not a valid `computerNamePrefix`, then you must specify `computerNamePrefix`. Changing this forces a new resource to be created. */ computerNamePrefix?: pulumi.Input; /** * When an `adminPassword` is specified `disablePasswordAuthentication` must be set to `false`. Defaults to `true`. * * > **Note:** Either `adminPassword` or `adminSshKey` must be specified. */ disablePasswordAuthentication?: pulumi.Input; /** * Specifies the mode of VM Guest Patching for the virtual machines that are associated to the Virtual Machine Scale Set. Possible values are `AutomaticByPlatform` or `ImageDefault`. Defaults to `ImageDefault`. * * > **Note:** If the `patchAssessmentMode` is set to `AutomaticByPlatform` then the `provisionVmAgent` field must be set to `true`. */ patchAssessmentMode?: pulumi.Input; /** * Specifies the mode of in-guest patching of this Windows Virtual Machine. Possible values are `ImageDefault` or `AutomaticByPlatform`. Defaults to `ImageDefault`. For more information on patch modes please see the [product documentation](https://docs.microsoft.com/azure/virtual-machines/automatic-vm-guest-patching#patch-orchestration-modes). * * > **Note:** If `patchMode` is set to `AutomaticByPlatform` the `provisionVmAgent` must be set to `true` and the `extension` must contain at least one application health extension. An example of how to correctly configure a Virtual Machine Scale Set to provision a Linux Virtual Machine with Automatic VM Guest Patching enabled can be found in the `./examples/orchestrated-vm-scale-set/automatic-vm-guest-patching` directory within the GitHub Repository. */ patchMode?: pulumi.Input; /** * Should the Azure VM Agent be provisioned on each Virtual Machine in the Scale Set? Defaults to `true`. Changing this value forces a new resource to be created. */ provisionVmAgent?: pulumi.Input; /** * One or more `secret` blocks as defined below. */ secrets?: pulumi.Input[]>; } interface OrchestratedVirtualMachineScaleSetOsProfileLinuxConfigurationAdminSshKey { /** * The Public Key which should be used for authentication, which needs to be in `ssh-rsa` format with at least 2048-bit or in `ssh-ed25519` format. */ publicKey: pulumi.Input; /** * The Username for which this Public SSH Key should be configured. * * > **Note:** The Azure VM Agent only allows creating SSH Keys at the path `/home/{username}/.ssh/authorized_keys` - as such this public key will be written to the authorized keys file. */ username: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetOsProfileLinuxConfigurationSecret { /** * One or more `certificate` blocks as defined below. */ certificates: pulumi.Input[]>; /** * The ID of the Key Vault from which all Secrets should be sourced. */ keyVaultId: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetOsProfileLinuxConfigurationSecretCertificate { /** * The Secret URL of a Key Vault Certificate. * * > **Note:** This can be sourced from the `secretId` field within the `azure.keyvault.Certificate` Resource. */ url: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetOsProfileWindowsConfiguration { /** * One or more `additionalUnattendContent` blocks as defined below. Changing this forces a new resource to be created. */ additionalUnattendContents?: pulumi.Input[]>; /** * The Password which should be used for the local-administrator on this Virtual Machine. Changing this forces a new resource to be created. */ adminPassword: pulumi.Input; /** * The username of the local administrator on each Virtual Machine Scale Set instance. Changing this forces a new resource to be created. */ adminUsername: pulumi.Input; /** * The prefix which should be used for the name of the Virtual Machines in this Scale Set. If unspecified this defaults to the value for the `name` field. If the value of the `name` field is not a valid `computerNamePrefix`, then you must specify `computerNamePrefix`. Changing this forces a new resource to be created. */ computerNamePrefix?: pulumi.Input; /** * Are automatic updates enabled for this Virtual Machine? Defaults to `true`. */ enableAutomaticUpdates?: pulumi.Input; /** * Should the VM be patched without requiring a reboot? Possible values are `true` or `false`. Defaults to `false`. For more information about hot patching please see the [product documentation](https://docs.microsoft.com/azure/automanage/automanage-hotpatch). * * > **Note:** Hotpatching can only be enabled if the `patchMode` is set to `AutomaticByPlatform`, the `provisionVmAgent` is set to `true`, your `sourceImageReference` references a hotpatching enabled image, the VM's `skuName` is set to a [Azure generation 2](https://docs.microsoft.com/azure/virtual-machines/generation-2#generation-2-vm-sizes) VM SKU and the `extension` contains an application health extension. An example of how to correctly configure a Virtual Machine Scale Set to provision a Windows Virtual Machine with hotpatching enabled can be found in the `./examples/orchestrated-vm-scale-set/hotpatching-enabled` directory within the GitHub Repository. */ hotpatchingEnabled?: pulumi.Input; /** * Specifies the mode of VM Guest Patching for the virtual machines that are associated to the Virtual Machine Scale Set. Possible values are `AutomaticByPlatform` or `ImageDefault`. Defaults to `ImageDefault`. * * > **Note:** If the `patchAssessmentMode` is set to `AutomaticByPlatform` then the `provisionVmAgent` field must be set to `true`. */ patchAssessmentMode?: pulumi.Input; /** * Specifies the mode of in-guest patching of this Windows Virtual Machine. Possible values are `Manual`, `AutomaticByOS` and `AutomaticByPlatform`. Defaults to `AutomaticByOS`. For more information on patch modes please see the [product documentation](https://docs.microsoft.com/azure/virtual-machines/automatic-vm-guest-patching#patch-orchestration-modes). * * > **Note:** If `patchMode` is set to `AutomaticByPlatform` the `provisionVmAgent` must be set to `true` and the `extension` must contain at least one application health extension. */ patchMode?: pulumi.Input; /** * Should the Azure VM Agent be provisioned on each Virtual Machine in the Scale Set? Defaults to `true`. Changing this value forces a new resource to be created. */ provisionVmAgent?: pulumi.Input; /** * One or more `secret` blocks as defined below. */ secrets?: pulumi.Input[]>; /** * Specifies the time zone of the virtual machine, the possible values are defined [here](https://jackstromberg.com/2017/01/list-of-time-zones-consumed-by-azure/). */ timezone?: pulumi.Input; /** * One or more `winrmListener` blocks as defined below. Changing this forces a new resource to be created. */ winrmListeners?: pulumi.Input[]>; } interface OrchestratedVirtualMachineScaleSetOsProfileWindowsConfigurationAdditionalUnattendContent { /** * The XML formatted content that is added to the unattend.xml file for the specified path and component. Changing this forces a new resource to be created. */ content: pulumi.Input; /** * The name of the setting to which the content applies. Possible values are `AutoLogon` and `FirstLogonCommands`. Changing this forces a new resource to be created. */ setting: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetOsProfileWindowsConfigurationSecret { /** * One or more `certificate` blocks as defined below. */ certificates: pulumi.Input[]>; /** * The ID of the Key Vault from which all Secrets should be sourced. */ keyVaultId: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetOsProfileWindowsConfigurationSecretCertificate { /** * The certificate store on the Virtual Machine where the certificate should be added. */ store: pulumi.Input; /** * The Secret URL of a Key Vault Certificate. * * > **Note:** This can be sourced from the `secretId` field within the `azure.keyvault.Certificate` Resource. */ url: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetOsProfileWindowsConfigurationWinrmListener { /** * The Secret URL of a Key Vault Certificate, which must be specified when protocol is set to `Https`. Changing this forces a new resource to be created. * * > **Note:** This can be sourced from the `secretId` field within the `azure.keyvault.Certificate` Resource. */ certificateUrl?: pulumi.Input; /** * Specifies the protocol of listener. Possible values are `Http` or `Https`. Changing this forces a new resource to be created. */ protocol: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetPlan { /** * Specifies the name of the image from the marketplace. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specifies the product of the image from the marketplace. Changing this forces a new resource to be created. */ product: pulumi.Input; /** * Specifies the publisher of the image. Changing this forces a new resource to be created. */ publisher: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetPriorityMix { /** * Specifies the base number of VMs of `Regular` priority that will be created before any VMs of priority `Spot` are created. Possible values are integers between `0` and `1000`. Defaults to `0`. */ baseRegularCount?: pulumi.Input; /** * Specifies the desired percentage of VM instances that are of `Regular` priority after the base count has been reached. Possible values are integers between `0` and `100`. Defaults to `0`. */ regularPercentageAboveBase?: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetRollingUpgradePolicy { /** * Should the Virtual Machine Scale Set ignore the Azure Zone boundaries when constructing upgrade batches? Possible values are `true` or `false`. */ crossZoneUpgradesEnabled?: pulumi.Input; /** * The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. */ maxBatchInstancePercent: pulumi.Input; /** * The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. */ maxUnhealthyInstancePercent: pulumi.Input; /** * The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. */ maxUnhealthyUpgradedInstancePercent: pulumi.Input; /** * Create new virtual machines to upgrade the scale set, rather than updating the existing virtual machines. Existing virtual machines will be deleted once the new virtual machines are created for each batch. Possible values are `true` or `false`. */ maximumSurgeInstancesEnabled?: pulumi.Input; /** * The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 duration format. */ pauseTimeBetweenBatches: pulumi.Input; /** * Upgrade all unhealthy instances in a scale set before any healthy instances. Possible values are `true` or `false`. */ prioritizeUnhealthyInstancesEnabled?: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetSkuProfile { /** * Specifies the allocation strategy for the virtual machine scale set based on which the VMs will be allocated. Possible values are `CapacityOptimized`, `LowestPrice` and `Prioritized`. */ allocationStrategy: pulumi.Input; /** * Specifies the VM sizes for the virtual machine scale set. */ vmSizes: pulumi.Input[]>; } interface OrchestratedVirtualMachineScaleSetSourceImageReference { /** * Specifies the offer of the image used to create the virtual machines. Changing this forces a new resource to be created. */ offer: pulumi.Input; /** * Specifies the publisher of the image used to create the virtual machines. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * Specifies the SKU of the image used to create the virtual machines. */ sku: pulumi.Input; /** * Specifies the version of the image used to create the virtual machines. */ version: pulumi.Input; } interface OrchestratedVirtualMachineScaleSetTerminationNotification { /** * Should the termination notification be enabled on this Virtual Machine Scale Set? Possible values `true` or `false`. */ enabled: pulumi.Input; /** * Length of time (in minutes, between `5` and `15`) a notification to be sent to the VM on the instance metadata server till the VM gets deleted. The time duration should be specified in `ISO 8601` format. Defaults to `PT5M`. */ timeout?: pulumi.Input; } interface PacketCaptureFilter { /** * The local IP Address to be filtered on. Specify `127.0.0.1` for a single address entry, `127.0.0.1-127.0.0.255` for a range and `127.0.0.1;127.0.0.5` for multiple entries. Multiple ranges and mixing ranges with multiple entries are currently not supported. Changing this forces a new resource to be created. */ localIpAddress?: pulumi.Input; /** * The local port to be filtered on. Specify `80` for single port entry, `80-85` for a range and `80;443;` for multiple entries. Multiple ranges and mixing ranges with multiple entries are currently not supported. Changing this forces a new resource to be created. */ localPort?: pulumi.Input; /** * The Protocol to be filtered on. Possible values include `Any`, `TCP` and `UDP`. Changing this forces a new resource to be created. */ protocol: pulumi.Input; /** * The remote IP Address to be filtered on. Specify `127.0.0.1` for a single address entry, `127.0.0.1-127.0.0.255` for a range and `127.0.0.1;127.0.0.5` for multiple entries. Multiple ranges and mixing ranges with multiple entries are currently not supported. Changing this forces a new resource to be created. */ remoteIpAddress?: pulumi.Input; /** * The remote port to be filtered on. Specify `80` for single port entry, `80-85` for a range and `80;443;` for multiple entries. Multiple ranges and mixing ranges with multiple entries are currently not supported. Changing this forces a new resource to be created. */ remotePort?: pulumi.Input; } interface PacketCaptureStorageLocation { /** * A valid local path on the target Virtual Machine. Must include the name of the capture file (*.cap). For Linux Virtual Machines it must start with `/var/captures`. */ filePath?: pulumi.Input; /** * The ID of the storage account where the packet capture sessions should be saved to. * * > **Note:** At least one of `filePath` or `storageAccountId` must be specified. */ storageAccountId?: pulumi.Input; /** * The URI of the storage path where the packet capture sessions are saved to. */ storagePath?: pulumi.Input; } interface RunCommandErrorBlobManagedIdentity { /** * The client ID of the managed identity. */ clientId?: pulumi.Input; /** * The object ID of the managed identity. */ objectId?: pulumi.Input; } interface RunCommandInstanceView { endTime?: pulumi.Input; errorMessage?: pulumi.Input; executionMessage?: pulumi.Input; executionState?: pulumi.Input; exitCode?: pulumi.Input; output?: pulumi.Input; startTime?: pulumi.Input; } interface RunCommandOutputBlobManagedIdentity { /** * The client ID of the managed identity. */ clientId?: pulumi.Input; /** * The object ID of the managed identity. */ objectId?: pulumi.Input; } interface RunCommandParameter { /** * The run parameter name. */ name: pulumi.Input; /** * The run parameter value. */ value: pulumi.Input; } interface RunCommandProtectedParameter { /** * The run parameter name. */ name: pulumi.Input; /** * The run parameter value. */ value: pulumi.Input; } interface RunCommandSource { commandId?: pulumi.Input; script?: pulumi.Input; scriptUri?: pulumi.Input; /** * A `scriptUriManagedIdentity` block as defined above. */ scriptUriManagedIdentity?: pulumi.Input; } interface RunCommandSourceScriptUriManagedIdentity { /** * The client ID of the managed identity. */ clientId?: pulumi.Input; /** * The object ID of the managed identity. */ objectId?: pulumi.Input; } interface ScaleSetBootDiagnostics { /** * Whether to enable boot diagnostics for the virtual machine. Defaults to `true`. */ enabled?: pulumi.Input; /** * Blob endpoint for the storage account to hold the virtual machine's diagnostic files. This must be the root of a storage account, and not a storage container. */ storageUri: pulumi.Input; } interface ScaleSetExtension { /** * Specifies whether or not to use the latest minor version available. */ autoUpgradeMinorVersion?: pulumi.Input; /** * Specifies the name of the extension. */ name: pulumi.Input; /** * The protectedSettings passed to the extension, like settings, these are specified as a JSON object in a string. */ protectedSettings?: pulumi.Input; /** * Specifies a dependency array of extensions required to be executed before, the array stores the name of each extension. */ provisionAfterExtensions?: pulumi.Input[]>; /** * The publisher of the extension, available publishers can be found by using the Azure CLI. */ publisher: pulumi.Input; /** * The settings passed to the extension, these are specified as a JSON object in a string. */ settings?: pulumi.Input; /** * The type of extension, available types for a publisher can be found using the Azure CLI. */ type: pulumi.Input; /** * Specifies the version of the extension to use, available versions can be found using the Azure CLI. */ typeHandlerVersion: pulumi.Input; } interface ScaleSetIdentity { /** * Specifies a list of user managed identity ids to be assigned to the VMSS. Required if `type` is `UserAssigned`. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.compute.ScaleSet("example", { * name: "vm-scaleset", * resourceGroupName: exampleAzurermResourceGroup.name, * location: exampleAzurermResourceGroup.location, * sku: { * name: vmSku, * tier: "Standard", * capacity: instanceCount, * }, * identity: { * type: "SystemAssigned", * }, * extensions: [{ * name: "MSILinuxExtension", * publisher: "Microsoft.ManagedIdentity", * type: "ManagedIdentityExtensionForLinux", * typeHandlerVersion: "1.0", * settings: "{\"port\": 50342}", * }], * }); * export const principalId = example.identity.apply(identity => identity?.principalId); * ``` */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the identity type to be assigned to the scale set. Allowable values are `SystemAssigned` and `UserAssigned`. For the `SystemAssigned` identity the scale set's Service Principal ID (SPN) can be retrieved after the scale set has been created. See [documentation](https://docs.microsoft.com/azure/active-directory/managed-service-identity/overview) for more information. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface ScaleSetNetworkProfile { /** * Specifies whether to enable accelerated networking or not. */ acceleratedNetworking?: pulumi.Input; /** * A `dnsSettings` block as documented below. */ dnsSettings?: pulumi.Input; /** * An `ipConfiguration` block as documented below. */ ipConfigurations: pulumi.Input[]>; /** * Whether IP forwarding is enabled on this NIC. Defaults to `false`. */ ipForwarding?: pulumi.Input; /** * Specifies the name of the network interface configuration. */ name: pulumi.Input; /** * Specifies the identifier for the network security group. */ networkSecurityGroupId?: pulumi.Input; /** * Indicates whether network interfaces created from the network interface configuration will be the primary NIC of the VM. */ primary: pulumi.Input; } interface ScaleSetNetworkProfileDnsSettings { /** * Specifies an array of DNS servers. */ dnsServers: pulumi.Input[]>; } interface ScaleSetNetworkProfileIpConfiguration { /** * Specifies an array of references to backend address pools of application gateways. A scale set can reference backend address pools of multiple application gateways. Multiple scale sets can use the same application gateway. */ applicationGatewayBackendAddressPoolIds?: pulumi.Input[]>; /** * Specifies up to `20` application security group IDs. */ applicationSecurityGroupIds?: pulumi.Input[]>; /** * Specifies an array of references to backend address pools of load balancers. A scale set can reference backend address pools of one public and one internal load balancer. Multiple scale sets cannot use the same load balancer. * * > **NOTE:** When using this field you'll also need to configure a Rule for the Load Balancer, and use a `dependsOn` between this resource and the Load Balancer Rule. */ loadBalancerBackendAddressPoolIds?: pulumi.Input[]>; /** * Specifies an array of references to inbound NAT pools for load balancers. A scale set can reference inbound NAT pools of one public and one internal load balancer. Multiple scale sets cannot use the same load balancer. * * > **NOTE:** When using this field you'll also need to configure a Rule for the Load Balancer, and use a `dependsOn` between this resource and the Load Balancer Rule. */ loadBalancerInboundNatRulesIds?: pulumi.Input[]>; /** * Specifies name of the IP configuration. */ name: pulumi.Input; /** * Specifies if this ipConfiguration is the primary one. */ primary: pulumi.Input; /** * Describes a virtual machines scale set IP Configuration's PublicIPAddress configuration. The `publicIpAddressConfiguration` block is documented below. */ publicIpAddressConfiguration?: pulumi.Input; /** * Specifies the identifier of the subnet. */ subnetId: pulumi.Input; } interface ScaleSetNetworkProfileIpConfigurationPublicIpAddressConfiguration { /** * The domain name label for the DNS settings. */ domainNameLabel: pulumi.Input; /** * The idle timeout in minutes. This value must be between 4 and 30. */ idleTimeout: pulumi.Input; /** * The name of the public IP address configuration */ name: pulumi.Input; } interface ScaleSetOsProfile { /** * Specifies the administrator password to use for all the instances of virtual machines in a scale set. */ adminPassword?: pulumi.Input; /** * Specifies the administrator account name to use for all the instances of virtual machines in the scale set. */ adminUsername: pulumi.Input; /** * Specifies the computer name prefix for all of the virtual machines in the scale set. Computer name prefixes must be 1 to 9 characters long for windows images and 1 - 58 for Linux. Changing this forces a new resource to be created. */ computerNamePrefix: pulumi.Input; /** * Specifies custom data to supply to the machine. On Linux-based systems, this can be used as a cloud-init script. On other systems, this will be copied as a file on disk. Internally, this provider will base64 encode this value before sending it to the API. The maximum length of the binary array is 65535 bytes. */ customData?: pulumi.Input; } interface ScaleSetOsProfileLinuxConfig { /** * Specifies whether password authentication should be disabled. Defaults to `false`. Changing this forces a new resource to be created. */ disablePasswordAuthentication?: pulumi.Input; /** * One or more `sshKeys` blocks as defined below. * * > **Note:** Please note that the only allowed `path` is `/home//.ssh/authorized_keys` due to a limitation of Azure. * * > **NOTE:** At least one `sshKeys` block is required if `disablePasswordAuthentication` is set to `true`. */ sshKeys?: pulumi.Input[]>; } interface ScaleSetOsProfileLinuxConfigSshKey { /** * The Public SSH Key which should be written to the `path` defined above. * * > **Note:** Azure only supports RSA SSH2 key signatures of at least 2048 bits in length * * > **NOTE:** Rather than defining this in-line you can source this from a local file using the `file` function - for example `keyData = file("~/.ssh/id_rsa.pub")`. */ keyData?: pulumi.Input; /** * The path of the destination file on the virtual machine * * > **NOTE:** Due to a limitation in the Azure VM Agent the only allowed `path` is `/home/{username}/.ssh/authorized_keys`. */ path: pulumi.Input; } interface ScaleSetOsProfileSecret { /** * Specifies the key vault to use. */ sourceVaultId: pulumi.Input; /** * (Required, on Windows machines) One or more `vaultCertificates` blocks as defined below. */ vaultCertificates?: pulumi.Input[]>; } interface ScaleSetOsProfileSecretVaultCertificate { /** * (Required, on windows machines) Specifies the certificate store on the Virtual Machine where the certificate should be added to. */ certificateStore?: pulumi.Input; /** * It is the Base64 encoding of a JSON Object that which is encoded in UTF-8 of which the contents need to be `data`, `dataType` and `password`. */ certificateUrl: pulumi.Input; } interface ScaleSetOsProfileWindowsConfig { /** * An `additionalUnattendConfig` block as documented below. */ additionalUnattendConfigs?: pulumi.Input[]>; /** * Indicates whether virtual machines in the scale set are enabled for automatic updates. */ enableAutomaticUpgrades?: pulumi.Input; /** * Indicates whether virtual machine agent should be provisioned on the virtual machines in the scale set. */ provisionVmAgent?: pulumi.Input; /** * A collection of `winrm` blocks as documented below. */ winrms?: pulumi.Input[]>; } interface ScaleSetOsProfileWindowsConfigAdditionalUnattendConfig { /** * Specifies the name of the component to configure with the added content. The only allowable value is `Microsoft-Windows-Shell-Setup`. */ component: pulumi.Input; /** * Specifies the base-64 encoded XML formatted content that is added to the unattend.xml file for the specified path and component. */ content: pulumi.Input; /** * Specifies the name of the pass that the content applies to. The only allowable value is `oobeSystem`. */ pass: pulumi.Input; /** * Specifies the name of the setting to which the content applies. Possible values are: `FirstLogonCommands` and `AutoLogon`. */ settingName: pulumi.Input; } interface ScaleSetOsProfileWindowsConfigWinrm { /** * Specifies URL of the certificate with which new Virtual Machines is provisioned. */ certificateUrl?: pulumi.Input; /** * Specifies the protocol of listener */ protocol: pulumi.Input; } interface ScaleSetPacketCaptureFilter { /** * The local IP Address to be filtered on. Specify `127.0.0.1` for a single address entry, `127.0.0.1-127.0.0.255` for a range and `127.0.0.1;127.0.0.5` for multiple entries. Multiple ranges and mixing ranges with multiple entries are currently not supported. Changing this forces a new resource to be created. */ localIpAddress?: pulumi.Input; /** * The local port to be filtered on. Specify `80` for single port entry, `80-85` for a range and `80;443;` for multiple entries. Multiple ranges and mixing ranges with multiple entries are currently not supported. Changing this forces a new resource to be created. */ localPort?: pulumi.Input; /** * The Protocol to be filtered on. Possible values include `Any`, `TCP` and `UDP`. Changing this forces a new resource to be created. */ protocol: pulumi.Input; /** * The remote IP Address to be filtered on. Specify `127.0.0.1` for a single address entry, `127.0.0.1-127.0.0.255` for a range and `127.0.0.1;127.0.0.5` for multiple entries. Multiple ranges and mixing ranges with multiple entries are currently not supported. Changing this forces a new resource to be created. */ remoteIpAddress?: pulumi.Input; /** * The remote port to be filtered on. Specify `80` for single port entry, `80-85` for a range and `80;443;` for multiple entries. Multiple ranges and mixing ranges with multiple entries are currently not supported. Changing this forces a new resource to be created. */ remotePort?: pulumi.Input; } interface ScaleSetPacketCaptureMachineScope { /** * A list of Virtual Machine Scale Set instance IDs which should be excluded from running Packet Capture, e.g. `["0", "2"]`. Changing this forces a new resource to be created. */ excludeInstanceIds?: pulumi.Input[]>; /** * A list of Virtual Machine Scale Set instance IDs which should be included for Packet Capture, e.g. `["1", "3"]`. Changing this forces a new resource to be created. */ includeInstanceIds?: pulumi.Input[]>; } interface ScaleSetPacketCaptureStorageLocation { /** * A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For Linux virtual machine it must start with `/var/captures`. */ filePath?: pulumi.Input; /** * The ID of the storage account to save the packet capture session * * > **Note:** At least one of `filePath` or `storageAccountId` must be specified. */ storageAccountId?: pulumi.Input; /** * The URI of the storage path where the packet capture sessions are saved to. */ storagePath?: pulumi.Input; } interface ScaleSetPlan { /** * Specifies the name of the image from the marketplace. */ name: pulumi.Input; /** * Specifies the product of the image from the marketplace. */ product: pulumi.Input; /** * Specifies the publisher of the image. */ publisher: pulumi.Input; } interface ScaleSetRollingUpgradePolicy { /** * The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. Defaults to `20`. */ maxBatchInstancePercent?: pulumi.Input; /** * The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. Defaults to `20`. */ maxUnhealthyInstancePercent?: pulumi.Input; /** * The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. Defaults to `20`. */ maxUnhealthyUpgradedInstancePercent?: pulumi.Input; /** * The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format for duration (). Defaults to `PT0S` seconds represented as `PT0S`. */ pauseTimeBetweenBatches?: pulumi.Input; } interface ScaleSetSku { /** * Specifies the number of virtual machines in the scale set. */ capacity: pulumi.Input; /** * Specifies the size of virtual machines in a scale set. */ name: pulumi.Input; /** * Specifies the tier of virtual machines in a scale set. Possible values, `standard` or `basic`. */ tier?: pulumi.Input; } interface ScaleSetStandbyPoolElasticityProfile { /** * Specifies the maximum number of virtual machines in the standby pool. */ maxReadyCapacity: pulumi.Input; /** * Specifies the desired minimum number of virtual machines in the standby pool. * * > **Note:** `minReadyCapacity` cannot exceed `maxReadyCapacity`. */ minReadyCapacity: pulumi.Input; } interface ScaleSetStorageProfileDataDisk { /** * Specifies the caching requirements. Possible values include: `None` (default), `ReadOnly`, `ReadWrite`. */ caching?: pulumi.Input; /** * Specifies how the data disk should be created. The only possible options are `FromImage` and `Empty`. */ createOption: pulumi.Input; /** * Specifies the size of the disk in GB. This element is required when creating an empty disk. */ diskSizeGb?: pulumi.Input; /** * Specifies the Logical Unit Number of the disk in each virtual machine in the scale set. */ lun: pulumi.Input; /** * Specifies the type of managed disk to create. Value must be either `Standard_LRS`, `StandardSSD_LRS` or `Premium_LRS`. */ managedDiskType?: pulumi.Input; } interface ScaleSetStorageProfileImageReference { /** * Specifies the ID of the (custom) image to use to create the virtual machine scale set, as in the example below. */ id?: pulumi.Input; /** * Specifies the offer of the image used to create the virtual machines. */ offer?: pulumi.Input; /** * Specifies the publisher of the image used to create the virtual machines. */ publisher?: pulumi.Input; /** * Specifies the SKU of the image used to create the virtual machines. */ sku?: pulumi.Input; /** * Specifies the version of the image used to create the virtual machines. */ version?: pulumi.Input; } interface ScaleSetStorageProfileOsDisk { /** * Specifies the caching requirements. Possible values include: `None` (default), `ReadOnly`, `ReadWrite`. */ caching?: pulumi.Input; /** * Specifies how the virtual machine should be created. The only possible option is `FromImage`. */ createOption: pulumi.Input; /** * Specifies the blob URI for user image. A virtual machine scale set creates an os disk in the same container as the user image. * Updating the osDisk image causes the existing disk to be deleted and a new one created with the new image. If the VM scale set is in Manual upgrade mode then the virtual machines are not updated until they have manualUpgrade applied to them. * When setting this field `osType` needs to be specified. Cannot be used when `vhdContainers`, `managedDiskType` or `storageProfileImageReference` are specified. */ image?: pulumi.Input; /** * Specifies the type of managed disk to create. Value you must be either `Standard_LRS`, `StandardSSD_LRS` or `Premium_LRS`. Cannot be used when `vhdContainers` or `image` is specified. */ managedDiskType?: pulumi.Input; /** * Specifies the disk name. Must be specified when using unmanaged disk ('managed_disk_type' property not set). */ name?: pulumi.Input; /** * Specifies the operating system Type, valid values are windows, Linux. */ osType?: pulumi.Input; /** * Specifies the VHD URI. Cannot be used when `image` or `managedDiskType` is specified. */ vhdContainers?: pulumi.Input[]>; } interface SharedImageGallerySharing { /** * A `communityGallery` block as defined below. Changing this forces a new resource to be created. * * > **Note:** `communityGallery` must be set when `permission` is set to `Community`. */ communityGallery?: pulumi.Input; /** * The permission of the Shared Image Gallery when sharing. Possible values are `Community`, `Groups` and `Private`. Changing this forces a new resource to be created. * * > **Note:** This requires that the Preview Feature `Microsoft.Compute/CommunityGalleries` is enabled, see [the documentation](https://learn.microsoft.com/azure/virtual-machines/share-gallery-community?tabs=cli) for more information. */ permission: pulumi.Input; } interface SharedImageGallerySharingCommunityGallery { /** * The End User Licence Agreement for the Shared Image Gallery. Changing this forces a new resource to be created. */ eula: pulumi.Input; /** * Specifies the name of the Shared Image Gallery. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * Prefix of the community public name for the Shared Image Gallery. Changing this forces a new resource to be created. */ prefix: pulumi.Input; /** * Email of the publisher for the Shared Image Gallery. Changing this forces a new resource to be created. */ publisherEmail: pulumi.Input; /** * URI of the publisher for the Shared Image Gallery. Changing this forces a new resource to be created. */ publisherUri: pulumi.Input; } interface SharedImageIdentifier { /** * The Offer Name for this Shared Image. Changing this forces a new resource to be created. */ offer: pulumi.Input; /** * The Publisher Name for this Gallery Image. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * The Name of the SKU for this Gallery Image. Changing this forces a new resource to be created. */ sku: pulumi.Input; } interface SharedImagePurchasePlan { /** * The Purchase Plan Name for this Shared Image. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * The Purchase Plan Product for this Gallery Image. Changing this forces a new resource to be created. */ product?: pulumi.Input; /** * The Purchase Plan Publisher for this Gallery Image. Changing this forces a new resource to be created. */ publisher?: pulumi.Input; } interface SharedImageVersionTargetRegion { /** * The ID of the Disk Encryption Set to encrypt the Image Version in the target region. Changing this forces a new resource to be created. */ diskEncryptionSetId?: pulumi.Input; /** * Specifies whether this Shared Image Version should be excluded when querying for the `latest` version. Defaults to `false`. */ excludeFromLatestEnabled?: pulumi.Input; /** * The Azure Region in which this Image Version should exist. */ name: pulumi.Input; /** * The number of replicas of the Image Version to be created per region. */ regionalReplicaCount: pulumi.Input; /** * The storage account type for the image version. Possible values are `Standard_LRS`, `Premium_LRS` and `Standard_ZRS`. Defaults to `Standard_LRS`. You can store all of your image version replicas in Zone Redundant Storage by specifying `Standard_ZRS`. */ storageAccountType?: pulumi.Input; } interface SnapshotEncryptionSettings { /** * A `diskEncryptionKey` block as defined below. */ diskEncryptionKey: pulumi.Input; /** * A `keyEncryptionKey` block as defined below. */ keyEncryptionKey?: pulumi.Input; } interface SnapshotEncryptionSettingsDiskEncryptionKey { /** * The URL to the Key Vault Secret used as the Disk Encryption Key. This can be found as `id` on the `azure.keyvault.Secret` resource. */ secretUrl: pulumi.Input; /** * The ID of the source Key Vault. This can be found as `id` on the `azure.keyvault.KeyVault` resource. */ sourceVaultId: pulumi.Input; } interface SnapshotEncryptionSettingsKeyEncryptionKey { /** * The URL to the Key Vault Key used as the Key Encryption Key. This can be found as `id` on the `azure.keyvault.Key` resource. */ keyUrl: pulumi.Input; /** * The ID of the source Key Vault. This can be found as `id` on the `azure.keyvault.KeyVault` resource. */ sourceVaultId: pulumi.Input; } interface VirtualMachineAdditionalCapabilities { /** * Should Ultra SSD disk be enabled for this Virtual Machine? Changing this forces a new resource to be created. * * > **Note:** Azure Ultra Disk Storage is only available in a region that support availability zones and can only enabled on the following VM series: `ESv3`, `DSv3`, `FSv3`, `LSv2`, `M` and `Mv2`. For more information see the `Azure Ultra Disk Storage` [product documentation](https://docs.microsoft.com/azure/virtual-machines/windows/disks-enable-ultra-ssd). */ ultraSsdEnabled: pulumi.Input; } interface VirtualMachineBootDiagnostics { /** * Should Boot Diagnostics be enabled for this Virtual Machine? */ enabled: pulumi.Input; /** * The Storage Account's Blob Endpoint which should hold the virtual machine's diagnostic files. * * > **NOTE:** This needs to be the root of a Storage Account and not a Storage Container. */ storageUri: pulumi.Input; } interface VirtualMachineIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Virtual Machine. * * > **NOTE:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Virtual Machine. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). * * > **NOTE:** Managed Service Identity previously required the installation of a VM Extension, but this information [is now available via the Azure Instance Metadata Service](https://docs.microsoft.com/azure/active-directory/managed-service-identity/overview#how-does-it-work). * * > **NOTE:** When `type` is set to `SystemAssigned`, identity the Principal ID can be retrieved after the virtual machine has been created. More details are available below. See [documentation](https://docs.microsoft.com/azure/active-directory/managed-service-identity/overview) for additional information. */ type: pulumi.Input; } interface VirtualMachineOsProfile { /** * (Optional for Windows, Optional for Linux) The password associated with the local administrator account. * * > **NOTE:** If using Linux, it may be preferable to use SSH Key authentication (available in the `osProfileLinuxConfig` block) instead of password authentication. */ adminPassword?: pulumi.Input; /** * Specifies the name of the local administrator account. */ adminUsername: pulumi.Input; /** * Specifies the name of the Virtual Machine. Changing this forces a new resource to be created. */ computerName: pulumi.Input; /** * Specifies custom data to supply to the machine. On Linux-based systems, this can be used as a cloud-init script. On other systems, this will be copied as a file on disk. Internally, this provider will base64 encode this value before sending it to the API. The maximum length of the binary array is 65535 bytes. Changing this forces a new resource to be created. */ customData?: pulumi.Input; } interface VirtualMachineOsProfileLinuxConfig { /** * Specifies whether password authentication should be disabled. If set to `false`, an `adminPassword` must be specified. */ disablePasswordAuthentication: pulumi.Input; /** * One or more `sshKeys` blocks as defined below. This field is required if `disablePasswordAuthentication` is set to `true`. */ sshKeys?: pulumi.Input[]>; } interface VirtualMachineOsProfileLinuxConfigSshKey { /** * The Public SSH Key which should be written to the `path` defined above. * * > **Note:** Azure only supports RSA SSH2 key signatures of at least 2048 bits in length */ keyData: pulumi.Input; /** * The path of the destination file on the virtual machine * * > **NOTE:** Due to a limitation in the Azure VM Agent the only allowed `path` is `/home/{username}/.ssh/authorized_keys`. */ path: pulumi.Input; } interface VirtualMachineOsProfileSecret { /** * Specifies the ID of the Key Vault to use. */ sourceVaultId: pulumi.Input; /** * One or more `vaultCertificates` blocks as defined below. */ vaultCertificates?: pulumi.Input[]>; } interface VirtualMachineOsProfileSecretVaultCertificate { /** * (Required, on windows machines) Specifies the certificate store on the Virtual Machine where the certificate should be added to, such as `My`. */ certificateStore?: pulumi.Input; /** * The ID of the Key Vault Secret. Stored secret is the Base64 encoding of a JSON Object that which is encoded in UTF-8 of which the contents need to be: * * ```json * { * "data":"", * "dataType":"pfx", * "password":"" * } * ``` * * > **NOTE:** If your certificate is stored in Azure Key Vault - this can be sourced from the `secretId` property on the `azure.keyvault.Certificate` resource. */ certificateUrl: pulumi.Input; } interface VirtualMachineOsProfileWindowsConfig { /** * An `additionalUnattendConfig` block as defined below. */ additionalUnattendConfigs?: pulumi.Input[]>; /** * Are automatic updates enabled on this Virtual Machine? Defaults to `false`. */ enableAutomaticUpgrades?: pulumi.Input; /** * Should the Azure Virtual Machine Guest Agent be installed on this Virtual Machine? Defaults to `false`. * * > **NOTE:** This is different from the Default value used for this field within Azure. */ provisionVmAgent?: pulumi.Input; /** * Specifies the time zone of the virtual machine, [the possible values are defined here](https://jackstromberg.com/2017/01/list-of-time-zones-consumed-by-azure/). Changing this forces a new resource to be created. */ timezone?: pulumi.Input; /** * One or more `winrm` blocks as defined below. */ winrms?: pulumi.Input[]>; } interface VirtualMachineOsProfileWindowsConfigAdditionalUnattendConfig { /** * Specifies the name of the component to configure with the added content. The only allowable value is `Microsoft-Windows-Shell-Setup`. */ component: pulumi.Input; /** * Specifies the base-64 encoded XML formatted content that is added to the unattend.xml file for the specified path and component. */ content: pulumi.Input; /** * Specifies the name of the pass that the content applies to. The only allowable value is `oobeSystem`. */ pass: pulumi.Input; /** * Specifies the name of the setting to which the content applies. Possible values are: `FirstLogonCommands` and `AutoLogon`. */ settingName: pulumi.Input; } interface VirtualMachineOsProfileWindowsConfigWinrm { /** * The ID of the Key Vault Secret which contains the encrypted Certificate which should be installed on the Virtual Machine. This certificate must also be specified in the `vaultCertificates` block within the `osProfileSecrets` block. * * > **NOTE:** This can be sourced from the `secretId` field on the `azure.keyvault.Certificate` resource. */ certificateUrl?: pulumi.Input; /** * Specifies the protocol of listener. Possible values are `HTTP` or `HTTPS`. */ protocol: pulumi.Input; } interface VirtualMachinePlan { /** * Specifies the name of the image from the marketplace. */ name: pulumi.Input; /** * Specifies the product of the image from the marketplace. */ product: pulumi.Input; /** * Specifies the publisher of the image. */ publisher: pulumi.Input; } interface VirtualMachineScaleSetExtensionProtectedSettingsFromKeyVault { /** * The URL to the Key Vault Secret which stores the protected settings. */ secretUrl: pulumi.Input; /** * The ID of the source Key Vault. */ sourceVaultId: pulumi.Input; } interface VirtualMachineStorageDataDisk { /** * Specifies the caching requirements for the Data Disk. Possible values include `None`, `ReadOnly` and `ReadWrite`. */ caching?: pulumi.Input; /** * Specifies how the data disk should be created. Possible values are `Attach`, `FromImage` and `Empty`. * * > **NOTE:** If using an image that does not have data to be written to the Data Disk, use `Empty` as the create option in order to create the desired disk without any data. */ createOption: pulumi.Input; /** * Specifies the size of the data disk in gigabytes. */ diskSizeGb?: pulumi.Input; /** * Specifies the logical unit number of the data disk. This needs to be unique within all the Data Disks on the Virtual Machine. */ lun: pulumi.Input; /** * Specifies the ID of an Existing Managed Disk which should be attached to this Virtual Machine. When this field is set `createOption` must be set to `Attach`. * * The following properties apply when using Unmanaged Disks: */ managedDiskId?: pulumi.Input; /** * Specifies the type of managed disk to create. Possible values are either `Standard_LRS`, `StandardSSD_LRS`, `Premium_LRS` or `UltraSSD_LRS`. * * > **Note:** `managedDiskType` of type `UltraSSD_LRS` is currently in preview and are not available to subscriptions that have not [requested](https://aka.ms/UltraSSDPreviewSignUp) onboarding to `Azure Ultra Disk Storage` preview. `Azure Ultra Disk Storage` is only available in `East US 2`, `North Europe`, and `Southeast Asia` regions. For more information see the `Azure Ultra Disk Storage` [product documentation](https://docs.microsoft.com/azure/virtual-machines/windows/disks-enable-ultra-ssd), [product blog](https://azure.microsoft.com/en-us/blog/announcing-the-general-availability-of-azure-ultra-disk-storage/) and [FAQ](https://docs.microsoft.com/azure/virtual-machines/windows/faq-for-disks#ultra-disks). You must also set `additional_capabilities.ultra_ssd_enabled` to `true`. */ managedDiskType?: pulumi.Input; /** * The name of the Data Disk. */ name: pulumi.Input; /** * Specifies the URI of the VHD file backing this Unmanaged Data Disk. */ vhdUri?: pulumi.Input; /** * Specifies if Write Accelerator is enabled on the disk. This can only be enabled on `Premium_LRS` managed disks with no caching and [M-Series VMs](https://docs.microsoft.com/azure/virtual-machines/workloads/sap/how-to-enable-write-accelerator). Defaults to `false`. * * The following properties apply when using Managed Disks: */ writeAcceleratorEnabled?: pulumi.Input; } interface VirtualMachineStorageImageReference { /** * Specifies the ID of the Custom Image which the Virtual Machine should be created from. Changing this forces a new resource to be created. */ id?: pulumi.Input; /** * Specifies the offer of the image used to create the virtual machine. Changing this forces a new resource to be created. */ offer?: pulumi.Input; /** * Specifies the publisher of the image used to create the virtual machine. Changing this forces a new resource to be created. */ publisher?: pulumi.Input; /** * Specifies the SKU of the image used to create the virtual machine. Changing this forces a new resource to be created. */ sku?: pulumi.Input; /** * Specifies the version of the image used to create the virtual machine. Changing this forces a new resource to be created. * * To provision a Custom Image, the following fields are applicable: */ version?: pulumi.Input; } interface VirtualMachineStorageOsDisk { /** * Specifies the caching requirements for the OS Disk. Possible values include `None`, `ReadOnly` and `ReadWrite`. */ caching?: pulumi.Input; /** * Specifies how the OS Disk should be created. Possible values are `Attach` (managed disks only) and `FromImage`. */ createOption: pulumi.Input; /** * Specifies the size of the OS Disk in gigabytes. */ diskSizeGb?: pulumi.Input; /** * Specifies the Image URI in the format `publisherName:offer:skus:version`. This field can also specify the [VHD URI](https://docs.microsoft.com/azure/virtual-machines/linux/tutorial-custom-images) of a custom VM image to clone. When cloning a Custom (Unmanaged) Disk Image the `osType` field must be set. */ imageUri?: pulumi.Input; /** * Specifies the ID of an existing Managed Disk which should be attached as the OS Disk of this Virtual Machine. If this is set then the `createOption` must be set to `Attach`. Changing this forces a new resource to be created. */ managedDiskId?: pulumi.Input; /** * Specifies the type of Managed Disk which should be created. Possible values are `Standard_LRS`, `StandardSSD_LRS` or `Premium_LRS`. * * The following properties apply when using Unmanaged Disks: */ managedDiskType?: pulumi.Input; /** * Specifies the name of the OS Disk. */ name: pulumi.Input; /** * Specifies the Operating System on the OS Disk. Possible values are `Linux` and `Windows`. */ osType?: pulumi.Input; /** * Specifies the URI of the VHD file backing this Unmanaged OS Disk. Changing this forces a new resource to be created. */ vhdUri?: pulumi.Input; /** * Specifies if Write Accelerator is enabled on the disk. This can only be enabled on `Premium_LRS` managed disks with no caching and [M-Series VMs](https://docs.microsoft.com/azure/virtual-machines/workloads/sap/how-to-enable-write-accelerator). Defaults to `false`. * * The following properties apply when using Managed Disks: */ writeAcceleratorEnabled?: pulumi.Input; } interface WindowsVirtualMachineAdditionalCapabilities { /** * Whether to enable the hibernation capability or not. */ hibernationEnabled?: pulumi.Input; /** * Should the capacity to enable Data Disks of the `UltraSSD_LRS` storage account type be supported on this Virtual Machine? Defaults to `false`. */ ultraSsdEnabled?: pulumi.Input; } interface WindowsVirtualMachineAdditionalUnattendContent { /** * The XML formatted content that is added to the unattend.xml file for the specified path and component. Changing this forces a new resource to be created. */ content: pulumi.Input; /** * The name of the setting to which the content applies. Possible values are `AutoLogon` and `FirstLogonCommands`. Changing this forces a new resource to be created. */ setting: pulumi.Input; } interface WindowsVirtualMachineBootDiagnostics { /** * The Primary/Secondary Endpoint for the Azure Storage Account which should be used to store Boot Diagnostics, including Console Output and Screenshots from the Hypervisor. * * > **NOTE:** Passing a null value will utilize a Managed Storage Account to store Boot Diagnostics. */ storageAccountUri?: pulumi.Input; } interface WindowsVirtualMachineGalleryApplication { /** * Specifies whether the version will be automatically updated for the VM when a new Gallery Application version is available in PIR/SIG. Defaults to `false`. */ automaticUpgradeEnabled?: pulumi.Input; /** * Specifies the URI to an Azure Blob that will replace the default configuration for the package if provided. */ configurationBlobUri?: pulumi.Input; /** * Specifies the order in which the packages have to be installed. Possible values are between `0` and `2147483647`. Defaults to `0`. */ order?: pulumi.Input; /** * Specifies a passthrough value for more generic context. This field can be any valid `string` value. */ tag?: pulumi.Input; /** * Specifies whether any failure for any operation in the VmApplication will fail the deployment of the VM. Defaults to `false`. */ treatFailureAsDeploymentFailureEnabled?: pulumi.Input; /** * Specifies the Gallery Application Version resource ID. */ versionId: pulumi.Input; } interface WindowsVirtualMachineIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Windows Virtual Machine. * * > **NOTE:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Windows Virtual Machine. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface WindowsVirtualMachineOsDisk { /** * The Type of Caching which should be used for the Internal OS Disk. Possible values are `None`, `ReadOnly` and `ReadWrite`. */ caching: pulumi.Input; /** * A `diffDiskSettings` block as defined above. Changing this forces a new resource to be created. * * > **NOTE:** `diffDiskSettings` can only be set when `caching` is set to `ReadOnly`. More information can be found [here](https://docs.microsoft.com/azure/virtual-machines/ephemeral-os-disks-deploy#vm-template-deployment). Additionally, this property cannot be set when an existing Managed Disk is used to create the Virtual Machine by setting `osManagedDiskId`. */ diffDiskSettings?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk. Conflicts with `secureVmDiskEncryptionSetId`. * * > **NOTE:** The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault */ diskEncryptionSetId?: pulumi.Input; /** * The Size of the Internal OS Disk in GB, if you wish to vary from the size used in the image this Virtual Machine is sourced from. * * > **NOTE:** If specified this must be equal to or larger than the size of the Image the Virtual Machine is based on. When creating a larger disk than exists in the image you'll need to repartition the disk to use the remaining space. */ diskSizeGb?: pulumi.Input; /** * The ID of the OS disk. */ id?: pulumi.Input; /** * The name which should be used for the Internal OS Disk. Changing this forces a new resource to be created. * * > **Note:** a value for `name` cannot be specified if/when the Virtual Machine has been created using an existing Managed Disk for the OS by setting `osManagedDiskId`. */ name?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to Encrypt this OS Disk when the Virtual Machine is a Confidential VM. Conflicts with `diskEncryptionSetId`. Changing this forces a new resource to be created. * * > **NOTE:** `secureVmDiskEncryptionSetId` can only be specified when `securityEncryptionType` is set to `DiskWithVMGuestState`. */ secureVmDiskEncryptionSetId?: pulumi.Input; /** * Encryption Type when the Virtual Machine is a Confidential VM. Possible values are `VMGuestStateOnly` and `DiskWithVMGuestState`. Changing this forces a new resource to be created. * * > **NOTE:** `vtpmEnabled` must be set to `true` when `securityEncryptionType` is specified. * * > **NOTE:** `encryptionAtHostEnabled` cannot be set to `true` when `securityEncryptionType` is set to `DiskWithVMGuestState`. */ securityEncryptionType?: pulumi.Input; /** * The Type of Storage Account which should back this the Internal OS Disk. Possible values are `Standard_LRS`, `StandardSSD_LRS`, `Premium_LRS`, `StandardSSD_ZRS` and `Premium_ZRS`. Changing this forces a new resource to be created. * * > **Note:** This is required unless using an existing OS Managed Disk by specifying `osManagedDiskId`. */ storageAccountType?: pulumi.Input; /** * Should Write Accelerator be Enabled for this OS Disk? Defaults to `false`. * * > **NOTE:** This requires that the `storageAccountType` is set to `Premium_LRS` and that `caching` is set to `None`. */ writeAcceleratorEnabled?: pulumi.Input; } interface WindowsVirtualMachineOsDiskDiffDiskSettings { /** * Specifies the Ephemeral Disk Settings for the OS Disk. At this time the only possible value is `Local`. Changing this forces a new resource to be created. */ option: pulumi.Input; /** * Specifies where to store the Ephemeral Disk. Possible values are `CacheDisk`, `ResourceDisk` and `NvmeDisk`. Defaults to `CacheDisk`. Changing this forces a new resource to be created. * * > **Note:** `NvmeDisk` can only be used for v6 VMs in combination with a supported `sourceImageReference`. More information can be found [here](https://learn.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks) */ placement?: pulumi.Input; } interface WindowsVirtualMachineOsImageNotification { /** * Length of time a notification to be sent to the VM on the instance metadata server till the VM gets OS upgraded. The only possible value is `PT15M`. Defaults to `PT15M`. */ timeout?: pulumi.Input; } interface WindowsVirtualMachinePlan { /** * Specifies the Name of the Marketplace Image this Virtual Machine should be created from. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specifies the Product of the Marketplace Image this Virtual Machine should be created from. Changing this forces a new resource to be created. */ product: pulumi.Input; /** * Specifies the Publisher of the Marketplace Image this Virtual Machine should be created from. Changing this forces a new resource to be created. * * > **NOTE:** If you use the `plan` block with one of Microsoft's marketplace images (e.g. `publisher = "MicrosoftWindowsServer"`). This may prevent the purchase of the offer. An example Azure API error: `The Offer: 'WindowsServer' cannot be purchased by subscription: '12345678-12234-5678-9012-123456789012' as it is not to be sold in market: 'US'. Please choose a subscription which is associated with a different market.` */ publisher: pulumi.Input; } interface WindowsVirtualMachineScaleSetAdditionalCapabilities { /** * Should the capacity to enable Data Disks of the `UltraSSD_LRS` storage account type be supported on this Virtual Machine Scale Set? Possible values are `true` or `false`. Defaults to `false`. Changing this forces a new resource to be created. */ ultraSsdEnabled?: pulumi.Input; } interface WindowsVirtualMachineScaleSetAdditionalUnattendContent { /** * The XML formatted content that is added to the unattend.xml file for the specified path and component. Changing this forces a new resource to be created. */ content: pulumi.Input; /** * The name of the setting to which the content applies. Possible values are `AutoLogon` and `FirstLogonCommands`. Changing this forces a new resource to be created. */ setting: pulumi.Input; } interface WindowsVirtualMachineScaleSetAutomaticInstanceRepair { /** * The repair action that will be used for repairing unhealthy virtual machines in the scale set. Possible values include `Replace`, `Restart`, `Reimage`. * * > **Note:** Once the `action` field has been set it will always return the last value it was assigned if it is removed from the configuration file. * * > **Note:** If you wish to update the repair `action` of an existing `automaticInstanceRepair` policy, you must first `disable` the `automaticInstanceRepair` policy before you can re-enable the `automaticInstanceRepair` policy with the new repair `action` defined. */ action?: pulumi.Input; /** * Should the automatic instance repair be enabled on this Virtual Machine Scale Set? */ enabled: pulumi.Input; /** * Amount of time for which automatic repairs will be delayed. The grace period starts right after the VM is found unhealthy. Possible values are between `10` and `90` minutes. The time duration should be specified in `ISO 8601` format (e.g. `PT10M` to `PT90M`). * * > **Note:** Once the `gracePeriod` field has been set it will always return the last value it was assigned if it is removed from the configuration file. */ gracePeriod?: pulumi.Input; } interface WindowsVirtualMachineScaleSetAutomaticOsUpgradePolicy { /** * Should automatic rollbacks be disabled? */ disableAutomaticRollback: pulumi.Input; /** * Should OS Upgrades automatically be applied to Scale Set instances in a rolling fashion when a newer version of the OS Image becomes available? */ enableAutomaticOsUpgrade: pulumi.Input; } interface WindowsVirtualMachineScaleSetBootDiagnostics { /** * The Primary/Secondary Endpoint for the Azure Storage Account which should be used to store Boot Diagnostics, including Console Output and Screenshots from the Hypervisor. * * > **Note:** Passing a null value will utilize a Managed Storage Account to store Boot Diagnostics */ storageAccountUri?: pulumi.Input; } interface WindowsVirtualMachineScaleSetDataDisk { /** * The type of Caching which should be used for this Data Disk. Possible values are `None`, `ReadOnly` and `ReadWrite`. */ caching: pulumi.Input; /** * The create option which should be used for this Data Disk. Possible values are `Empty` and `FromImage`. Defaults to `Empty`. (`FromImage` should only be used if the source image includes data disks). */ createOption?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to encrypt this Data Disk. Changing this forces a new resource to be created. * * > **Note:** The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault * * > **Note:** Disk Encryption Sets are in Public Preview in a limited set of regions */ diskEncryptionSetId?: pulumi.Input; /** * The size of the Data Disk which should be created. */ diskSizeGb: pulumi.Input; /** * The Logical Unit Number of the Data Disk, which must be unique within the Virtual Machine. */ lun: pulumi.Input; /** * The name of the Data Disk. */ name?: pulumi.Input; /** * The Type of Storage Account which should back this Data Disk. Possible values include `Standard_LRS`, `StandardSSD_LRS`, `StandardSSD_ZRS`, `Premium_LRS`, `PremiumV2_LRS`, `Premium_ZRS` and `UltraSSD_LRS`. * * > **Note:** `UltraSSD_LRS` is only supported when `ultraSsdEnabled` within the `additionalCapabilities` block is enabled. */ storageAccountType: pulumi.Input; /** * Specifies the Read-Write IOPS for this Data Disk. Only settable when `storageAccountType` is `PremiumV2_LRS` or `UltraSSD_LRS`. */ ultraSsdDiskIopsReadWrite?: pulumi.Input; /** * Specifies the bandwidth in MB per second for this Data Disk. Only settable when `storageAccountType` is `PremiumV2_LRS` or `UltraSSD_LRS`. */ ultraSsdDiskMbpsReadWrite?: pulumi.Input; /** * Should Write Accelerator be enabled for this Data Disk? Defaults to `false`. * * > **Note:** This requires that the `storageAccountType` is set to `Premium_LRS` and that `caching` is set to `None`. */ writeAcceleratorEnabled?: pulumi.Input; } interface WindowsVirtualMachineScaleSetExtension { /** * Should the latest version of the Extension be used at Deployment Time, if one is available? This won't auto-update the extension on existing installation. Defaults to `true`. */ autoUpgradeMinorVersion?: pulumi.Input; /** * Should the Extension be automatically updated whenever the Publisher releases a new version of this VM Extension? */ automaticUpgradeEnabled?: pulumi.Input; /** * A value which, when different to the previous value can be used to force-run the Extension even if the Extension Configuration hasn't changed. */ forceUpdateTag?: pulumi.Input; /** * The name for the Virtual Machine Scale Set Extension. */ name: pulumi.Input; /** * A JSON String which specifies Sensitive Settings (such as Passwords) for the Extension. * * > **Note:** Keys within the `protectedSettings` block are notoriously case-sensitive, where the casing required (e.g. TitleCase vs snakeCase) depends on the Extension being used. Please refer to the documentation for the specific Virtual Machine Extension you're looking to use for more information. */ protectedSettings?: pulumi.Input; /** * A `protectedSettingsFromKeyVault` block as defined below. * * > **Note:** `protectedSettingsFromKeyVault` cannot be used with `protectedSettings` */ protectedSettingsFromKeyVault?: pulumi.Input; /** * An ordered list of Extension names which this should be provisioned after. */ provisionAfterExtensions?: pulumi.Input[]>; /** * Specifies the Publisher of the Extension. */ publisher: pulumi.Input; /** * A JSON String which specifies Settings for the Extension. * * > **Note:** Keys within the `settings` block are notoriously case-sensitive, where the casing required (e.g. TitleCase vs snakeCase) depends on the Extension being used. Please refer to the documentation for the specific Virtual Machine Extension you're looking to use for more information. */ settings?: pulumi.Input; /** * Specifies the Type of the Extension. */ type: pulumi.Input; /** * Specifies the version of the extension to use, available versions can be found using the Azure CLI. */ typeHandlerVersion: pulumi.Input; } interface WindowsVirtualMachineScaleSetExtensionProtectedSettingsFromKeyVault { /** * The URL to the Key Vault Secret which stores the protected settings. */ secretUrl: pulumi.Input; /** * The ID of the source Key Vault. */ sourceVaultId: pulumi.Input; } interface WindowsVirtualMachineScaleSetGalleryApplication { /** * Specifies the URI to an Azure Blob that will replace the default configuration for the package if provided. Changing this forces a new resource to be created. */ configurationBlobUri?: pulumi.Input; /** * Specifies the order in which the packages have to be installed. Possible values are between `0` and `2147483647`. Defaults to `0`. Changing this forces a new resource to be created. */ order?: pulumi.Input; /** * Specifies a passthrough value for more generic context. This field can be any valid `string` value. Changing this forces a new resource to be created. */ tag?: pulumi.Input; /** * Specifies the Gallery Application Version resource ID. Changing this forces a new resource to be created. */ versionId: pulumi.Input; } interface WindowsVirtualMachineScaleSetIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Windows Virtual Machine Scale Set. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Windows Virtual Machine Scale Set. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface WindowsVirtualMachineScaleSetNetworkInterface { /** * Specifies the auxiliary mode used to enable network high-performance feature on Network Virtual Appliances (NVAs). This feature offers competitive performance in Connections Per Second (CPS) optimization, along with improvements to handling large amounts of simultaneous connections. Possible values are `AcceleratedConnections` and `Floating`. * * > **Note:** `auxiliaryMode` is in **Preview** and requires that the prerequisites are enabled - [more information can be found in the Azure documentation](https://learn.microsoft.com/azure/networking/nva-accelerated-connections#prerequisites). */ auxiliaryMode?: pulumi.Input; /** * Specifies the SKU used for the network high-performance feature on Network Virtual Appliances (NVAs). Possible values are `A1`, `A2`, `A4` and `A8`. * * > **Note:** `auxiliarySku` is in **Preview** and requires that the prerequisites are enabled - [more information can be found in the Azure documentation](https://learn.microsoft.com/azure/networking/nva-accelerated-connections#prerequisites). */ auxiliarySku?: pulumi.Input; /** * A list of IP Addresses of DNS Servers which should be assigned to the Network Interface. */ dnsServers?: pulumi.Input[]>; /** * Does this Network Interface support Accelerated Networking? Defaults to `false`. */ enableAcceleratedNetworking?: pulumi.Input; /** * Does this Network Interface support IP Forwarding? Defaults to `false`. */ enableIpForwarding?: pulumi.Input; /** * One or more `ipConfiguration` blocks as defined above. */ ipConfigurations: pulumi.Input[]>; /** * The Name which should be used for this Network Interface. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * The ID of a Network Security Group which should be assigned to this Network Interface. */ networkSecurityGroupId?: pulumi.Input; /** * Is this the Primary IP Configuration? * * > **Note:** If multiple `networkInterface` blocks are specified, one must be set to `primary`. */ primary?: pulumi.Input; } interface WindowsVirtualMachineScaleSetNetworkInterfaceIpConfiguration { /** * A list of Backend Address Pools ID's from a Application Gateway which this Virtual Machine Scale Set should be connected to. */ applicationGatewayBackendAddressPoolIds?: pulumi.Input[]>; /** * A list of Application Security Group ID's which this Virtual Machine Scale Set should be connected to. */ applicationSecurityGroupIds?: pulumi.Input[]>; /** * A list of Backend Address Pools ID's from a Load Balancer which this Virtual Machine Scale Set should be connected to. * * > **Note:** When the Virtual Machine Scale Set is configured to have public IPs per instance are created with a load balancer, the SKU of the Virtual Machine instance IPs is determined by the SKU of the Virtual Machine Scale Sets Load Balancer (e.g. `Basic` or `Standard`). Alternatively, you may use the `publicIpPrefixId` field to generate instance-level IPs in a virtual machine scale set as well. The zonal properties of the prefix will be passed to the Virtual Machine instance IPs, though they will not be shown in the output. To view the public IP addresses assigned to the Virtual Machine Scale Sets Virtual Machine instances use the **az vmss list-instance-public-ips --resource-group `ResourceGroupName` --name `VirtualMachineScaleSetName`** CLI command. * * > **Note:** When using this field you'll also need to configure a Rule for the Load Balancer, and use a `dependsOn` between this resource and the Load Balancer Rule. */ loadBalancerBackendAddressPoolIds?: pulumi.Input[]>; /** * A list of NAT Rule ID's from a Load Balancer which this Virtual Machine Scale Set should be connected to. * * > **Note:** When using this field you'll also need to configure a Rule for the Load Balancer, and use a `dependsOn` between this resource and the Load Balancer Rule. */ loadBalancerInboundNatRulesIds?: pulumi.Input[]>; /** * The Name which should be used for this IP Configuration. */ name: pulumi.Input; /** * Is this the Primary IP Configuration for this Network Interface? Defaults to `false`. * * > **Note:** One `ipConfiguration` block must be marked as Primary for each Network Interface. */ primary?: pulumi.Input; /** * A `publicIpAddress` block as defined below. */ publicIpAddresses?: pulumi.Input[]>; /** * The ID of the Subnet which this IP Configuration should be connected to. * * > **Note:** `subnetId` is required if `version` is set to `IPv4`. */ subnetId?: pulumi.Input; /** * The Internet Protocol Version which should be used for this IP Configuration. Possible values are `IPv4` and `IPv6`. Defaults to `IPv4`. */ version?: pulumi.Input; } interface WindowsVirtualMachineScaleSetNetworkInterfaceIpConfigurationPublicIpAddress { /** * The Prefix which should be used for the Domain Name Label for each Virtual Machine Instance. Azure concatenates the Domain Name Label and Virtual Machine Index to create a unique Domain Name Label for each Virtual Machine. */ domainNameLabel?: pulumi.Input; /** * The Idle Timeout in Minutes for the Public IP Address. Possible values are in the range `4` to `32`. */ idleTimeoutInMinutes?: pulumi.Input; /** * One or more `ipTag` blocks as defined above. Changing this forces a new resource to be created. */ ipTags?: pulumi.Input[]>; /** * The Name of the Public IP Address Configuration. */ name: pulumi.Input; /** * The ID of the Public IP Address Prefix from where Public IP Addresses should be allocated. Changing this forces a new resource to be created. * * > **Note:** This functionality is in Preview and must be opted into via `az feature register --namespace Microsoft.Network --name AllowBringYourOwnPublicIpAddress` and then `az provider register -n Microsoft.Network`. */ publicIpPrefixId?: pulumi.Input; /** * The Internet Protocol Version which should be used for this public IP address. Possible values are `IPv4` and `IPv6`. Defaults to `IPv4`. Changing this forces a new resource to be created. */ version?: pulumi.Input; } interface WindowsVirtualMachineScaleSetNetworkInterfaceIpConfigurationPublicIpAddressIpTag { /** * The IP Tag associated with the Public IP, such as `SQL` or `Storage`. Changing this forces a new resource to be created. */ tag: pulumi.Input; /** * The Type of IP Tag, such as `FirstPartyUsage`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface WindowsVirtualMachineScaleSetOsDisk { /** * The Type of Caching which should be used for the Internal OS Disk. Possible values are `None`, `ReadOnly` and `ReadWrite`. */ caching: pulumi.Input; /** * A `diffDiskSettings` block as defined above. Changing this forces a new resource to be created. */ diffDiskSettings?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to encrypt this OS Disk. Conflicts with `secureVmDiskEncryptionSetId`. Changing this forces a new resource to be created. * * > **Note:** The Disk Encryption Set must have the `Reader` Role Assignment scoped on the Key Vault - in addition to an Access Policy to the Key Vault * * > **Note:** Disk Encryption Sets are in Public Preview in a limited set of regions */ diskEncryptionSetId?: pulumi.Input; /** * The Size of the Internal OS Disk in GB, if you wish to vary from the size used in the image this Virtual Machine Scale Set is sourced from. * * > **Note:** If specified this must be equal to or larger than the size of the Image the VM Scale Set is based on. When creating a larger disk than exists in the image you'll need to repartition the disk to use the remaining space. */ diskSizeGb?: pulumi.Input; /** * The ID of the Disk Encryption Set which should be used to Encrypt the OS Disk when the Virtual Machine Scale Set is Confidential VMSS. Conflicts with `diskEncryptionSetId`. Changing this forces a new resource to be created. * * > **Note:** `secureVmDiskEncryptionSetId` can only be specified when `securityEncryptionType` is set to `DiskWithVMGuestState`. */ secureVmDiskEncryptionSetId?: pulumi.Input; /** * Encryption Type when the Virtual Machine Scale Set is Confidential VMSS. Possible values are `VMGuestStateOnly` and `DiskWithVMGuestState`. Changing this forces a new resource to be created. * * > **Note:** `vtpmEnabled` must be set to `true` when `securityEncryptionType` is specified. * * > **Note:** `encryptionAtHostEnabled` cannot be set to `true` when `securityEncryptionType` is set to `DiskWithVMGuestState`. */ securityEncryptionType?: pulumi.Input; /** * The Type of Storage Account which should back this the Internal OS Disk. Possible values include `Standard_LRS`, `StandardSSD_LRS`, `StandardSSD_ZRS`, `Premium_LRS` and `Premium_ZRS`. Changing this forces a new resource to be created. */ storageAccountType: pulumi.Input; /** * Should Write Accelerator be Enabled for this OS Disk? Defaults to `false`. * * > **Note:** This requires that the `storageAccountType` is set to `Premium_LRS` and that `caching` is set to `None`. */ writeAcceleratorEnabled?: pulumi.Input; } interface WindowsVirtualMachineScaleSetOsDiskDiffDiskSettings { /** * Specifies the Ephemeral Disk Settings for the OS Disk. At this time the only possible value is `Local`. Changing this forces a new resource to be created. */ option: pulumi.Input; /** * Specifies where to store the Ephemeral Disk. Possible values are `CacheDisk` and `ResourceDisk`. Defaults to `CacheDisk`. Changing this forces a new resource to be created. */ placement?: pulumi.Input; } interface WindowsVirtualMachineScaleSetPlan { /** * Specifies the name of the image from the marketplace. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specifies the product of the image from the marketplace. Changing this forces a new resource to be created. */ product: pulumi.Input; /** * Specifies the publisher of the image. Changing this forces a new resource to be created. */ publisher: pulumi.Input; } interface WindowsVirtualMachineScaleSetRollingUpgradePolicy { /** * Should the Virtual Machine Scale Set ignore the Azure Zone boundaries when constructing upgrade batches? Possible values are `true` or `false`. */ crossZoneUpgradesEnabled?: pulumi.Input; /** * The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. */ maxBatchInstancePercent: pulumi.Input; /** * The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. */ maxUnhealthyInstancePercent: pulumi.Input; /** * The maximum percentage of upgraded virtual machine instances that can be found to be in an unhealthy state. This check will happen after each batch is upgraded. If this percentage is ever exceeded, the rolling update aborts. */ maxUnhealthyUpgradedInstancePercent: pulumi.Input; /** * Create new virtual machines to upgrade the scale set, rather than updating the existing virtual machines. Existing virtual machines will be deleted once the new virtual machines are created for each batch. Possible values are `true` or `false`. * * > **Note:** `overprovision` must be set to `false` when `maximumSurgeInstancesEnabled` is specified. */ maximumSurgeInstancesEnabled?: pulumi.Input; /** * The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. */ pauseTimeBetweenBatches: pulumi.Input; /** * Upgrade all unhealthy instances in a scale set before any healthy instances. Possible values are `true` or `false`. */ prioritizeUnhealthyInstancesEnabled?: pulumi.Input; } interface WindowsVirtualMachineScaleSetScaleIn { /** * Should the virtual machines chosen for removal be force deleted when the virtual machine scale set is being scaled-in? Possible values are `true` or `false`. Defaults to `false`. */ forceDeletionEnabled?: pulumi.Input; /** * The scale-in policy rule that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled in. Possible values for the scale-in policy rules are `Default`, `NewestVM` and `OldestVM`, defaults to `Default`. For more information about scale in policy, please [refer to this doc](https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-scale-in-policy). */ rule?: pulumi.Input; } interface WindowsVirtualMachineScaleSetSecret { /** * One or more `certificate` blocks as defined above. */ certificates: pulumi.Input[]>; /** * The ID of the Key Vault from which all Secrets should be sourced. */ keyVaultId: pulumi.Input; } interface WindowsVirtualMachineScaleSetSecretCertificate { /** * The certificate store on the Virtual Machine where the certificate should be added. */ store: pulumi.Input; /** * The Secret URL of a Key Vault Certificate. * * > **Note:** This can be sourced from the `secretId` field within the `azure.keyvault.Certificate` Resource. */ url: pulumi.Input; } interface WindowsVirtualMachineScaleSetSourceImageReference { /** * Specifies the offer of the image used to create the virtual machines. Changing this forces a new resource to be created. */ offer: pulumi.Input; /** * Specifies the publisher of the image used to create the virtual machines. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * Specifies the SKU of the image used to create the virtual machines. */ sku: pulumi.Input; /** * Specifies the version of the image used to create the virtual machines. */ version: pulumi.Input; } interface WindowsVirtualMachineScaleSetSpotRestore { /** * Should the Spot-Try-Restore feature be enabled? The Spot-Try-Restore feature will attempt to automatically restore the evicted Spot Virtual Machine Scale Set VM instances opportunistically based on capacity availability and pricing constraints. Possible values are `true` or `false`. Defaults to `false`. Changing this forces a new resource to be created. */ enabled?: pulumi.Input; /** * The length of time that the Virtual Machine Scale Set should attempt to restore the Spot VM instances which have been evicted. The time duration should be between `15` minutes and `120` minutes (inclusive). The time duration should be specified in the ISO 8601 format. Defaults to `PT1H`. Changing this forces a new resource to be created. */ timeout?: pulumi.Input; } interface WindowsVirtualMachineScaleSetTerminationNotification { /** * Should the termination notification be enabled on this Virtual Machine Scale Set? */ enabled: pulumi.Input; /** * Length of time (in minutes, between 5 and 15) a notification to be sent to the VM on the instance metadata server till the VM gets deleted. The time duration should be specified in ISO 8601 format. Defaults to `PT5M`. * * > **Note:** For more information about the termination notification, please [refer to this doc](https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-terminate-notification). */ timeout?: pulumi.Input; } interface WindowsVirtualMachineScaleSetWinrmListener { /** * The Secret URL of a Key Vault Certificate, which must be specified when `protocol` is set to `Https`. Changing this forces a new resource to be created. * * > **Note:** This can be sourced from the `secretId` field within the `azure.keyvault.Certificate` Resource. */ certificateUrl?: pulumi.Input; /** * The Protocol of the WinRM Listener. Possible values are `Http` and `Https`. Changing this forces a new resource to be created. */ protocol: pulumi.Input; } interface WindowsVirtualMachineSecret { /** * One or more `certificate` blocks as defined above. */ certificates: pulumi.Input[]>; /** * The ID of the Key Vault from which all Secrets should be sourced. */ keyVaultId: pulumi.Input; } interface WindowsVirtualMachineSecretCertificate { /** * The certificate store on the Virtual Machine where the certificate should be added. */ store: pulumi.Input; /** * The Secret URL of a Key Vault Certificate. * * > **NOTE:** This can be sourced from the `secretId` field within the `azure.keyvault.Certificate` Resource. */ url: pulumi.Input; } interface WindowsVirtualMachineSourceImageReference { /** * Specifies the offer of the image used to create the virtual machines. Changing this forces a new resource to be created. */ offer: pulumi.Input; /** * Specifies the publisher of the image used to create the virtual machines. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * Specifies the SKU of the image used to create the virtual machines. Changing this forces a new resource to be created. */ sku: pulumi.Input; /** * Specifies the version of the image used to create the virtual machines. Changing this forces a new resource to be created. */ version: pulumi.Input; } interface WindowsVirtualMachineTerminationNotification { /** * Should the termination notification be enabled on this Virtual Machine? */ enabled: pulumi.Input; /** * Length of time (in minutes, between `5` and `15`) a notification to be sent to the VM on the instance metadata server till the VM gets deleted. The time duration should be specified in ISO 8601 format. Defaults to `PT5M`. * * > **NOTE:** For more information about the termination notification, please [refer to this doc](https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-terminate-notification). */ timeout?: pulumi.Input; } interface WindowsVirtualMachineWinrmListener { /** * The Secret URL of a Key Vault Certificate, which must be specified when `protocol` is set to `Https`. Changing this forces a new resource to be created. */ certificateUrl?: pulumi.Input; /** * Specifies the protocol of listener. Possible values are `Http` or `Https`. Changing this forces a new resource to be created. */ protocol: pulumi.Input; } } export declare namespace confidentialledger { interface LedgerAzureadBasedServicePrincipal { /** * Specifies the Ledger Role to grant this AzureAD Service Principal. Possible values are `Administrator`, `Contributor` and `Reader`. */ ledgerRoleName: pulumi.Input; /** * Specifies the Principal ID of the AzureAD Service Principal. */ principalId: pulumi.Input; /** * Specifies the Tenant ID for this AzureAD Service Principal. */ tenantId: pulumi.Input; } interface LedgerCertificateBasedSecurityPrincipal { /** * Specifies the Ledger Role to grant this Certificate Security Principal. Possible values are `Administrator`, `Contributor` and `Reader`. */ ledgerRoleName: pulumi.Input; /** * The public key, in PEM format, of the certificate used by this identity to authenticate with the Confidential Ledger. */ pemPublicKey: pulumi.Input; } } export declare namespace config { } export declare namespace consumption { interface BudgetManagementGroupFilter { /** * One or more `dimension` blocks as defined below to filter the budget on. */ dimensions?: pulumi.Input[]>; /** * One or more `tag` blocks as defined below to filter the budget on. */ tags?: pulumi.Input[]>; } interface BudgetManagementGroupFilterDimension { /** * The name of the column to use for the filter. The allowed values are `ChargeType`, `Frequency`, `InvoiceId`, `Meter`, `MeterCategory`, `MeterSubCategory`, `PartNumber`, `PricingModel`, `Product`, `ProductOrderId`, `ProductOrderName`, `PublisherType`, `ReservationId`, `ReservationName`, `ResourceGroupName`, `ResourceGuid`, `ResourceId`, `ResourceLocation`, `ResourceType`, `ServiceFamily`, `ServiceName`, `SubscriptionID`, `SubscriptionName`, `UnitOfMeasure`. */ name: pulumi.Input; /** * The operator to use for comparison. The allowed values are `In`. Defaults to `In`. */ operator?: pulumi.Input; /** * Specifies a list of values for the column. */ values: pulumi.Input[]>; } interface BudgetManagementGroupFilterTag { /** * The name of the tag to use for the filter. */ name: pulumi.Input; /** * The operator to use for comparison. The allowed values are `In`. Defaults to `In`. */ operator?: pulumi.Input; /** * Specifies a list of values for the tag. */ values: pulumi.Input[]>; } interface BudgetManagementGroupNotification { /** * Specifies a list of email addresses to send the budget notification to when the threshold is exceeded. */ contactEmails: pulumi.Input[]>; /** * Should the notification be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The comparison operator for the notification. Must be one of `EqualTo`, `GreaterThan`, or `GreaterThanOrEqualTo`. */ operator: pulumi.Input; /** * Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000. */ threshold: pulumi.Input; /** * The type of threshold for the notification. This determines whether the notification is triggered by forecasted costs or actual costs. The allowed values are `Actual` and `Forecasted`. Default is `Actual`. */ thresholdType?: pulumi.Input; } interface BudgetManagementGroupTimePeriod { /** * The end date for the budget. If not set this will be 10 years after the start date. */ endDate?: pulumi.Input; /** * The start date for the budget. The start date must be first of the month and should be less than the end date. Budget start date must be on or after June 1, 2017. Future start date should not be more than twelve months. Past start date should be selected within the timegrain period. Changing this forces a new resource to be created. */ startDate: pulumi.Input; } interface BudgetResourceGroupFilter { /** * One or more `dimension` blocks as defined below to filter the budget on. */ dimensions?: pulumi.Input[]>; /** * One or more `tag` blocks as defined below to filter the budget on. */ tags?: pulumi.Input[]>; } interface BudgetResourceGroupFilterDimension { /** * The name of the column to use for the filter. The allowed values are `ChargeType`, `Frequency`, `InvoiceId`, `Meter`, `MeterCategory`, `MeterSubCategory`, `PartNumber`, `PricingModel`, `Product`, `ProductOrderId`, `ProductOrderName`, `PublisherType`, `ReservationId`, `ReservationName`, `ResourceGroupName`, `ResourceGuid`, `ResourceId`, `ResourceLocation`, `ResourceType`, `ServiceFamily`, `ServiceName`, `SubscriptionID`, `SubscriptionName`, `UnitOfMeasure`. */ name: pulumi.Input; /** * The operator to use for comparison. The allowed values are `In`. Defaults to `In`. */ operator?: pulumi.Input; /** * Specifies a list of values for the column. */ values: pulumi.Input[]>; } interface BudgetResourceGroupFilterTag { /** * The name of the tag to use for the filter. */ name: pulumi.Input; /** * The operator to use for comparison. The allowed values are `In`. Defaults to `In`. */ operator?: pulumi.Input; /** * Specifies a list of values for the tag. */ values: pulumi.Input[]>; } interface BudgetResourceGroupNotification { /** * Specifies a list of email addresses to send the budget notification to when the threshold is exceeded. */ contactEmails?: pulumi.Input[]>; /** * Specifies a list of Action Group IDs to send the budget notification to when the threshold is exceeded. */ contactGroups?: pulumi.Input[]>; /** * Specifies a list of contact roles to send the budget notification to when the threshold is exceeded. */ contactRoles?: pulumi.Input[]>; /** * Should the notification be enabled? Defaults to `true`. * * > **Note:** A `notification` block cannot have all of `contactEmails`, `contactRoles`, and `contactGroups` empty. This means that at least one of the three must be specified. */ enabled?: pulumi.Input; /** * The comparison operator for the notification. Must be one of `EqualTo`, `GreaterThan`, or `GreaterThanOrEqualTo`. */ operator: pulumi.Input; /** * Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000. */ threshold: pulumi.Input; /** * The type of threshold for the notification. This determines whether the notification is triggered by forecasted costs or actual costs. The allowed values are `Actual` and `Forecasted`. Default is `Actual`. */ thresholdType?: pulumi.Input; } interface BudgetResourceGroupTimePeriod { /** * The end date for the budget. If not set this will be 10 years after the start date. */ endDate?: pulumi.Input; /** * The start date for the budget. The start date must be first of the month and should be less than the end date. Budget start date must be on or after June 1, 2017. Future start date should not be more than twelve months. Past start date should be selected within the timegrain period. Changing this forces a new Resource Group Consumption Budget to be created. */ startDate: pulumi.Input; } interface BudgetSubscriptionFilter { /** * One or more `dimension` blocks as defined below to filter the budget on. */ dimensions?: pulumi.Input[]>; /** * One or more `tag` blocks as defined below to filter the budget on. */ tags?: pulumi.Input[]>; } interface BudgetSubscriptionFilterDimension { /** * The name of the column to use for the filter. The allowed values are `ChargeType`, `Frequency`, `InvoiceId`, `Meter`, `MeterCategory`, `MeterSubCategory`, `PartNumber`, `PricingModel`, `Product`, `ProductOrderId`, `ProductOrderName`, `PublisherType`, `ReservationId`, `ReservationName`, `ResourceGroupName`, `ResourceGuid`, `ResourceId`, `ResourceLocation`, `ResourceType`, `ServiceFamily`, `ServiceName`, `SubscriptionID`, `SubscriptionName`, `UnitOfMeasure`. */ name: pulumi.Input; /** * The operator to use for comparison. The allowed values are `In`. Defaults to `In`. */ operator?: pulumi.Input; /** * Specifies a list of values for the column. */ values: pulumi.Input[]>; } interface BudgetSubscriptionFilterTag { /** * The name of the tag to use for the filter. */ name: pulumi.Input; /** * The operator to use for comparison. The allowed values are `In`. Defaults to `In`. */ operator?: pulumi.Input; /** * Specifies a list of values for the tag. */ values: pulumi.Input[]>; } interface BudgetSubscriptionNotification { /** * Specifies a list of email addresses to send the budget notification to when the threshold is exceeded. */ contactEmails?: pulumi.Input[]>; /** * Specifies a list of Action Group IDs to send the budget notification to when the threshold is exceeded. */ contactGroups?: pulumi.Input[]>; /** * Specifies a list of contact roles to send the budget notification to when the threshold is exceeded. */ contactRoles?: pulumi.Input[]>; /** * Should the notification be enabled? Defaults to `true`. * * > **Note:** A `notification` block cannot have all of `contactEmails`, `contactRoles`, and `contactGroups` empty. This means that at least one of the three must be specified. */ enabled?: pulumi.Input; /** * The comparison operator for the notification. Must be one of `EqualTo`, `GreaterThan`, or `GreaterThanOrEqualTo`. */ operator: pulumi.Input; /** * Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000. */ threshold: pulumi.Input; /** * The type of threshold for the notification. This determines whether the notification is triggered by forecasted costs or actual costs. The allowed values are `Actual` and `Forecasted`. Default is `Actual`. */ thresholdType?: pulumi.Input; } interface BudgetSubscriptionTimePeriod { /** * The end date for the budget. If not set this will be 10 years after the start date. */ endDate?: pulumi.Input; /** * The start date for the budget. The start date must be first of the month and should be less than the end date. Budget start date must be on or after June 1, 2017. Future start date should not be more than twelve months. Past start date should be selected within the timegrain period. Changing this forces a new Subscription Consumption Budget to be created. */ startDate: pulumi.Input; } } export declare namespace containerapp { interface AppDapr { /** * The Dapr Application Identifier. */ appId: pulumi.Input; /** * The port which the application is listening on. This is the same as the `ingress` port. */ appPort?: pulumi.Input; /** * The protocol for the app. Possible values include `http` and `grpc`. Defaults to `http`. */ appProtocol?: pulumi.Input; } interface AppIdentity { /** * A list of one or more Resource IDs for User Assigned Managed identities to assign. Required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * The type of managed identity to assign. Possible values are `SystemAssigned`, `UserAssigned`, and `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface AppIngress { /** * Should this ingress allow insecure connections? */ allowInsecureConnections?: pulumi.Input; /** * The client certificate mode for the Ingress. Possible values are `require`, `accept`, and `ignore`. */ clientCertificateMode?: pulumi.Input; /** * A `cors` block as defined below. */ cors?: pulumi.Input; /** * One or more `customDomain` block as detailed below. */ customDomains?: pulumi.Input[]>; /** * The exposed port on the container for the Ingress traffic. * * > **Note:** `exposedPort` can only be specified when `transport` is set to `tcp`. */ exposedPort?: pulumi.Input; /** * Are connections to this Ingress from outside the Container App Environment enabled? Defaults to `false`. */ externalEnabled?: pulumi.Input; /** * The FQDN of the ingress. */ fqdn?: pulumi.Input; /** * One or more `ipSecurityRestriction` blocks for IP-filtering rules as defined below. */ ipSecurityRestrictions?: pulumi.Input[]>; /** * The target port on the container for the Ingress traffic. */ targetPort: pulumi.Input; /** * One or more `trafficWeight` blocks as detailed below. */ trafficWeights: pulumi.Input[]>; /** * The transport method for the Ingress. Possible values are `auto`, `http`, `http2` and `tcp`. Defaults to `auto`. * * > **Note:** if `transport` is set to `tcp`, `exposedPort` and `targetPort` should be set at the same time. */ transport?: pulumi.Input; } interface AppIngressCors { /** * Whether user credentials are allowed in the cross-origin request is enabled. Defaults to `false`. */ allowCredentialsEnabled?: pulumi.Input; /** * Specifies the list of request headers that are permitted in the actual request. */ allowedHeaders?: pulumi.Input[]>; /** * Specifies the list of HTTP methods are allowed when accessing the resource in a cross-origin request. */ allowedMethods?: pulumi.Input[]>; /** * Specifies the list of origins that are allowed to make cross-origin calls. */ allowedOrigins: pulumi.Input[]>; /** * Specifies the list of headers exposed to the browser in the response to a cross-origin request. */ exposedHeaders?: pulumi.Input[]>; /** * Specifies the number of seconds that the browser can cache the results of a preflight request. */ maxAgeInSeconds?: pulumi.Input; } interface AppIngressCustomDomain { /** * The Binding type. */ certificateBindingType?: pulumi.Input; /** * The ID of the Container App Environment Certificate. */ certificateId?: pulumi.Input; /** * The name for this Container App. Changing this forces a new resource to be created. */ name?: pulumi.Input; } interface AppIngressIpSecurityRestriction { /** * The IP-filter action. `Allow` or `Deny`. * * > **Note:** The `action` types in an all `ipSecurityRestriction` blocks must be the same for the `ingress`, mixing `Allow` and `Deny` rules is not currently supported by the service. */ action: pulumi.Input; /** * Describe the IP restriction rule that is being sent to the container-app. */ description?: pulumi.Input; /** * The incoming IP address or range of IP addresses (in CIDR notation). */ ipAddressRange: pulumi.Input; /** * Name for the IP restriction rule. */ name: pulumi.Input; } interface AppIngressTrafficWeight { /** * The label to apply to the revision as a name prefix for routing traffic. */ label?: pulumi.Input; /** * This traffic Weight applies to the latest stable Container Revision. At most only one `trafficWeight` block can have the `latestRevision` set to `true`. */ latestRevision?: pulumi.Input; /** * The percentage of traffic which should be sent this revision. * * > **Note:** The cumulative values for `weight` must equal 100 exactly and explicitly, no default weights are assumed. */ percentage: pulumi.Input; /** * The suffix string to which this `trafficWeight` applies. * * > **Note:** If `latestRevision` is `false`, the `revisionSuffix` shall be specified. */ revisionSuffix?: pulumi.Input; } interface AppRegistry { /** * Resource ID for the User Assigned Managed identity to use when pulling from the Container Registry. * * > **Note:** The Resource ID must be of a User Assigned Managed identity defined in an `identity` block. */ identity?: pulumi.Input; /** * The name of the Secret Reference containing the password value for this user on the Container Registry, `username` must also be supplied. */ passwordSecretName?: pulumi.Input; /** * The hostname for the Container Registry. * * The authentication details must also be supplied, `identity` and `username`/`passwordSecretName` are mutually exclusive. */ server: pulumi.Input; /** * The username to use for this Container Registry, `passwordSecretName` must also be supplied.. */ username?: pulumi.Input; } interface AppSecret { /** * The identity to use for accessing the Key Vault secret reference. This can either be the Resource ID of a User Assigned Identity, or `System` for the System Assigned Identity. * * !> **Note:** `identity` must be used together with `keyVaultSecretId` */ identity?: pulumi.Input; /** * The ID of a Key Vault secret. This can be a versioned or version-less ID. * * !> **Note:** When using `keyVaultSecretId`, `ignoreChanges` should be used to ignore any changes to `value`. */ keyVaultSecretId?: pulumi.Input; /** * The secret name. */ name: pulumi.Input; /** * The value for this secret. * * !> **Note:** `value` will be ignored if `keyVaultSecretId` and `identity` are provided. */ value?: pulumi.Input; } interface AppTemplate { /** * One or more `azureQueueScaleRule` blocks as defined below. */ azureQueueScaleRules?: pulumi.Input[]>; /** * One or more `container` blocks as detailed below. */ containers: pulumi.Input[]>; /** * The number of seconds to wait before scaling down the number of instances again. Defaults to `300`. */ cooldownPeriodInSeconds?: pulumi.Input; /** * One or more `customScaleRule` blocks as defined below. */ customScaleRules?: pulumi.Input[]>; /** * One or more `httpScaleRule` blocks as defined below. */ httpScaleRules?: pulumi.Input[]>; /** * The definition of an init container that is part of the group as documented in the `initContainer` block below. */ initContainers?: pulumi.Input[]>; /** * The maximum number of replicas for this container. */ maxReplicas?: pulumi.Input; /** * The minimum number of replicas for this container. */ minReplicas?: pulumi.Input; /** * The interval in seconds used for polling KEDA. Defaults to `30`. */ pollingIntervalInSeconds?: pulumi.Input; /** * The suffix for the revision. This value must be unique for the lifetime of the Resource. If omitted the service will use a hash function to create one. */ revisionSuffix?: pulumi.Input; /** * One or more `tcpScaleRule` blocks as defined below. */ tcpScaleRules?: pulumi.Input[]>; /** * The time in seconds after the container is sent the termination signal before the process if forcibly killed. */ terminationGracePeriodSeconds?: pulumi.Input; /** * A `volume` block as detailed below. */ volumes?: pulumi.Input[]>; } interface AppTemplateAzureQueueScaleRule { /** * One or more `authentication` blocks as defined below. */ authentications: pulumi.Input[]>; /** * The name of the Scaling Rule */ name: pulumi.Input; /** * The value of the length of the queue to trigger scaling actions. */ queueLength: pulumi.Input; /** * The name of the Azure Queue */ queueName: pulumi.Input; } interface AppTemplateAzureQueueScaleRuleAuthentication { /** * The name of the Container App Secret to use for this Scale Rule Authentication. */ secretName: pulumi.Input; /** * The Trigger Parameter name to use the supply the value retrieved from the `secretName`. */ triggerParameter: pulumi.Input; } interface AppTemplateContainer { /** * A list of extra arguments to pass to the container. */ args?: pulumi.Input[]>; /** * A command to pass to the container to override the default. This is provided as a list of command line elements without spaces. */ commands?: pulumi.Input[]>; /** * The amount of vCPU to allocate to the container. * * > **Note:** When using a Consumption plan, the `cpu` and `memory` properties must add up to one of the combinations found in the Microsoft provided documentation, for more information see [vCPU and memory allocation requirements](https://learn.microsoft.com/azure/container-apps/containers#allocations) */ cpu: pulumi.Input; /** * One or more `env` blocks as detailed below. */ envs?: pulumi.Input[]>; /** * The amount of ephemeral storage available to the Container App. * * > **Note:** `ephemeralStorage` is currently in preview and not configurable at this time. */ ephemeralStorage?: pulumi.Input; /** * The image to use to create the container. */ image: pulumi.Input; /** * A `livenessProbe` block as detailed below. */ livenessProbes?: pulumi.Input[]>; /** * The amount of memory to allocate to the container. * * > **Note:** When using a Consumption plan, the `cpu` and `memory` properties must add up to one of the combinations found in the Microsoft provided documentation, for more information see [vCPU and memory allocation requirements](https://learn.microsoft.com/azure/container-apps/containers#allocations) */ memory: pulumi.Input; /** * The name of the container */ name: pulumi.Input; /** * A `readinessProbe` block as detailed below. */ readinessProbes?: pulumi.Input[]>; /** * A `startupProbe` block as detailed below. */ startupProbes?: pulumi.Input[]>; /** * A `volumeMounts` block as detailed below. */ volumeMounts?: pulumi.Input[]>; } interface AppTemplateContainerEnv { /** * The name of the environment variable for the container. */ name: pulumi.Input; /** * The name of the secret that contains the value for this environment variable. */ secretName?: pulumi.Input; /** * The value for this environment variable. * * > **Note:** This value is ignored if `secretName` is used */ value?: pulumi.Input; } interface AppTemplateContainerLivenessProbe { /** * The number of consecutive failures required to consider this probe as failed. Possible values are between `1` and `30`. Defaults to `3`. */ failureCountThreshold?: pulumi.Input; /** * A `header` block as detailed below. */ headers?: pulumi.Input[]>; /** * The probe hostname. Defaults to the pod IP address. Setting a value for `Host` in `headers` can be used to override this for `HTTP` and `HTTPS` type probes. */ host?: pulumi.Input; /** * The number of seconds elapsed after the container has started before the probe is initiated. Possible values are between `0` and `60`. Defaults to `1` seconds. */ initialDelay?: pulumi.Input; /** * How often, in seconds, the probe should run. Possible values are in the range `1` - `240`. Defaults to `10`. */ intervalSeconds?: pulumi.Input; /** * The URI to use with the `host` for http type probes. Not valid for `TCP` type probes. Defaults to `/`. */ path?: pulumi.Input; /** * The port number on which to connect. Possible values are between `1` and `65535`. */ port: pulumi.Input; /** * The time in seconds after the container is sent the termination signal before the process if forcibly killed. */ terminationGracePeriodSeconds?: pulumi.Input; /** * Time in seconds after which the probe times out. Possible values are in the range `1` - `240`. Defaults to `1`. */ timeout?: pulumi.Input; /** * Type of probe. Possible values are `TCP`, `HTTP`, and `HTTPS`. */ transport: pulumi.Input; } interface AppTemplateContainerLivenessProbeHeader { /** * The HTTP Header Name. */ name: pulumi.Input; /** * The HTTP Header value. */ value: pulumi.Input; } interface AppTemplateContainerReadinessProbe { /** * The number of consecutive failures required to consider this probe as failed. Possible values are between `1` and `48`. Defaults to `3`. */ failureCountThreshold?: pulumi.Input; /** * A `header` block as detailed below. */ headers?: pulumi.Input[]>; /** * The probe hostname. Defaults to the pod IP address. Setting a value for `Host` in `headers` can be used to override this for `HTTP` and `HTTPS` type probes. */ host?: pulumi.Input; /** * The number of seconds elapsed after the container has started before the probe is initiated. Possible values are between `0` and `60`. Defaults to `0` seconds. */ initialDelay?: pulumi.Input; /** * How often, in seconds, the probe should run. Possible values are between `1` and `240`. Defaults to `10` */ intervalSeconds?: pulumi.Input; /** * The URI to use for http type probes. Not valid for `TCP` type probes. Defaults to `/`. */ path?: pulumi.Input; /** * The port number on which to connect. Possible values are between `1` and `65535`. */ port: pulumi.Input; /** * The number of consecutive successful responses required to consider this probe as successful. Possible values are between `1` and `10`. Defaults to `3`. */ successCountThreshold?: pulumi.Input; /** * Time in seconds after which the probe times out. Possible values are in the range `1` - `240`. Defaults to `1`. */ timeout?: pulumi.Input; /** * Type of probe. Possible values are `TCP`, `HTTP`, and `HTTPS`. */ transport: pulumi.Input; } interface AppTemplateContainerReadinessProbeHeader { /** * The HTTP Header Name. */ name: pulumi.Input; /** * The HTTP Header value. */ value: pulumi.Input; } interface AppTemplateContainerStartupProbe { /** * The number of consecutive failures required to consider this probe as failed. Possible values are between `1` and `240`. Defaults to `3`. */ failureCountThreshold?: pulumi.Input; /** * A `header` block as detailed below. */ headers?: pulumi.Input[]>; /** * The value for the host header which should be sent with this probe. If unspecified, the IP Address of the Pod is used as the host header. Setting a value for `Host` in `headers` can be used to override this for `HTTP` and `HTTPS` type probes. */ host?: pulumi.Input; /** * The number of seconds elapsed after the container has started before the probe is initiated. Possible values are between `0` and `60`. Defaults to `0` seconds. */ initialDelay?: pulumi.Input; /** * How often, in seconds, the probe should run. Possible values are between `1` and `240`. Defaults to `10` */ intervalSeconds?: pulumi.Input; /** * The URI to use with the `host` for http type probes. Not valid for `TCP` type probes. Defaults to `/`. */ path?: pulumi.Input; /** * The port number on which to connect. Possible values are between `1` and `65535`. */ port: pulumi.Input; /** * The time in seconds after the container is sent the termination signal before the process if forcibly killed. */ terminationGracePeriodSeconds?: pulumi.Input; /** * Time in seconds after which the probe times out. Possible values are in the range `1` - `240`. Defaults to `1`. */ timeout?: pulumi.Input; /** * Type of probe. Possible values are `TCP`, `HTTP`, and `HTTPS`. */ transport: pulumi.Input; } interface AppTemplateContainerStartupProbeHeader { /** * The HTTP Header Name. */ name: pulumi.Input; /** * The HTTP Header value. */ value: pulumi.Input; } interface AppTemplateContainerVolumeMount { /** * The name of the Volume to be mounted in the container. */ name: pulumi.Input; /** * The path in the container at which to mount this volume. */ path: pulumi.Input; /** * The sub path of the volume to be mounted in the container. */ subPath?: pulumi.Input; } interface AppTemplateCustomScaleRule { /** * Zero or more `authentication` blocks as defined below. * * * `ìdentity_id`- (Optional) Resource ID for the System or User Assigned Managed identity to use when executing the scale rule. */ authentications?: pulumi.Input[]>; /** * The Custom rule type. Possible values include: `activemq`, `artemis-queue`, `kafka`, `pulsar`, `aws-cloudwatch`, `aws-dynamodb`, `aws-dynamodb-streams`, `aws-kinesis-stream`, `aws-sqs-queue`, `azure-app-insights`, `azure-blob`, `azure-data-explorer`, `azure-eventhub`, `azure-log-analytics`, `azure-monitor`, `azure-pipelines`, `azure-servicebus`, `azure-queue`, `cassandra`, `cpu`, `cron`, `datadog`, `elasticsearch`, `external`, `external-push`, `gcp-stackdriver`, `gcp-storage`, `gcp-pubsub`, `graphite`, `http`, `huawei-cloudeye`, `ibmmq`, `influxdb`, `kubernetes-workload`, `liiklus`, `memory`, `metrics-api`, `mongodb`, `mssql`, `mysql`, `nats-jetstream`, `stan`, `tcp`, `new-relic`, `openstack-metric`, `openstack-swift`, `postgresql`, `predictkube`, `prometheus`, `rabbitmq`, `redis`, `redis-cluster`, `redis-sentinel`, `redis-streams`, `redis-cluster-streams`, `redis-sentinel-streams`, `selenium-grid`,`solace-event-queue`, and `github-runner`. */ customRuleType: pulumi.Input; /** * ID of the System or User Managed Identity used to execute scale rule. */ identityId?: pulumi.Input; /** * A map of string key-value pairs to configure the Custom Scale Rule. */ metadata: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The name of the Scaling Rule */ name: pulumi.Input; } interface AppTemplateCustomScaleRuleAuthentication { /** * The name of the Container App Secret to use for this Scale Rule Authentication. */ secretName: pulumi.Input; /** * The Trigger Parameter name to use the supply the value retrieved from the `secretName`. */ triggerParameter: pulumi.Input; } interface AppTemplateHttpScaleRule { /** * Zero or more `authentication` blocks as defined below. */ authentications?: pulumi.Input[]>; /** * The number of concurrent requests to trigger scaling. */ concurrentRequests: pulumi.Input; /** * The name of the Scaling Rule */ name: pulumi.Input; } interface AppTemplateHttpScaleRuleAuthentication { /** * The name of the Container App Secret to use for this Scale Rule Authentication. */ secretName: pulumi.Input; /** * The Trigger Parameter name to use the supply the value retrieved from the `secretName`. */ triggerParameter?: pulumi.Input; } interface AppTemplateInitContainer { /** * A list of extra arguments to pass to the container. */ args?: pulumi.Input[]>; /** * A command to pass to the container to override the default. This is provided as a list of command line elements without spaces. */ commands?: pulumi.Input[]>; /** * The amount of vCPU to allocate to the container. * * > **Note:** When using a Consumption plan, the `cpu` and `memory` properties must add up to one of the combinations found in the Microsoft provided documentation, for more information see [vCPU and memory allocation requirements](https://learn.microsoft.com/azure/container-apps/containers#allocations) */ cpu?: pulumi.Input; /** * One or more `env` blocks as detailed below. */ envs?: pulumi.Input[]>; /** * The amount of ephemeral storage available to the Container App. * * > **Note:** `ephemeralStorage` is currently in preview and not configurable at this time. */ ephemeralStorage?: pulumi.Input; /** * The image to use to create the container. */ image: pulumi.Input; /** * The amount of memory to allocate to the container. * * > **Note:** When using a Consumption plan, the `cpu` and `memory` properties must add up to one of the combinations found in the Microsoft provided documentation, for more information see [vCPU and memory allocation requirements](https://learn.microsoft.com/azure/container-apps/containers#allocations) */ memory?: pulumi.Input; /** * The name of the container */ name: pulumi.Input; /** * A `volumeMounts` block as detailed below. */ volumeMounts?: pulumi.Input[]>; } interface AppTemplateInitContainerEnv { /** * The name of the environment variable for the container. */ name: pulumi.Input; /** * The name of the secret that contains the value for this environment variable. */ secretName?: pulumi.Input; /** * The value for this environment variable. * * > **Note:** This value is ignored if `secretName` is used */ value?: pulumi.Input; } interface AppTemplateInitContainerVolumeMount { /** * The name of the Volume to be mounted in the container. */ name: pulumi.Input; /** * The path in the container at which to mount this volume. */ path: pulumi.Input; /** * The sub path of the volume to be mounted in the container. */ subPath?: pulumi.Input; } interface AppTemplateTcpScaleRule { /** * Zero or more `authentication` blocks as defined below. */ authentications?: pulumi.Input[]>; /** * The number of concurrent requests to trigger scaling. */ concurrentRequests: pulumi.Input; /** * The name of the Scaling Rule */ name: pulumi.Input; } interface AppTemplateTcpScaleRuleAuthentication { /** * The name of the Container App Secret to use for this Scale Rule Authentication. */ secretName: pulumi.Input; /** * The Trigger Parameter name to use the supply the value retrieved from the `secretName`. */ triggerParameter?: pulumi.Input; } interface AppTemplateVolume { /** * Mount options used while mounting the AzureFile. Must be a comma-separated string e.g. `dir_mode=0751,file_mode=0751`. */ mountOptions?: pulumi.Input; /** * The name of the volume. */ name: pulumi.Input; /** * The name of the `AzureFile` storage. */ storageName?: pulumi.Input; /** * The type of storage volume. Possible values are `AzureFile`, `EmptyDir`, `NfsAzureFile` and `Secret`. Defaults to `EmptyDir`. */ storageType?: pulumi.Input; } interface EnvironmentCertificateCertificateKeyVault { /** * The managed identity to authenticate with Azure Key Vault. Possible values are the resource ID of user-assigned identity, and `System` for system-assigned identity. Defaults to `System`. Changing this forces a new resource to be created. * * > **Note:** Please make sure [required permissions](https://learn.microsoft.com/en-us/azure/container-apps/key-vault-certificates-manage) are correctly configured for your Key Vault and managed identity. */ identity?: pulumi.Input; /** * The ID of the Key Vault Secret containing the certificate. Changing this forces a new resource to be created. */ keyVaultSecretId: pulumi.Input; } interface EnvironmentDaprComponentMetadata { /** * The name of the Metadata configuration item. */ name: pulumi.Input; /** * The name of a secret specified in the `secrets` block that contains the value for this metadata configuration item. */ secretName?: pulumi.Input; /** * The value for this metadata configuration item. */ value?: pulumi.Input; } interface EnvironmentDaprComponentSecret { /** * The identity to use for accessing key vault reference. Possible values are the Resource ID of a User Assigned Managed Identity, or `System` to use the System Assigned Managed Identity. */ identity?: pulumi.Input; /** * The Key Vault Secret ID. */ keyVaultSecretId?: pulumi.Input; /** * The Secret name. */ name: pulumi.Input; /** * The value for this secret. */ value?: pulumi.Input; } interface EnvironmentIdentity { /** * A list of one or more Resource IDs for User Assigned Managed identities to assign. Required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * The type of managed identity to assign. Possible values are `SystemAssigned`, `UserAssigned`, and `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface EnvironmentWorkloadProfile { /** * The maximum number of instances of workload profile that can be deployed in the Container App Environment. */ maximumCount?: pulumi.Input; /** * The minimum number of instances of workload profile that can be deployed in the Container App Environment. */ minimumCount?: pulumi.Input; /** * The name of the workload profile. */ name: pulumi.Input; /** * Workload profile type for the workloads to run on. Possible values include `Consumption`, `Consumption-GPU-NC24-A100`, `Consumption-GPU-NC8as-T4`, `D4`, `D8`, `D16`, `D32`, `E4`, `E8`, `E16`, `E32`, `NC24-A100`, `NC48-A100` and `NC96-A100`. * * > **Note:** A `Consumption` type must have a name of `Consumption` and an environment may only have one `Consumption` Workload Profile. * * > **Note:** Defining a `Consumption` profile is optional, however, Environments created without an initial Workload Profile cannot have them added at a later time and must be recreated. Similarly, an environment created with Profiles must always have at least one defined Profile, removing all profiles will force a recreation of the resource. */ workloadProfileType: pulumi.Input; } interface JobEventTriggerConfig { /** * Number of parallel replicas of a job that can run at a given time. */ parallelism?: pulumi.Input; /** * Minimum number of successful replica completions before overall job completion. */ replicaCompletionCount?: pulumi.Input; /** * A `scale` block as defined below. */ scales?: pulumi.Input[]>; } interface JobEventTriggerConfigScale { /** * Maximum number of job executions that are created for a trigger. */ maxExecutions?: pulumi.Input; /** * Minimum number of job executions that are created for a trigger. */ minExecutions?: pulumi.Input; /** * Interval to check each event source in seconds. */ pollingIntervalInSeconds?: pulumi.Input; /** * A `rules` block as defined below. */ rules?: pulumi.Input[]>; } interface JobEventTriggerConfigScaleRule { /** * A `authentication` block as defined below. */ authentications?: pulumi.Input[]>; /** * Type of the scale rule. Possible values are `activemq`, `artemis-queue`, `kafka`, `pulsar`, `aws-cloudwatch`, `aws-dynamodb`, `aws-dynamodb-streams`, `aws-kinesis-stream`, `aws-sqs-queue`, `azure-app-insights`, `azure-blob`, `azure-data-explorer`, `azure-eventhub`, `azure-log-analytics`, `azure-monitor`, `azure-pipelines`, `azure-servicebus`, `azure-queue`, `cassandra`, `cpu`, `cron`, `datadog`, `elasticsearch`, `external`, `external-push`, `gcp-stackdriver`, `gcp-storage`, `gcp-pubsub`, `graphite`, `http`, `huawei-cloudeye`, `ibmmq`, `influxdb`, `kubernetes-workload`, `liiklus`, `memory`, `metrics-api`, `mongodb`, `mssql`, `mysql`, `nats-jetstream`, `stan`, `tcp`, `new-relic`, `openstack-metric`, `openstack-swift`, `postgresql`, `predictkube`, `prometheus`, `rabbitmq`, `redis`, `redis-cluster`, `redis-sentinel`, `redis-streams`, `redis-cluster-streams`, `redis-sentinel-streams`, `selenium-grid`, `solace-event-queue` and `github-runner`. */ customRuleType: pulumi.Input; /** * ID of the System or User Managed Identity used to execute scale rule. */ identityId?: pulumi.Input; /** * Metadata properties to describe the scale rule. */ metadata: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Name of the scale rule. */ name: pulumi.Input; } interface JobEventTriggerConfigScaleRuleAuthentication { /** * Name of the secret from which to pull the auth params. */ secretName: pulumi.Input; /** * Trigger Parameter that uses the secret. */ triggerParameter: pulumi.Input; } interface JobIdentity { /** * A list of Managed Identity IDs to assign to the Container App Job. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * The type of identity used for the Container App Job. Possible values are `SystemAssigned`, `UserAssigned` and `None`. */ type: pulumi.Input; } interface JobManualTriggerConfig { /** * Number of parallel replicas of a job that can run at a given time. */ parallelism?: pulumi.Input; /** * Minimum number of successful replica completions before overall job completion. */ replicaCompletionCount?: pulumi.Input; } interface JobRegistry { /** * A Managed Identity to use to authenticate with Azure Container Registry. */ identity?: pulumi.Input; /** * The name of the Secret that contains the registry login password. */ passwordSecretName?: pulumi.Input; /** * The URL of the Azure Container Registry server. */ server: pulumi.Input; /** * The username to use to authenticate with Azure Container Registry. */ username?: pulumi.Input; } interface JobScheduleTriggerConfig { /** * Cron formatted repeating schedule of a Cron Job. */ cronExpression: pulumi.Input; /** * Number of parallel replicas of a job that can run at a given time. */ parallelism?: pulumi.Input; /** * Minimum number of successful replica completions before overall job completion. */ replicaCompletionCount?: pulumi.Input; } interface JobSecret { /** * The identity to use for accessing the Key Vault secret reference. This can either be the Resource ID of a User Assigned Identity, or `System` for the System Assigned Identity. * * !> **Note:** `identity` must be used together with `keyVaultSecretId` */ identity?: pulumi.Input; /** * The ID of a Key Vault secret. This can be a versioned or version-less ID. * * !> **Note:** When using `keyVaultSecretId`, `ignoreChanges` should be used to ignore any changes to `value`. */ keyVaultSecretId?: pulumi.Input; /** * The secret name. */ name: pulumi.Input; /** * The value for this secret. * * !> **Note:** `value` will be ignored if `keyVaultSecretId` and `identity` are provided. */ value?: pulumi.Input; } interface JobTemplate { /** * A `container` block as defined below. */ containers: pulumi.Input[]>; /** * A `initContainer` block as defined below. */ initContainers?: pulumi.Input[]>; /** * A `volume` block as defined below. */ volumes?: pulumi.Input[]>; } interface JobTemplateContainer { /** * A list of extra arguments to pass to the container. */ args?: pulumi.Input[]>; /** * A command to pass to the container to override the default. This is provided as a list of command line elements without spaces. */ commands?: pulumi.Input[]>; /** * The amount of vCPU to allocate to the container. * * > **Note:** When using a Consumption plan, the `cpu` and `memory` properties must add up to one of the combinations found in the Microsoft provided documentation, for more information see [vCPU and memory allocation requirements](https://learn.microsoft.com/azure/container-apps/containers#allocations) */ cpu: pulumi.Input; /** * One or more `env` blocks as detailed below. */ envs?: pulumi.Input[]>; /** * The amount of ephemeral storage available to the Container App. * * > **Note:** `ephemeralStorage` is currently in preview and not configurable at this time. */ ephemeralStorage?: pulumi.Input; /** * The image to use to create the container. */ image: pulumi.Input; /** * A `livenessProbe` block as detailed below. */ livenessProbes?: pulumi.Input[]>; /** * The amount of memory to allocate to the container. * * > **Note:** When using a Consumption plan, the `cpu` and `memory` properties must add up to one of the combinations found in the Microsoft provided documentation, for more information see [vCPU and memory allocation requirements](https://learn.microsoft.com/azure/container-apps/containers#allocations) */ memory: pulumi.Input; /** * The name of the container. */ name: pulumi.Input; /** * A `readinessProbe` block as detailed below. */ readinessProbes?: pulumi.Input[]>; /** * A `startupProbe` block as detailed below. */ startupProbes?: pulumi.Input[]>; /** * A `volumeMounts` block as detailed below. */ volumeMounts?: pulumi.Input[]>; } interface JobTemplateContainerEnv { /** * The name of the environment variable. */ name: pulumi.Input; /** * Name of the Container App secret from which to pull the environment variable value. */ secretName?: pulumi.Input; /** * The value of the environment variable. */ value?: pulumi.Input; } interface JobTemplateContainerLivenessProbe { /** * The number of consecutive failures required to consider this probe as failed. Possible values are between `1` and `30`. Defaults to `3`. */ failureCountThreshold?: pulumi.Input; /** * A `header` block as detailed below. */ headers?: pulumi.Input[]>; /** * The probe hostname. Defaults to the pod IP address. Setting a value for `Host` in `headers` can be used to override this for `HTTP` and `HTTPS` type probes. */ host?: pulumi.Input; /** * The time in seconds to wait after the container has started before the probe is started. */ initialDelay?: pulumi.Input; /** * How often, in seconds, the probe should run. Possible values are in the range `1` - `240`. Defaults to `10`. */ intervalSeconds?: pulumi.Input; /** * The URI to use with the `host` for http type probes. Not valid for `TCP` type probes. Defaults to `/`. */ path?: pulumi.Input; /** * The port number on which to connect. Possible values are between `1` and `65535`. */ port: pulumi.Input; /** * The time in seconds after the container is sent the termination signal before the process if forcibly killed. */ terminationGracePeriodSeconds?: pulumi.Input; /** * Time in seconds after which the probe times out. Possible values are in the range `1` - `240`. Defaults to `1`. */ timeout?: pulumi.Input; /** * Type of probe. Possible values are `TCP`, `HTTP`, and `HTTPS`. */ transport: pulumi.Input; } interface JobTemplateContainerLivenessProbeHeader { /** * The HTTP Header Name. */ name: pulumi.Input; /** * The HTTP Header value. */ value: pulumi.Input; } interface JobTemplateContainerReadinessProbe { /** * The number of consecutive failures required to consider this probe as failed. Possible values are between `1` and `48`. Defaults to `3`. */ failureCountThreshold?: pulumi.Input; /** * A `header` block as detailed below. */ headers?: pulumi.Input[]>; /** * The probe hostname. Defaults to the pod IP address. Setting a value for `Host` in `headers` can be used to override this for `HTTP` and `HTTPS` type probes. */ host?: pulumi.Input; /** * The number of seconds elapsed after the container has started before the probe is initiated. Possible values are between `0` and `60`. Defaults to `0` seconds. */ initialDelay?: pulumi.Input; /** * How often, in seconds, the probe should run. Possible values are between `1` and `240`. Defaults to `10` */ intervalSeconds?: pulumi.Input; /** * The URI to use for http type probes. Not valid for `TCP` type probes. Defaults to `/`. */ path?: pulumi.Input; /** * The port number on which to connect. Possible values are between `1` and `65535`. */ port: pulumi.Input; /** * The number of consecutive successful responses required to consider this probe as successful. Possible values are between `1` and `10`. Defaults to `3`. */ successCountThreshold?: pulumi.Input; /** * Time in seconds after which the probe times out. Possible values are in the range `1` - `240`. Defaults to `1`. */ timeout?: pulumi.Input; /** * Type of probe. Possible values are `TCP`, `HTTP`, and `HTTPS`. */ transport: pulumi.Input; } interface JobTemplateContainerReadinessProbeHeader { /** * The HTTP Header Name. */ name: pulumi.Input; /** * The HTTP Header value. */ value: pulumi.Input; } interface JobTemplateContainerStartupProbe { /** * The number of consecutive failures required to consider this probe as failed. Possible values are between `1` and `240`. Defaults to `3`. */ failureCountThreshold?: pulumi.Input; /** * A `header` block as detailed below. */ headers?: pulumi.Input[]>; /** * The value for the host header which should be sent with this probe. If unspecified, the IP Address of the Pod is used as the host header. Setting a value for `Host` in `headers` can be used to override this for `HTTP` and `HTTPS` type probes. */ host?: pulumi.Input; /** * The number of seconds elapsed after the container has started before the probe is initiated. Possible values are between `0` and `60`. Defaults to `0` seconds. */ initialDelay?: pulumi.Input; /** * How often, in seconds, the probe should run. Possible values are between `1` and `240`. Defaults to `10` */ intervalSeconds?: pulumi.Input; /** * The URI to use with the `host` for http type probes. Not valid for `TCP` type probes. Defaults to `/`. */ path?: pulumi.Input; /** * The port number on which to connect. Possible values are between `1` and `65535`. */ port: pulumi.Input; /** * The time in seconds after the container is sent the termination signal before the process if forcibly killed. */ terminationGracePeriodSeconds?: pulumi.Input; /** * Time in seconds after which the probe times out. Possible values are in the range `1` - `240`. Defaults to `1`. */ timeout?: pulumi.Input; /** * Type of probe. Possible values are `TCP`, `HTTP`, and `HTTPS`. */ transport: pulumi.Input; } interface JobTemplateContainerStartupProbeHeader { /** * The HTTP Header Name. */ name: pulumi.Input; /** * The HTTP Header value. */ value: pulumi.Input; } interface JobTemplateContainerVolumeMount { /** * The name of the volume to mount. This must match the name of a volume defined in the `volume` block. */ name: pulumi.Input; /** * The path within the container at which the volume should be mounted. Must not contain `:`. */ path: pulumi.Input; /** * The sub path of the volume to be mounted in the container. */ subPath?: pulumi.Input; } interface JobTemplateInitContainer { /** * A list of extra arguments to pass to the container. */ args?: pulumi.Input[]>; /** * A command to pass to the container to override the default. This is provided as a list of command line elements without spaces. */ commands?: pulumi.Input[]>; /** * The amount of vCPU to allocate to the container. * * > **Note:** When using a Consumption plan, the `cpu` and `memory` properties must add up to one of the combinations found in the Microsoft provided documentation, for more information see [vCPU and memory allocation requirements](https://learn.microsoft.com/azure/container-apps/containers#allocations) */ cpu?: pulumi.Input; /** * One or more `env` blocks as detailed below. */ envs?: pulumi.Input[]>; /** * The amount of ephemeral storage available to the Container App. * * > **Note:** `ephemeralStorage` is currently in preview and not configurable at this time. */ ephemeralStorage?: pulumi.Input; /** * The image to use to create the container. */ image: pulumi.Input; /** * The amount of memory to allocate to the container. * * > **Note:** When using a Consumption plan, the `cpu` and `memory` properties must add up to one of the combinations found in the Microsoft provided documentation, for more information see [vCPU and memory allocation requirements](https://learn.microsoft.com/azure/container-apps/containers#allocations) */ memory?: pulumi.Input; /** * The name of the container. */ name: pulumi.Input; /** * A `volumeMounts` block as detailed below. */ volumeMounts?: pulumi.Input[]>; } interface JobTemplateInitContainerEnv { /** * The name of the environment variable. */ name: pulumi.Input; /** * Name of the Container App secret from which to pull the environment variable value. */ secretName?: pulumi.Input; /** * The value of the environment variable. */ value?: pulumi.Input; } interface JobTemplateInitContainerVolumeMount { /** * The name of the volume to mount. This must match the name of a volume defined in the `volume` block. */ name: pulumi.Input; /** * The path within the container at which the volume should be mounted. Must not contain `:`. */ path: pulumi.Input; /** * The sub path of the volume to be mounted in the container. */ subPath?: pulumi.Input; } interface JobTemplateVolume { /** * Mount options used while mounting the AzureFile. Must be a comma-separated string e.g. `dir_mode=0751,file_mode=0751`. */ mountOptions?: pulumi.Input; /** * The name of the volume. */ name: pulumi.Input; /** * The name of the storage to use for the volume. */ storageName?: pulumi.Input; /** * The type of storage to use for the volume. Possible values are `AzureFile`, `EmptyDir`, `NfsAzureFile` and `Secret`. Defaults to `EmptyDir`. */ storageType?: pulumi.Input; } } export declare namespace containerservice { interface ConnectedRegistryNotification { /** * The action of the artifact that wants to be subscribed for the Connected Registry. Possible values are `push`, `delete` and `*` (i.e. any). */ action: pulumi.Input; /** * The digest of the artifact that wants to be subscribed for the Connected Registry. * * > **Note:** One of either `tag` or `digest` can be specified. */ digest?: pulumi.Input; /** * The name of the artifact that wants to be subscribed for the Connected Registry. */ name: pulumi.Input; /** * The tag of the artifact that wants to be subscribed for the Connected Registry. */ tag?: pulumi.Input; } interface FleetUpdateRunManagedClusterUpdate { /** * A `nodeImageSelection` block as defined below. */ nodeImageSelection?: pulumi.Input; /** * A `upgrade` block as defined below. */ upgrade: pulumi.Input; } interface FleetUpdateRunManagedClusterUpdateNodeImageSelection { /** * Specifies the node image upgrade type. Possible values are `Latest` and `Consistent`. */ type: pulumi.Input; } interface FleetUpdateRunManagedClusterUpdateUpgrade { /** * Specifies the Kubernetes version to upgrade the member clusters to. This is required if `type` is set to `Full`. */ kubernetesVersion?: pulumi.Input; /** * Specifies the type of upgrade to perform. Possible values are `Full` and `NodeImageOnly`. */ type: pulumi.Input; } interface FleetUpdateRunStage { /** * Specifies the time in seconds to wait at the end of this stage before starting the next one. */ afterStageWaitInSeconds?: pulumi.Input; /** * One or more `group` blocks as defined below. */ groups: pulumi.Input[]>; /** * The name which should be used for this stage. */ name: pulumi.Input; } interface FleetUpdateRunStageGroup { /** * The name which should be used for this group. */ name: pulumi.Input; } interface FleetUpdateStrategyStage { /** * Specifies the time in seconds to wait at the end of this stage before starting the next one. */ afterStageWaitInSeconds?: pulumi.Input; /** * One or more `group` blocks as defined below. */ groups: pulumi.Input[]>; /** * The name which should be used for this stage. */ name: pulumi.Input; } interface FleetUpdateStrategyStageGroup { /** * The name which should be used for this group. */ name: pulumi.Input; } interface FluxConfigurationBlobStorage { /** * Specifies the account key (shared key) to access the storage account. */ accountKey?: pulumi.Input; /** * Specifies the Azure Blob container ID. */ containerId: pulumi.Input; /** * Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. */ localAuthReference?: pulumi.Input; /** * A `managedIdentity` block as defined below. */ managedIdentity?: pulumi.Input; /** * Specifies the shared access token to access the storage container. */ sasToken?: pulumi.Input; /** * A `servicePrincipal` block as defined below. */ servicePrincipal?: pulumi.Input; /** * Specifies the interval at which to re-reconcile the cluster Azure Blob source with the remote. */ syncIntervalInSeconds?: pulumi.Input; /** * Specifies the maximum time to attempt to reconcile the cluster Azure Blob source with the remote. */ timeoutInSeconds?: pulumi.Input; } interface FluxConfigurationBlobStorageManagedIdentity { /** * Specifies the client ID for authenticating a Managed Identity. */ clientId: pulumi.Input; } interface FluxConfigurationBlobStorageServicePrincipal { /** * Base64-encoded certificate used to authenticate a Service Principal . */ clientCertificateBase64?: pulumi.Input; /** * Specifies the password for the certificate used to authenticate a Service Principal . */ clientCertificatePassword?: pulumi.Input; /** * Specifies whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the client certificate. */ clientCertificateSendChain?: pulumi.Input; /** * Specifies the client ID for authenticating a Service Principal. */ clientId: pulumi.Input; /** * Specifies the client secret for authenticating a Service Principal. */ clientSecret?: pulumi.Input; /** * Specifies the tenant ID for authenticating a Service Principal. */ tenantId: pulumi.Input; } interface FluxConfigurationBucket { /** * Specifies the plaintext access key used to securely access the S3 bucket. */ accessKey?: pulumi.Input; /** * Specifies the bucket name to sync from the url endpoint for the flux configuration. */ bucketName: pulumi.Input; /** * Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. It must be between 1 and 63 characters. It can contain only lowercase letters, numbers, and hyphens (-). It must start and end with a lowercase letter or number. */ localAuthReference?: pulumi.Input; /** * Specifies the Base64-encoded secret key used to authenticate with the bucket source. */ secretKeyBase64?: pulumi.Input; /** * Specifies the interval at which to re-reconcile the cluster git repository source with the remote. Defaults to `600`. */ syncIntervalInSeconds?: pulumi.Input; /** * Specifies the maximum time to attempt to reconcile the cluster git repository source with the remote. Defaults to `600`. */ timeoutInSeconds?: pulumi.Input; /** * Specify whether to communicate with a bucket using TLS is enabled. Defaults to `true`. */ tlsEnabled?: pulumi.Input; /** * Specifies the URL to sync for the flux configuration S3 bucket. It must start with `http://` or `https://`. */ url: pulumi.Input; } interface FluxConfigurationGitRepository { /** * Specifies the Base64-encoded HTTPS certificate authority contents used to access git private git repositories over HTTPS. */ httpsCaCertBase64?: pulumi.Input; /** * Specifies the Base64-encoded HTTPS personal access token or password that will be used to access the repository. */ httpsKeyBase64?: pulumi.Input; /** * Specifies the plaintext HTTPS username used to access private git repositories over HTTPS. */ httpsUser?: pulumi.Input; /** * Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. It must be between 1 and 63 characters. It can contain only lowercase letters, numbers, and hyphens (-). It must start and end with a lowercase letter or number. */ localAuthReference?: pulumi.Input; /** * Specifies the OIDC provider used for workload identity federation authentication against git repositories. Possible values are `Azure`, `Generic`, `GitHub`. */ provider?: pulumi.Input; /** * Specifies the source reference type for the GitRepository object. Possible values are `branch`, `commit`, `semver` and `tag`. */ referenceType: pulumi.Input; /** * Specifies the source reference value for the GitRepository object. */ referenceValue: pulumi.Input; /** * Specifies the Base64-encoded knownHosts value containing public SSH keys required to access private git repositories over SSH. */ sshKnownHostsBase64?: pulumi.Input; /** * Specifies the Base64-encoded SSH private key in PEM format. */ sshPrivateKeyBase64?: pulumi.Input; /** * Specifies the interval at which to re-reconcile the cluster git repository source with the remote. Defaults to `600`. */ syncIntervalInSeconds?: pulumi.Input; /** * Specifies the maximum time to attempt to reconcile the cluster git repository source with the remote. Defaults to `600`. */ timeoutInSeconds?: pulumi.Input; /** * Specifies the URL to sync for the flux configuration git repository. It must start with `http://`, `https://`, `git@` or `ssh://`. */ url: pulumi.Input; } interface FluxConfigurationKustomization { /** * Specifies other kustomizations that this kustomization depends on. This kustomization will not reconcile until all dependencies have completed their reconciliation. */ dependsOns?: pulumi.Input[]>; /** * Whether garbage collections of Kubernetes objects created by this kustomization is enabled. Defaults to `false`. */ garbageCollectionEnabled?: pulumi.Input; /** * Specifies the name of the kustomization. */ name: pulumi.Input; /** * Specifies the path in the source reference to reconcile on the cluster. */ path?: pulumi.Input; /** * A `postBuild` block as defined below. */ postBuild?: pulumi.Input; /** * Whether re-creating Kubernetes resources on the cluster is enabled when patching fails due to an immutable field change. Defaults to `false`. */ recreatingEnabled?: pulumi.Input; /** * The interval at which to re-reconcile the kustomization on the cluster in the event of failure on reconciliation. Defaults to `600`. */ retryIntervalInSeconds?: pulumi.Input; /** * The interval at which to re-reconcile the kustomization on the cluster. Defaults to `600`. */ syncIntervalInSeconds?: pulumi.Input; /** * The maximum time to attempt to reconcile the kustomization on the cluster. Defaults to `600`. */ timeoutInSeconds?: pulumi.Input; /** * Whether to enable health check for all Kubernetes objects created by this Kustomization. Defaults to `true`. */ wait?: pulumi.Input; } interface FluxConfigurationKustomizationPostBuild { /** * Specifies the key/value pairs holding the variables to be substituted in this Kustomization. */ substitute?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * A `substituteFrom` block as defined below. */ substituteFroms?: pulumi.Input[]>; } interface FluxConfigurationKustomizationPostBuildSubstituteFrom { /** * Specifies the source kind to hold the variables to be used in substitution. Possible values are `ConfigMap` and `Secret`. */ kind: pulumi.Input; /** * Specifies the name of the ConfigMap/Secret that holds the variables to be used in substitution. */ name: pulumi.Input; /** * Whether to proceed without ConfigMap/Secret if it is not present. Defaults to `false`. */ optional?: pulumi.Input; } interface GroupContainer { /** * A list of commands which should be run on the container. Changing this forces a new resource to be created. */ commands?: pulumi.Input[]>; /** * The required number of CPU cores of the containers. Changing this forces a new resource to be created. */ cpu: pulumi.Input; /** * The upper limit of the number of CPU cores of the containers. */ cpuLimit?: pulumi.Input; /** * A list of environment variables to be set on the container. Specified as a map of name/value pairs. Changing this forces a new resource to be created. */ environmentVariables?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The container image name. Changing this forces a new resource to be created. */ image: pulumi.Input; /** * The definition of a readiness probe for this container as documented in the `livenessProbe` block below. Changing this forces a new resource to be created. */ livenessProbe?: pulumi.Input; /** * The required memory of the containers in GB. Changing this forces a new resource to be created. */ memory: pulumi.Input; /** * The upper limit of the memory of the containers in GB. */ memoryLimit?: pulumi.Input; /** * Specifies the name of the Container. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * A set of public ports for the container. Changing this forces a new resource to be created. Set as documented in the `ports` block below. */ ports?: pulumi.Input[]>; /** * The definition of a readiness probe for this container as documented in the `readinessProbe` block below. Changing this forces a new resource to be created. */ readinessProbe?: pulumi.Input; /** * A list of sensitive environment variables to be set on the container. Specified as a map of name/value pairs. Changing this forces a new resource to be created. */ secureEnvironmentVariables?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The definition of the security context for this container as documented in the `security` block below. Changing this forces a new resource to be created. */ securities?: pulumi.Input[]>; /** * The definition of a volume mount for this container as documented in the `volume` block below. Changing this forces a new resource to be created. */ volumes?: pulumi.Input[]>; } interface GroupContainerLivenessProbe { /** * Commands to be run to validate container readiness. Changing this forces a new resource to be created. */ execs?: pulumi.Input[]>; /** * How many times to try the probe before restarting the container (liveness probe) or marking the container as unhealthy (readiness probe). Changing this forces a new resource to be created. */ failureThreshold?: pulumi.Input; /** * The definition of the httpGet for this container as documented in the `httpGet` block below. Changing this forces a new resource to be created. */ httpGets?: pulumi.Input[]>; /** * Number of seconds after the container has started before liveness or readiness probes are initiated. Changing this forces a new resource to be created. */ initialDelaySeconds?: pulumi.Input; /** * How often (in seconds) to perform the probe. Changing this forces a new resource to be created. */ periodSeconds?: pulumi.Input; /** * Minimum consecutive successes for the probe to be considered successful after having failed. Changing this forces a new resource to be created. */ successThreshold?: pulumi.Input; /** * Number of seconds after which the probe times out. Changing this forces a new resource to be created. */ timeoutSeconds?: pulumi.Input; } interface GroupContainerLivenessProbeHttpGet { /** * A map of HTTP headers used to access on the container. Changing this forces a new resource to be created. */ httpHeaders?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Path to access on the HTTP server. Changing this forces a new resource to be created. */ path?: pulumi.Input; /** * Number of the port to access on the container. Changing this forces a new resource to be created. */ port?: pulumi.Input; /** * Scheme to use for connecting to the host. Possible values are `Http` and `Https`. Changing this forces a new resource to be created. */ scheme?: pulumi.Input; } interface GroupContainerPort { /** * The port number the container will expose. Changing this forces a new resource to be created. */ port?: pulumi.Input; /** * The network protocol associated with port. Possible values are `TCP` & `UDP`. Changing this forces a new resource to be created. Defaults to `TCP`. * * > **Note:** Omitting these blocks will default the exposed ports on the group to all ports on all containers defined in the `container` blocks of this group. */ protocol?: pulumi.Input; } interface GroupContainerReadinessProbe { /** * Commands to be run to validate container readiness. Changing this forces a new resource to be created. */ execs?: pulumi.Input[]>; /** * How many times to try the probe before restarting the container (liveness probe) or marking the container as unhealthy (readiness probe). Changing this forces a new resource to be created. */ failureThreshold?: pulumi.Input; /** * The definition of the httpGet for this container as documented in the `httpGet` block below. Changing this forces a new resource to be created. */ httpGets?: pulumi.Input[]>; /** * Number of seconds after the container has started before liveness or readiness probes are initiated. Changing this forces a new resource to be created. */ initialDelaySeconds?: pulumi.Input; /** * How often (in seconds) to perform the probe. Changing this forces a new resource to be created. */ periodSeconds?: pulumi.Input; /** * Minimum consecutive successes for the probe to be considered successful after having failed. Changing this forces a new resource to be created. */ successThreshold?: pulumi.Input; /** * Number of seconds after which the probe times out. Changing this forces a new resource to be created. */ timeoutSeconds?: pulumi.Input; } interface GroupContainerReadinessProbeHttpGet { /** * A map of HTTP headers used to access on the container. Changing this forces a new resource to be created. */ httpHeaders?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Path to access on the HTTP server. Changing this forces a new resource to be created. */ path?: pulumi.Input; /** * Number of the port to access on the container. Changing this forces a new resource to be created. */ port?: pulumi.Input; /** * Scheme to use for connecting to the host. Possible values are `Http` and `Https`. Changing this forces a new resource to be created. */ scheme?: pulumi.Input; } interface GroupContainerSecurity { /** * Whether the container's permission is elevated to privileged? Changing this forces a new resource to be created. * * > **Note:** Currently, this only applies when the `osType` is `Linux` and the `sku` is `Confidential`. */ privilegeEnabled: pulumi.Input; } interface GroupContainerVolume { /** * Boolean as to whether the mounted volume should be an empty directory. Defaults to `false`. Changing this forces a new resource to be created. */ emptyDir?: pulumi.Input; /** * A `gitRepo` block as defined below. Changing this forces a new resource to be created. */ gitRepo?: pulumi.Input; /** * The path on which this volume is to be mounted. Changing this forces a new resource to be created. */ mountPath: pulumi.Input; /** * The name of the volume mount. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specify if the volume is to be mounted as read only or not. The default value is `false`. Changing this forces a new resource to be created. */ readOnly?: pulumi.Input; /** * A map of secrets that will be mounted as files in the volume. Changing this forces a new resource to be created. * * > **Note:** Exactly one of `emptyDir` volume, `gitRepo` volume, `secret` volume or storage account volume (`shareName`, `storageAccountName`, and `storageAccountKey`) must be specified. * * > **Note:** when using a storage account volume, all of `shareName`, `storageAccountName`, and `storageAccountKey` must be specified. * * > **Note:** The secret values must be supplied as Base64 encoded strings. The secret values are decoded to their original values when mounted in the volume on the container. */ secret?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure storage share that is to be mounted as a volume. This must be created on the storage account specified as above. Changing this forces a new resource to be created. */ shareName?: pulumi.Input; /** * The access key for the Azure Storage account specified as above. Changing this forces a new resource to be created. */ storageAccountKey?: pulumi.Input; /** * The Azure storage account from which the volume is to be mounted. Changing this forces a new resource to be created. */ storageAccountName?: pulumi.Input; } interface GroupContainerVolumeGitRepo { /** * Specifies the directory into which the repository should be cloned. Changing this forces a new resource to be created. */ directory?: pulumi.Input; /** * Specifies the commit hash of the revision to be cloned. If unspecified, the HEAD revision is cloned. Changing this forces a new resource to be created. */ revision?: pulumi.Input; /** * Specifies the Git repository to be cloned. Changing this forces a new resource to be created. */ url: pulumi.Input; } interface GroupDiagnostics { /** * A `logAnalytics` block as defined below. Changing this forces a new resource to be created. */ logAnalytics: pulumi.Input; } interface GroupDiagnosticsLogAnalytics { /** * The log type which should be used. Possible values are `ContainerInsights` and `ContainerInstanceLogs`. Changing this forces a new resource to be created. */ logType?: pulumi.Input; /** * Any metadata required for Log Analytics. Changing this forces a new resource to be created. */ metadata?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Workspace ID of the Log Analytics Workspace. Changing this forces a new resource to be created. */ workspaceId: pulumi.Input; /** * The Workspace Key of the Log Analytics Workspace. Changing this forces a new resource to be created. */ workspaceKey: pulumi.Input; } interface GroupDnsConfig { /** * A list of nameservers the containers will search out to resolve requests. Changing this forces a new resource to be created. */ nameservers: pulumi.Input[]>; /** * A list of [resolver configuration options](https://man7.org/linux/man-pages/man5/resolv.conf.5.html). Changing this forces a new resource to be created. */ options?: pulumi.Input[]>; /** * A list of search domains that DNS requests will search along. Changing this forces a new resource to be created. */ searchDomains?: pulumi.Input[]>; } interface GroupExposedPort { /** * The port number the container will expose. Changing this forces a new resource to be created. */ port?: pulumi.Input; /** * The network protocol associated with port. Possible values are `TCP` & `UDP`. Changing this forces a new resource to be created. Defaults to `TCP`. * * > **Note:** Removing all `exposedPort` blocks requires setting `exposedPort = []`. */ protocol?: pulumi.Input; } interface GroupIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Container Group. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. * * > **Note:** Currently you can't use a managed identity in a container group deployed to a virtual network. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Container Group. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). * * > **Note:** When `type` is set to `SystemAssigned`, the identity of the Principal ID can be retrieved after the container group has been created. See [documentation](https://docs.microsoft.com/azure/active-directory/managed-service-identity/overview) for more information. */ type: pulumi.Input; } interface GroupImageRegistryCredential { /** * The password with which to connect to the registry. Changing this forces a new resource to be created. */ password?: pulumi.Input; /** * The address to use to connect to the registry without protocol ("https"/"http"). For example: "myacr.acr.io". Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The identity ID for the private registry. Changing this forces a new resource to be created. */ userAssignedIdentityId?: pulumi.Input; /** * The username with which to connect to the registry. Changing this forces a new resource to be created. */ username?: pulumi.Input; } interface GroupInitContainer { /** * A list of commands which should be run on the container. Changing this forces a new resource to be created. */ commands?: pulumi.Input[]>; /** * A list of environment variables to be set on the container. Specified as a map of name/value pairs. Changing this forces a new resource to be created. */ environmentVariables?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The container image name. Changing this forces a new resource to be created. */ image: pulumi.Input; /** * Specifies the name of the Container. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * A list of sensitive environment variables to be set on the container. Specified as a map of name/value pairs. Changing this forces a new resource to be created. */ secureEnvironmentVariables?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The definition of the security context for this container as documented in the `security` block below. Changing this forces a new resource to be created. */ securities?: pulumi.Input[]>; /** * The definition of a volume mount for this container as documented in the `volume` block below. Changing this forces a new resource to be created. */ volumes?: pulumi.Input[]>; } interface GroupInitContainerSecurity { /** * Whether the container's permission is elevated to privileged? Changing this forces a new resource to be created. * * > **Note:** Currently, this only applies when the `osType` is `Linux` and the `sku` is `Confidential`. */ privilegeEnabled: pulumi.Input; } interface GroupInitContainerVolume { /** * Boolean as to whether the mounted volume should be an empty directory. Defaults to `false`. Changing this forces a new resource to be created. */ emptyDir?: pulumi.Input; /** * A `gitRepo` block as defined below. Changing this forces a new resource to be created. */ gitRepo?: pulumi.Input; /** * The path on which this volume is to be mounted. Changing this forces a new resource to be created. */ mountPath: pulumi.Input; /** * The name of the volume mount. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specify if the volume is to be mounted as read only or not. The default value is `false`. Changing this forces a new resource to be created. */ readOnly?: pulumi.Input; /** * A map of secrets that will be mounted as files in the volume. Changing this forces a new resource to be created. * * > **Note:** Exactly one of `emptyDir` volume, `gitRepo` volume, `secret` volume or storage account volume (`shareName`, `storageAccountName`, and `storageAccountKey`) must be specified. * * > **Note:** when using a storage account volume, all of `shareName`, `storageAccountName`, and `storageAccountKey` must be specified. * * > **Note:** The secret values must be supplied as Base64 encoded strings. The secret values are decoded to their original values when mounted in the volume on the container. */ secret?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure storage share that is to be mounted as a volume. This must be created on the storage account specified as above. Changing this forces a new resource to be created. */ shareName?: pulumi.Input; /** * The access key for the Azure Storage account specified as above. Changing this forces a new resource to be created. */ storageAccountKey?: pulumi.Input; /** * The Azure storage account from which the volume is to be mounted. Changing this forces a new resource to be created. */ storageAccountName?: pulumi.Input; } interface GroupInitContainerVolumeGitRepo { /** * Specifies the directory into which the repository should be cloned. Changing this forces a new resource to be created. */ directory?: pulumi.Input; /** * Specifies the commit hash of the revision to be cloned. If unspecified, the HEAD revision is cloned. Changing this forces a new resource to be created. */ revision?: pulumi.Input; /** * Specifies the Git repository to be cloned. Changing this forces a new resource to be created. */ url: pulumi.Input; } interface KubernetesClusterAciConnectorLinux { /** * A `connectorIdentity` block is exported. The exported attributes are defined below. */ connectorIdentities?: pulumi.Input[]>; /** * The subnet name for the virtual nodes to run. * * > **Note:** At this time ACI Connectors are not supported in Azure China. * * > **Note:** AKS will add a delegation to the subnet named here. To prevent further runs from failing you should make sure that the subnet you create for virtual nodes has a delegation, like so. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const virtual = new azure.network.Subnet("virtual", {delegations: [{ * name: "aciDelegation", * serviceDelegation: { * name: "Microsoft.ContainerInstance/containerGroups", * actions: ["Microsoft.Network/virtualNetworks/subnets/action"], * }, * }]}); * ``` */ subnetName: pulumi.Input; } interface KubernetesClusterAciConnectorLinuxConnectorIdentity { /** * The Client ID of the user-defined Managed Identity used for Web App Routing. */ clientId?: pulumi.Input; /** * The Object ID of the user-defined Managed Identity used for Web App Routing */ objectId?: pulumi.Input; /** * The ID of the User Assigned Identity used for Web App Routing. */ userAssignedIdentityId?: pulumi.Input; } interface KubernetesClusterApiServerAccessProfile { /** * Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"]. */ authorizedIpRanges?: pulumi.Input[]>; /** * The ID of the Subnet where the API server endpoint is delegated to. */ subnetId?: pulumi.Input; /** * Whether to enable virtual network integration for the API Server. Defaults to `false`. */ virtualNetworkIntegrationEnabled?: pulumi.Input; } interface KubernetesClusterAutoScalerProfile { /** * Detect similar node groups and balance the number of nodes between them. Defaults to `false`. */ balanceSimilarNodeGroups?: pulumi.Input; /** * Whether DaemonSet pods will be gracefully terminated from empty nodes. Defaults to `false`. */ daemonsetEvictionForEmptyNodesEnabled?: pulumi.Input; /** * Whether DaemonSet pods will be gracefully terminated from non-empty nodes. Defaults to `true`. */ daemonsetEvictionForOccupiedNodesEnabled?: pulumi.Input; /** * Maximum number of empty nodes that can be deleted at the same time. Defaults to `10`. */ emptyBulkDeleteMax?: pulumi.Input; /** * Expander to use. Possible values are `least-waste`, `priority`, `most-pods` and `random`. Defaults to `random`. */ expander?: pulumi.Input; /** * Whether DaemonSet pods will be ignored when calculating resource utilization for scale down. Defaults to `false`. */ ignoreDaemonsetsUtilizationEnabled?: pulumi.Input; /** * Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to `600`. */ maxGracefulTerminationSec?: pulumi.Input; /** * Maximum time the autoscaler waits for a node to be provisioned. Defaults to `15m`. */ maxNodeProvisioningTime?: pulumi.Input; /** * Maximum Number of allowed unready nodes. Defaults to `3`. */ maxUnreadyNodes?: pulumi.Input; /** * Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to `45`. */ maxUnreadyPercentage?: pulumi.Input; /** * For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to `10s`. */ newPodScaleUpDelay?: pulumi.Input; /** * How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to `10m`. */ scaleDownDelayAfterAdd?: pulumi.Input; /** * How long after node deletion that scale down evaluation resumes. Defaults to the value used for `scanInterval`. */ scaleDownDelayAfterDelete?: pulumi.Input; /** * How long after scale down failure that scale down evaluation resumes. Defaults to `3m`. */ scaleDownDelayAfterFailure?: pulumi.Input; /** * How long a node should be unneeded before it is eligible for scale down. Defaults to `10m`. */ scaleDownUnneeded?: pulumi.Input; /** * How long an unready node should be unneeded before it is eligible for scale down. Defaults to `20m`. */ scaleDownUnready?: pulumi.Input; /** * Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to `0.5`. */ scaleDownUtilizationThreshold?: pulumi.Input; /** * How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to `10s`. */ scanInterval?: pulumi.Input; /** * If `true` cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults to `false`. * */ skipNodesWithLocalStorage?: pulumi.Input; /** * If `true` cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults to `true`. */ skipNodesWithSystemPods?: pulumi.Input; } interface KubernetesClusterAzureActiveDirectoryRoleBasedAccessControl { /** * A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster. */ adminGroupObjectIds?: pulumi.Input[]>; /** * Is Role Based Access Control based on Azure AD enabled? */ azureRbacEnabled?: pulumi.Input; /** * The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used. */ tenantId?: pulumi.Input; } interface KubernetesClusterBootstrapProfile { /** * The artifact source. The source where the artifacts are downloaded from. Possible values are `Cache` and `Direct`. Defaults to `Direct`. * * > **Note:** If the `artifactSource` is set to `Cache` and the `outboundType` has been specified, the managed ACR and related resources will **not** be automatically deleted and must be removed manually. Please see the product [documentation](https://learn.microsoft.com/azure/aks/concepts-network-isolated#how-a-network-isolated-cluster-works) for more information. */ artifactSource?: pulumi.Input; /** * The resource Id of Azure Container Registry. * * > **Note:** The `containerRegistryId` requires an ACR with a private link to the cluster. You must manage permissions, cache rules, the associated private link and the private endpoint. Please see the product [documentation](https://learn.microsoft.com/azure/container-registry/container-registry-private-link) for more information on configuring an ACR with a private endpoint. */ containerRegistryId?: pulumi.Input; } interface KubernetesClusterConfidentialComputing { /** * Should the SGX quote helper be enabled? */ sgxQuoteHelperEnabled: pulumi.Input; } interface KubernetesClusterDefaultNodePool { /** * Should [the Kubernetes Auto Scaler](https://docs.microsoft.com/azure/aks/cluster-autoscaler) be enabled for this Node Pool? * * > **Note:** This requires that the `type` is set to `VirtualMachineScaleSets`. * * > **Note:** If you're using AutoScaling, you may wish to use [`ignoreChanges` functionality](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to ignore changes to the `nodeCount` field. */ autoScalingEnabled?: pulumi.Input; /** * Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created. */ capacityReservationGroupId?: pulumi.Input; /** * Should the nodes in this Node Pool have Federal Information Processing Standard enabled? `temporaryNameForRotation` must be specified when changing this block. */ fipsEnabled?: pulumi.Input; /** * Specifies the driver type for GPU nodes. Possible values are `Install` and `None`. Changing this forces a new resource to be created. */ gpuDriver?: pulumi.Input; /** * Specifies the GPU MIG instance profile for supported GPU VM SKU. The allowed values are `MIG1g`, `MIG2g`, `MIG3g`, `MIG4g` and `MIG7g`. Changing this forces a new resource to be created. */ gpuInstance?: pulumi.Input; /** * Should the nodes in the Default Node Pool have host encryption enabled? `temporaryNameForRotation` must be specified when changing this property. * * > **Note:** This requires that the Feature `Microsoft.Compute/EncryptionAtHost` is enabled and the Resource Provider is registered. */ hostEncryptionEnabled?: pulumi.Input; /** * Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created. */ hostGroupId?: pulumi.Input; /** * A `kubeletConfig` block as defined below. `temporaryNameForRotation` must be specified when changing this block. */ kubeletConfig?: pulumi.Input; /** * The type of disk used by kubelet. Possible values are `OS` and `Temporary`. `temporaryNameForRotation` must be specified when changing this block. */ kubeletDiskType?: pulumi.Input; /** * A `linuxOsConfig` block as defined below. `temporaryNameForRotation` must be specified when changing this block. */ linuxOsConfig?: pulumi.Input; maxCount?: pulumi.Input; /** * The maximum number of pods that can run on each agent. `temporaryNameForRotation` must be specified when changing this property. */ maxPods?: pulumi.Input; minCount?: pulumi.Input; /** * The name which should be used for the default Kubernetes Node Pool. */ name: pulumi.Input; nodeCount?: pulumi.Input; /** * A map of Kubernetes labels which should be applied to nodes in the Default Node Pool. */ nodeLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * A `nodeNetworkProfile` block as documented below. */ nodeNetworkProfile?: pulumi.Input; /** * Should nodes in this Node Pool have a Public IP Address? `temporaryNameForRotation` must be specified when changing this property. */ nodePublicIpEnabled?: pulumi.Input; /** * Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool. `nodePublicIpEnabled` should be `true`. Changing this forces a new resource to be created. */ nodePublicIpPrefixId?: pulumi.Input; /** * Enabling this option will taint default node pool with `CriticalAddonsOnly=true:NoSchedule` taint. `temporaryNameForRotation` must be specified when changing this property. */ onlyCriticalAddonsEnabled?: pulumi.Input; /** * Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by `kubernetesVersion`. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as `1.22` are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in [the documentation](https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions?tabs=azure-cli#alias-minor-version). * * > **Note:** This version must be supported by the Kubernetes Cluster - as such the version of Kubernetes used on the Cluster/Control Plane may need to be upgraded first. */ orchestratorVersion?: pulumi.Input; /** * The size of the OS Disk which should be used for each agent in the Node Pool. `temporaryNameForRotation` must be specified when attempting a change. */ osDiskSizeGb?: pulumi.Input; /** * The type of disk which should be used for the Operating System. Possible values are `Ephemeral` and `Managed`. Defaults to `Managed`. `temporaryNameForRotation` must be specified when attempting a change. */ osDiskType?: pulumi.Input; /** * Specifies the OS SKU used by the agent pool. Possible values are `AzureLinux`, `AzureLinux3`, `Ubuntu`, `Ubuntu2204`, `Ubuntu2404`, `Windows2019` and `Windows2022`. If not specified, the default is `Ubuntu` when os_type=Linux or `Windows2019` if os_type=Windows (`Windows2022` Kubernetes ≥1.33). Changing between `AzureLinux` and `Ubuntu` does not replace the resource; otherwise `temporaryNameForRotation` must be specified when attempting a change. * * > **Note:** `Windows2019` is deprecated and not supported for Kubernetes version ≥1.33. */ osSku?: pulumi.Input; /** * The ID of the Subnet where the pods in the default Node Pool should exist. */ podSubnetId?: pulumi.Input; /** * The ID of the Proximity Placement Group. Changing this forces a new resource to be created. */ proximityPlacementGroupId?: pulumi.Input; /** * Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are `Delete` and `Deallocate`. Defaults to `Delete`. */ scaleDownMode?: pulumi.Input; /** * The ID of the Snapshot which should be used to create this default Node Pool. `temporaryNameForRotation` must be specified when changing this property. */ snapshotId?: pulumi.Input; /** * A mapping of tags to assign to the Node Pool. * * > At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you may wish to use `ignoreChanges` functionality to ignore changes to the casing until this is fixed in the AKS API. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing. */ temporaryNameForRotation?: pulumi.Input; /** * The type of Node Pool which should be created. Possible values are `VirtualMachineScaleSets`. Defaults to `VirtualMachineScaleSets`. Changing this forces a new resource to be created. * * > **Note:** When creating a cluster that supports multiple node pools, the cluster must use `VirtualMachineScaleSets`. For more information on the limitations of clusters using multiple node pools see [the documentation](https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#limitations). */ type?: pulumi.Input; /** * Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to `false`. See [the documentation](https://docs.microsoft.com/azure/aks/use-ultra-disks) for more information. `temporaryNameForRotation` must be specified when attempting a change. */ ultraSsdEnabled?: pulumi.Input; /** * A `upgradeSettings` block as documented below. */ upgradeSettings?: pulumi.Input; /** * The size of the Virtual Machine, such as `Standard_DS2_v2`. `temporaryNameForRotation` must be specified when attempting a resize. */ vmSize?: pulumi.Input; /** * The ID of a Subnet where the Kubernetes Node Pool should exist. * * > **Note:** A Route Table must be configured on this Subnet. */ vnetSubnetId?: pulumi.Input; /** * Specifies the workload runtime used by the node pool. Possible value is `OCIContainer`. */ workloadRuntime?: pulumi.Input; /** * Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. `temporaryNameForRotation` must be specified when changing this property. * * > **Note:** This requires that the `type` is set to `VirtualMachineScaleSets` and that `loadBalancerSku` is set to `standard`. */ zones?: pulumi.Input[]>; } interface KubernetesClusterDefaultNodePoolKubeletConfig { /** * Specifies the allow list of unsafe sysctls command or patterns (ending in `*`). */ allowedUnsafeSysctls?: pulumi.Input[]>; /** * Specifies the maximum number of container log files that can be present for a container. must be at least 2. */ containerLogMaxLine?: pulumi.Input; /** * Specifies the maximum size (e.g. 10MB) of container log file before it is rotated. */ containerLogMaxSizeMb?: pulumi.Input; /** * Is CPU CFS quota enforcement for containers enabled? Defaults to `true`. */ cpuCfsQuotaEnabled?: pulumi.Input; /** * Specifies the CPU CFS quota period value. */ cpuCfsQuotaPeriod?: pulumi.Input; /** * Specifies the CPU Manager policy to use. Possible values are `none` and `static`,. */ cpuManagerPolicy?: pulumi.Input; /** * Specifies the percent of disk usage above which image garbage collection is always run. Must be between `0` and `100`. */ imageGcHighThreshold?: pulumi.Input; /** * Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between `0` and `100`. */ imageGcLowThreshold?: pulumi.Input; /** * Specifies the maximum number of processes per pod. */ podMaxPid?: pulumi.Input; /** * Specifies the Topology Manager policy to use. Possible values are `none`, `best-effort`, `restricted` or `single-numa-node`. */ topologyManagerPolicy?: pulumi.Input; } interface KubernetesClusterDefaultNodePoolLinuxOsConfig { /** * Specifies the size of the swap file on each node in MB. */ swapFileSizeMb?: pulumi.Input; /** * A `sysctlConfig` block as defined below. */ sysctlConfig?: pulumi.Input; /** * Specifies the Transparent Huge Page configuration. Possible values are `always`, `madvise` and `never`. */ transparentHugePage?: pulumi.Input; /** * specifies the defrag configuration for Transparent Huge Page. Possible values are `always`, `defer`, `defer+madvise`, `madvise` and `never`. */ transparentHugePageDefrag?: pulumi.Input; /** * @deprecated this property has been deprecated in favour of `transparentHugePage` and will be removed in version 5.0 of the Provider. */ transparentHugePageEnabled?: pulumi.Input; } interface KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfig { /** * The sysctl setting fs.aio-max-nr. Must be between `65536` and `6553500`. */ fsAioMaxNr?: pulumi.Input; /** * The sysctl setting fs.file-max. Must be between `8192` and `12000500`. */ fsFileMax?: pulumi.Input; /** * The sysctl setting fs.inotify.max_user_watches. Must be between `781250` and `2097152`. */ fsInotifyMaxUserWatches?: pulumi.Input; /** * The sysctl setting fs.nr_open. Must be between `8192` and `20000500`. */ fsNrOpen?: pulumi.Input; /** * The sysctl setting kernel.threads-max. Must be between `20` and `513785`. */ kernelThreadsMax?: pulumi.Input; /** * The sysctl setting net.core.netdev_max_backlog. Must be between `1000` and `3240000`. */ netCoreNetdevMaxBacklog?: pulumi.Input; /** * The sysctl setting net.core.optmem_max. Must be between `20480` and `4194304`. */ netCoreOptmemMax?: pulumi.Input; /** * The sysctl setting net.core.rmem_default. Must be between `212992` and `134217728`. */ netCoreRmemDefault?: pulumi.Input; /** * The sysctl setting net.core.rmem_max. Must be between `212992` and `134217728`. */ netCoreRmemMax?: pulumi.Input; /** * The sysctl setting net.core.somaxconn. Must be between `4096` and `3240000`. */ netCoreSomaxconn?: pulumi.Input; /** * The sysctl setting net.core.wmem_default. Must be between `212992` and `134217728`. */ netCoreWmemDefault?: pulumi.Input; /** * The sysctl setting net.core.wmem_max. Must be between `212992` and `134217728`. */ netCoreWmemMax?: pulumi.Input; /** * The sysctl setting net.ipv4.ip_local_port_range max value. Must be between `32768` and `65535`. */ netIpv4IpLocalPortRangeMax?: pulumi.Input; /** * The sysctl setting net.ipv4.ip_local_port_range min value. Must be between `1024` and `60999`. */ netIpv4IpLocalPortRangeMin?: pulumi.Input; /** * The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between `128` and `80000`. */ netIpv4NeighDefaultGcThresh1?: pulumi.Input; /** * The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between `512` and `90000`. */ netIpv4NeighDefaultGcThresh2?: pulumi.Input; /** * The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between `1024` and `100000`. */ netIpv4NeighDefaultGcThresh3?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_fin_timeout. Must be between `5` and `120`. */ netIpv4TcpFinTimeout?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between `10` and `90`. */ netIpv4TcpKeepaliveIntvl?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between `1` and `15`. */ netIpv4TcpKeepaliveProbes?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_keepalive_time. Must be between `30` and `432000`. */ netIpv4TcpKeepaliveTime?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between `128` and `3240000`. */ netIpv4TcpMaxSynBacklog?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between `8000` and `1440000`. */ netIpv4TcpMaxTwBuckets?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_tw_reuse. */ netIpv4TcpTwReuse?: pulumi.Input; /** * The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between `65536` and `524288`. */ netNetfilterNfConntrackBuckets?: pulumi.Input; /** * The sysctl setting net.netfilter.nf_conntrack_max. Must be between `131072` and `2097152`. */ netNetfilterNfConntrackMax?: pulumi.Input; /** * The sysctl setting vm.max_map_count. Must be between `65530` and `262144`. */ vmMaxMapCount?: pulumi.Input; /** * The sysctl setting vm.swappiness. Must be between `0` and `100`. */ vmSwappiness?: pulumi.Input; /** * The sysctl setting vm.vfs_cache_pressure. Must be between `0` and `100`. */ vmVfsCachePressure?: pulumi.Input; } interface KubernetesClusterDefaultNodePoolNodeNetworkProfile { /** * One or more `allowedHostPorts` blocks as defined below. */ allowedHostPorts?: pulumi.Input[]>; /** * A list of Application Security Group IDs which should be associated with this Node Pool. */ applicationSecurityGroupIds?: pulumi.Input[]>; /** * Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created. */ nodePublicIpTags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface KubernetesClusterDefaultNodePoolNodeNetworkProfileAllowedHostPort { /** * Specifies the end of the port range. */ portEnd?: pulumi.Input; /** * Specifies the start of the port range. */ portStart?: pulumi.Input; /** * Specifies the protocol of the port range. Possible values are `TCP` and `UDP`. */ protocol?: pulumi.Input; } interface KubernetesClusterDefaultNodePoolUpgradeSettings { /** * The amount of time in minutes to wait on eviction of pods and graceful termination per node. This eviction wait time honors pod disruption budgets for upgrades. If this time is exceeded, the upgrade fails. Unsetting this after configuring it will force a new resource to be created. */ drainTimeoutInMinutes?: pulumi.Input; /** * The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade. * * > **Note:** If a percentage is provided, the number of surge nodes is calculated from the `nodeCount` value on the current cluster. Node surge can allow a cluster to have more nodes than `maxCount` during an upgrade. Ensure that your cluster has enough [IP space](https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade) during an upgrade. */ maxSurge: pulumi.Input; /** * The amount of time in minutes to wait after draining a node and before reimaging and moving on to next node. * * > **Note:** The default value for `nodeSoakDurationInMinutes` is `0`. . */ nodeSoakDurationInMinutes?: pulumi.Input; /** * Specifies the action when a node is undrainable during upgrade. Possible values are `Cordon` and `Schedule`. Unsetting this after configuring it will force a new resource to be created. */ undrainableNodeBehavior?: pulumi.Input; } interface KubernetesClusterExtensionAksAssignedIdentity { /** * The principal ID of resource identity. */ principalId?: pulumi.Input; /** * The tenant ID of resource. */ tenantId?: pulumi.Input; /** * The identity type. */ type?: pulumi.Input; } interface KubernetesClusterExtensionPlan { /** * Specifies the name of the plan from the marketplace. Changing this forces a new Kubernetes Cluster Extension to be created. */ name: pulumi.Input; /** * Specifies the product of the plan from the marketplace. Changing this forces a new Kubernetes Cluster Extension to be created. */ product: pulumi.Input; /** * Specifies the promotion code to use with the plan. Changing this forces a new Kubernetes Cluster Extension to be created. */ promotionCode?: pulumi.Input; /** * Specifies the publisher of the plan. Changing this forces a new Kubernetes Cluster Extension to be created. */ publisher: pulumi.Input; /** * Specifies the version of the plan from the marketplace. Changing this forces a new Kubernetes Cluster Extension to be created. * * > **Note:** When `plan` is specified, legal terms must be accepted for this item on this subscription before creating the Kubernetes Cluster Extension. The `azure.marketplace.Agreement` resource or AZ CLI tool can be used to do this. */ version?: pulumi.Input; } interface KubernetesClusterHttpProxyConfig { /** * The proxy address to be used when communicating over HTTP. */ httpProxy?: pulumi.Input; /** * The proxy address to be used when communicating over HTTPS. */ httpsProxy?: pulumi.Input; /** * The list of domains that will not use the proxy for communication. * * > **Note:** If you specify the `default_node_pool[0].vnet_subnet_id`, be sure to include the Subnet CIDR in the `noProxy` list. * * > **Note:** You may wish to use Terraform's `ignoreChanges` functionality to ignore the changes to this field. */ noProxies?: pulumi.Input[]>; /** * The base64 encoded alternative CA certificate content in PEM format. */ trustedCa?: pulumi.Input; } interface KubernetesClusterIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster. * * > **Note:** This is required when `type` is set to `UserAssigned`. Currently only one User Assigned Identity is supported. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are `SystemAssigned` or `UserAssigned`. */ type: pulumi.Input; } interface KubernetesClusterIngressApplicationGateway { /** * The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster. */ effectiveGatewayId?: pulumi.Input; /** * The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See [this](https://docs.microsoft.com/azure/application-gateway/tutorial-ingress-controller-add-on-existing) page for further details. */ gatewayId?: pulumi.Input; /** * The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See [this](https://docs.microsoft.com/azure/application-gateway/tutorial-ingress-controller-add-on-new) page for further details. */ gatewayName?: pulumi.Input; /** * An `ingressApplicationGatewayIdentity` block is exported. The exported attributes are defined below. */ ingressApplicationGatewayIdentities?: pulumi.Input[]>; /** * The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See [this](https://docs.microsoft.com/azure/application-gateway/tutorial-ingress-controller-add-on-new) page for further details. */ subnetCidr?: pulumi.Input; /** * The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See [this](https://docs.microsoft.com/azure/application-gateway/tutorial-ingress-controller-add-on-new) page for further details. * * > **Note:** Exactly one of `gatewayId`, `subnetId` or `subnetCidr` must be specified. * * > **Note:** If specifying `ingressApplicationGateway` in conjunction with `onlyCriticalAddonsEnabled`, the AGIC pod will fail to start. A separate `azure.containerservice.KubernetesClusterNodePool` is required to run the AGIC pod successfully. This is because AGIC is classed as a "non-critical addon". */ subnetId?: pulumi.Input; } interface KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentity { /** * The Client ID of the user-defined Managed Identity used for Web App Routing. */ clientId?: pulumi.Input; /** * The Object ID of the user-defined Managed Identity used for Web App Routing */ objectId?: pulumi.Input; /** * The ID of the User Assigned Identity used for Web App Routing. */ userAssignedIdentityId?: pulumi.Input; } interface KubernetesClusterKeyManagementService { /** * Identifier of Azure Key Vault key. See [key identifier format](https://learn.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) for more details. */ keyVaultKeyId: pulumi.Input; /** * Network access of the key vault Network access of key vault. The possible values are `Public` and `Private`. `Public` means the key vault allows public access from all networks. `Private` means the key vault disables public access and enables private link. Defaults to `Public`. */ keyVaultNetworkAccess?: pulumi.Input; } interface KubernetesClusterKeyVaultSecretsProvider { /** * An `secretIdentity` block is exported. The exported attributes are defined below. */ secretIdentities?: pulumi.Input[]>; /** * Should the secret store CSI driver on the AKS cluster be enabled? */ secretRotationEnabled?: pulumi.Input; /** * The interval to poll for secret rotation. This attribute is only set when `secretRotationEnabled` is true. Defaults to `2m`. * * > **Note:** To enable`keyVaultSecretsProvider` either `secretRotationEnabled` or `secretRotationInterval` must be specified. */ secretRotationInterval?: pulumi.Input; } interface KubernetesClusterKeyVaultSecretsProviderSecretIdentity { /** * The Client ID of the user-defined Managed Identity used for Web App Routing. */ clientId?: pulumi.Input; /** * The Object ID of the user-defined Managed Identity used for Web App Routing */ objectId?: pulumi.Input; /** * The ID of the User Assigned Identity used for Web App Routing. */ userAssignedIdentityId?: pulumi.Input; } interface KubernetesClusterKubeAdminConfig { /** * Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster. */ clientCertificate?: pulumi.Input; /** * Base64 encoded private key used by clients to authenticate to the Kubernetes cluster. */ clientKey?: pulumi.Input; /** * Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster. */ clusterCaCertificate?: pulumi.Input; /** * The Kubernetes cluster server host. */ host?: pulumi.Input; /** * A password or token used to authenticate to the Kubernetes cluster. */ password?: pulumi.Input; /** * A username used to authenticate to the Kubernetes cluster. */ username?: pulumi.Input; } interface KubernetesClusterKubeConfig { /** * Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster. */ clientCertificate?: pulumi.Input; /** * Base64 encoded private key used by clients to authenticate to the Kubernetes cluster. */ clientKey?: pulumi.Input; /** * Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster. */ clusterCaCertificate?: pulumi.Input; /** * The Kubernetes cluster server host. */ host?: pulumi.Input; /** * A password or token used to authenticate to the Kubernetes cluster. */ password?: pulumi.Input; /** * A username used to authenticate to the Kubernetes cluster. */ username?: pulumi.Input; } interface KubernetesClusterKubeletIdentity { /** * The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created. */ clientId?: pulumi.Input; /** * The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created. */ objectId?: pulumi.Input; /** * The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created. */ userAssignedIdentityId?: pulumi.Input; } interface KubernetesClusterLinuxProfile { /** * The Admin Username for the Cluster. Changing this forces a new resource to be created. */ adminUsername: pulumi.Input; /** * An `sshKey` block as defined below. */ sshKey: pulumi.Input; } interface KubernetesClusterLinuxProfileSshKey { /** * The Public SSH Key used to access the cluster. Changing this forces a new resource to be created. */ keyData: pulumi.Input; } interface KubernetesClusterMaintenanceWindow { /** * One or more `allowed` blocks as defined below. */ alloweds?: pulumi.Input[]>; /** * One or more `notAllowed` block as defined below. */ notAlloweds?: pulumi.Input[]>; } interface KubernetesClusterMaintenanceWindowAllowed { /** * A day in a week. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` and `Saturday`. */ day: pulumi.Input; /** * An array of hour slots in a day. For example, specifying `1` will allow maintenance from 1:00am to 2:00am. Specifying `1`, `2` will allow maintenance from 1:00am to 3:00m. Possible values are between `0` and `23`. */ hours: pulumi.Input[]>; } interface KubernetesClusterMaintenanceWindowAutoUpgrade { /** * The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive). */ dayOfMonth?: pulumi.Input; /** * The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are `Friday`, `Monday`, `Saturday`, `Sunday`, `Thursday`, `Tuesday` and `Wednesday`. */ dayOfWeek?: pulumi.Input; /** * The duration of the window for maintenance to run in hours. Possible options are between `4` to `24`. */ duration: pulumi.Input; /** * Frequency of maintenance. Possible options are `Daily`, `Weekly`, `AbsoluteMonthly` and `RelativeMonthly`. */ frequency: pulumi.Input; /** * The interval for maintenance runs. Depending on the frequency this interval is week or month based. */ interval: pulumi.Input; /** * One or more `notAllowed` block as defined below. */ notAlloweds?: pulumi.Input[]>; /** * The date on which the maintenance window begins to take effect. */ startDate?: pulumi.Input; /** * The time for maintenance to begin, based on the timezone determined by `utcOffset`. Format is `HH:mm`. */ startTime?: pulumi.Input; /** * Used to determine the timezone for cluster maintenance. */ utcOffset?: pulumi.Input; /** * Specifies on which instance of the allowed days specified in `dayOfWeek` the maintenance occurs. Options are `First`, `Second`, `Third`, `Fourth`, and `Last`. * Required in combination with relative monthly frequency. */ weekIndex?: pulumi.Input; } interface KubernetesClusterMaintenanceWindowAutoUpgradeNotAllowed { /** * The end of a time span, formatted as an RFC3339 string. */ end: pulumi.Input; /** * The start of a time span, formatted as an RFC3339 string. */ start: pulumi.Input; } interface KubernetesClusterMaintenanceWindowNodeOs { /** * The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive). */ dayOfMonth?: pulumi.Input; /** * The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are `Friday`, `Monday`, `Saturday`, `Sunday`, `Thursday`, `Tuesday` and `Wednesday`. */ dayOfWeek?: pulumi.Input; /** * The duration of the window for maintenance to run in hours. Possible options are between `4` to `24`. */ duration: pulumi.Input; /** * Frequency of maintenance. Possible options are `Daily`, `Weekly`, `AbsoluteMonthly` and `RelativeMonthly`. */ frequency: pulumi.Input; /** * The interval for maintenance runs. Depending on the frequency this interval is week or month based. */ interval: pulumi.Input; /** * One or more `notAllowed` block as defined below. */ notAlloweds?: pulumi.Input[]>; /** * The date on which the maintenance window begins to take effect. */ startDate?: pulumi.Input; /** * The time for maintenance to begin, based on the timezone determined by `utcOffset`. Format is `HH:mm`. */ startTime?: pulumi.Input; /** * Used to determine the timezone for cluster maintenance. */ utcOffset?: pulumi.Input; /** * The week in the month used for the maintenance run. Options are `First`, `Second`, `Third`, `Fourth`, and `Last`. */ weekIndex?: pulumi.Input; } interface KubernetesClusterMaintenanceWindowNodeOsNotAllowed { /** * The end of a time span, formatted as an RFC3339 string. */ end: pulumi.Input; /** * The start of a time span, formatted as an RFC3339 string. */ start: pulumi.Input; } interface KubernetesClusterMaintenanceWindowNotAllowed { /** * The end of a time span, formatted as an RFC3339 string. */ end: pulumi.Input; /** * The start of a time span, formatted as an RFC3339 string. */ start: pulumi.Input; } interface KubernetesClusterMicrosoftDefender { /** * Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to. */ logAnalyticsWorkspaceId: pulumi.Input; } interface KubernetesClusterMonitorMetrics { /** * Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric. */ annotationsAllowed?: pulumi.Input; /** * Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric. * * > **Note:** Both properties `annotationsAllowed` and `labelsAllowed` are required if you are enabling Managed Prometheus with an existing Azure Monitor Workspace. */ labelsAllowed?: pulumi.Input; } interface KubernetesClusterNetworkProfile { /** * An `advancedNetworking` block as defined below. */ advancedNetworking?: pulumi.Input; /** * IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created. */ dnsServiceIp?: pulumi.Input; /** * Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are `IPv4` and/or `IPv6`. `IPv4` must always be specified. Changing this forces a new resource to be created. * * ->**Note:** To configure dual-stack networking `ipVersions` should be set to `["IPv4", "IPv6"]`. * * ->**Note:** Dual-stack networking requires that the Preview Feature `Microsoft.ContainerService/AKS-EnableDualStack` is enabled and the Resource Provider is re-registered, see [the documentation](https://docs.microsoft.com/azure/aks/configure-kubenet-dual-stack?tabs=azure-cli%2Ckubectl#register-the-aks-enabledualstack-preview-feature) for more information. */ ipVersions?: pulumi.Input[]>; /** * A `loadBalancerProfile` block as defined below. This can only be specified when `loadBalancerSku` is set to `standard`. Changing this forces a new resource to be created. */ loadBalancerProfile?: pulumi.Input; /** * Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are `basic` and `standard`. Defaults to `standard`. Changing this forces a new resource to be created. */ loadBalancerSku?: pulumi.Input; /** * A `natGatewayProfile` block as defined below. This can only be specified when `loadBalancerSku` is set to `standard` and `outboundType` is set to `managedNATGateway` or `userAssignedNATGateway`. Changing this forces a new resource to be created. */ natGatewayProfile?: pulumi.Input; /** * Specifies the data plane used for building the Kubernetes network. Possible values are `azure` and `cilium`. Defaults to `azure`. Disabling this forces a new resource to be created. * * > **Note:** When `networkDataPlane` is set to `cilium`, the `networkPlugin` field can only be set to `azure`. * * > **Note:** When `networkDataPlane` is set to `cilium`, one of either `networkPluginMode = "overlay"` or `podSubnetId` must be specified. * * > **Note:** Upgrading `networkDataPlane` from `azure` to `cilium` is supported and will perform an in-place upgrade by reimaging all nodes in the cluster. Changing from other values will force a new resource to be created. For more information on upgrading to Azure CNI Powered by Cilium see the [product documentation](https://learn.microsoft.com/azure/aks/upgrade-azure-cni). */ networkDataPlane?: pulumi.Input; /** * Network mode to be used with Azure CNI. Possible values are `bridge` and `transparent`. Changing this forces a new resource to be created. * * > **Note:** `networkMode` can only be set to `bridge` for existing Kubernetes Clusters and cannot be used to provision new Clusters - this will be removed by Azure in the future. * * > **Note:** This property can only be set when `networkPlugin` is set to `azure`. */ networkMode?: pulumi.Input; /** * Network plugin to use for networking. Currently supported values are `azure`, `kubenet` and `none` * * > **Note:** When `networkPlugin` is set to `azure` - the `podCidr` field must not be set, unless specifying `networkPluginMode` to `overlay`. * * > **Note:** Changing `networkPlugin` forces a new resource to be created, except when upgrading from `kubenet` to `azure` with `networkPluginMode` set to `overlay`. */ networkPlugin: pulumi.Input; /** * Specifies the network plugin mode used for building the Kubernetes network. Possible value is `overlay`. * * > **Note:** When `networkPluginMode` is set to `overlay`, the `networkPlugin` field can only be set to `azure`. When upgrading from Azure CNI without overlay, `podSubnetId` must be specified. */ networkPluginMode?: pulumi.Input; /** * Sets up network policy to be used with Azure CNI. [Network policy allows us to control the traffic flow between pods](https://docs.microsoft.com/azure/aks/use-network-policies). Currently supported values are `calico`, `azure` and `cilium`. * * > **Note:** When `networkPolicy` is set to `azure`, the `networkPlugin` field can only be set to `azure`. * * > **Note:** When `networkPolicy` is set to `cilium`, the `networkDataPlane` field must be set to `cilium`. * * > **Note:** Upgrading `networkPolicy` from `azure` or `calico` to `cilium` is supported and will perform an in-place upgrade. Changing from other values will force a new resource to be created. */ networkPolicy?: pulumi.Input; /** * The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are `loadBalancer`, `userDefinedRouting`, `managedNATGateway`, `userAssignedNATGateway` and `none`. Defaults to `loadBalancer`. * * > **Note:** For more information on supported `outboundType` migration paths please see the product [documentation](https://learn.microsoft.com/azure/aks/egress-outboundtype#updating-outboundtype-after-cluster-creation). */ outboundType?: pulumi.Input; /** * The CIDR to use for pod IP addresses. This field can only be set when `networkPlugin` is set to `kubenet` or `networkPluginMode` is set to `overlay`. * * > **Note:** Once `podCidr` has been set, changing it forces a new resource to be created. */ podCidr?: pulumi.Input; /** * A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. * * > **Note:** Once `podCidrs` has been set, changing it forces a new resource to be created. */ podCidrs?: pulumi.Input[]>; /** * The Network Range used by the Kubernetes service. Changing this forces a new resource to be created. */ serviceCidr?: pulumi.Input; /** * A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created. * * > **Note:** This range should not be used by any network element on or connected to this VNet. Service address CIDR must be smaller than /12. `dockerBridgeCidr`, `dnsServiceIp` and `serviceCidr` should all be empty or all should be set. */ serviceCidrs?: pulumi.Input[]>; } interface KubernetesClusterNetworkProfileAdvancedNetworking { /** * Is observability enabled? Defaults to `false`. */ observabilityEnabled?: pulumi.Input; /** * Is security enabled? Defaults to `false`. This can only be enabled (set to `true`) when `networkPlugin` is set to `azure` and `networkDataPlane` is set to `cilium`. */ securityEnabled?: pulumi.Input; } interface KubernetesClusterNetworkProfileLoadBalancerProfile { /** * The type of the managed inbound Load Balancer Backend Pool. Possible values are `NodeIP` and `NodeIPConfiguration`. Defaults to `NodeIPConfiguration`. See [the documentation](https://learn.microsoft.com/en-us/azure/aks/load-balancer-standard#change-the-inbound-pool-type) for more information. */ backendPoolType?: pulumi.Input; /** * The outcome (resource IDs) of the specified arguments. */ effectiveOutboundIps?: pulumi.Input[]>; /** * Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between `4` and `100` inclusive. Defaults to `30`. */ idleTimeoutInMinutes?: pulumi.Input; /** * Count of desired managed outbound IPs for the cluster load balancer. Must be between `1` and `100` inclusive. */ managedOutboundIpCount?: pulumi.Input; /** * The desired number of IPv6 outbound IPs created and managed by Azure for the cluster load balancer. Must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. * * > **Note:** `managedOutboundIpv6Count` requires dual-stack networking. To enable dual-stack networking the Preview Feature `Microsoft.ContainerService/AKS-EnableDualStack` needs to be enabled and the Resource Provider re-registered, see [the documentation](https://docs.microsoft.com/azure/aks/configure-kubenet-dual-stack?tabs=azure-cli%2Ckubectl#register-the-aks-enabledualstack-preview-feature) for more information. */ managedOutboundIpv6Count?: pulumi.Input; /** * The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer. * * > **Note:** Set `outboundIpAddressIds` to an empty slice `[]` in order to unlink it from the cluster. Unlinking a `outboundIpAddressIds` will revert the load balancing for the cluster back to a managed one. */ outboundIpAddressIds?: pulumi.Input[]>; /** * The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer. * * > **Note:** Set `outboundIpPrefixIds` to an empty slice `[]` in order to unlink it from the cluster. Unlinking a `outboundIpPrefixIds` will revert the load balancing for the cluster back to a managed one. */ outboundIpPrefixIds?: pulumi.Input[]>; /** * Number of desired SNAT port for each VM in the clusters load balancer. Must be between `0` and `64000` inclusive. Defaults to `0`. */ outboundPortsAllocated?: pulumi.Input; } interface KubernetesClusterNetworkProfileNatGatewayProfile { /** * The outcome (resource IDs) of the specified arguments. */ effectiveOutboundIps?: pulumi.Input[]>; /** * Desired outbound flow idle timeout in minutes for the managed nat gateway. Must be between `4` and `120` inclusive. Defaults to `4`. */ idleTimeoutInMinutes?: pulumi.Input; /** * Count of desired managed outbound IPs for the managed nat gateway. Must be between `1` and `16` inclusive. */ managedOutboundIpCount?: pulumi.Input; } interface KubernetesClusterNodePoolKubeletConfig { /** * Specifies the allow list of unsafe sysctls command or patterns (ending in `*`). */ allowedUnsafeSysctls?: pulumi.Input[]>; /** * Specifies the maximum number of container log files that can be present for a container. must be at least 2. */ containerLogMaxLine?: pulumi.Input; /** * Specifies the maximum size (e.g. 10MB) of container log file before it is rotated. */ containerLogMaxSizeMb?: pulumi.Input; /** * Is CPU CFS quota enforcement for containers enabled? Defaults to `true`. */ cpuCfsQuotaEnabled?: pulumi.Input; /** * Specifies the CPU CFS quota period value. */ cpuCfsQuotaPeriod?: pulumi.Input; /** * Specifies the CPU Manager policy to use. Possible values are `none` and `static`, */ cpuManagerPolicy?: pulumi.Input; /** * Specifies the percent of disk usage above which image garbage collection is always run. Must be between `0` and `100`. */ imageGcHighThreshold?: pulumi.Input; /** * Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between `0` and `100`. */ imageGcLowThreshold?: pulumi.Input; /** * Specifies the maximum number of processes per pod. */ podMaxPid?: pulumi.Input; /** * Specifies the Topology Manager policy to use. Possible values are `none`, `best-effort`, `restricted` or `single-numa-node`. */ topologyManagerPolicy?: pulumi.Input; } interface KubernetesClusterNodePoolLinuxOsConfig { /** * Specifies the size of swap file on each node in MB. */ swapFileSizeMb?: pulumi.Input; /** * A `sysctlConfig` block as defined below. */ sysctlConfig?: pulumi.Input; /** * Specifies the Transparent Huge Page configuration. Possible values are `always`, `madvise` and `never`. */ transparentHugePage?: pulumi.Input; /** * specifies the defrag configuration for Transparent Huge Page. Possible values are `always`, `defer`, `defer+madvise`, `madvise` and `never`. */ transparentHugePageDefrag?: pulumi.Input; /** * @deprecated this property has been deprecated in favour of `transparentHugePage` and will be removed in version 5.0 of the Provider. */ transparentHugePageEnabled?: pulumi.Input; } interface KubernetesClusterNodePoolLinuxOsConfigSysctlConfig { /** * The sysctl setting fs.aio-max-nr. Must be between `65536` and `6553500`. */ fsAioMaxNr?: pulumi.Input; /** * The sysctl setting fs.file-max. Must be between `8192` and `12000500`. */ fsFileMax?: pulumi.Input; /** * The sysctl setting fs.inotify.max_user_watches. Must be between `781250` and `2097152`. */ fsInotifyMaxUserWatches?: pulumi.Input; /** * The sysctl setting fs.nr_open. Must be between `8192` and `20000500`. */ fsNrOpen?: pulumi.Input; /** * The sysctl setting kernel.threads-max. Must be between `20` and `513785`. */ kernelThreadsMax?: pulumi.Input; /** * The sysctl setting net.core.netdev_max_backlog. Must be between `1000` and `3240000`. */ netCoreNetdevMaxBacklog?: pulumi.Input; /** * The sysctl setting net.core.optmem_max. Must be between `20480` and `4194304`. */ netCoreOptmemMax?: pulumi.Input; /** * The sysctl setting net.core.rmem_default. Must be between `212992` and `134217728`. */ netCoreRmemDefault?: pulumi.Input; /** * The sysctl setting net.core.rmem_max. Must be between `212992` and `134217728`. */ netCoreRmemMax?: pulumi.Input; /** * The sysctl setting net.core.somaxconn. Must be between `4096` and `3240000`. */ netCoreSomaxconn?: pulumi.Input; /** * The sysctl setting net.core.wmem_default. Must be between `212992` and `134217728`. */ netCoreWmemDefault?: pulumi.Input; /** * The sysctl setting net.core.wmem_max. Must be between `212992` and `134217728`. */ netCoreWmemMax?: pulumi.Input; /** * The sysctl setting net.ipv4.ip_local_port_range max value. Must be between `32768` and `65535`. */ netIpv4IpLocalPortRangeMax?: pulumi.Input; /** * The sysctl setting net.ipv4.ip_local_port_range min value. Must be between `1024` and `60999`. */ netIpv4IpLocalPortRangeMin?: pulumi.Input; /** * The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between `128` and `80000`. */ netIpv4NeighDefaultGcThresh1?: pulumi.Input; /** * The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between `512` and `90000`. */ netIpv4NeighDefaultGcThresh2?: pulumi.Input; /** * The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between `1024` and `100000`. */ netIpv4NeighDefaultGcThresh3?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_fin_timeout. Must be between `5` and `120`. */ netIpv4TcpFinTimeout?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between `10` and `90`. */ netIpv4TcpKeepaliveIntvl?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between `1` and `15`. */ netIpv4TcpKeepaliveProbes?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_keepalive_time. Must be between `30` and `432000`. */ netIpv4TcpKeepaliveTime?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between `128` and `3240000`. */ netIpv4TcpMaxSynBacklog?: pulumi.Input; /** * The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between `8000` and `1440000`. */ netIpv4TcpMaxTwBuckets?: pulumi.Input; /** * Is sysctl setting net.ipv4.tcp_tw_reuse enabled? */ netIpv4TcpTwReuse?: pulumi.Input; /** * The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between `65536` and `524288`. */ netNetfilterNfConntrackBuckets?: pulumi.Input; /** * The sysctl setting net.netfilter.nf_conntrack_max. Must be between `131072` and `2097152`. */ netNetfilterNfConntrackMax?: pulumi.Input; /** * The sysctl setting vm.max_map_count. Must be between `65530` and `262144`. */ vmMaxMapCount?: pulumi.Input; /** * The sysctl setting vm.swappiness. Must be between `0` and `100`. */ vmSwappiness?: pulumi.Input; /** * The sysctl setting vm.vfs_cache_pressure. Must be between `0` and `100`. */ vmVfsCachePressure?: pulumi.Input; } interface KubernetesClusterNodePoolNodeNetworkProfile { /** * One or more `allowedHostPorts` blocks as defined below. */ allowedHostPorts?: pulumi.Input[]>; /** * A list of Application Security Group IDs which should be associated with this Node Pool. */ applicationSecurityGroupIds?: pulumi.Input[]>; /** * Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created. * * > **Note:** To set the application security group, you must allow at least one host port. Without this, the configuration will fail silently. [Learn More](https://learn.microsoft.com/en-us/azure/aks/use-node-public-ips#allow-host-port-connections-and-add-node-pools-to-application-security-groups). */ nodePublicIpTags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface KubernetesClusterNodePoolNodeNetworkProfileAllowedHostPort { /** * Specifies the end of the port range. */ portEnd?: pulumi.Input; /** * Specifies the start of the port range. */ portStart?: pulumi.Input; /** * Specifies the protocol of the port range. Possible values are `TCP` and `UDP`. */ protocol?: pulumi.Input; } interface KubernetesClusterNodePoolUpgradeSettings { /** * The amount of time in minutes to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. Unsetting this after configuring it will force a new resource to be created. */ drainTimeoutInMinutes?: pulumi.Input; /** * The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade. */ maxSurge?: pulumi.Input; /** * The maximum number or percentage of nodes which can be unavailable during the upgrade. * * > **Note:** Exactly one of `maxSurge` or `maxUnavailable` must be specified, unless `priority` is set to `Spot`. Spot node pools do not support `maxSurge` or `maxUnavailable`. */ maxUnavailable?: pulumi.Input; /** * The amount of time in minutes to wait after draining a node and before reimaging and moving on to next node. */ nodeSoakDurationInMinutes?: pulumi.Input; /** * Specifies the action when a node is undrainable during upgrade. Possible values are `Cordon` and `Schedule`. Unsetting this after configuring it will force a new resource to be created. */ undrainableNodeBehavior?: pulumi.Input; } interface KubernetesClusterNodePoolWindowsProfile { /** * Should the Windows nodes in this Node Pool have outbound NAT enabled? Defaults to `true`. Changing this forces a new resource to be created. * * > **Note:** If a percentage is provided, the number of surge nodes is calculated from the current node count on the cluster. Node surge can allow a cluster to have more nodes than `maxCount` during an upgrade. Ensure that your cluster has enough [IP space](https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade) during an upgrade. */ outboundNatEnabled?: pulumi.Input; } interface KubernetesClusterNodeProvisioningProfile { /** * Specifies whether default node pools should be provisioned automatically. Possible values are `Auto` and `None`. Defaults to `Auto`. At least one of `mode` or `defaultNodePools` must be specified. */ defaultNodePools?: pulumi.Input; mode?: pulumi.Input; } interface KubernetesClusterOmsAgent { /** * The ID of the Log Analytics Workspace which the OMS Agent should send data to. */ logAnalyticsWorkspaceId: pulumi.Input; /** * Is managed identity authentication for monitoring enabled? */ msiAuthForMonitoringEnabled?: pulumi.Input; /** * An `omsAgentIdentity` block is exported. The exported attributes are defined below. */ omsAgentIdentities?: pulumi.Input[]>; } interface KubernetesClusterOmsAgentOmsAgentIdentity { /** * The Client ID of the user-defined Managed Identity used for Web App Routing. */ clientId?: pulumi.Input; /** * The Object ID of the user-defined Managed Identity used for Web App Routing */ objectId?: pulumi.Input; /** * The ID of the User Assigned Identity used for Web App Routing. */ userAssignedIdentityId?: pulumi.Input; } interface KubernetesClusterServiceMeshProfile { /** * A `certificateAuthority` block as defined below. When this property is specified, `keyVaultSecretsProvider` is also required to be set. This configuration allows you to bring your own root certificate and keys for Istio CA in the Istio-based service mesh add-on for Azure Kubernetes Service. */ certificateAuthority?: pulumi.Input; /** * Is Istio External Ingress Gateway enabled? * * > **NOTE:** Currently only one Internal Ingress Gateway and one External Ingress Gateway are allowed per cluster */ externalIngressGatewayEnabled?: pulumi.Input; /** * Is Istio Internal Ingress Gateway enabled? */ internalIngressGatewayEnabled?: pulumi.Input; /** * The mode of the service mesh. Possible value is `Istio`. */ mode: pulumi.Input; /** * Specify 1 or 2 Istio control plane revisions for managing minor upgrades using the canary upgrade process. For example, create the resource with `revisions` set to `["asm-1-25"]`, or leave it empty (the `revisions` will only be known after apply). To start the canary upgrade, change `revisions` to `["asm-1-25", "asm-1-26"]`. To roll back the canary upgrade, revert to `["asm-1-25"]`. To confirm the upgrade, change to `["asm-1-26"]`. * * > **NOTE:** Upgrading to a new (canary) revision does not affect existing sidecar proxies. You need to apply the canary revision label to selected namespaces and restart pods with kubectl to inject the new sidecar proxy. [Learn more](https://istio.io/latest/docs/setup/upgrade/canary/#data-plane). */ revisions: pulumi.Input[]>; } interface KubernetesClusterServiceMeshProfileCertificateAuthority { /** * The certificate chain object name in Azure Key Vault. */ certChainObjectName: pulumi.Input; /** * The intermediate certificate object name in Azure Key Vault. */ certObjectName: pulumi.Input; /** * The intermediate certificate private key object name in Azure Key Vault. * * > **Note:** For more information on [Istio-based service mesh add-on with plug-in CA certificates and how to generate these certificates](https://learn.microsoft.com/en-us/azure/aks/istio-plugin-ca), */ keyObjectName: pulumi.Input; /** * The resource ID of the Key Vault. */ keyVaultId: pulumi.Input; /** * The root certificate object name in Azure Key Vault. */ rootCertObjectName: pulumi.Input; } interface KubernetesClusterServicePrincipal { /** * The Client ID for the Service Principal. */ clientId: pulumi.Input; /** * The Client Secret for the Service Principal. */ clientSecret: pulumi.Input; } interface KubernetesClusterStorageProfile { /** * Is the Blob CSI driver enabled? Defaults to `false`. */ blobDriverEnabled?: pulumi.Input; /** * Is the Disk CSI driver enabled? Defaults to `true`. */ diskDriverEnabled?: pulumi.Input; /** * Is the File CSI driver enabled? Defaults to `true`. */ fileDriverEnabled?: pulumi.Input; /** * Is the Snapshot Controller enabled? Defaults to `true`. */ snapshotControllerEnabled?: pulumi.Input; } interface KubernetesClusterUpgradeOverride { /** * Specifies the duration, in RFC 3339 format (e.g., `2025-10-01T13:00:00Z`), the `upgradeOverride` values are effective. This field must be set for the `upgradeOverride` values to take effect. The date-time must be within the next 30 days. * * > **Note:** This only matches the start time of an upgrade, and the effectiveness won't change once an upgrade starts even if the `effectiveUntil` value expires as the upgrade proceeds. */ effectiveUntil?: pulumi.Input; /** * Whether to force upgrade the cluster. Possible values are `true` or `false`. * * !> **Note:** The `forceUpgradeEnabled` field instructs the upgrade operation to bypass upgrade protections (e.g. checking for deprecated API usage) which may render the cluster inoperative after the upgrade process has completed. Use the `forceUpgradeEnabled` option with extreme caution only. */ forceUpgradeEnabled: pulumi.Input; } interface KubernetesClusterWebAppRouting { /** * Specifies the ingress type for the default `NginxIngressController` custom resource. The allowed values are `None`, `Internal`, `External` and `AnnotationControlled`. Defaults to `AnnotationControlled`. */ defaultNginxController?: pulumi.Input; /** * Specifies the list of the DNS Zone IDs in which DNS entries are created for applications deployed to the cluster when Web App Routing is enabled. If not using Bring-Your-Own DNS zones this property should be set to an empty list. */ dnsZoneIds: pulumi.Input[]>; /** * A `webAppRoutingIdentity` block is exported. The exported attributes are defined below. */ webAppRoutingIdentities?: pulumi.Input[]>; } interface KubernetesClusterWebAppRoutingWebAppRoutingIdentity { /** * The Client ID of the user-defined Managed Identity used for Web App Routing. */ clientId?: pulumi.Input; /** * The Object ID of the user-defined Managed Identity used for Web App Routing */ objectId?: pulumi.Input; /** * The ID of the User Assigned Identity used for Web App Routing. */ userAssignedIdentityId?: pulumi.Input; } interface KubernetesClusterWindowsProfile { /** * The Admin Password for Windows VMs. Length must be between 14 and 123 characters. */ adminPassword: pulumi.Input; /** * The Admin Username for Windows VMs. Changing this forces a new resource to be created. */ adminUsername: pulumi.Input; /** * A `gmsa` block as defined below. */ gmsa?: pulumi.Input; /** * Specifies the type of on-premise license which should be used for Node Pool Windows Virtual Machine. At this time the only possible value is `Windows_Server`. */ license?: pulumi.Input; } interface KubernetesClusterWindowsProfileGmsa { /** * Specifies the DNS server for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster. */ dnsServer: pulumi.Input; /** * Specifies the root domain name for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster. * * > **Note:** The properties `dnsServer` and `rootDomain` must both either be set or unset, i.e. empty. */ rootDomain: pulumi.Input; } interface KubernetesClusterWorkloadAutoscalerProfile { /** * Specifies whether KEDA Autoscaler can be used for workloads. */ kedaEnabled?: pulumi.Input; /** * Specifies whether Vertical Pod Autoscaler should be enabled. */ verticalPodAutoscalerEnabled?: pulumi.Input; } interface KubernetesFleetManagerHubProfile { dnsPrefix: pulumi.Input; fqdn?: pulumi.Input; kubernetesVersion?: pulumi.Input; } interface RegistryCredentialSetAuthenticationCredentials { /** * The URI of the secret containing the password in a Key Vault. * * > **Note:** Be aware that you will need to permit the Identity that is created for the Container Registry to have `get` on secrets to the Key Vault, e.g. using the `azure.keyvault.AccessPolicy` resource. */ passwordSecretId: pulumi.Input; /** * The URI of the secret containing the username in a Key Vault. */ usernameSecretId: pulumi.Input; } interface RegistryCredentialSetIdentity { /** * The principal ID of the Identity. */ principalId?: pulumi.Input; /** * The tenant ID of the Identity. */ tenantId?: pulumi.Input; /** * The type of Managed Service Identity that is configured on for the Container Registry Credential Set. Currently the only possible value is `SystemAssigned`. */ type: pulumi.Input; } interface RegistryEncryption { /** * The client ID of the managed identity associated with the encryption key. */ identityClientId: pulumi.Input; /** * The ID of the Key Vault Key. */ keyVaultKeyId: pulumi.Input; } interface RegistryGeoreplication { /** * A location where the container registry should be geo-replicated. */ location: pulumi.Input; /** * Whether regional endpoint is enabled for this Container Registry? */ regionalEndpointEnabled?: pulumi.Input; /** * A mapping of tags to assign to this replication location. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Whether zone redundancy is enabled for this replication location? Defaults to `false`. * * > **Note:** Changing the `zoneRedundancyEnabled` forces an underlying replication to be created. */ zoneRedundancyEnabled?: pulumi.Input; } interface RegistryIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Container Registry. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Container Registry. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface RegistryNetworkRuleSet { /** * The behaviour for requests matching no rules. Either `Allow` or `Deny`. Defaults to `Allow` */ defaultAction?: pulumi.Input; /** * One or more `ipRule` blocks as defined below. * * > **Note:** `networkRuleSet` is only supported with the `Premium` SKU at this time. * * > **Note:** Azure automatically configures Network Rules - to remove these, you'll need to specify an `networkRuleSet` block with `defaultAction` set to `Deny`. */ ipRules?: pulumi.Input[]>; } interface RegistryNetworkRuleSetIpRule { /** * The behaviour for requests matching this rule. At this time the only supported value is `Allow` */ action: pulumi.Input; /** * The CIDR block from which requests will match the rule. */ ipRange: pulumi.Input; } interface RegistryTaskAgentSetting { /** * The number of cores required for the Container Registry Task. Possible value is `2`. */ cpu: pulumi.Input; } interface RegistryTaskBaseImageTrigger { /** * Should the trigger be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The name which should be used for this trigger. */ name: pulumi.Input; /** * The type of the trigger. Possible values are `All` and `Runtime`. */ type: pulumi.Input; /** * The endpoint URL for receiving the trigger. */ updateTriggerEndpoint?: pulumi.Input; /** * Type of payload body for the trigger. Possible values are `Default` and `Token`. */ updateTriggerPayloadType?: pulumi.Input; } interface RegistryTaskDockerStep { /** * Specifies a map of arguments to be used when executing this step. */ arguments?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Should the image cache be enabled? Defaults to `true`. */ cacheEnabled?: pulumi.Input; /** * The token (Git PAT or SAS token of storage account blob) associated with the context for this step. */ contextAccessToken: pulumi.Input; /** * The URL (absolute or relative) of the source context for this step. If the context is an url you can reference a specific branch or folder via `#branch:folder`. */ contextPath: pulumi.Input; /** * The Dockerfile path relative to the source context. */ dockerfilePath: pulumi.Input; /** * Specifies a list of fully qualified image names including the repository and tag. */ imageNames?: pulumi.Input[]>; /** * Should the image built be pushed to the registry or not? Defaults to `true`. */ pushEnabled?: pulumi.Input; /** * Specifies a map of *secret* arguments to be used when executing this step. */ secretArguments?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The name of the target build stage for the docker build. */ target?: pulumi.Input; } interface RegistryTaskEncodedStep { /** * The token (Git PAT or SAS token of storage account blob) associated with the context for this step. */ contextAccessToken?: pulumi.Input; /** * The URL (absolute or relative) of the source context for this step. */ contextPath?: pulumi.Input; /** * Specifies a map of secret values that can be passed when running a task. */ secretValues?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The (optionally base64 encoded) content of the build template. */ taskContent: pulumi.Input; /** * The (optionally base64 encoded) content of the build parameters. */ valueContent?: pulumi.Input; /** * Specifies a map of values that can be passed when running a task. */ values?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface RegistryTaskFileStep { /** * The token (Git PAT or SAS token of storage account blob) associated with the context for this step. */ contextAccessToken?: pulumi.Input; /** * The URL (absolute or relative) of the source context for this step. */ contextPath?: pulumi.Input; /** * Specifies a map of secret values that can be passed when running a task. */ secretValues?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The task template file path relative to the source context. */ taskFilePath: pulumi.Input; /** * The parameters file path relative to the source context. */ valueFilePath?: pulumi.Input; /** * Specifies a map of values that can be passed when running a task. */ values?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface RegistryTaskIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Container Registry Task. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Container Registry Task. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface RegistryTaskPlatform { /** * The OS architecture. Possible values are `amd64`, `x86`, `386`, `arm` and `arm64`. */ architecture?: pulumi.Input; /** * The operating system type required for the task. Possible values are `Windows` and `Linux`. */ os: pulumi.Input; /** * The variant of the CPU. Possible values are `v6`, `v7`, `v8`. */ variant?: pulumi.Input; } interface RegistryTaskRegistryCredential { /** * One or more `custom` blocks as defined above. */ customs?: pulumi.Input[]>; /** * One `source` block as defined below. */ source?: pulumi.Input; } interface RegistryTaskRegistryCredentialCustom { /** * The managed identity assigned to this custom credential. For user assigned identity, the value is the client ID of the identity. For system assigned identity, the value is `[system]`. */ identity?: pulumi.Input; /** * The login server of the custom Container Registry. */ loginServer: pulumi.Input; /** * The password for logging into the custom Container Registry. It can be either a plain text of password, or a Keyvault Secret ID. */ password?: pulumi.Input; /** * The username for logging into the custom Container Registry. It can be either a plain text of username, or a Keyvault Secret ID. */ username?: pulumi.Input; } interface RegistryTaskRegistryCredentialSource { /** * The login mode for the source registry. Possible values are `None` and `Default`. */ loginMode: pulumi.Input; } interface RegistryTaskSourceTrigger { /** * A `authentication` block as defined above. */ authentication?: pulumi.Input; /** * The branch name of the source code. */ branch?: pulumi.Input; /** * Should the trigger be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * Specifies a list of source events corresponding to the trigger. Possible values are `commit` and `pullrequest`. */ events: pulumi.Input[]>; /** * The name which should be used for this trigger. */ name: pulumi.Input; /** * The full URL to the source code repository. */ repositoryUrl: pulumi.Input; /** * The type of the source control service. Possible values are `Github` and `VisualStudioTeamService`. */ sourceType: pulumi.Input; } interface RegistryTaskSourceTriggerAuthentication { /** * Time in seconds that the token remains valid. */ expireInSeconds?: pulumi.Input; /** * The refresh token used to refresh the access token. */ refreshToken?: pulumi.Input; /** * The scope of the access token. */ scope?: pulumi.Input; /** * The access token used to access the source control provider. */ token: pulumi.Input; /** * The type of the token. Possible values are `PAT` (personal access token) and `OAuth`. */ tokenType: pulumi.Input; } interface RegistryTaskTimerTrigger { /** * Should the trigger be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The name which should be used for this trigger. */ name: pulumi.Input; /** * The CRON expression for the task schedule. */ schedule: pulumi.Input; } interface TokenPasswordPassword1 { /** * The expiration date of the password in RFC3339 format. If not specified, the password never expires. Changing this forces a new resource to be created. */ expiry?: pulumi.Input; /** * The value of the password (Sensitive). */ value?: pulumi.Input; } interface TokenPasswordPassword2 { /** * The expiration date of the password in RFC3339 format. If not specified, the password never expires. Changing this forces a new resource to be created. */ expiry?: pulumi.Input; /** * The value of the password (Sensitive). */ value?: pulumi.Input; } } export declare namespace core { interface CustomProviderAction { /** * Specifies the endpoint of the action. */ endpoint: pulumi.Input; /** * Specifies the name of the action. */ name: pulumi.Input; } interface CustomProviderResourceType { /** * Specifies the endpoint of the route definition. */ endpoint: pulumi.Input; /** * Specifies the name of the route definition. */ name: pulumi.Input; /** * The routing type that is supported for the resource request. Valid values are `Proxy` and `Proxy,Cache`. Defaults to `Proxy`. */ routingType?: pulumi.Input; } interface CustomProviderValidation { /** * The endpoint where the validation specification is located. */ specification: pulumi.Input; } interface ResourceDeploymentScriptAzureCliContainer { /** * Container group name, if not specified then the name will get auto-generated. For more information, please refer to the [Container Configuration](https://learn.microsoft.com/en-us/rest/api/resources/deployment-scripts/create?tabs=HTTP#containerconfiguration) documentation. */ containerGroupName?: pulumi.Input; } interface ResourceDeploymentScriptAzureCliEnvironmentVariable { /** * Specifies the name of the environment variable. */ name: pulumi.Input; /** * Specifies the value of the secure environment variable. */ secureValue?: pulumi.Input; /** * Specifies the value of the environment variable. */ value?: pulumi.Input; } interface ResourceDeploymentScriptAzureCliIdentity { /** * Specifies the list of user-assigned managed identity IDs associated with the resource. Changing this forces a new resource to be created. */ identityIds: pulumi.Input[]>; /** * Type of the managed identity. The only possible value is `UserAssigned`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface ResourceDeploymentScriptAzureCliStorageAccount { /** * Specifies the storage account access key. */ key: pulumi.Input; /** * Specifies the storage account name. */ name: pulumi.Input; } interface ResourceDeploymentScriptPowerShellContainer { /** * Container group name, if not specified then the name will get auto-generated. For more information, please refer to the [Container Configuration](https://learn.microsoft.com/en-us/rest/api/resources/deployment-scripts/create?tabs=HTTP#containerconfiguration) documentation. */ containerGroupName?: pulumi.Input; } interface ResourceDeploymentScriptPowerShellEnvironmentVariable { /** * Specifies the name of the environment variable. */ name: pulumi.Input; /** * Specifies the value of the secure environment variable. */ secureValue?: pulumi.Input; /** * Specifies the value of the environment variable. */ value?: pulumi.Input; } interface ResourceDeploymentScriptPowerShellIdentity { /** * Specifies the list of user-assigned managed identity IDs associated with the resource. Changing this forces a new resource to be created. */ identityIds: pulumi.Input[]>; /** * Type of the managed identity. The only possible value is `UserAssigned`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface ResourceDeploymentScriptPowerShellStorageAccount { /** * Specifies the storage account access key. */ key: pulumi.Input; /** * Specifies the storage account name. */ name: pulumi.Input; } interface ResourceGroupCostManagementExportExportDataOptions { /** * The time frame for pulling data for the query. If custom, then a specific time period must be provided. Possible values include: `WeekToDate`, `MonthToDate`, `BillingMonthToDate`, `TheLast7Days`, `TheLastMonth`, `TheLastBillingMonth`, `Custom`. */ timeFrame: pulumi.Input; /** * The type of the query. Possible values are `ActualCost`, `AmortizedCost` and `Usage`. */ type: pulumi.Input; } interface ResourceGroupCostManagementExportExportDataStorageLocation { /** * The Resource Manager ID of the container where exports will be uploaded. Changing this forces a new resource to be created. */ containerId: pulumi.Input; /** * The path of the directory where exports will be uploaded. Changing this forces a new resource to be created. * * > **Note:** The Resource Manager ID of a Storage Container is exposed via the `resourceManagerId` attribute of the `azure.storage.Container` resource. */ rootFolderPath: pulumi.Input; } interface ResourceGroupCostManagementViewDataset { /** * One or more `aggregation` blocks as defined above. */ aggregations: pulumi.Input[]>; /** * The granularity of rows in the report. Possible values are `Daily` and `Monthly`. */ granularity: pulumi.Input; /** * One or more `grouping` blocks as defined below. */ groupings?: pulumi.Input[]>; /** * One or more `sorting` blocks as defined below, containing the order by expression to be used in the report */ sortings?: pulumi.Input[]>; } interface ResourceGroupCostManagementViewDatasetAggregation { /** * The name of the column to aggregate. Changing this forces a new Cost Management View for a Resource Group to be created. */ columnName: pulumi.Input; /** * The name which should be used for this aggregation. Changing this forces a new Cost Management View for a Resource Group to be created. */ name: pulumi.Input; } interface ResourceGroupCostManagementViewDatasetGrouping { /** * The name of the column to group. */ name: pulumi.Input; /** * The type of the column. Possible values are `Dimension` and `TagKey`. */ type: pulumi.Input; } interface ResourceGroupCostManagementViewDatasetSorting { /** * Direction of sort. Possible values are `Ascending` and `Descending`. */ direction: pulumi.Input; /** * The name of the column to sort. */ name: pulumi.Input; } interface ResourceGroupCostManagementViewKpi { /** * KPI type. Possible values are `Budget` and `Forecast`. */ type: pulumi.Input; } interface ResourceGroupCostManagementViewPivot { /** * The name of the column which should be used for this sub-view in the Cost Analysis UI. */ name: pulumi.Input; /** * The data type to show in this sub-view. Possible values are `Dimension` and `TagKey`. */ type: pulumi.Input; } interface ResourceGroupPolicyAssignmentIdentity { /** * A list of User Managed Identity IDs which should be assigned to the Policy Definition. * * > **Note:** This is required when `type` is set to `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID of the Policy Assignment for this Resource Group. */ principalId?: pulumi.Input; /** * The Tenant ID of the Policy Assignment for this Resource Group. */ tenantId?: pulumi.Input; /** * The Type of Managed Identity which should be added to this Policy Definition. Possible values are `SystemAssigned` and `UserAssigned`. */ type: pulumi.Input; } interface ResourceGroupPolicyAssignmentNonComplianceMessage { /** * The non-compliance message text. When assigning policy sets (initiatives), unless `policyDefinitionReferenceId` is specified then this message will be the default for all policies. */ content: pulumi.Input; /** * When assigning policy sets (initiatives), this is the ID of the policy definition that the non-compliance message applies to. */ policyDefinitionReferenceId?: pulumi.Input; } interface ResourceGroupPolicyAssignmentOverride { /** * One or more `overrideSelector` block as defined below. */ selectors?: pulumi.Input[]>; /** * Specifies the value to override the policy property. Possible values for `policyEffect` override listed [policy effects](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects). */ value: pulumi.Input; } interface ResourceGroupPolicyAssignmentOverrideSelector { ins?: pulumi.Input[]>; kind?: pulumi.Input; notIns?: pulumi.Input[]>; } interface ResourceGroupPolicyAssignmentResourceSelector { /** * Specifies a name for the resource selector. */ name?: pulumi.Input; /** * One or more `resourceSelector` block as defined below. */ selectors: pulumi.Input[]>; } interface ResourceGroupPolicyAssignmentResourceSelectorSelector { ins?: pulumi.Input[]>; kind: pulumi.Input; notIns?: pulumi.Input[]>; } interface ResourcePolicyAssignmentIdentity { /** * A list of User Managed Identity IDs which should be assigned to the Policy Definition. * * > **Note:** This is required when `type` is set to `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID of the Policy Assignment for this Resource. */ principalId?: pulumi.Input; /** * The Tenant ID of the Policy Assignment for this Resource. */ tenantId?: pulumi.Input; /** * The Type of Managed Identity which should be added to this Policy Definition. Possible values are `SystemAssigned` and `UserAssigned`. */ type: pulumi.Input; } interface ResourcePolicyAssignmentNonComplianceMessage { /** * The non-compliance message text. When assigning policy sets (initiatives), unless `policyDefinitionReferenceId` is specified then this message will be the default for all policies. */ content: pulumi.Input; /** * When assigning policy sets (initiatives), this is the ID of the policy definition that the non-compliance message applies to. */ policyDefinitionReferenceId?: pulumi.Input; } interface ResourcePolicyAssignmentOverride { /** * One or more `overrideSelector` block as defined below. */ selectors?: pulumi.Input[]>; /** * Specifies the value to override the policy property. Possible values for `policyEffect` override listed [policy effects](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects). */ value: pulumi.Input; } interface ResourcePolicyAssignmentOverrideSelector { ins?: pulumi.Input[]>; kind?: pulumi.Input; notIns?: pulumi.Input[]>; } interface ResourcePolicyAssignmentResourceSelector { /** * Specifies a name for the resource selector. */ name?: pulumi.Input; /** * One or more `resourceSelector` block as defined below. */ selectors: pulumi.Input[]>; } interface ResourcePolicyAssignmentResourceSelectorSelector { ins?: pulumi.Input[]>; kind: pulumi.Input; notIns?: pulumi.Input[]>; } interface ResourceProviderRegistrationFeature { /** * Specifies the name of the feature to register. * * > **Note:** Only Preview Features which have an `ApprovalType` of `AutoApproval` can be managed in Terraform, features which require manual approval by Service Teams are unsupported. [More information on Resource Provider Preview Features can be found in this document](https://docs.microsoft.com/rest/api/resources/features) */ name: pulumi.Input; /** * Should this feature be Registered or Unregistered? */ registered: pulumi.Input; } interface SubscriptionCostManagementExportExportDataOptions { /** * The time frame for pulling data for the query. If custom, then a specific time period must be provided. Possible values include: `WeekToDate`, `MonthToDate`, `BillingMonthToDate`, `TheLast7Days`, `TheLastMonth`, `TheLastBillingMonth`, `Custom`. */ timeFrame: pulumi.Input; /** * The type of the query. Possible values are `ActualCost`, `AmortizedCost` and `Usage`. */ type: pulumi.Input; } interface SubscriptionCostManagementExportExportDataStorageLocation { /** * The Resource Manager ID of the container where exports will be uploaded. Changing this forces a new resource to be created. */ containerId: pulumi.Input; /** * The path of the directory where exports will be uploaded. Changing this forces a new resource to be created. * * > **Note:** The Resource Manager ID of a Storage Container is exposed via the `resourceManagerId` attribute of the `azure.storage.Container` resource. */ rootFolderPath: pulumi.Input; } interface SubscriptionCostManagementViewDataset { /** * One or more `aggregation` blocks as defined above. */ aggregations: pulumi.Input[]>; /** * The granularity of rows in the report. Possible values are `Daily` and `Monthly`. */ granularity: pulumi.Input; /** * One or more `grouping` blocks as defined below. */ groupings?: pulumi.Input[]>; /** * One or more `sorting` blocks as defined below, containing the order by expression to be used in the report */ sortings?: pulumi.Input[]>; } interface SubscriptionCostManagementViewDatasetAggregation { /** * The name of the column to aggregate. Changing this forces a new Cost Management View for a Subscription to be created. */ columnName: pulumi.Input; /** * The name which should be used for this aggregation. Changing this forces a new Cost Management View for a Subscription to be created. */ name: pulumi.Input; } interface SubscriptionCostManagementViewDatasetGrouping { /** * The name of the column to group. */ name: pulumi.Input; /** * The type of the column. Possible values are `Dimension` and `TagKey`. */ type: pulumi.Input; } interface SubscriptionCostManagementViewDatasetSorting { /** * Direction of sort. Possible values are `Ascending` and `Descending`. */ direction: pulumi.Input; /** * The name of the column to sort. */ name: pulumi.Input; } interface SubscriptionCostManagementViewKpi { /** * KPI type. Possible values are `Budget` and `Forecast`. */ type: pulumi.Input; } interface SubscriptionCostManagementViewPivot { /** * The name of the column which should be used for this sub-view in the Cost Analysis UI. */ name: pulumi.Input; /** * The data type to show in this sub-view. Possible values are `Dimension` and `TagKey`. */ type: pulumi.Input; } interface SubscriptionPolicyAssignmentIdentity { /** * A list of User Managed Identity IDs which should be assigned to the Policy Definition. * * > **Note:** This is required when `type` is set to `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID of the Policy Assignment for this Subscription. */ principalId?: pulumi.Input; /** * The Tenant ID of the Policy Assignment for this Subscription. */ tenantId?: pulumi.Input; /** * The Type of Managed Identity which should be added to this Policy Definition. Possible values are `SystemAssigned` or `UserAssigned`. */ type: pulumi.Input; } interface SubscriptionPolicyAssignmentNonComplianceMessage { /** * The non-compliance message text. When assigning policy sets (initiatives), unless `policyDefinitionReferenceId` is specified then this message will be the default for all policies. */ content: pulumi.Input; /** * When assigning policy sets (initiatives), this is the ID of the policy definition that the non-compliance message applies to. */ policyDefinitionReferenceId?: pulumi.Input; } interface SubscriptionPolicyAssignmentOverride { /** * One or more `overrideSelector` block as defined below. */ selectors?: pulumi.Input[]>; /** * Specifies the value to override the policy property. Possible values for `policyEffect` override listed [policy effects](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects). */ value: pulumi.Input; } interface SubscriptionPolicyAssignmentOverrideSelector { ins?: pulumi.Input[]>; kind?: pulumi.Input; notIns?: pulumi.Input[]>; } interface SubscriptionPolicyAssignmentResourceSelector { /** * Specifies a name for the resource selector. */ name?: pulumi.Input; /** * One or more `resourceSelector` block as defined below. */ selectors: pulumi.Input[]>; } interface SubscriptionPolicyAssignmentResourceSelectorSelector { ins?: pulumi.Input[]>; kind: pulumi.Input; notIns?: pulumi.Input[]>; } } export declare namespace cosmosdb { interface AccountAnalyticalStorage { /** * The schema type of the Analytical Storage for this Cosmos DB account. Possible values are `FullFidelity` and `WellDefined`. */ schemaType: pulumi.Input; } interface AccountBackup { /** * The interval in minutes between two backups. Possible values are between 60 and 1440. Defaults to `240`. */ intervalInMinutes?: pulumi.Input; /** * The time in hours that each backup is retained. Possible values are between 8 and 720. Defaults to `8`. */ retentionInHours?: pulumi.Input; /** * The storage redundancy is used to indicate the type of backup residency. Possible values are `Geo`, `Local` and `Zone`. Defaults to `Geo`. * * > **Note:** You can only configure `intervalInMinutes`, `retentionInHours` and `storageRedundancy` when the `type` field is set to `Periodic`. */ storageRedundancy?: pulumi.Input; /** * The continuous backup tier. Possible values are `Continuous7Days` and `Continuous30Days`. */ tier?: pulumi.Input; /** * The type of the `backup`. Possible values are `Continuous` and `Periodic`. * * > **Note:** Migration of `Periodic` to `Continuous` is one-way, changing `Continuous` to `Periodic` forces a new resource to be created. */ type: pulumi.Input; } interface AccountCapability { /** * Specifies the name of the CosmosDB Account. Changing this forces a new resource to be created. */ name: pulumi.Input; } interface AccountCapacity { /** * The total throughput limit imposed on this Cosmos DB account (RU/s). Possible values are at least `-1`. `-1` means no limit. */ totalThroughputLimit: pulumi.Input; } interface AccountConsistencyPolicy { /** * The Consistency Level to use for this CosmosDB Account - can be either `BoundedStaleness`, `Eventual`, `Session`, `Strong` or `ConsistentPrefix`. */ consistencyLevel: pulumi.Input; /** * When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. The accepted range for this value is `5` - `86400` (1 day). Defaults to `5`. Required when `consistencyLevel` is set to `BoundedStaleness`. */ maxIntervalInSeconds?: pulumi.Input; /** * When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. The accepted range for this value is `10` – `2147483647`. Defaults to `100`. Required when `consistencyLevel` is set to `BoundedStaleness`. * * > **Note:** `maxIntervalInSeconds` and `maxStalenessPrefix` can only be set to values other than default when the `consistencyLevel` is set to `BoundedStaleness`. */ maxStalenessPrefix?: pulumi.Input; } interface AccountCorsRule { /** * A list of headers that are allowed to be a part of the cross-origin request. */ allowedHeaders: pulumi.Input[]>; /** * A list of HTTP headers that are allowed to be executed by the origin. Valid options are `DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS`, `PUT` or `PATCH`. */ allowedMethods: pulumi.Input[]>; /** * A list of origin domains that will be allowed by CORS. */ allowedOrigins: pulumi.Input[]>; /** * A list of response headers that are exposed to CORS clients. */ exposedHeaders: pulumi.Input[]>; /** * The number of seconds the client should cache a preflight response. Possible values are between `1` and `2147483647`. */ maxAgeInSeconds?: pulumi.Input; } interface AccountGeoLocation { /** * The failover priority of the region. A failover priority of `0` indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. Changing this causes the location to be re-provisioned and cannot be changed for the location with failover priority `0`. */ failoverPriority: pulumi.Input; /** * The CosmosDB Account ID. */ id?: pulumi.Input; /** * The name of the Azure region to host replicated data. */ location: pulumi.Input; /** * Should zone redundancy be enabled for this region? Defaults to `false`. */ zoneRedundant?: pulumi.Input; } interface AccountIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Cosmos Account. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * The Type of Managed Identity assigned to this Cosmos account. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface AccountRestore { /** * A `database` block as defined below. Changing this forces a new resource to be created. */ databases?: pulumi.Input[]>; /** * One or more `gremlinDatabase` blocks as defined below. Changing this forces a new resource to be created. */ gremlinDatabases?: pulumi.Input[]>; /** * The creation time of the database or the collection (Datetime Format `RFC 3339`). Changing this forces a new resource to be created. */ restoreTimestampInUtc: pulumi.Input; /** * The resource ID of the restorable database account from which the restore has to be initiated. The example is `/subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName}`. Changing this forces a new resource to be created. * * > **Note:** Any database account with `Continuous` type (live account or accounts deleted in last 30 days) is a restorable database account and there cannot be Create/Update/Delete operations on the restorable database accounts. They can only be read and retrieved by `azure.cosmosdb.getRestorableDatabaseAccounts`. */ sourceCosmosdbAccountId: pulumi.Input; /** * A list of specific tables available for restore. Changing this forces a new resource to be created. */ tablesToRestores?: pulumi.Input[]>; } interface AccountRestoreDatabase { /** * A list of the collection names for the restore request. Changing this forces a new resource to be created. */ collectionNames?: pulumi.Input[]>; /** * The database name for the restore request. Changing this forces a new resource to be created. */ name: pulumi.Input; } interface AccountRestoreGremlinDatabase { /** * A list of the Graph names for the restore request. Changing this forces a new resource to be created. */ graphNames?: pulumi.Input[]>; /** * The Gremlin Database name for the restore request. Changing this forces a new resource to be created. */ name: pulumi.Input; } interface AccountVirtualNetworkRule { /** * The ID of the virtual network subnet. */ id: pulumi.Input; /** * If set to true, the specified subnet will be added as a virtual network rule even if its CosmosDB service endpoint is not active. Defaults to `false`. */ ignoreMissingVnetServiceEndpoint?: pulumi.Input; } interface CassandraClusterIdentity { principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Cassandra Cluster. The only possible value is `SystemAssigned`. */ type: pulumi.Input; } interface CassandraKeyspaceAutoscaleSettings { /** * The maximum throughput of the Cassandra KeySpace (RU/s). Must be between `1,000` and `1,000,000`. Must be set in increments of `1,000`. Conflicts with `throughput`. */ maxThroughput?: pulumi.Input; } interface CassandraTableAutoscaleSettings { /** * The maximum throughput of the Cassandra Table (RU/s). Must be between `1,000` and `1,000,000`. Must be set in increments of `1,000`. Conflicts with `throughput`. */ maxThroughput?: pulumi.Input; } interface CassandraTableSchema { /** * One or more `clusterKey` blocks as defined below. */ clusterKeys?: pulumi.Input[]>; /** * One or more `column` blocks as defined below. */ columns: pulumi.Input[]>; /** * One or more `partitionKey` blocks as defined below. */ partitionKeys: pulumi.Input[]>; } interface CassandraTableSchemaClusterKey { /** * Name of the cluster key to be created. */ name: pulumi.Input; /** * Order of the key. Currently supported values are `Asc` and `Desc`. */ orderBy: pulumi.Input; } interface CassandraTableSchemaColumn { /** * Name of the column to be created. */ name: pulumi.Input; /** * Type of the column to be created. */ type: pulumi.Input; } interface CassandraTableSchemaPartitionKey { /** * Name of the column to partition by. */ name: pulumi.Input; } interface GremlinDatabaseAutoscaleSettings { /** * The maximum throughput of the Gremlin database (RU/s). Must be between `1,000` and `1,000,000`. Must be set in increments of `1,000`. Conflicts with `throughput`. */ maxThroughput?: pulumi.Input; } interface GremlinGraphAutoscaleSettings { /** * The maximum throughput of the Gremlin graph (RU/s). Must be between `1,000` and `1,000,000`. Must be set in increments of `1,000`. Conflicts with `throughput`. */ maxThroughput?: pulumi.Input; } interface GremlinGraphConflictResolutionPolicy { /** * The conflict resolution path in the case of LastWriterWins mode. */ conflictResolutionPath?: pulumi.Input; /** * The procedure to resolve conflicts in the case of custom mode. */ conflictResolutionProcedure?: pulumi.Input; /** * Indicates the conflict resolution mode. Possible values include: `LastWriterWins`, `Custom`. */ mode: pulumi.Input; } interface GremlinGraphIndexPolicy { /** * Indicates if the indexing policy is automatic. Defaults to `true`. */ automatic?: pulumi.Input; /** * One or more `compositeIndex` blocks as defined below. */ compositeIndices?: pulumi.Input[]>; /** * List of paths to exclude from indexing. Required if `indexingMode` is `Consistent` or `Lazy`. */ excludedPaths?: pulumi.Input[]>; /** * List of paths to include in the indexing. Required if `indexingMode` is `Consistent` or `Lazy`. */ includedPaths?: pulumi.Input[]>; /** * Indicates the indexing mode. Possible values include: `Consistent`, `Lazy`, `None`. */ indexingMode: pulumi.Input; /** * One or more `spatialIndex` blocks as defined below. */ spatialIndices?: pulumi.Input[]>; } interface GremlinGraphIndexPolicyCompositeIndex { /** * One or more `index` blocks as defined below. */ indices: pulumi.Input[]>; } interface GremlinGraphIndexPolicyCompositeIndexIndex { /** * Order of the index. Possible values are `Ascending` or `Descending`. */ order: pulumi.Input; /** * Path for which the indexing behaviour applies to. */ path: pulumi.Input; } interface GremlinGraphIndexPolicySpatialIndex { /** * Path for which the indexing behaviour applies to. According to the service design, all spatial types including `LineString`, `MultiPolygon`, `Point`, and `Polygon` will be applied to the path. */ path: pulumi.Input; types?: pulumi.Input[]>; } interface GremlinGraphUniqueKey { /** * A list of paths to use for this unique key. Changing this forces a new resource to be created. */ paths: pulumi.Input[]>; } interface MongoClusterConnectionString { /** * The description of the connection string. */ description?: pulumi.Input; /** * The name which should be used for the MongoDB Cluster. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * The value of the Mongo Cluster connection string. The `:` placeholder returned from API will be replaced by the real `administratorUsername` and `administratorPassword` if available in the state. */ value?: pulumi.Input; } interface MongoClusterCustomerManagedKey { /** * The ID of the key vault key used for encryption. For example: `https://example-vault-name.vault.azure.net/keys/example-key-name`. */ keyVaultKeyId: pulumi.Input; /** * The ID of the User Assigned Identity that has access to the Key Vault Key. */ userAssignedIdentityId: pulumi.Input; } interface MongoClusterIdentity { /** * A list of one or more Resource IDs for User Assigned Managed identities to assign. * * > **Note:** Required when `type` is set to `UserAssigned`. */ identityIds: pulumi.Input[]>; /** * The type of managed identity to assign. Possible value is `UserAssigned`. */ type: pulumi.Input; } interface MongoClusterRestore { /** * The point in time (in UTC) to restore from, in ISO 8601 format (e.g., `2024-01-01T00:00:00Z`). Changing this forces a new resource to be created. */ pointInTimeUtc: pulumi.Input; /** * The ID of the source MongoDB Cluster to restore from. Changing this forces a new resource to be created. */ sourceId: pulumi.Input; } interface MongoCollectionAutoscaleSettings { /** * The maximum throughput of the MongoDB collection (RU/s). Must be between `1,000` and `1,000,000`. Must be set in increments of `1,000`. Conflicts with `throughput`. */ maxThroughput?: pulumi.Input; } interface MongoCollectionIndex { /** * Specifies the list of user settable keys for each Cosmos DB Mongo Collection. */ keys: pulumi.Input[]>; /** * Is the index unique or not? Defaults to `false`. * * > **Note:** An index with an "_id" key must be specified. */ unique?: pulumi.Input; } interface MongoCollectionSystemIndex { /** * The list of system keys which are not settable for each Cosmos DB Mongo Collection. */ keys?: pulumi.Input[]>; /** * Identifies whether the table contains no duplicate values. */ unique?: pulumi.Input; } interface MongoDatabaseAutoscaleSettings { /** * The maximum throughput of the MongoDB database (RU/s). Must be between `1,000` and `1,000,000`. Must be set in increments of `1,000`. Conflicts with `throughput`. */ maxThroughput?: pulumi.Input; } interface MongoRoleDefinitionPrivilege { /** * A list of actions that are allowed. */ actions: pulumi.Input[]>; /** * A `resource` block as defined below. */ resource: pulumi.Input; } interface MongoRoleDefinitionPrivilegeResource { /** * The name of the Mongo DB Collection that the Role Definition is applied. */ collectionName?: pulumi.Input; /** * The name of the Mongo DB that the Role Definition is applied. */ dbName?: pulumi.Input; } interface PostgresqlClusterMaintenanceWindow { /** * The day of week for maintenance window, where the week starts on a Sunday, i.e. Sunday = `0`, Monday = `1`. Defaults to `0`. */ dayOfWeek?: pulumi.Input; /** * The start hour for maintenance window. Defaults to `0`. */ startHour?: pulumi.Input; /** * The start minute for maintenance window. Defaults to `0`. */ startMinute?: pulumi.Input; } interface PostgresqlClusterServer { /** * The Fully Qualified Domain Name of the server. */ fqdn?: pulumi.Input; /** * The name which should be used for this Azure Cosmos DB for PostgreSQL Cluster. Changing this forces a new resource to be created. */ name?: pulumi.Input; } interface SqlContainerAutoscaleSettings { /** * The maximum throughput of the SQL container (RU/s). Must be between `1,000` and `1,000,000`. Must be set in increments of `1,000`. Conflicts with `throughput`. */ maxThroughput?: pulumi.Input; } interface SqlContainerConflictResolutionPolicy { /** * The conflict resolution path in the case of `LastWriterWins` mode. */ conflictResolutionPath?: pulumi.Input; /** * The procedure to resolve conflicts in the case of `Custom` mode. */ conflictResolutionProcedure?: pulumi.Input; /** * Indicates the conflict resolution mode. Possible values include: `LastWriterWins`, `Custom`. */ mode: pulumi.Input; } interface SqlContainerIndexingPolicy { /** * One or more `compositeIndex` blocks as defined below. */ compositeIndices?: pulumi.Input[]>; /** * One or more `excludedPath` blocks as defined below. Either `includedPath` or `excludedPath` must contain the `path` `/*` */ excludedPaths?: pulumi.Input[]>; /** * One or more `includedPath` blocks as defined below. Either `includedPath` or `excludedPath` must contain the `path` `/*` */ includedPaths?: pulumi.Input[]>; /** * Indicates the indexing mode. Possible values include: `consistent` and `none`. Defaults to `consistent`. */ indexingMode?: pulumi.Input; /** * One or more `spatialIndex` blocks as defined below. */ spatialIndices?: pulumi.Input[]>; } interface SqlContainerIndexingPolicyCompositeIndex { /** * One or more `index` blocks as defined below. */ indices: pulumi.Input[]>; } interface SqlContainerIndexingPolicyCompositeIndexIndex { /** * Order of the index. Possible values are `Ascending` or `Descending`. */ order: pulumi.Input; /** * Path for which the indexing behaviour applies to. */ path: pulumi.Input; } interface SqlContainerIndexingPolicyExcludedPath { /** * Path that is excluded from indexing. */ path: pulumi.Input; } interface SqlContainerIndexingPolicyIncludedPath { /** * Path for which the indexing behaviour applies to. */ path: pulumi.Input; } interface SqlContainerIndexingPolicySpatialIndex { /** * Path for which the indexing behaviour applies to. According to the service design, all spatial types including `LineString`, `MultiPolygon`, `Point`, and `Polygon` will be applied to the path. */ path: pulumi.Input; /** * A set of spatial types of the path. */ types?: pulumi.Input[]>; } interface SqlContainerUniqueKey { /** * A list of paths to use for this unique key. Changing this forces a new resource to be created. */ paths: pulumi.Input[]>; } interface SqlDatabaseAutoscaleSettings { /** * The maximum throughput of the SQL database (RU/s). Must be between `1,000` and `1,000,000`. Must be set in increments of `1,000`. Conflicts with `throughput`. */ maxThroughput?: pulumi.Input; } interface SqlRoleDefinitionPermission { /** * A list of data actions that are allowed for the Cosmos DB SQL Role Definition. */ dataActions: pulumi.Input[]>; } interface TableAutoscaleSettings { /** * The maximum throughput of the Table (RU/s). Must be between `1,000` and `1,000,000`. Must be set in increments of `1,000`. Conflicts with `throughput`. */ maxThroughput?: pulumi.Input; } } export declare namespace dashboard { interface GetGrafanaIdentity { identityIds?: string[]; principalId?: string; tenantId?: string; type: string; } interface GetGrafanaIdentityArgs { identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; type: pulumi.Input; } interface GrafanaAzureMonitorWorkspaceIntegration { /** * Specifies the resource ID of the connected Azure Monitor Workspace. */ resourceId: pulumi.Input; } interface GrafanaIdentity { /** * Specifies the list of User Assigned Managed Service Identity IDs which should be assigned to this Dashboard Grafana. Changing this forces a new resource to be created. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity. Possible values are `SystemAssigned`, `UserAssigned`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface GrafanaSmtp { /** * Whether to enable the smtp setting of the Grafana instance. Defaults to `false`. */ enabled?: pulumi.Input; /** * Address used when sending emails. */ fromAddress: pulumi.Input; /** * Name used when sending emails. Defaults to `Azure Managed Grafana Notification`. */ fromName?: pulumi.Input; /** * SMTP server hostname with port, e.g. test.email.net:587 */ host: pulumi.Input; /** * Password of SMTP authentication. */ password: pulumi.Input; /** * Whether to use TLS when connecting to SMTP server. Possible values are `OpportunisticStartTLS`, `NoStartTLS`, `MandatoryStartTLS`. */ startTlsPolicy: pulumi.Input; /** * User of SMTP authentication. */ user: pulumi.Input; /** * Whether verify SSL for SMTP server. Defaults to `false`. */ verificationSkipEnabled?: pulumi.Input; } } export declare namespace databoxedge { interface DeviceDeviceProperty { /** * The Data Box Edge/Gateway device local capacity in MB. */ capacity?: pulumi.Input; /** * Type of compute roles configured. */ configuredRoleTypes?: pulumi.Input[]>; /** * The Data Box Edge/Gateway device culture. */ culture?: pulumi.Input; /** * The device software version number of the device (e.g. 1.2.18105.6). */ hcsVersion?: pulumi.Input; /** * The Data Box Edge/Gateway device model. */ model?: pulumi.Input; /** * The number of nodes in the cluster. */ nodeCount?: pulumi.Input; /** * The Serial Number of Data Box Edge/Gateway device. */ serialNumber?: pulumi.Input; /** * The Data Box Edge/Gateway device software version. */ softwareVersion?: pulumi.Input; /** * The status of the Data Box Edge/Gateway device. */ status?: pulumi.Input; /** * The Data Box Edge/Gateway device timezone. */ timeZone?: pulumi.Input; /** * The type of the Data Box Edge/Gateway device. */ type?: pulumi.Input; } } export declare namespace databricks { interface AccessConnectorIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to the Databricks Access Connector. Only one User Assigned Managed Identity ID is supported per Databricks Access Connector resource. * * > **Note:** `identityIds` are required when `type` is set to `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID of the System Assigned Managed Service Identity that is configured on this Access Connector. */ principalId?: pulumi.Input; /** * The Tenant ID of the System Assigned Managed Service Identity that is configured on this Access Connector. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on the Databricks Access Connector. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface WorkspaceCustomParameters { /** * The ID of a Azure Machine Learning workspace to link with Databricks workspace. Changing this forces a new resource to be created. */ machineLearningWorkspaceId?: pulumi.Input; /** * Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets (only for workspace with managed virtual network). Defaults to `nat-gateway`. Changing this forces a new resource to be created. */ natGatewayName?: pulumi.Input; /** * Are public IP Addresses not allowed? Possible values are `true` or `false`. Defaults to `true`. * * > **Note:** Updating `noPublicIp` parameter is only allowed if the value is changing from `false` to `true` and only for VNet-injected workspaces. * * > **Note:** In `v3.104.0` and higher of the provider the `noPublicIp` parameter will now default to `true` instead of `false`. */ noPublicIp?: pulumi.Input; /** * The name of the Private Subnet within the Virtual Network. Required if `virtualNetworkId` is set. Changing this forces a new resource to be created. */ privateSubnetName?: pulumi.Input; /** * The resource ID of the `azure.network.SubnetNetworkSecurityGroupAssociation` resource which is referred to by the `privateSubnetName` field. This is the same as the ID of the subnet referred to by the `privateSubnetName` field. Required if `virtualNetworkId` is set. */ privateSubnetNetworkSecurityGroupAssociationId?: pulumi.Input; /** * Name of the Public IP for No Public IP workspace with managed virtual network. Defaults to `nat-gw-public-ip`. Changing this forces a new resource to be created. */ publicIpName?: pulumi.Input; /** * The name of the Public Subnet within the Virtual Network. Required if `virtualNetworkId` is set. Changing this forces a new resource to be created. */ publicSubnetName?: pulumi.Input; /** * The resource ID of the `azure.network.SubnetNetworkSecurityGroupAssociation` resource which is referred to by the `publicSubnetName` field. This is the same as the ID of the subnet referred to by the `publicSubnetName` field. Required if `virtualNetworkId` is set. */ publicSubnetNetworkSecurityGroupAssociationId?: pulumi.Input; /** * Default Databricks File Storage account name. Defaults to a randomized name(e.g. `dbstoragel6mfeghoe5kxu`). Changing this forces a new resource to be created. */ storageAccountName?: pulumi.Input; /** * Storage account SKU name. Possible values include `Standard_LRS`, `Standard_GRS`, `Standard_RAGRS`, `Standard_GZRS`, `Standard_RAGZRS`, `Standard_ZRS`, `Premium_LRS` or `Premium_ZRS`. Defaults to `Standard_GRS`. */ storageAccountSkuName?: pulumi.Input; /** * The ID of a Virtual Network where this Databricks Cluster should be created. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * Address prefix for Managed virtual network. Defaults to `10.139`. Changing this forces a new resource to be created. * * > **Note:** Databricks requires that a network security group is associated with the `public` and `private` subnets when a `virtualNetworkId` has been defined. Both `public` and `private` subnets must be delegated to `Microsoft.Databricks/workspaces`. For more information about subnet delegation see the [product documentation](https://docs.microsoft.com/azure/virtual-network/subnet-delegation-overview). */ vnetAddressPrefix?: pulumi.Input; } interface WorkspaceEnhancedSecurityCompliance { /** * Enables automatic cluster updates for this workspace. Defaults to `false`. */ automaticClusterUpdateEnabled?: pulumi.Input; /** * Enables compliance security profile for this workspace. Defaults to `false`. * * > **Note:** Changing the value of `complianceSecurityProfileEnabled` from `true` to `false` forces a replacement of the Databricks workspace. * * > **Note:** The attributes `automaticClusterUpdateEnabled` and `enhancedSecurityMonitoringEnabled` must be set to `true` in order to set `complianceSecurityProfileEnabled` to `true`. */ complianceSecurityProfileEnabled?: pulumi.Input; /** * A list of standards to enforce on this workspace. Possible values include `HIPAA` and `PCI_DSS`. * * > **Note:** `complianceSecurityProfileEnabled` must be set to `true` in order to use `complianceSecurityProfileStandards`. * * > **Note:** Removing a standard from the `complianceSecurityProfileStandards` list forces a replacement of the Databricks workspace. */ complianceSecurityProfileStandards?: pulumi.Input[]>; /** * Enables enhanced security monitoring for this workspace. Defaults to `false`. */ enhancedSecurityMonitoringEnabled?: pulumi.Input; } interface WorkspaceManagedDiskIdentity { /** * The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys. */ principalId?: pulumi.Input; /** * The UUID of the tenant where the internal databricks storage account was created. */ tenantId?: pulumi.Input; /** * The type of the internal databricks storage account. */ type?: pulumi.Input; } interface WorkspaceStorageAccountIdentity { /** * The principal UUID for the internal databricks storage account needed to provide access to the workspace for enabling Customer Managed Keys. */ principalId?: pulumi.Input; /** * The UUID of the tenant where the internal databricks storage account was created. */ tenantId?: pulumi.Input; /** * The type of the internal databricks storage account. */ type?: pulumi.Input; } } export declare namespace datadog { interface MonitorDatadogOrganization { /** * Api key associated to the Datadog organization. Changing this forces a new Datadog Monitor to be created. */ apiKey: pulumi.Input; /** * Application key associated to the Datadog organization. Changing this forces a new Datadog Monitor to be created. */ applicationKey: pulumi.Input; /** * The ID of the enterprise_app. Changing this forces a new resource to be created. */ enterpriseAppId?: pulumi.Input; /** * The ID of the Datadog Monitor. */ id?: pulumi.Input; /** * The auth code used to linking to an existing Datadog organization. Changing this forces a new Datadog Monitor to be created. */ linkingAuthCode?: pulumi.Input; /** * The ID of the linking_client. Changing this forces a new Datadog Monitor to be created. */ linkingClientId?: pulumi.Input; /** * The name of the user that will be associated with the Datadog Monitor. Changing this forces a new Datadog Monitor to be created. */ name?: pulumi.Input; /** * The redirect uri for linking. Changing this forces a new Datadog Monitor to be created. */ redirectUri?: pulumi.Input; } interface MonitorIdentity { /** * The Principal ID for the Service Principal associated with the Identity of this Datadog Monitor. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Identity of this Datadog Monitor. */ tenantId?: pulumi.Input; /** * Specifies the identity type of the Datadog Monitor. At this time the only allowed value is `SystemAssigned`. * * > **Note:** The assigned `principalId` and `tenantId` can be retrieved after the identity `type` has been set to `SystemAssigned` and the Datadog Monitor has been created. More details are available below. */ type: pulumi.Input; } interface MonitorTagRuleLog { /** * Whether AAD logs should be sent for the Monitor resource? */ aadLogEnabled?: pulumi.Input; /** * A `filter` block as defined below. * * > **Note:** List of filtering tags to be used for capturing logs. This only takes effect if `resourceLogEnabled` flag is enabled. If empty, all resources will be captured. If only Exclude action is specified, the rules will apply to the list of all available resources. If Include actions are specified, the rules will only include resources with the associated tags. */ filters?: pulumi.Input[]>; /** * Whether Azure resource logs should be sent for the Monitor resource? */ resourceLogEnabled?: pulumi.Input; /** * Whether Azure subscription logs should be sent for the Monitor resource? */ subscriptionLogEnabled?: pulumi.Input; } interface MonitorTagRuleLogFilter { /** * Allowed values Include or Exclude. */ action: pulumi.Input; /** * Name of the Tag. */ name: pulumi.Input; /** * Value of the Tag. */ value: pulumi.Input; } interface MonitorTagRuleMetric { /** * A `filter` block as defined below. * * > **Note:** List of filtering tags to be used for capturing metrics. If empty, all resources will be captured. If only Exclude action is specified, the rules will apply to the list of all available resources. If Include actions are specified, the rules will only include resources with the associated tags. */ filters?: pulumi.Input[]>; } interface MonitorTagRuleMetricFilter { /** * Allowed values Include or Exclude. */ action: pulumi.Input; /** * Name of the Tag. */ name: pulumi.Input; /** * Value of the Tag. */ value: pulumi.Input; } interface MonitorUser { /** * Email of the user used by Datadog for contacting them if needed. Changing this forces a new Datadog Monitor to be created. */ email: pulumi.Input; /** * The name which should be used for this user_info. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Phone number of the user used by Datadog for contacting them if needed. Changing this forces a new resource to be created. */ phoneNumber?: pulumi.Input; } } export declare namespace datafactory { interface CredentialServicePrincipalServicePrincipalKey { /** * The name of the Linked Service to use for the Service Principal Key. */ linkedServiceName: pulumi.Input; /** * The name of the Secret in the Key Vault. */ secretName: pulumi.Input; /** * The version of the Secret in the Key Vault. */ secretVersion?: pulumi.Input; } interface CustomDatasetLinkedService { /** * The name of the Data Factory Linked Service. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowSink { /** * A `dataset` block as defined below. */ dataset?: pulumi.Input; /** * The description for the Data Flow Source. */ description?: pulumi.Input; /** * A `flowlet` block as defined below. */ flowlet?: pulumi.Input; /** * A `linkedService` block as defined below. */ linkedService?: pulumi.Input; /** * The name for the Data Flow Source. */ name: pulumi.Input; /** * A `rejectedLinkedService` block as defined below. */ rejectedLinkedService?: pulumi.Input; /** * A `schemaLinkedService` block as defined below. */ schemaLinkedService?: pulumi.Input; } interface DataFlowSinkDataset { /** * The name for the Data Factory Dataset. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory dataset. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowSinkFlowlet { /** * Specifies the reference data flow parameters from dataset. */ datasetParameters?: pulumi.Input; /** * The name for the Data Factory Flowlet. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Flowlet. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowSinkLinkedService { /** * The name for the Data Factory Linked Service. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowSinkRejectedLinkedService { /** * The name for the Data Factory Linked Service with schema. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowSinkSchemaLinkedService { /** * The name for the Data Factory Linked Service with schema. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowSource { /** * A `dataset` block as defined below. */ dataset?: pulumi.Input; /** * The description for the Data Flow Source. */ description?: pulumi.Input; /** * A `flowlet` block as defined below. */ flowlet?: pulumi.Input; /** * A `linkedService` block as defined below. */ linkedService?: pulumi.Input; /** * The name for the Data Flow Source. */ name: pulumi.Input; /** * A `rejectedLinkedService` block as defined below. */ rejectedLinkedService?: pulumi.Input; /** * A `schemaLinkedService` block as defined below. */ schemaLinkedService?: pulumi.Input; } interface DataFlowSourceDataset { /** * The name for the Data Factory Dataset. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory dataset. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowSourceFlowlet { /** * Specifies the reference data flow parameters from dataset. */ datasetParameters?: pulumi.Input; /** * The name for the Data Factory Flowlet. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Flowlet. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowSourceLinkedService { /** * The name for the Data Factory Linked Service. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowSourceRejectedLinkedService { /** * The name for the Data Factory Linked Service with schema. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowSourceSchemaLinkedService { /** * The name for the Data Factory Linked Service with schema. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowTransformation { /** * A `dataset` block as defined below. */ dataset?: pulumi.Input; /** * The description for the Data Flow transformation. */ description?: pulumi.Input; /** * A `flowlet` block as defined below. */ flowlet?: pulumi.Input; /** * A `linkedService` block as defined below. */ linkedService?: pulumi.Input; /** * The name for the Data Flow transformation. */ name: pulumi.Input; } interface DataFlowTransformationDataset { /** * The name for the Data Factory Dataset. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory dataset. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowTransformationFlowlet { /** * Specifies the reference data flow parameters from dataset. */ datasetParameters?: pulumi.Input; /** * The name for the Data Factory Flowlet. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Flowlet. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DataFlowTransformationLinkedService { /** * The name for the Data Factory Linked Service. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface DatasetAzureBlobSchemaColumn { /** * The description of the column. */ description?: pulumi.Input; /** * The name of the column. */ name: pulumi.Input; /** * Type of the column. Valid values are `Byte`, `Byte[]`, `Boolean`, `Date`, `DateTime`,`DateTimeOffset`, `Decimal`, `Double`, `Guid`, `Int16`, `Int32`, `Int64`, `Single`, `String`, `TimeSpan`. Please note these values are case sensitive. */ type?: pulumi.Input; } interface DatasetAzureSqlTableSchemaColumn { /** * The description of the column. */ description?: pulumi.Input; /** * The name of the column. */ name: pulumi.Input; /** * Type of the column. Valid values are `Byte`, `Byte[]`, `Boolean`, `Date`, `DateTime`,`DateTimeOffset`, `Decimal`, `Double`, `Guid`, `Int16`, `Int32`, `Int64`, `Single`, `String`, `TimeSpan`. Please note these values are case sensitive. */ type?: pulumi.Input; } interface DatasetBinaryAzureBlobStorageLocation { /** * The container on the Azure Blob Storage Account hosting the file. */ container: pulumi.Input; /** * Is the `container` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicContainerEnabled?: pulumi.Input; /** * Is the `filename` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFilenameEnabled?: pulumi.Input; /** * Is the `path` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicPathEnabled?: pulumi.Input; /** * The filename of the file in the blob container. */ filename?: pulumi.Input; /** * The folder path to the file in the blob container. */ path?: pulumi.Input; } interface DatasetBinaryCompression { /** * The level of compression. Possible values are `Fastest` and `Optimal`. */ level?: pulumi.Input; /** * The type of compression used during transport. Possible values are `BZip2`, `Deflate`, `GZip`, `Tar`, `TarGZip` and `ZipDeflate`. */ type: pulumi.Input; } interface DatasetBinaryHttpServerLocation { /** * Is the `filename` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFilenameEnabled?: pulumi.Input; /** * Is the `path` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicPathEnabled?: pulumi.Input; /** * The filename of the file on the web server. */ filename: pulumi.Input; /** * The folder path to the file on the web server. */ path: pulumi.Input; /** * The base URL to the web server hosting the file. */ relativeUrl: pulumi.Input; } interface DatasetBinarySftpServerLocation { /** * Is the `filename` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFilenameEnabled?: pulumi.Input; /** * Is the `path` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicPathEnabled?: pulumi.Input; /** * The filename of the file on the SFTP server. */ filename: pulumi.Input; /** * The folder path to the file on the SFTP server. */ path: pulumi.Input; } interface DatasetCosmosDBApiSchemaColumn { /** * The description of the column. */ description?: pulumi.Input; /** * The name of the column. */ name: pulumi.Input; /** * Type of the column. Valid values are `Byte`, `Byte[]`, `Boolean`, `Date`, `DateTime`,`DateTimeOffset`, `Decimal`, `Double`, `Guid`, `Int16`, `Int32`, `Int64`, `Single`, `String`, `TimeSpan`. Please note these values are case sensitive. */ type?: pulumi.Input; } interface DatasetDelimitedTextAzureBlobFsLocation { /** * Is the `fileSystem` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFileSystemEnabled?: pulumi.Input; /** * Is the `filename` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFilenameEnabled?: pulumi.Input; /** * Is the `path` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicPathEnabled?: pulumi.Input; /** * The storage data lake gen2 file system on the Azure Blob Storage Account hosting the file. */ fileSystem?: pulumi.Input; /** * The filename of the file. */ filename?: pulumi.Input; /** * The folder path to the file. */ path?: pulumi.Input; } interface DatasetDelimitedTextAzureBlobStorageLocation { /** * The container on the Azure Blob Storage Account hosting the file. */ container: pulumi.Input; /** * Is the `container` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicContainerEnabled?: pulumi.Input; /** * Is the `filename` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFilenameEnabled?: pulumi.Input; /** * Is the `path` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicPathEnabled?: pulumi.Input; /** * The filename of the file. */ filename?: pulumi.Input; /** * The folder path to the file. This can be an empty string. */ path?: pulumi.Input; } interface DatasetDelimitedTextHttpServerLocation { /** * Is the `filename` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFilenameEnabled?: pulumi.Input; /** * Is the `path` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicPathEnabled?: pulumi.Input; /** * The filename of the file on the web server. */ filename: pulumi.Input; /** * The folder path to the file on the web server. */ path: pulumi.Input; /** * The base URL to the web server hosting the file. */ relativeUrl: pulumi.Input; } interface DatasetDelimitedTextSchemaColumn { /** * The description of the column. */ description?: pulumi.Input; /** * The name of the column. */ name: pulumi.Input; /** * Type of the column. Valid values are `Byte`, `Byte[]`, `Boolean`, `Date`, `DateTime`,`DateTimeOffset`, `Decimal`, `Double`, `Guid`, `Int16`, `Int32`, `Int64`, `Single`, `String`, `TimeSpan`. Please note these values are case sensitive. */ type?: pulumi.Input; } interface DatasetHttpSchemaColumn { /** * The description of the column. */ description?: pulumi.Input; /** * The name of the column. */ name: pulumi.Input; /** * Type of the column. Valid values are `Byte`, `Byte[]`, `Boolean`, `Date`, `DateTime`,`DateTimeOffset`, `Decimal`, `Double`, `Guid`, `Int16`, `Int32`, `Int64`, `Single`, `String`, `TimeSpan`. Please note these values are case sensitive. */ type?: pulumi.Input; } interface DatasetJsonAzureBlobStorageLocation { /** * The container on the Azure Blob Storage Account hosting the file. */ container: pulumi.Input; /** * Is the `container` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicContainerEnabled?: pulumi.Input; /** * Is the `filename` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFilenameEnabled?: pulumi.Input; /** * Is the `path` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicPathEnabled?: pulumi.Input; /** * The filename of the file on the web server. */ filename: pulumi.Input; /** * The folder path to the file on the web server. */ path: pulumi.Input; } interface DatasetJsonHttpServerLocation { /** * Is the `filename` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFilenameEnabled?: pulumi.Input; /** * Is the `path` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicPathEnabled?: pulumi.Input; /** * The filename of the file on the web server. */ filename: pulumi.Input; /** * The folder path to the file on the web server. */ path: pulumi.Input; /** * The base URL to the web server hosting the file. */ relativeUrl: pulumi.Input; } interface DatasetJsonSchemaColumn { /** * The description of the column. */ description?: pulumi.Input; /** * The name of the column. */ name: pulumi.Input; /** * Type of the column. Valid values are `Byte`, `Byte[]`, `Boolean`, `Date`, `DateTime`,`DateTimeOffset`, `Decimal`, `Double`, `Guid`, `Int16`, `Int32`, `Int64`, `Single`, `String`, `TimeSpan`. Please note these values are case sensitive. */ type?: pulumi.Input; } interface DatasetMysqlSchemaColumn { /** * The description of the column. */ description?: pulumi.Input; /** * The name of the column. */ name: pulumi.Input; /** * Type of the column. Valid values are `Byte`, `Byte[]`, `Boolean`, `Date`, `DateTime`,`DateTimeOffset`, `Decimal`, `Double`, `Guid`, `Int16`, `Int32`, `Int64`, `Single`, `String`, `TimeSpan`. Please note these values are case sensitive. */ type?: pulumi.Input; } interface DatasetParquetAzureBlobFsLocation { /** * Is the `fileSystem` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFileSystemEnabled?: pulumi.Input; /** * Is the `filename` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFilenameEnabled?: pulumi.Input; /** * Is the `path` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicPathEnabled?: pulumi.Input; /** * The container on the Azure Data Lake Storage Account hosting the file. */ fileSystem?: pulumi.Input; /** * The filename of the file on the Azure Data Lake Storage Account. */ filename?: pulumi.Input; /** * The folder path to the file on the Azure Data Lake Storage Account. */ path?: pulumi.Input; } interface DatasetParquetAzureBlobStorageLocation { /** * The container on the Azure Blob Storage Account hosting the file. */ container: pulumi.Input; /** * Is the `container` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicContainerEnabled?: pulumi.Input; /** * Is the `filename` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFilenameEnabled?: pulumi.Input; /** * Is the `path` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicPathEnabled?: pulumi.Input; /** * The filename of the file on the Azure Blob Storage Account. */ filename?: pulumi.Input; /** * The folder path to the file on the Azure Blob Storage Account. */ path?: pulumi.Input; } interface DatasetParquetHttpServerLocation { /** * Is the `filename` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicFilenameEnabled?: pulumi.Input; /** * Is the `path` using dynamic expression, function or system variables? Defaults to `false`. */ dynamicPathEnabled?: pulumi.Input; /** * The filename of the file on the web server. */ filename: pulumi.Input; /** * The folder path to the file on the web server. */ path?: pulumi.Input; /** * The base URL to the web server hosting the file. */ relativeUrl: pulumi.Input; } interface DatasetParquetSchemaColumn { /** * The description of the column. */ description?: pulumi.Input; /** * The name of the column. */ name: pulumi.Input; /** * Type of the column. Valid values are `Byte`, `Byte[]`, `Boolean`, `Date`, `DateTime`,`DateTimeOffset`, `Decimal`, `Double`, `Guid`, `Int16`, `Int32`, `Int64`, `Single`, `String`, `TimeSpan`. Please note these values are case sensitive. */ type?: pulumi.Input; } interface DatasetPostgresqlSchemaColumn { /** * The description of the column. */ description?: pulumi.Input; /** * The name of the column. */ name: pulumi.Input; /** * Type of the column. Valid values are `Byte`, `Byte[]`, `Boolean`, `Date`, `DateTime`,`DateTimeOffset`, `Decimal`, `Double`, `Guid`, `Int16`, `Int32`, `Int64`, `Single`, `String`, `TimeSpan`. Please note these values are case sensitive. */ type?: pulumi.Input; } interface DatasetSnowflakeSchemaColumn { /** * The name of the column. */ name: pulumi.Input; /** * The total number of digits allowed. */ precision?: pulumi.Input; /** * The number of digits allowed to the right of the decimal point. */ scale?: pulumi.Input; /** * Type of the column. Valid values are `NUMBER`, `DECIMAL`, `NUMERIC`, `INT`, `INTEGER`, `BIGINT`, `SMALLINT`, `FLOAT``FLOAT4`, `FLOAT8`, `DOUBLE`, `DOUBLE PRECISION`, `REAL`, `VARCHAR`, `CHAR`, `CHARACTER`, `STRING`, `TEXT`, `BINARY`, `VARBINARY`, `BOOLEAN`, `DATE`, `DATETIME`, `TIME`, `TIMESTAMP`, `TIMESTAMP_LTZ`, `TIMESTAMP_NTZ`, `TIMESTAMP_TZ`, `VARIANT`, `OBJECT`, `ARRAY`, `GEOGRAPHY`. Please note these values are case sensitive. */ type?: pulumi.Input; } interface DatasetSqlServerTableSchemaColumn { /** * The description of the column. */ description?: pulumi.Input; /** * The name of the column. */ name: pulumi.Input; /** * Type of the column. Valid values are `Byte`, `Byte[]`, `Boolean`, `Date`, `DateTime`,`DateTimeOffset`, `Decimal`, `Double`, `Guid`, `Int16`, `Int32`, `Int64`, `Single`, `String`, `TimeSpan`. Please note these values are case sensitive. */ type?: pulumi.Input; } interface FactoryGithubConfiguration { /** * Specifies the GitHub account name. */ accountName: pulumi.Input; /** * Specifies the branch of the repository to get code from. */ branchName: pulumi.Input; /** * Specifies the GitHub Enterprise host name. For example: . Use for open source repositories. */ gitUrl?: pulumi.Input; /** * Is automated publishing enabled? Defaults to `true`. * * > **Note:** You must log in to the Data Factory management UI to complete the authentication to the GitHub repository. */ publishingEnabled?: pulumi.Input; /** * Specifies the name of the git repository. */ repositoryName: pulumi.Input; /** * Specifies the root folder within the repository. Set to `/` for the top level. */ rootFolder: pulumi.Input; } interface FactoryGlobalParameter { /** * Specifies the global parameter name. */ name: pulumi.Input; /** * Specifies the global parameter type. Possible Values are `Array`, `Bool`, `Float`, `Int`, `Object` or `String`. */ type: pulumi.Input; /** * Specifies the global parameter value. * * > **Note:** For type `Array` and `Object` it is recommended to use `jsonencode()` for the value */ value: pulumi.Input; } interface FactoryIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Data Factory. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Data Factory. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface FactoryVstsConfiguration { /** * Specifies the VSTS account name. */ accountName: pulumi.Input; /** * Specifies the branch of the repository to get code from. */ branchName: pulumi.Input; /** * Specifies the name of the VSTS project. */ projectName: pulumi.Input; /** * Is automated publishing enabled? Defaults to `true`. */ publishingEnabled?: pulumi.Input; /** * Specifies the name of the git repository. */ repositoryName: pulumi.Input; /** * Specifies the root folder within the repository. Set to `/` for the top level. */ rootFolder: pulumi.Input; /** * Specifies the Tenant ID associated with the VSTS account. */ tenantId: pulumi.Input; } interface FlowletDataFlowSink { /** * A `dataset` block as defined below. */ dataset?: pulumi.Input; /** * The description for the Data Flow Source. */ description?: pulumi.Input; /** * A `flowlet` block as defined below. */ flowlet?: pulumi.Input; /** * A `linkedService` block as defined below. */ linkedService?: pulumi.Input; /** * The name for the Data Flow Source. */ name: pulumi.Input; /** * A `rejectedLinkedService` block as defined below. */ rejectedLinkedService?: pulumi.Input; /** * A `schemaLinkedService` block as defined below. */ schemaLinkedService?: pulumi.Input; } interface FlowletDataFlowSinkDataset { /** * The name for the Data Factory Dataset. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory dataset. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface FlowletDataFlowSinkFlowlet { /** * Specifies the reference data flow parameters from dataset. */ datasetParameters?: pulumi.Input; /** * The name for the Data Factory Flowlet. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Flowlet. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface FlowletDataFlowSinkLinkedService { /** * The name for the Data Factory Linked Service. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface FlowletDataFlowSinkRejectedLinkedService { /** * The name for the Data Factory Linked Service with schema. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface FlowletDataFlowSinkSchemaLinkedService { /** * The name for the Data Factory Linked Service with schema. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface FlowletDataFlowSource { /** * A `dataset` block as defined below. */ dataset?: pulumi.Input; /** * The description for the Data Flow Source. */ description?: pulumi.Input; /** * A `flowlet` block as defined below. */ flowlet?: pulumi.Input; /** * A `linkedService` block as defined below. */ linkedService?: pulumi.Input; /** * The name for the Data Flow Source. */ name: pulumi.Input; /** * A `rejectedLinkedService` block as defined below. */ rejectedLinkedService?: pulumi.Input; /** * A `schemaLinkedService` block as defined below. */ schemaLinkedService?: pulumi.Input; } interface FlowletDataFlowSourceDataset { /** * The name for the Data Factory Dataset. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory dataset. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface FlowletDataFlowSourceFlowlet { /** * Specifies the reference data flow parameters from dataset. */ datasetParameters?: pulumi.Input; /** * The name for the Data Factory Flowlet. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Flowlet. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface FlowletDataFlowSourceLinkedService { /** * The name for the Data Factory Linked Service. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface FlowletDataFlowSourceRejectedLinkedService { /** * The name for the Data Factory Linked Service with schema. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface FlowletDataFlowSourceSchemaLinkedService { /** * The name for the Data Factory Linked Service with schema. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface FlowletDataFlowTransformation { /** * A `dataset` block as defined below. */ dataset?: pulumi.Input; /** * The description for the Data Flow transformation. */ description?: pulumi.Input; /** * A `flowlet` block as defined below. */ flowlet?: pulumi.Input; /** * A `linkedService` block as defined below. */ linkedService?: pulumi.Input; /** * The name for the Data Flow transformation. */ name: pulumi.Input; } interface FlowletDataFlowTransformationDataset { /** * The name for the Data Factory Dataset. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory dataset. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface FlowletDataFlowTransformationFlowlet { /** * Specifies the reference data flow parameters from dataset. */ datasetParameters?: pulumi.Input; /** * The name for the Data Factory Flowlet. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Flowlet. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface FlowletDataFlowTransformationLinkedService { /** * The name for the Data Factory Linked Service. */ name: pulumi.Input; /** * A map of parameters to associate with the Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface IntegrationRuntimeSelfHostedRbacAuthorization { /** * The resource identifier of the integration runtime to be shared. * * > **Please Note**: RBAC Authorization creates a [linked Self-hosted Integration Runtime targeting the Shared Self-hosted Integration Runtime in resourceId](https://docs.microsoft.com/azure/data-factory/create-shared-self-hosted-integration-runtime-powershell#share-the-self-hosted-integration-runtime-with-another-data-factory). The linked Self-hosted Integration Runtime needs Contributor access granted to the Shared Self-hosted Data Factory. * * For more information on the configuration, please check out the [Azure documentation](https://docs.microsoft.com/rest/api/datafactory/integrationruntimes/createorupdate#linkedintegrationruntimerbacauthorization) */ resourceId: pulumi.Input; } interface IntegrationRuntimeSsisCatalogInfo { /** * Administrator login name for the SQL Server. */ administratorLogin?: pulumi.Input; /** * Administrator login password for the SQL Server. */ administratorPassword?: pulumi.Input; /** * The dual standby Azure-SSIS Integration Runtime pair with SSISDB failover. */ dualStandbyPairName?: pulumi.Input; /** * The name of SQL elastic pool where the database will be created for the SSIS catalog. Mutually exclusive with `pricingTier`. */ elasticPoolName?: pulumi.Input; /** * Pricing tier for the database that will be created for the SSIS catalog. Valid values are: `Basic`, `S0`, `S1`, `S2`, `S3`, `S4`, `S6`, `S7`, `S9`, `S12`, `P1`, `P2`, `P4`, `P6`, `P11`, `P15`, `GP_S_Gen5_1`, `GP_S_Gen5_2`, `GP_S_Gen5_4`, `GP_S_Gen5_6`, `GP_S_Gen5_8`, `GP_S_Gen5_10`, `GP_S_Gen5_12`, `GP_S_Gen5_14`, `GP_S_Gen5_16`, `GP_S_Gen5_18`, `GP_S_Gen5_20`, `GP_S_Gen5_24`, `GP_S_Gen5_32`, `GP_S_Gen5_40`, `GP_Gen5_2`, `GP_Gen5_4`, `GP_Gen5_6`, `GP_Gen5_8`, `GP_Gen5_10`, `GP_Gen5_12`, `GP_Gen5_14`, `GP_Gen5_16`, `GP_Gen5_18`, `GP_Gen5_20`, `GP_Gen5_24`, `GP_Gen5_32`, `GP_Gen5_40`, `GP_Gen5_80`, `BC_Gen5_2`, `BC_Gen5_4`, `BC_Gen5_6`, `BC_Gen5_8`, `BC_Gen5_10`, `BC_Gen5_12`, `BC_Gen5_14`, `BC_Gen5_16`, `BC_Gen5_18`, `BC_Gen5_20`, `BC_Gen5_24`, `BC_Gen5_32`, `BC_Gen5_40`, `BC_Gen5_80`, `HS_Gen5_2`, `HS_Gen5_4`, `HS_Gen5_6`, `HS_Gen5_8`, `HS_Gen5_10`, `HS_Gen5_12`, `HS_Gen5_14`, `HS_Gen5_16`, `HS_Gen5_18`, `HS_Gen5_20`, `HS_Gen5_24`, `HS_Gen5_32`, `HS_Gen5_40` and `HS_Gen5_80`. Mutually exclusive with `elasticPoolName`. */ pricingTier?: pulumi.Input; /** * The endpoint of an Azure SQL Server that will be used to host the SSIS catalog. */ serverEndpoint: pulumi.Input; } interface IntegrationRuntimeSsisCopyComputeScale { /** * Specifies the data integration unit number setting reserved for copy activity execution. Supported values are multiples of `4` in range 4-256. */ dataIntegrationUnit?: pulumi.Input; /** * Specifies the time to live (in minutes) setting of integration runtime which will execute copy activity. Possible values are at least `5`. */ timeToLive?: pulumi.Input; } interface IntegrationRuntimeSsisCustomSetupScript { /** * The blob endpoint for the container which contains a custom setup script that will be run on every node on startup. See [https://docs.microsoft.com/azure/data-factory/how-to-configure-azure-ssis-ir-custom-setup](https://docs.microsoft.com/azure/data-factory/how-to-configure-azure-ssis-ir-custom-setup) for more information. */ blobContainerUri: pulumi.Input; /** * A container SAS token that gives access to the files. See [https://docs.microsoft.com/azure/data-factory/how-to-configure-azure-ssis-ir-custom-setup](https://docs.microsoft.com/azure/data-factory/how-to-configure-azure-ssis-ir-custom-setup) for more information. */ sasToken: pulumi.Input; } interface IntegrationRuntimeSsisExpressCustomSetup { /** * One or more `commandKey` blocks as defined below. */ commandKeys?: pulumi.Input[]>; /** * One or more `component` blocks as defined below. */ components?: pulumi.Input[]>; /** * The Environment Variables for the Azure-SSIS Integration Runtime. */ environment?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The version of Azure Powershell installed for the Azure-SSIS Integration Runtime. * * > **Note:** At least one of `env`, `powershellVersion`, `component` and `commandKey` should be specified. */ powershellVersion?: pulumi.Input; } interface IntegrationRuntimeSsisExpressCustomSetupCommandKey { /** * A `keyVaultSecretReference` block as defined below. */ keyVaultPassword?: pulumi.Input; /** * The password for the target device. */ password?: pulumi.Input; /** * The target computer or domain name. */ targetName: pulumi.Input; /** * The username for the target device. */ userName: pulumi.Input; } interface IntegrationRuntimeSsisExpressCustomSetupCommandKeyKeyVaultPassword { linkedServiceName: pulumi.Input; /** * A map of parameters to associate with the Key Vault Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the secret name in Azure Key Vault. */ secretName: pulumi.Input; /** * Specifies the secret version in Azure Key Vault. */ secretVersion?: pulumi.Input; } interface IntegrationRuntimeSsisExpressCustomSetupComponent { /** * A `keyVaultSecretReference` block as defined below. */ keyVaultLicense?: pulumi.Input; /** * The license used for the Component. */ license?: pulumi.Input; /** * The Component Name installed for the Azure-SSIS Integration Runtime. */ name: pulumi.Input; } interface IntegrationRuntimeSsisExpressCustomSetupComponentKeyVaultLicense { linkedServiceName: pulumi.Input; /** * A map of parameters to associate with the Key Vault Data Factory Linked Service. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the secret name in Azure Key Vault. */ secretName: pulumi.Input; /** * Specifies the secret version in Azure Key Vault. */ secretVersion?: pulumi.Input; } interface IntegrationRuntimeSsisExpressVnetIntegration { /** * id of the subnet to which the nodes of the Azure-SSIS Integration Runtime will be added. */ subnetId: pulumi.Input; } interface IntegrationRuntimeSsisPackageStore { /** * Name of the Linked Service to associate with the packages. */ linkedServiceName: pulumi.Input; /** * Name of the package store. */ name: pulumi.Input; } interface IntegrationRuntimeSsisPipelineExternalComputeScale { /** * Specifies the number of the external nodes, which should be greater than `0` and less than `11`. */ numberOfExternalNodes?: pulumi.Input; /** * Specifies the number of the pipeline nodes, which should be greater than `0` and less than `11`. */ numberOfPipelineNodes?: pulumi.Input; /** * Specifies the time to live (in minutes) setting of integration runtime which will execute copy activity. Possible values are at least `5`. */ timeToLive?: pulumi.Input; } interface IntegrationRuntimeSsisProxy { /** * The path in the data store to be used when moving data between Self-Hosted and Azure-SSIS Integration Runtimes. */ path?: pulumi.Input; /** * Name of Self Hosted Integration Runtime as a proxy. */ selfHostedIntegrationRuntimeName: pulumi.Input; /** * Name of Azure Blob Storage linked service to reference the staging data store to be used when moving data between self-hosted and Azure-SSIS integration runtimes. */ stagingStorageLinkedServiceName: pulumi.Input; } interface IntegrationRuntimeSsisVnetIntegration { /** * Static public IP addresses for the Azure-SSIS Integration Runtime. The size must be 2. */ publicIps?: pulumi.Input[]>; /** * id of the subnet to which the nodes of the Azure-SSIS Integration Runtime will be added. * * > **Note:** Only one of `subnetId` and `subnetName` can be specified. If `subnetName` is specified, `vnetId` must be provided. */ subnetId?: pulumi.Input; /** * Name of the subnet to which the nodes of the Azure-SSIS Integration Runtime will be added. */ subnetName?: pulumi.Input; /** * ID of the virtual network to which the nodes of the Azure-SSIS Integration Runtime will be added. */ vnetId?: pulumi.Input; } interface LinkedCustomServiceIntegrationRuntime { /** * The integration runtime reference to associate with the Data Factory Linked Service. */ name: pulumi.Input; /** * A map of parameters to associate with the integration runtime. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface LinkedServiceAzureBlobStorageKeyVaultSasToken { linkedServiceName: pulumi.Input; secretName: pulumi.Input; } interface LinkedServiceAzureBlobStorageSasTokenLinkedKeyVaultKey { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores the SAS token. */ secretName: pulumi.Input; } interface LinkedServiceAzureBlobStorageServicePrincipalLinkedKeyVaultKey { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores the Service Principal key. */ secretName: pulumi.Input; } interface LinkedServiceAzureDatabricksInstancePool { /** * Spark version of a the cluster. */ clusterVersion: pulumi.Input; /** * Identifier of the instance pool within the linked ADB instance. */ instancePoolId: pulumi.Input; /** * The max number of worker nodes. Set this value if you want to enable autoscaling between the `minNumberOfWorkers` and this value. Omit this value to use a fixed number of workers defined in the `minNumberOfWorkers` property. */ maxNumberOfWorkers?: pulumi.Input; /** * The minimum number of worker nodes. Defaults to `1`. */ minNumberOfWorkers?: pulumi.Input; } interface LinkedServiceAzureDatabricksKeyVaultPassword { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores ADB access token. */ secretName: pulumi.Input; } interface LinkedServiceAzureDatabricksNewClusterConfig { /** * Spark version of a the cluster. */ clusterVersion: pulumi.Input; /** * Tags for the cluster resource. */ customTags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Driver node type for the cluster. */ driverNodeType?: pulumi.Input; /** * User defined initialization scripts for the cluster. */ initScripts?: pulumi.Input[]>; /** * Location to deliver Spark driver, worker, and event logs. */ logDestination?: pulumi.Input; /** * Specifies the maximum number of worker nodes. It should be between 1 and 25000. */ maxNumberOfWorkers?: pulumi.Input; /** * Specifies the minimum number of worker nodes. It should be between 1 and 25000. It defaults to `1`. */ minNumberOfWorkers?: pulumi.Input; /** * Node type for the new cluster. */ nodeType: pulumi.Input; /** * User-specified Spark configuration variables key-value pairs. */ sparkConfig?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * User-specified Spark environment variables key-value pairs. */ sparkEnvironmentVariables?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface LinkedServiceAzureFileStorageKeyVaultPassword { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores Azure File Storage password. */ secretName: pulumi.Input; } interface LinkedServiceAzureFunctionKeyVaultKey { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores the system key of the Azure Function. */ secretName: pulumi.Input; } interface LinkedServiceAzureSqlDatabaseKeyVaultConnectionString { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores SQL Server connection string. */ secretName: pulumi.Input; } interface LinkedServiceAzureSqlDatabaseKeyVaultPassword { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores SQL Server password. */ secretName: pulumi.Input; } interface LinkedServiceOdataBasicAuthentication { /** * The password associated with the username, which can be used to authenticate to the OData endpoint. */ password: pulumi.Input; /** * The username which can be used to authenticate to the OData endpoint. */ username: pulumi.Input; } interface LinkedServiceOdbcBasicAuthentication { /** * The password associated with the username, which can be used to authenticate to the ODBC endpoint. */ password: pulumi.Input; /** * The username which can be used to authenticate to the ODBC endpoint. */ username: pulumi.Input; } interface LinkedServiceSftpKeyVaultPassword { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the name of the secret containing the password. */ secretName: pulumi.Input; } interface LinkedServiceSftpKeyVaultPrivateKeyContentBase64 { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the name of the secret containing the Base64 encoded SSH private key. */ secretName: pulumi.Input; } interface LinkedServiceSftpKeyVaultPrivateKeyPassphrase { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the name of the secret containing the SSH private key passphrase. */ secretName: pulumi.Input; } interface LinkedServiceSnowflakeKeyVaultPassword { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores Snowflake password. */ secretName: pulumi.Input; } interface LinkedServiceSqlManagedInstanceKeyVaultConnectionString { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores SQL Managed Instance connection string. */ secretName: pulumi.Input; } interface LinkedServiceSqlManagedInstanceKeyVaultPassword { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores SQL Managed Instance password. */ secretName: pulumi.Input; } interface LinkedServiceSqlServerKeyVaultConnectionString { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores SQL Server connection string. */ secretName: pulumi.Input; } interface LinkedServiceSqlServerKeyVaultPassword { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores SQL Server password. */ secretName: pulumi.Input; } interface LinkedServiceSynapseKeyVaultPassword { /** * Specifies the name of an existing Key Vault Data Factory Linked Service. */ linkedServiceName: pulumi.Input; /** * Specifies the secret name in Azure Key Vault that stores Synapse password. */ secretName: pulumi.Input; } interface TriggerBlobEventPipeline { /** * The Data Factory Pipeline name that the trigger will act on. */ name: pulumi.Input; /** * The Data Factory Pipeline parameters that the trigger will act on. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface TriggerCustomEventPipeline { /** * The Data Factory Pipeline name that the trigger will act on. */ name: pulumi.Input; /** * The Data Factory Pipeline parameters that the trigger will act on. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface TriggerSchedulePipeline { /** * Reference pipeline name. */ name: pulumi.Input; /** * The pipeline parameters that the trigger will act upon. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface TriggerScheduleSchedule { /** * Day(s) of the month on which the trigger is scheduled. This value can be specified with a monthly frequency only. */ daysOfMonths?: pulumi.Input[]>; /** * Days of the week on which the trigger is scheduled. This value can be specified only with a weekly frequency. */ daysOfWeeks?: pulumi.Input[]>; /** * Hours of the day on which the trigger is scheduled. */ hours?: pulumi.Input[]>; /** * Minutes of the hour on which the trigger is scheduled. */ minutes?: pulumi.Input[]>; /** * A `monthly` block as documented below, which specifies the days of the month on which the trigger is scheduled. The value can be specified only with a monthly frequency. */ monthlies?: pulumi.Input[]>; } interface TriggerScheduleScheduleMonthly { /** * The occurrence of the specified day during the month. For example, a `monthly` property with `weekday` and `week` values of `Sunday, -1` means the last Sunday of the month. */ week?: pulumi.Input; /** * The day of the week on which the trigger runs. For example, a `monthly` property with a `weekday` value of `Sunday` means every Sunday of the month. */ weekday: pulumi.Input; } interface TriggerTumblingWindowPipeline { /** * The Data Factory Pipeline name that the trigger will act on. */ name: pulumi.Input; /** * The Data Factory Pipeline parameters that the trigger will act on. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface TriggerTumblingWindowRetry { /** * The maximum retry attempts if the pipeline run failed. */ count: pulumi.Input; /** * The Interval in seconds between each retry if the pipeline run failed. Defaults to `30`. */ interval?: pulumi.Input; } interface TriggerTumblingWindowTriggerDependency { /** * The offset of the dependency trigger. Must be in Timespan format (±hh:mm:ss) and must be a negative offset for a self dependency. */ offset?: pulumi.Input; /** * The size of the dependency tumbling window. Must be in Timespan format (hh:mm:ss). */ size?: pulumi.Input; /** * The dependency trigger name. If not specified, it will use self dependency. */ triggerName?: pulumi.Input; } } export declare namespace dataprotection { interface BackupInstanceKubernetesClusterBackupDatasourceParameters { /** * Whether to include cluster scope resources during backup. Default to `false`. Changing this forces a new resource to be created. */ clusterScopedResourcesEnabled?: pulumi.Input; /** * Specifies the namespaces to be excluded during backup. Changing this forces a new resource to be created. */ excludedNamespaces?: pulumi.Input[]>; /** * Specifies the resource types to be excluded during backup. Changing this forces a new resource to be created. */ excludedResourceTypes?: pulumi.Input[]>; /** * Specifies the namespaces to be included during backup. Changing this forces a new resource to be created. */ includedNamespaces?: pulumi.Input[]>; /** * Specifies the resource types to be included during backup. Changing this forces a new resource to be created. */ includedResourceTypes?: pulumi.Input[]>; /** * Specifies the resources with such label selectors to be included during backup. Changing this forces a new resource to be created. */ labelSelectors?: pulumi.Input[]>; /** * Whether to take volume snapshots during backup. Default to `false`. Changing this forces a new resource to be created. */ volumeSnapshotEnabled?: pulumi.Input; } interface BackupPolicyBlobStorageRetentionRule { /** * A `criteria` block as defined below. Changing this forces a new Backup Policy Blob Storage to be created. */ criteria: pulumi.Input; /** * A `lifeCycle` block as defined below. Changing this forces a new Backup Policy Blob Storage to be created. */ lifeCycle: pulumi.Input; /** * The name which should be used for this retention rule. Changing this forces a new Backup Policy Blob Storage to be created. */ name: pulumi.Input; /** * Specifies the priority of the rule. The priority number must be unique for each rule. The lower the priority number, the higher the priority of the rule. Changing this forces a new Backup Policy Blob Storage to be created. */ priority: pulumi.Input; } interface BackupPolicyBlobStorageRetentionRuleCriteria { /** * Possible values are `AllBackup`, `FirstOfDay`, `FirstOfWeek`, `FirstOfMonth` and `FirstOfYear`. These values mean the first successful backup of the day/week/month/year. Changing this forces a new Backup Policy Blob Storage to be created. */ absoluteCriteria?: pulumi.Input; /** * Must be between `0` and `28`. `0` for last day within the month. Changing this forces a new Backup Policy Blob Storage to be created. */ daysOfMonths?: pulumi.Input[]>; /** * Possible values are `Monday`, `Tuesday`, `Thursday`, `Friday`, `Saturday` and `Sunday`. Changing this forces a new Backup Policy Blob Storage to be created. */ daysOfWeeks?: pulumi.Input[]>; /** * Possible values are `January`, `February`, `March`, `April`, `May`, `June`, `July`, `August`, `September`, `October`, `November` and `December`. Changing this forces a new Backup Policy Blob Storage to be created. When this property is specified, exactly one of the following must also be set: `daysOfMonth`, `daysOfWeek` */ monthsOfYears?: pulumi.Input[]>; /** * Specifies a list of backup times for backup in the `RFC3339` format. Changing this forces a new Backup Policy Blob Storage to be created. */ scheduledBackupTimes?: pulumi.Input[]>; /** * Possible values are `First`, `Second`, `Third`, `Fourth` and `Last`. Changing this forces a new Backup Policy Blob Storage to be created. When this property is specified, exactly one of the following must also be set: `daysOfMonth`, `daysOfWeek` * * > **Note:** When not using `absoluteCriteria`, you must use exactly one of `daysOfMonth` or `daysOfWeek`. Regarding the remaining two properties, `weeksOfMonth` and `monthsOfYear`, you may use either, both, or neither. If you would like to set multiple intervals, you may do so by using multiple `retentionRule` blocks. */ weeksOfMonths?: pulumi.Input[]>; } interface BackupPolicyBlobStorageRetentionRuleLifeCycle { /** * The type of data store. The only possible value is `VaultStore`. Changing this forces a new Backup Policy Blob Storage to be created. */ dataStoreType: pulumi.Input; /** * The retention duration up to which the backups are to be retained in the data stores. It should follow `ISO 8601` duration format. Changing this forces a new Backup Policy Blob Storage to be created. */ duration: pulumi.Input; } interface BackupPolicyDataLakeStorageRetentionRule { /** * Specifies the absolute criteria for the retention rule. Possible values include `AllBackup`, `FirstOfDay`, `FirstOfWeek`, `FirstOfMonth`, and `FirstOfYear`. These values mean the first successful backup of the day/week/month/year. Changing this forces a new resource to be created. */ absoluteCriteria?: pulumi.Input; /** * Specifies a list of days of the week on which the retention rule applies. Possible values include `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday`, and `Sunday`. Changing this forces a new resource to be created. */ daysOfWeeks?: pulumi.Input[]>; /** * The retention duration up to which the backups are to be retained in the data stores. It should follow `ISO 8601` duration format. Changing this forces a new resource to be created. */ duration: pulumi.Input; /** * Specifies a list of months of the year on which the retention rule applies. Possible values include `January`, `February`, `March`, `April`, `May`, `June`, `July`, `August`, `September`, `October`, `November`, and `December`. Changing this forces a new resource to be created. */ monthsOfYears?: pulumi.Input[]>; /** * Specifies the name of the retention rule. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specifies a list of backup times for backup in the `RFC3339` format. Changing this forces a new resource to be created. * * > **Note:** At least one of `absoluteCriteria` or `daysOfWeek` must be specified. `weeksOfMonth` and `monthsOfYear` are optional and can be supplied together. Multiple intervals may be set using multiple `retentionRule` blocks. */ scheduledBackupTimes?: pulumi.Input[]>; /** * Specifies a list of weeks of the month on which the retention rule applies. Possible values include `First`, `Second`, `Third`, `Fourth`, and `Last`. Changing this forces a new resource to be created. */ weeksOfMonths?: pulumi.Input[]>; } interface BackupPolicyDiskRetentionRule { /** * A `criteria` block as defined below. Changing this forces a new Backup Policy Disk to be created. */ criteria: pulumi.Input; /** * Duration of deletion after given timespan. It should follow `ISO 8601` duration format. Changing this forces a new Backup Policy Disk to be created. */ duration: pulumi.Input; /** * The name which should be used for this retention rule. Changing this forces a new Backup Policy Disk to be created. */ name: pulumi.Input; /** * Retention Tag priority. Changing this forces a new Backup Policy Disk to be created. */ priority: pulumi.Input; } interface BackupPolicyDiskRetentionRuleCriteria { /** * Possible values are `AllBackup`, `FirstOfDay`, `FirstOfWeek`, `FirstOfMonth` and `FirstOfYear`. These values mean the first successful backup of the day/week/month/year. Changing this forces a new Backup Policy Disk to be created. */ absoluteCriteria?: pulumi.Input; } interface BackupPolicyKubernetesClusterDefaultRetentionRule { /** * A `lifeCycle` block as defined below. Changing this forces a new resource to be created. */ lifeCycles: pulumi.Input[]>; } interface BackupPolicyKubernetesClusterDefaultRetentionRuleLifeCycle { /** * The type of data store. The only possible value is `OperationalStore`. Changing this forces a new resource to be created. */ dataStoreType: pulumi.Input; /** * The retention duration up to which the backups are to be retained in the data stores. It should follow `ISO 8601` duration format. Changing this forces a new resource to be created. */ duration: pulumi.Input; } interface BackupPolicyKubernetesClusterRetentionRule { /** * A `criteria` block as defined below. Changing this forces a new resource to be created. */ criteria: pulumi.Input; /** * A `lifeCycle` block as defined below. Changing this forces a new resource to be created. */ lifeCycles: pulumi.Input[]>; /** * The name which should be used for this retention rule. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specifies the priority of the rule. The priority number must be unique for each rule. The lower the priority number, the higher the priority of the rule. Changing this forces a new resource to be created. */ priority: pulumi.Input; } interface BackupPolicyKubernetesClusterRetentionRuleCriteria { /** * Possible values are `AllBackup`, `FirstOfDay`, `FirstOfWeek`, `FirstOfMonth` and `FirstOfYear`. These values mean the first successful backup of the day/week/month/year. Changing this forces a new resource to be created. */ absoluteCriteria?: pulumi.Input; /** * Possible values are `Monday`, `Tuesday`, `Thursday`, `Friday`, `Saturday` and `Sunday`. Changing this forces a new resource to be created. */ daysOfWeeks?: pulumi.Input[]>; /** * Possible values are `January`, `February`, `March`, `April`, `May`, `June`, `July`, `August`, `September`, `October`, `November` and `December`. Changing this forces a new resource to be created. */ monthsOfYears?: pulumi.Input[]>; /** * Specifies a list of backup times for backup in the `RFC3339` format. Changing this forces a new resource to be created. */ scheduledBackupTimes?: pulumi.Input[]>; /** * Possible values are `First`, `Second`, `Third`, `Fourth` and `Last`. Changing this forces a new resource to be created. * * > **Note:** When not using `absoluteCriteria`, you must use exactly one of `daysOfMonth` or `daysOfWeek`. Regarding the remaining two properties, `weeksOfMonth` and `monthsOfYear`, you may use either, both, or neither. If you would like to set multiple intervals, you may do so by using multiple `retentionRule` blocks. */ weeksOfMonths?: pulumi.Input[]>; } interface BackupPolicyKubernetesClusterRetentionRuleLifeCycle { /** * The type of data store. The only possible value is `OperationalStore`. Changing this forces a new resource to be created. */ dataStoreType: pulumi.Input; /** * The retention duration up to which the backups are to be retained in the data stores. It should follow `ISO 8601` duration format. Changing this forces a new resource to be created. */ duration: pulumi.Input; } interface BackupPolicyMysqlFlexibleServerDefaultRetentionRule { /** * A `lifeCycle` block as defined below. Changing this forces a new resource to be created. */ lifeCycles: pulumi.Input[]>; } interface BackupPolicyMysqlFlexibleServerDefaultRetentionRuleLifeCycle { /** * The type of data store. The only possible value is `VaultStore`. Changing this forces a new resource to be created. */ dataStoreType: pulumi.Input; /** * The retention duration up to which the backups are to be retained in the data stores. It should follow `ISO 8601` duration format. Changing this forces a new resource to be created. */ duration: pulumi.Input; } interface BackupPolicyMysqlFlexibleServerRetentionRule { /** * A `criteria` block as defined below. Changing this forces a new resource to be created. */ criteria: pulumi.Input; /** * A `lifeCycle` block as defined below. Changing this forces a new resource to be created. */ lifeCycles: pulumi.Input[]>; /** * Specifies the name of the retention rule. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specifies the priority of the rule. The priority number must be unique for each rule. The lower the priority number, the higher the priority of the rule. Changing this forces a new resource to be created. */ priority: pulumi.Input; } interface BackupPolicyMysqlFlexibleServerRetentionRuleCriteria { /** * Possible values are `AllBackup`, `FirstOfDay`, `FirstOfWeek`, `FirstOfMonth` and `FirstOfYear`. These values mean the first successful backup of the day/week/month/year. Changing this forces a new resource to be created. */ absoluteCriteria?: pulumi.Input; /** * Possible values are `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` and `Sunday`. Changing this forces a new resource to be created. */ daysOfWeeks?: pulumi.Input[]>; /** * Possible values are `January`, `February`, `March`, `April`, `May`, `June`, `July`, `August`, `September`, `October`, `November` and `December`. Changing this forces a new resource to be created. */ monthsOfYears?: pulumi.Input[]>; /** * Specifies a list of backup times for backup in the `RFC3339` format. Changing this forces a new resource to be created. */ scheduledBackupTimes?: pulumi.Input[]>; /** * Possible values are `First`, `Second`, `Third`, `Fourth` and `Last`. Changing this forces a new resource to be created. * * > **Note:** When not using `absoluteCriteria`, you must use exactly one of `daysOfMonth` or `daysOfWeek`. Regarding the remaining two properties, `weeksOfMonth` and `monthsOfYear`, you may use either, both, or neither. If you would like to set multiple intervals, you may do so by using multiple `retentionRule` blocks. */ weeksOfMonths?: pulumi.Input[]>; } interface BackupPolicyMysqlFlexibleServerRetentionRuleLifeCycle { /** * The type of data store. The only possible value is `VaultStore`. Changing this forces a new resource to be created. */ dataStoreType: pulumi.Input; /** * The retention duration up to which the backups are to be retained in the data stores. It should follow `ISO 8601` duration format. Changing this forces a new resource to be created. */ duration: pulumi.Input; } interface BackupPolicyPostgresqlFlexibleServerDefaultRetentionRule { /** * A `lifeCycle` block as defined below. Changing this forces a new resource to be created. */ lifeCycles: pulumi.Input[]>; } interface BackupPolicyPostgresqlFlexibleServerDefaultRetentionRuleLifeCycle { /** * The type of data store. The only possible value is `VaultStore`. Changing this forces a new resource to be created. */ dataStoreType: pulumi.Input; /** * The retention duration up to which the backups are to be retained in the data stores. It should follow `ISO 8601` duration format. Changing this forces a new resource to be created. */ duration: pulumi.Input; } interface BackupPolicyPostgresqlFlexibleServerRetentionRule { /** * A `criteria` block as defined below. Changing this forces a new resource to be created. */ criteria: pulumi.Input; /** * A `lifeCycle` block as defined below. Changing this forces a new resource to be created. */ lifeCycles: pulumi.Input[]>; /** * Specifies the name of the retention rule. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specifies the priority of the rule. The priority number must be unique for each rule. The lower the priority number, the higher the priority of the rule. Changing this forces a new resource to be created. */ priority: pulumi.Input; } interface BackupPolicyPostgresqlFlexibleServerRetentionRuleCriteria { /** * Possible values are `AllBackup`, `FirstOfDay`, `FirstOfWeek`, `FirstOfMonth` and `FirstOfYear`. These values mean the first successful backup of the day/week/month/year. Changing this forces a new resource to be created. */ absoluteCriteria?: pulumi.Input; /** * Possible values are `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` and `Sunday`. Changing this forces a new resource to be created. */ daysOfWeeks?: pulumi.Input[]>; /** * Possible values are `January`, `February`, `March`, `April`, `May`, `June`, `July`, `August`, `September`, `October`, `November` and `December`. Changing this forces a new resource to be created. */ monthsOfYears?: pulumi.Input[]>; /** * Specifies a list of backup times for backup in the `RFC3339` format. Changing this forces a new resource to be created. */ scheduledBackupTimes?: pulumi.Input[]>; /** * Possible values are `First`, `Second`, `Third`, `Fourth` and `Last`. Changing this forces a new resource to be created. * * > **Note:** When not using `absoluteCriteria`, you must use exactly one of `daysOfMonth` or `daysOfWeek`. Regarding the remaining two properties, `weeksOfMonth` and `monthsOfYear`, you may use either, both, or neither. If you would like to set multiple intervals, you may do so by using multiple `retentionRule` blocks. */ weeksOfMonths?: pulumi.Input[]>; } interface BackupPolicyPostgresqlFlexibleServerRetentionRuleLifeCycle { /** * The type of data store. The only possible value is `VaultStore`. Changing this forces a new resource to be created. */ dataStoreType: pulumi.Input; /** * The retention duration up to which the backups are to be retained in the data stores. It should follow `ISO 8601` duration format. Changing this forces a new resource to be created. */ duration: pulumi.Input; } interface BackupPolicyPostgresqlRetentionRule { /** * A `criteria` block as defined below. Changing this forces a new Backup Policy PostgreSQL to be created. */ criteria: pulumi.Input; /** * Duration after which the backup is deleted. It should follow `ISO 8601` duration format. Changing this forces a new Backup Policy PostgreSQL to be created. */ duration: pulumi.Input; /** * The name which should be used for this retention rule. Changing this forces a new Backup Policy PostgreSQL to be created. */ name: pulumi.Input; /** * Specifies the priority of the rule. The priority number must be unique for each rule. The lower the priority number, the higher the priority of the rule. Changing this forces a new Backup Policy PostgreSQL to be created. */ priority: pulumi.Input; } interface BackupPolicyPostgresqlRetentionRuleCriteria { /** * Possible values are `AllBackup`, `FirstOfDay`, `FirstOfWeek`, `FirstOfMonth` and `FirstOfYear`. These values mean the first successful backup of the day/week/month/year. Changing this forces a new Backup Policy PostgreSQL to be created. */ absoluteCriteria?: pulumi.Input; /** * Possible values are `Monday`, `Tuesday`, `Thursday`, `Friday`, `Saturday` and `Sunday`. Changing this forces a new Backup Policy PostgreSQL to be created. */ daysOfWeeks?: pulumi.Input[]>; /** * Possible values are `January`, `February`, `March`, `April`, `May`, `June`, `July`, `August`, `September`, `October`, `November` and `December`. Changing this forces a new Backup Policy PostgreSQL to be created. */ monthsOfYears?: pulumi.Input[]>; /** * Specifies a list of backup times for backup in the `RFC3339` format. Changing this forces a new Backup Policy PostgreSQL to be created. */ scheduledBackupTimes?: pulumi.Input[]>; /** * Possible values are `First`, `Second`, `Third`, `Fourth` and `Last`. Changing this forces a new Backup Policy PostgreSQL to be created. * * > **Note:** When not using `absoluteCriteria`, you must use exactly one of `daysOfMonth` or `daysOfWeek`. Regarding the remaining two properties, `weeksOfMonth` and `monthsOfYear`, you may use either, both, or neither. If you would like to set multiple intervals, you may do so by using multiple `retentionRule` blocks. */ weeksOfMonths?: pulumi.Input[]>; } interface BackupVaultIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Backup Vault. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Identity of this Backup Vault. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Identity of this Backup Vault. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Backup Vault. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } } export declare namespace datashare { interface AccountIdentity { /** * The Principal ID for the Service Principal associated with the Identity of this Data Share Account. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Identity of this Data Share Account. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Data Share Account. The only possible value is `SystemAssigned`. Changing this forces a new resource to be created. * * > **Note:** The assigned `principalId` and `tenantId` can be retrieved after the identity `type` has been set to `SystemAssigned` and the Data Share Account has been created. More details are available below. */ type: pulumi.Input; } interface DatasetBlobStorageStorageAccount { /** * The name of the storage account to be shared with the receiver. Changing this forces a new Data Share Blob Storage Dataset to be created. */ name: pulumi.Input; /** * The resource group name of the storage account to be shared with the receiver. Changing this forces a new Data Share Blob Storage Dataset to be created. */ resourceGroupName: pulumi.Input; /** * The subscription id of the storage account to be shared with the receiver. Changing this forces a new Data Share Blob Storage Dataset to be created. */ subscriptionId: pulumi.Input; } interface ShareSnapshotSchedule { /** * The name of the snapshot schedule. */ name: pulumi.Input; /** * The interval of the synchronization with the source data. Possible values are `Hour` and `Day`. */ recurrence: pulumi.Input; /** * The synchronization with the source data's start time. */ startTime: pulumi.Input; } } export declare namespace desktopvirtualization { interface HostPoolScheduledAgentUpdates { /** * Enables or disables scheduled updates of the AVD agent components (RDAgent, Geneva Monitoring agent, and side-by-side stack) on session hosts. If this is enabled then up to two `schedule` blocks must be defined. Default is `false`. * * > **Note:** if `enabled` is set to `true` then at least one and a maximum of two `schedule` blocks must be provided. */ enabled?: pulumi.Input; /** * A `schedule` block as defined below. A maximum of two blocks can be added. */ schedules?: pulumi.Input[]>; /** * Specifies the time zone in which the agent update schedule will apply, [the possible values are defined here](https://jackstromberg.com/2017/01/list-of-time-zones-consumed-by-azure/). If `useSessionHostTimezone` is enabled then it will override this setting. Default is `UTC` */ timezone?: pulumi.Input; /** * Specifies whether scheduled agent updates should be applied based on the timezone of the affected session host. If configured then this setting overrides `timezone`. Default is `false`. */ useSessionHostTimezone?: pulumi.Input; } interface HostPoolScheduledAgentUpdatesSchedule { /** * The day of the week on which agent updates should be performed. Possible values are `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday`, and `Sunday` */ dayOfWeek: pulumi.Input; /** * The hour of day the update window should start. The update is a 2 hour period following the hour provided. The value should be provided as a number between 0 and 23, with 0 being midnight and 23 being 11pm. A leading zero should not be used. */ hourOfDay: pulumi.Input; } interface ScalingPlanHostPool { /** * The ID of the HostPool to assign the Scaling Plan to. */ hostpoolId: pulumi.Input; /** * Specifies if the scaling plan is enabled or disabled for the HostPool. */ scalingPlanEnabled: pulumi.Input; } interface ScalingPlanSchedule { /** * A list of Days of the Week on which this schedule will be used. Possible values are `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday`, and `Sunday` */ daysOfWeeks: pulumi.Input[]>; /** * The name of the schedule. */ name: pulumi.Input; /** * The load Balancing Algorithm to use during Off-Peak Hours. Possible values are `DepthFirst` and `BreadthFirst`. */ offPeakLoadBalancingAlgorithm: pulumi.Input; /** * The time at which Off-Peak scaling will begin. This is also the end-time for the Ramp-Down period. The time must be specified in "HH:MM" format. */ offPeakStartTime: pulumi.Input; /** * The load Balancing Algorithm to use during Peak Hours. Possible values are `DepthFirst` and `BreadthFirst`. */ peakLoadBalancingAlgorithm: pulumi.Input; /** * The time at which Peak scaling will begin. This is also the end-time for the Ramp-Up period. The time must be specified in "HH:MM" format. */ peakStartTime: pulumi.Input; /** * This is the value in percentage of used host pool capacity that will be considered to evaluate whether to turn on/off virtual machines during the ramp-down and off-peak hours. For example, if capacity threshold is specified as 60% and your total host pool capacity is 100 sessions, autoscale will turn on additional session hosts once the host pool exceeds a load of 60 sessions. */ rampDownCapacityThresholdPercent: pulumi.Input; /** * Whether users will be forced to log-off session hosts once the `rampDownWaitTimeMinutes` value has been exceeded during the Ramp-Down period. Possible values are `true` and `false`. */ rampDownForceLogoffUsers: pulumi.Input; /** * The load Balancing Algorithm to use during the Ramp-Down period. Possible values are `DepthFirst` and `BreadthFirst`. */ rampDownLoadBalancingAlgorithm: pulumi.Input; /** * The minimum percentage of session host virtual machines that you would like to get to for ramp-down and off-peak hours. For example, if Minimum percentage of hosts is specified as 10% and total number of session hosts in your host pool is 10, autoscale will ensure a minimum of 1 session host is available to take user connections. */ rampDownMinimumHostsPercent: pulumi.Input; /** * The notification message to send to users during Ramp-Down period when they are required to log-off. */ rampDownNotificationMessage: pulumi.Input; /** * The time at which Ramp-Down scaling will begin. This is also the end-time for the Ramp-Up period. The time must be specified in "HH:MM" format. */ rampDownStartTime: pulumi.Input; /** * Controls Session Host shutdown behaviour during Ramp-Down period. Session Hosts can either be shutdown when all sessions on the Session Host have ended, or when there are no Active sessions left on the Session Host. Possible values are `ZeroSessions` and `ZeroActiveSessions`. */ rampDownStopHostsWhen: pulumi.Input; /** * The number of minutes during Ramp-Down period that autoscale will wait after setting the session host VMs to drain mode, notifying any currently signed in users to save their work before forcing the users to logoff. Once all user sessions on the session host VM have been logged off, Autoscale will shut down the VM. */ rampDownWaitTimeMinutes: pulumi.Input; /** * This is the value of percentage of used host pool capacity that will be considered to evaluate whether to turn on/off virtual machines during the ramp-up and peak hours. For example, if capacity threshold is specified as `60%` and your total host pool capacity is `100` sessions, autoscale will turn on additional session hosts once the host pool exceeds a load of `60` sessions. */ rampUpCapacityThresholdPercent?: pulumi.Input; /** * The load Balancing Algorithm to use during the Ramp-Up period. Possible values are `DepthFirst` and `BreadthFirst`. */ rampUpLoadBalancingAlgorithm: pulumi.Input; /** * Specifies the minimum percentage of session host virtual machines to start during ramp-up for peak hours. For example, if Minimum percentage of hosts is specified as `10%` and total number of session hosts in your host pool is `10`, autoscale will ensure a minimum of `1` session host is available to take user connections. */ rampUpMinimumHostsPercent?: pulumi.Input; /** * The time at which Ramp-Up scaling will begin. This is also the end-time for the Ramp-Up period. The time must be specified in "HH:MM" format. */ rampUpStartTime: pulumi.Input; } } export declare namespace devcenter { interface CatalogCatalogAdogit { /** * The Git branch of the Dev Center Catalog. */ branch: pulumi.Input; /** * A reference to the Key Vault secret containing a security token to authenticate to a Git repository. */ keyVaultKeyUrl: pulumi.Input; /** * The folder where the catalog items can be found inside the repository. */ path: pulumi.Input; /** * The Git URI of the Dev Center Catalog. */ uri: pulumi.Input; } interface CatalogCatalogGithub { /** * The Git branch of the Dev Center Catalog. */ branch: pulumi.Input; /** * A reference to the Key Vault secret containing a security token to authenticate to a Git repository. */ keyVaultKeyUrl: pulumi.Input; /** * The folder where the catalog items can be found inside the repository. */ path: pulumi.Input; /** * The Git URI of the Dev Center Catalog. */ uri: pulumi.Input; } interface DevCenterIdentity { identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; type: pulumi.Input; } interface ManagedDevOpsPoolAzureDevopsOrganization { /** * One or more `organization` blocks as defined below. */ organizations: pulumi.Input[]>; /** * A `permission` block as defined below. Changing this forces a new resource to be created. */ permission?: pulumi.Input; } interface ManagedDevOpsPoolAzureDevopsOrganizationOrganization { /** * Specifies how many machines can be created at maximum in this organization out of the `maximumConcurrency` of the pool. Possible values range between `1` and `10000`. * * > **Note:** The sum of `parallelism` across orgs should be equal to `maximumConcurrency`. */ parallelism: pulumi.Input; /** * List of projects in which the pool should be created. * * > **Note:** Please refer to [Azure DevOps Project Names](https://learn.microsoft.com/azure/devops/organizations/settings/naming-restrictions?view=azure-devops#project-names) for more information on project naming restrictions. */ projects?: pulumi.Input[]>; /** * The Azure DevOps organization URL in which the pool should be created. It must end with a letter or number. */ url: pulumi.Input; } interface ManagedDevOpsPoolAzureDevopsOrganizationPermission { /** * An `administratorAccount` block as defined below. This block is only valid when `kind` is set to `SpecificAccounts`. Changing this forces a new resource to be created. */ administratorAccount?: pulumi.Input; /** * Determines who has admin permissions to the Azure DevOps pool. Possible values are `Inherit` and `SpecificAccounts`. Changing this forces a new resource to be created. */ kind: pulumi.Input; } interface ManagedDevOpsPoolAzureDevopsOrganizationPermissionAdministratorAccount { /** * Specifies a list of group email addresses. Changing this forces a new resource to be created. */ groups?: pulumi.Input[]>; /** * Specifies a list of user email addresses. Changing this forces a new resource to be created. * * > **Note:** At least one of `groups` and `users` must be specified. */ users?: pulumi.Input[]>; } interface ManagedDevOpsPoolIdentity { /** * Specifies a list of User Assigned Managed Identity IDs. */ identityIds: pulumi.Input[]>; /** * The type of managed service identity. The only possible value is `UserAssigned`. */ type: pulumi.Input; } interface ManagedDevOpsPoolStatefulAgent { /** * An `automaticResourcePrediction` block as defined below. */ automaticResourcePrediction?: pulumi.Input; /** * Configures the amount of time an agent in a `stateful` pool waits for new jobs before shutting down after all current and queued jobs are complete. The format for Grace Period is `dd.hh:mm:ss` or `hh:mm:ss`. Defaults to `00:00:00`. */ gracePeriodTimeSpan?: pulumi.Input; /** * A `manualResourcePrediction` block as defined below. */ manualResourcePrediction?: pulumi.Input; /** * Configures the maximum duration an agent in a `stateful` pool can run before it is shut down and discarded. The format for Max time to live for standby agents is `dd.hh:mm:ss` or `hh:mm:ss`. Defaults to `7.00:00:00`. * * > **Note:** Exactly one of `manualResourcePrediction` or `automaticResourcePrediction` may be specified. */ maximumAgentLifetime?: pulumi.Input; } interface ManagedDevOpsPoolStatefulAgentAutomaticResourcePrediction { /** * Specifies the desired balance between cost and performance. Possible values are `MostCostEffective`, `MoreCostEffective`, `Balanced`, `MorePerformance`, and `BestPerformance`. Defaults to `Balanced`. */ predictionPreference?: pulumi.Input; } interface ManagedDevOpsPoolStatefulAgentManualResourcePrediction { /** * A number of agents available 24/7 all week. Possible values range between `1` and `maximumConcurrency`. */ allWeekSchedule?: pulumi.Input; /** * One or more `dailySchedule` blocks as defined below. */ fridaySchedules?: pulumi.Input[]>; /** * One or more `dailySchedule` blocks as defined below. */ mondaySchedules?: pulumi.Input[]>; /** * One or more `dailySchedule` blocks as defined below. */ saturdaySchedules?: pulumi.Input[]>; /** * One or more `dailySchedule` blocks as defined below. */ sundaySchedules?: pulumi.Input[]>; /** * One or more `dailySchedule` blocks as defined below. */ thursdaySchedules?: pulumi.Input[]>; /** * Specifies the time zone for the predictions data to be provisioned at. Defaults to `UTC`. * * > **Note:** A list of possible values for `timeZoneName` are available by executing `[System.TimeZoneInfo]::GetSystemTimeZones()` in PowerShell. */ timeZoneName?: pulumi.Input; /** * One or more `dailySchedule` blocks as defined below. */ tuesdaySchedules?: pulumi.Input[]>; /** * One or more `dailySchedule` blocks as defined below. * * > **Note:** Exactly one of `allWeekSchedule` or at least one individual daily schedule block must be specified. * * > **Note:** Please refer to [Microsoft documentation](https://learn.microsoft.com/azure/devops/managed-devops-pools/configure-scaling?view=azure-devops&tabs=azure-cli#manual) for more information about the manual predictions setup. */ wednesdaySchedules?: pulumi.Input[]>; } interface ManagedDevOpsPoolStatefulAgentManualResourcePredictionFridaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatefulAgentManualResourcePredictionMondaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatefulAgentManualResourcePredictionSaturdaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatefulAgentManualResourcePredictionSundaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatefulAgentManualResourcePredictionThursdaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatefulAgentManualResourcePredictionTuesdaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatefulAgentManualResourcePredictionWednesdaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatelessAgent { /** * An `automaticResourcePrediction` block as defined below. */ automaticResourcePrediction?: pulumi.Input; /** * A `manualResourcePrediction` block as defined below. * * > **Note:** Exactly one of `manualResourcePrediction` or `automaticResourcePrediction` may be specified. */ manualResourcePrediction?: pulumi.Input; } interface ManagedDevOpsPoolStatelessAgentAutomaticResourcePrediction { /** * Specifies the desired balance between cost and performance. Possible values are `MostCostEffective`, `MoreCostEffective`, `Balanced`, `MorePerformance`, and `BestPerformance`. Defaults to `Balanced`. */ predictionPreference?: pulumi.Input; } interface ManagedDevOpsPoolStatelessAgentManualResourcePrediction { /** * A number of agents available 24/7 all week. Possible values range between `1` and `maximumConcurrency`. */ allWeekSchedule?: pulumi.Input; /** * One or more `dailySchedule` blocks as defined below. */ fridaySchedules?: pulumi.Input[]>; /** * One or more `dailySchedule` blocks as defined below. */ mondaySchedules?: pulumi.Input[]>; /** * One or more `dailySchedule` blocks as defined below. */ saturdaySchedules?: pulumi.Input[]>; /** * One or more `dailySchedule` blocks as defined below. */ sundaySchedules?: pulumi.Input[]>; /** * One or more `dailySchedule` blocks as defined below. */ thursdaySchedules?: pulumi.Input[]>; /** * Specifies the time zone for the predictions data to be provisioned at. Defaults to `UTC`. * * > **Note:** A list of possible values for `timeZoneName` are available by executing `[System.TimeZoneInfo]::GetSystemTimeZones()` in PowerShell. */ timeZoneName?: pulumi.Input; /** * One or more `dailySchedule` blocks as defined below. */ tuesdaySchedules?: pulumi.Input[]>; /** * One or more `dailySchedule` blocks as defined below. * * > **Note:** Exactly one of `allWeekSchedule` or at least one individual daily schedule block must be specified. * * > **Note:** Please refer to [Microsoft documentation](https://learn.microsoft.com/azure/devops/managed-devops-pools/configure-scaling?view=azure-devops&tabs=azure-cli#manual) for more information about the manual predictions setup. */ wednesdaySchedules?: pulumi.Input[]>; } interface ManagedDevOpsPoolStatelessAgentManualResourcePredictionFridaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatelessAgentManualResourcePredictionMondaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatelessAgentManualResourcePredictionSaturdaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatelessAgentManualResourcePredictionSundaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatelessAgentManualResourcePredictionThursdaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatelessAgentManualResourcePredictionTuesdaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolStatelessAgentManualResourcePredictionWednesdaySchedule { /** * The number of standby agents to provision at this time. Possible values range between `0` and `maximumConcurrency`. */ count: pulumi.Input; /** * The time of day at which the agent count changes, in 24-hour format `HH:MM:SS`. */ time: pulumi.Input; } interface ManagedDevOpsPoolVirtualMachineScaleSetFabric { /** * One or more `image` blocks as defined below. */ images: pulumi.Input[]>; /** * The storage account type for the OS disk. Possible values are `Premium`, `Standard`, and `StandardSSD`. Defaults to `Standard`. */ osDiskStorageAccountType?: pulumi.Input; /** * A `security` block as defined below. */ security?: pulumi.Input; /** * The Azure SKU name of the machines in the pool. * * > **Note:** Please refer to the [Microsoft Documentation](https://learn.microsoft.com/azure/devops/managed-devops-pools/configure-pool-settings?view=azure-devops&tabs=azure-portal#agent-size) for more information about available SKUs. */ skuName: pulumi.Input; /** * A `storage` block as defined below. */ storage?: pulumi.Input; /** * The subnet ID on which to put all machines created in the pool. */ subnetId?: pulumi.Input; } interface ManagedDevOpsPoolVirtualMachineScaleSetFabricImage { /** * List of aliases to reference the image by. */ aliases?: pulumi.Input[]>; /** * The percentage of the buffer to be allocated to this image. Possible values are `*` or between `0` and `100`. Defaults to `*`. */ buffer?: pulumi.Input; /** * The resource id of the image. */ id?: pulumi.Input; /** * The image to use from a well-known set of images made available to customers. * * > **Note:** More information about supported images can be found in [list of Azure Pipelines image predefined aliases](https://learn.microsoft.com/azure/devops/managed-devops-pools/configure-images?view=azure-devops&tabs=arm#azure-pipelines-images). You can optionally specify a version in your `wellKnownImageName`, for example `windows-2022/latest` or `windows-2022/20250427.1.0`. If you don't specify a version, latest is used. * * > **Note:** Exactly one of `id` or `wellKnownImageName` are required per `image` */ wellKnownImageName?: pulumi.Input; } interface ManagedDevOpsPoolVirtualMachineScaleSetFabricSecurity { /** * Specifies whether the agent should run in interactive mode. Defaults to `false`. */ interactiveLogonEnabled?: pulumi.Input; /** * A `keyVaultManagement` block as defined below. */ keyVaultManagement?: pulumi.Input; } interface ManagedDevOpsPoolVirtualMachineScaleSetFabricSecurityKeyVaultManagement { /** * Specifies where to store certificates on the machine. */ certificateStoreLocation?: pulumi.Input; /** * Name of the certificate store to use on the machine. Possible values are `My` and `Root`. */ certificateStoreName?: pulumi.Input; /** * Defines if the key of the certificates should be exportable. Defaults to `false`. */ keyExportEnabled?: pulumi.Input; /** * A list of `versionlessId` from Azure Key vault certificates to install on all machines in the pool. */ keyVaultCertificateIds: pulumi.Input[]>; } interface ManagedDevOpsPoolVirtualMachineScaleSetFabricStorage { /** * The type of caching for the data disk. Possible values are `ReadOnly` and `ReadWrite`. */ caching?: pulumi.Input; /** * The initial disk size in gigabytes. Possible values range between `1` and `32767`. */ diskSizeInGb: pulumi.Input; /** * The drive letter for the data disk. */ driveLetter?: pulumi.Input; /** * The storage account type of the data disk. Possible values are `Premium_LRS`, `Premium_ZRS`, `Standard_LRS`, `StandardSSD_LRS`, and `StandardSSD_ZRS`. Defaults to `Standard_LRS`. */ storageAccountType?: pulumi.Input; } interface ProjectEnvironmentTypeIdentity { /** * The ID of the User Assigned Identity which should be assigned to this Dev Center Project Environment Type. * * > **Note:** `identityIds` is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * The type of identity used for this Dev Center Project Environment Type. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface ProjectEnvironmentTypeUserRoleAssignment { /** * A list of roles to assign to the `userId`. */ roles: pulumi.Input[]>; /** * The user object ID that is assigned roles. */ userId: pulumi.Input; } interface ProjectIdentity { /** * The ID of the User Assigned Identity which should be assigned to this Dev Center Project. * * > **Note:** `identityIds` is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Identity of this Dev Center Project. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Identity of this Dev Center Project. */ tenantId?: pulumi.Input; /** * The type of identity used for this Dev Center Project. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } } export declare namespace devtest { interface GlobalVMShutdownScheduleNotificationSettings { /** * E-mail address to which the notification will be sent. */ email?: pulumi.Input; /** * Whether to enable pre-shutdown notifications. Possible values are `true` and `false`. */ enabled: pulumi.Input; /** * Time in minutes between 15 and 120 before a shutdown event at which a notification will be sent. Defaults to `30`. */ timeInMinutes?: pulumi.Input; /** * The webhook URL to which the notification will be sent. */ webhookUrl?: pulumi.Input; } interface LinuxVirtualMachineGalleryImageReference { /** * The Offer of the Gallery Image. Changing this forces a new resource to be created. */ offer: pulumi.Input; /** * The Publisher of the Gallery Image. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * The SKU of the Gallery Image. Changing this forces a new resource to be created. */ sku: pulumi.Input; /** * The Version of the Gallery Image. Changing this forces a new resource to be created. */ version: pulumi.Input; } interface LinuxVirtualMachineInboundNatRule { /** * The Backend Port associated with this NAT Rule. Changing this forces a new resource to be created. */ backendPort: pulumi.Input; /** * The frontend port associated with this Inbound NAT Rule. */ frontendPort?: pulumi.Input; /** * The Protocol used for this NAT Rule. Possible values are `Tcp` and `Udp`. */ protocol: pulumi.Input; } interface ScheduleDailyRecurrence { /** * The time each day when the schedule takes effect. */ time: pulumi.Input; } interface ScheduleHourlyRecurrence { /** * Minutes of the hour the schedule will run. */ minute: pulumi.Input; } interface ScheduleNotificationSettings { /** * The status of the notification. Possible values are `Enabled` and `Disabled`. Defaults to `Disabled` */ status?: pulumi.Input; /** * Time in minutes before event at which notification will be sent. */ timeInMinutes?: pulumi.Input; /** * The webhook URL to which the notification will be sent. */ webhookUrl?: pulumi.Input; } interface ScheduleWeeklyRecurrence { /** * The time when the schedule takes effect. */ time: pulumi.Input; /** * A list of days that this schedule takes effect . Possible values include `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` and `Sunday`. */ weekDays?: pulumi.Input[]>; } interface VirtualNetworkSubnet { /** * Specifies the name of the Dev Test Virtual Network. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * A `sharedPublicIpAddress` block as defined below. */ sharedPublicIpAddress?: pulumi.Input; /** * Can this subnet be used for creating Virtual Machines? Possible values are `Allow`, `Default` and `Deny`. Defaults to `Allow`. */ useInVirtualMachineCreation?: pulumi.Input; /** * Can Virtual Machines in this Subnet use Public IP Addresses? Possible values are `Allow`, `Default` and `Deny`. Defaults to `Allow`. */ usePublicIpAddress?: pulumi.Input; } interface VirtualNetworkSubnetSharedPublicIpAddress { /** * A list of `allowedPorts` blocks as defined below. */ allowedPorts?: pulumi.Input[]>; } interface VirtualNetworkSubnetSharedPublicIpAddressAllowedPort { /** * The port on the Virtual Machine that the traffic will be sent to. */ backendPort?: pulumi.Input; /** * The transport protocol that the traffic will use. Possible values are `TCP` and `UDP`. */ transportProtocol?: pulumi.Input; } interface WindowsVirtualMachineGalleryImageReference { /** * The Offer of the Gallery Image. Changing this forces a new resource to be created. */ offer: pulumi.Input; /** * The Publisher of the Gallery Image. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * The SKU of the Gallery Image. Changing this forces a new resource to be created. */ sku: pulumi.Input; /** * The Version of the Gallery Image. Changing this forces a new resource to be created. */ version: pulumi.Input; } interface WindowsVirtualMachineInboundNatRule { /** * The Backend Port associated with this NAT Rule. Changing this forces a new resource to be created. */ backendPort: pulumi.Input; /** * The frontend port associated with this Inbound NAT Rule. */ frontendPort?: pulumi.Input; /** * The Protocol used for this NAT Rule. Possible values are `Tcp` and `Udp`. */ protocol: pulumi.Input; } } export declare namespace digitaltwins { interface InstanceIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Digital Twins instance. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Digital Twins instance. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } } export declare namespace dns { interface CaaRecordRecord { /** * Extensible CAA flags, currently only 1 is implemented to set the issuer critical flag. */ flags: pulumi.Input; /** * A property tag, options are `issue`, `issuewild`, `iodef`, and `contactemail`. */ tag: pulumi.Input; /** * A property value such as a registrar domain. */ value: pulumi.Input; } interface MxRecordRecord { /** * The mail server responsible for the domain covered by the MX record. */ exchange: pulumi.Input; /** * String representing the "preference” value of the MX records. Records with lower preference value take priority. */ preference: pulumi.Input; } interface SrvRecordRecord { /** * Port the service is listening on. */ port: pulumi.Input; /** * Priority of the SRV record. */ priority: pulumi.Input; /** * FQDN of the service. */ target: pulumi.Input; /** * Weight of the SRV record. */ weight: pulumi.Input; } interface TxtRecordRecord { /** * The value of the record. Max length: 4096 characters */ value: pulumi.Input; } interface ZoneSoaRecord { /** * The email contact for the SOA record. */ email: pulumi.Input; /** * The expire time for the SOA record. Defaults to `2419200`. */ expireTime?: pulumi.Input; /** * The fully qualified domain name. */ fqdn?: pulumi.Input; /** * The domain name of the authoritative name server for the SOA record. */ hostName?: pulumi.Input; /** * The minimum Time To Live for the SOA record. By convention, it is used to determine the negative caching duration. Defaults to `300`. */ minimumTtl?: pulumi.Input; /** * The refresh time for the SOA record. Defaults to `3600`. */ refreshTime?: pulumi.Input; /** * The retry time for the SOA record. Defaults to `300`. */ retryTime?: pulumi.Input; /** * The serial number for the SOA record. Defaults to `1`. */ serialNumber?: pulumi.Input; /** * A mapping of tags to assign to the Record Set. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Time To Live of the SOA Record in seconds. Defaults to `3600`. */ ttl?: pulumi.Input; } } export declare namespace domainservices { interface ServiceInitialReplicaSet { /** * A list of subnet IP addresses for the domain controllers in the initial replica set, typically two. */ domainControllerIpAddresses?: pulumi.Input[]>; /** * The publicly routable IP address for the domain controllers in the initial replica set. */ externalAccessIpAddress?: pulumi.Input; /** * A unique ID for the replica set. */ id?: pulumi.Input; /** * The Azure location where the Domain Service exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * The current service status for the initial replica set. */ serviceStatus?: pulumi.Input; /** * The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created. */ subnetId: pulumi.Input; } interface ServiceNotifications { /** * A list of additional email addresses to notify when there are alerts in the managed domain. */ additionalRecipients?: pulumi.Input[]>; /** * Whether to notify members of the _AAD DC Administrators_ group when there are alerts in the managed domain. */ notifyDcAdmins?: pulumi.Input; /** * Whether to notify all Global Administrators when there are alerts in the managed domain. */ notifyGlobalAdmins?: pulumi.Input; } interface ServiceSecureLdap { /** * The expiry time of the certificate. */ certificateExpiry?: pulumi.Input; /** * The thumbprint of the certificate. */ certificateThumbprint?: pulumi.Input; /** * Whether to enable secure LDAP for the managed domain. For more information, please see [official documentation on enabling LDAPS](https://docs.microsoft.com/azure/active-directory-domain-services/tutorial-configure-ldaps), paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks. */ enabled: pulumi.Input; /** * Whether to enable external access to LDAPS over the Internet. Defaults to `false`. */ externalAccessEnabled?: pulumi.Input; /** * The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file). */ pfxCertificate: pulumi.Input; /** * The password to use for decrypting the PKCS#12 bundle (PFX file). */ pfxCertificatePassword: pulumi.Input; /** * The public certificate. */ publicCertificate?: pulumi.Input; } interface ServiceSecurity { /** * Whether to enable Kerberos Armoring. Defaults to `false`. */ kerberosArmoringEnabled?: pulumi.Input; /** * Whether to enable Kerberos RC4 Encryption. Defaults to `false`. */ kerberosRc4EncryptionEnabled?: pulumi.Input; /** * Whether to enable legacy NTLM v1 support. Defaults to `false`. */ ntlmV1Enabled?: pulumi.Input; /** * Whether to synchronize Kerberos password hashes to the managed domain. Defaults to `false`. */ syncKerberosPasswords?: pulumi.Input; /** * Whether to synchronize NTLM password hashes to the managed domain. Defaults to `false`. */ syncNtlmPasswords?: pulumi.Input; /** * Whether to synchronize on-premises password hashes to the managed domain. Defaults to `false`. */ syncOnPremPasswords?: pulumi.Input; /** * Whether to enable legacy TLS v1 support. Defaults to `false`. */ tlsV1Enabled?: pulumi.Input; } } export declare namespace dynatrace { interface MonitorEnvironmentProperty { /** * Information about the Dynatrace environment. An `environmentInfo` block as defined below. */ environmentInfos: pulumi.Input[]>; } interface MonitorEnvironmentPropertyEnvironmentInfo { /** * The ID of the Dynatrace environment to be created. */ environmentId: pulumi.Input; } interface MonitorIdentity { principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * The type of identity used for the resource. Only possible value is `SystemAssigned`. */ type: pulumi.Input; } interface MonitorPlan { /** * Different billing cycles. Possible values are `MONTHLY`, `WEEKLY` and `YEARLY`. */ billingCycle?: pulumi.Input; /** * Date when plan was applied. */ effectiveDate?: pulumi.Input; /** * Plan id as published by Dynatrace. */ plan: pulumi.Input; /** * Different usage type. Possible values are `PAYG` and `COMMITTED`. */ usageType?: pulumi.Input; } interface MonitorUser { /** * Country of the user. */ country?: pulumi.Input; /** * Email of the user used by Dynatrace for contacting them if needed. */ email: pulumi.Input; /** * First name of the user. */ firstName: pulumi.Input; /** * Last name of the user. */ lastName: pulumi.Input; /** * phone number of the user by Dynatrace for contacting them if needed. */ phoneNumber?: pulumi.Input; } interface TagRulesLogRule { /** * Filtering tag for the log rule. A `filteringTag` block as defined below. */ filteringTags?: pulumi.Input[]>; /** * Send Activity logs. The default value is `false`. */ sendActivityLogsEnabled?: pulumi.Input; /** * Send Azure Active Directory logs. The default value is `false`. */ sendAzureActiveDirectoryLogsEnabled?: pulumi.Input; /** * Send Subscription logs. The default value is `false`. */ sendSubscriptionLogsEnabled?: pulumi.Input; } interface TagRulesLogRuleFilteringTag { /** * Action of the filtering tag. Possible values are `Include` and `Exclude`. */ action: pulumi.Input; /** * Name of the filtering tag. */ name: pulumi.Input; /** * Value of the filtering tag. */ value: pulumi.Input; } interface TagRulesMetricRule { /** * Filtering tag for the metric rule. A `filteringTag` block as defined below. */ filteringTags?: pulumi.Input[]>; /** * If sending metrics is enabled. The default value is `false`. */ sendingMetricsEnabled?: pulumi.Input; } interface TagRulesMetricRuleFilteringTag { /** * Action of the filtering tag. Possible values are `Include` and `Exclude`. */ action: pulumi.Input; /** * Name of the filtering tag. */ name: pulumi.Input; /** * Value of the filtering tag. */ value: pulumi.Input; } } export declare namespace elasticcloud { interface ElasticsearchLogs { /** * A list of `filteringTag` blocks as defined above. */ filteringTags?: pulumi.Input[]>; /** * Specifies if the Azure Activity Logs should be sent to the Elasticsearch cluster. Defaults to `false`. */ sendActivityLogs?: pulumi.Input; /** * Specifies if the AzureAD Logs should be sent to the Elasticsearch cluster. Defaults to `false`. */ sendAzureadLogs?: pulumi.Input; /** * Specifies if the Azure Subscription Logs should be sent to the Elasticsearch cluster. Defaults to `false`. */ sendSubscriptionLogs?: pulumi.Input; } interface ElasticsearchLogsFilteringTag { /** * Specifies the type of action which should be taken when the Tag matches the `name` and `value`. Possible values are `Exclude` and `Include`. */ action: pulumi.Input; /** * Specifies the name (key) of the Tag which should be filtered. */ name: pulumi.Input; /** * Specifies the value of the Tag which should be filtered. */ value: pulumi.Input; } interface GetElasticsearchLog { /** * A list of `filteringTag` blocks as defined above. */ filteringTags?: inputs.elasticcloud.GetElasticsearchLogFilteringTag[]; /** * Should the Azure Activity Logs should be sent to the Elasticsearch cluster? */ sendActivityLogs?: boolean; /** * Should the AzureAD Logs should be sent to the Elasticsearch cluster? */ sendAzureadLogs?: boolean; /** * Should the Azure Subscription Logs should be sent to the Elasticsearch cluster? */ sendSubscriptionLogs?: boolean; } interface GetElasticsearchLogArgs { /** * A list of `filteringTag` blocks as defined above. */ filteringTags?: pulumi.Input[]>; /** * Should the Azure Activity Logs should be sent to the Elasticsearch cluster? */ sendActivityLogs?: pulumi.Input; /** * Should the AzureAD Logs should be sent to the Elasticsearch cluster? */ sendAzureadLogs?: pulumi.Input; /** * Should the Azure Subscription Logs should be sent to the Elasticsearch cluster? */ sendSubscriptionLogs?: pulumi.Input; } interface GetElasticsearchLogFilteringTag { /** * The type of action which is taken when the Tag matches the `name` and `value`. */ action?: string; /** * The name of the Elasticsearch resource. */ name?: string; /** * The value of the Tag which should be filtered. */ value?: string; } interface GetElasticsearchLogFilteringTagArgs { /** * The type of action which is taken when the Tag matches the `name` and `value`. */ action?: pulumi.Input; /** * The name of the Elasticsearch resource. */ name?: pulumi.Input; /** * The value of the Tag which should be filtered. */ value?: pulumi.Input; } } export declare namespace elasticsan { interface ElasticSanSku { /** * The SKU name. Possible values are `Premium_LRS` and `Premium_ZRS`. Changing this forces a new resource to be created. * * > **Note:** `Premium_ZRS` SKU is only available in limited Azure regions including `France Central`, `North Europe`, `West Europe`, and `West US 2`. Please refer to this [document](https://azure.microsoft.com/updates/regional-expansion-azure-elastic-san-public-preview-is-now-available-in-more-regions) for more details. */ name: pulumi.Input; /** * The SKU tier. The only possible value is `Premium`. Defaults to `Premium`. */ tier?: pulumi.Input; } interface VolumeCreateSource { /** * Specifies the ID of the source to create the Elastic SAN Volume from. Changing this forces a new resource to be created. */ sourceId: pulumi.Input; /** * Specifies the type of the source to create the Elastic SAN Volume from. Possible values are `Disk`, `DiskRestorePoint`, `DiskSnapshot` and `VolumeSnapshot`. Changing this forces a new resource to be created. */ sourceType: pulumi.Input; } interface VolumeGroupEncryption { /** * The timestamp of the expiration time for the current version of the customer managed key. */ currentVersionedKeyExpirationTimestamp?: pulumi.Input; /** * The ID of the current versioned Key Vault Key in use. */ currentVersionedKeyId?: pulumi.Input; /** * The Key Vault key URI for Customer Managed Key encryption, which can be either a full URI or a versionless URI. */ keyVaultKeyId: pulumi.Input; /** * The timestamp of the last rotation of the Key Vault Key. */ lastKeyRotationTimestamp?: pulumi.Input; /** * The ID of the User Assigned Identity used by this Elastic SAN Volume Group. */ userAssignedIdentityId?: pulumi.Input; } interface VolumeGroupIdentity { /** * A list of the User Assigned Identity IDs that should be assigned to this Elastic SAN Volume Group. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with the Managed Service Identity assigned to this Elastic SAN Volume Group. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity assigned to this Elastic SAN Volume Group. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Identity that should be assigned to this Elastic SAN Volume Group. Possible values are `SystemAssigned` and `UserAssigned`. */ type: pulumi.Input; } interface VolumeGroupNetworkRule { /** * The action to take when the Subnet attempts to access this Elastic SAN Volume Group. The only possible value is `Allow`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The ID of the Subnet which should be allowed to access this Elastic SAN Volume Group. */ subnetId: pulumi.Input; } } export declare namespace eventgrid { interface DomainIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Event Grid Domain. * * > **Note:** This is required when `type` is set to `UserAssigned` * * > **Note:** When `type` is set to `SystemAssigned`, The assigned `principalId` and `tenantId` can be retrieved after the Event Grid Domain has been created. More details are available below. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Event Grid Domain. Possible values are `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; } interface DomainInboundIpRule { /** * The action to take when the rule is matched. Possible values are `Allow`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The IP mask (CIDR) to match on. */ ipMask: pulumi.Input; } interface DomainInputMappingDefaultValues { /** * Specifies the default data version of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ dataVersion?: pulumi.Input; /** * Specifies the default event type of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ eventType?: pulumi.Input; /** * Specifies the default subject of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ subject?: pulumi.Input; } interface DomainInputMappingFields { /** * Specifies the data version of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ dataVersion?: pulumi.Input; /** * Specifies the event time of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ eventTime?: pulumi.Input; /** * Specifies the event type of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ eventType?: pulumi.Input; /** * Specifies the id of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ id?: pulumi.Input; /** * Specifies the subject of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ subject?: pulumi.Input; /** * Specifies the topic of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ topic?: pulumi.Input; } interface EventSubscriptionAdvancedFilter { /** * Compares a value of an event using a single boolean value. */ boolEquals?: pulumi.Input[]>; /** * Evaluates if a value of an event isn't NULL or undefined. */ isNotNulls?: pulumi.Input[]>; /** * Evaluates if a value of an event is NULL or undefined. * * Each nested block consists of a key and a value(s) element. */ isNullOrUndefineds?: pulumi.Input[]>; /** * Compares a value of an event using a single floating point number. */ numberGreaterThanOrEquals?: pulumi.Input[]>; /** * Compares a value of an event using a single floating point number. */ numberGreaterThans?: pulumi.Input[]>; /** * Compares a value of an event using multiple floating point number ranges. */ numberInRanges?: pulumi.Input[]>; /** * Compares a value of an event using multiple floating point numbers. */ numberIns?: pulumi.Input[]>; /** * Compares a value of an event using a single floating point number. */ numberLessThanOrEquals?: pulumi.Input[]>; /** * Compares a value of an event using a single floating point number. */ numberLessThans?: pulumi.Input[]>; /** * Compares a value of an event using multiple floating point number ranges. */ numberNotInRanges?: pulumi.Input[]>; /** * Compares a value of an event using multiple floating point numbers. */ numberNotIns?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringBeginsWiths?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringContains?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringEndsWiths?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringIns?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringNotBeginsWiths?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringNotContains?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringNotEndsWiths?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringNotIns?: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterBoolEqual { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface EventSubscriptionAdvancedFilterIsNotNull { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; } interface EventSubscriptionAdvancedFilterIsNullOrUndefined { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; } interface EventSubscriptionAdvancedFilterNumberGreaterThan { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface EventSubscriptionAdvancedFilterNumberGreaterThanOrEqual { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface EventSubscriptionAdvancedFilterNumberIn { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterNumberInRange { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>[]>; } interface EventSubscriptionAdvancedFilterNumberLessThan { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface EventSubscriptionAdvancedFilterNumberLessThanOrEqual { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface EventSubscriptionAdvancedFilterNumberNotIn { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterNumberNotInRange { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>[]>; } interface EventSubscriptionAdvancedFilterStringBeginsWith { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringContain { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringEndsWith { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringIn { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringNotBeginsWith { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringNotContain { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringNotEndsWith { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringNotIn { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAzureFunctionEndpoint { /** * Specifies the ID of the Function where the Event Subscription will receive events. This must be the functions ID in format {function_app.id}/functions/{name}. */ functionId: pulumi.Input; /** * Maximum number of events per batch. */ maxEventsPerBatch?: pulumi.Input; /** * Preferred batch size in Kilobytes. */ preferredBatchSizeInKilobytes?: pulumi.Input; } interface EventSubscriptionDeadLetterIdentity { /** * Specifies the type of Managed Service Identity that is used for dead lettering. Allowed value is `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; /** * The user identity associated with the resource. */ userAssignedIdentity?: pulumi.Input; } interface EventSubscriptionDeliveryIdentity { /** * Specifies the type of Managed Service Identity that is used for event delivery. Allowed value is `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; /** * The user identity associated with the resource. */ userAssignedIdentity?: pulumi.Input; } interface EventSubscriptionDeliveryProperty { /** * The name of the header to send on to the destination */ headerName: pulumi.Input; /** * True if the `value` is a secret and should be protected, otherwise false. If True, then this value won't be returned from Azure API calls */ secret?: pulumi.Input; /** * If the `type` is `Dynamic`, then provide the payload field to be used as the value. Valid source fields differ by subscription type. */ sourceField?: pulumi.Input; /** * Either `Static` or `Dynamic` */ type: pulumi.Input; /** * If the `type` is `Static`, then provide the value to use */ value?: pulumi.Input; } interface EventSubscriptionRetryPolicy { /** * Specifies the time to live (in minutes) for events. Supported range is `1` to `1440`. See [official documentation](https://docs.microsoft.com/azure/event-grid/manage-event-delivery#set-retry-policy) for more details. */ eventTimeToLive: pulumi.Input; /** * Specifies the maximum number of delivery retry attempts for events. */ maxDeliveryAttempts: pulumi.Input; } interface EventSubscriptionStorageBlobDeadLetterDestination { /** * Specifies the id of the storage account id where the storage blob is located. */ storageAccountId: pulumi.Input; /** * Specifies the name of the Storage blob container that is the destination of the deadletter events. */ storageBlobContainerName: pulumi.Input; } interface EventSubscriptionStorageQueueEndpoint { /** * Storage queue message time to live in seconds. */ queueMessageTimeToLiveInSeconds?: pulumi.Input; /** * Specifies the name of the storage queue where the Event Subscription will receive events. */ queueName: pulumi.Input; /** * Specifies the id of the storage account id where the storage queue is located. */ storageAccountId: pulumi.Input; } interface EventSubscriptionSubjectFilter { /** * Specifies if `subjectBeginsWith` and `subjectEndsWith` case sensitive. This value */ caseSensitive?: pulumi.Input; /** * A string to filter events for an event subscription based on a resource path prefix. */ subjectBeginsWith?: pulumi.Input; /** * A string to filter events for an event subscription based on a resource path suffix. */ subjectEndsWith?: pulumi.Input; } interface EventSubscriptionWebhookEndpoint { /** * The Azure Active Directory Application ID or URI to get the access token that will be included as the bearer token in delivery requests. */ activeDirectoryAppIdOrUri?: pulumi.Input; /** * The Azure Active Directory Tenant ID to get the access token that will be included as the bearer token in delivery requests. */ activeDirectoryTenantId?: pulumi.Input; /** * The base url of the webhook where the Event Subscription will receive events. */ baseUrl?: pulumi.Input; /** * Maximum number of events per batch. */ maxEventsPerBatch?: pulumi.Input; /** * Preferred batch size in Kilobytes. */ preferredBatchSizeInKilobytes?: pulumi.Input; /** * Specifies the url of the webhook where the Event Subscription will receive events. */ url: pulumi.Input; } interface NamespaceIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Event Grid Namespace. * * > **Note:** This is required when `type` is set to `UserAssigned` */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Event Grid Namespace. Possible values are `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; } interface NamespaceInboundIpRule { /** * The action to take when the rule is matched. Possible values are `Allow`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The IP mask (CIDR) to match on. */ ipMask: pulumi.Input; } interface NamespaceTopicSpacesConfiguration { /** * Specifies a list of alternative sources for the client authentication name from the client certificate. Possible values are `ClientCertificateDns`, `ClientCertificateEmail`, `ClientCertificateIp`, `ClientCertificateSubject` and `ClientCertificateUri`. */ alternativeAuthenticationNameSources?: pulumi.Input[]>; /** * One or more `dynamicRoutingEnrichment` blocks as defined below. */ dynamicRoutingEnrichments?: pulumi.Input[]>; /** * Specifies the maximum number of client sessions per authentication name. Valid values can be between `1` and `100`. */ maximumClientSessionsPerAuthenticationName?: pulumi.Input; /** * Specifies the maximum session expiry interval allowed for all MQTT clients connecting to the Event Grid namespace. Valid values can be between `1` and `8`. */ maximumSessionExpiryInHours?: pulumi.Input; /** * Specifies the Event Grid topic resource ID to route messages to. */ routeTopicId?: pulumi.Input; /** * One or more `staticRoutingEnrichment` blocks as defined below. */ staticRoutingEnrichments?: pulumi.Input[]>; } interface NamespaceTopicSpacesConfigurationDynamicRoutingEnrichment { /** * The enrichment key. */ key: pulumi.Input; /** * The enrichment value. */ value: pulumi.Input; } interface NamespaceTopicSpacesConfigurationStaticRoutingEnrichment { /** * The enrichment key. */ key: pulumi.Input; /** * The enrichment value. */ value: pulumi.Input; } interface PartnerConfigurationPartnerAuthorization { /** * Expiration time of the partner authorization. Value should be in RFC 3339 format in UTC time zone, for example: "2025-02-04T00:00:00Z". * * > **Note:** If the time from `authorizationExpirationTimeInUtc` expires, any request from this partner to create, update or delete resources in the subscriber's context will fail. If not specified, the authorization will expire after `defaultMaximumExpirationTimeInDays`. */ authorizationExpirationTimeInUtc?: pulumi.Input; /** * The partner name. */ partnerName: pulumi.Input; /** * The immutable id of the corresponding partner registration. */ partnerRegistrationId: pulumi.Input; } interface PartnerNamespaceInboundIpRule { /** * The action to take when the rule is matched. The only possible value is `Allow`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The IP mask (CIDR) to match on. */ ipMask: pulumi.Input; } interface SystemTopicEventSubscriptionAdvancedFilter { /** * Compares a value of an event using a single boolean value. */ boolEquals?: pulumi.Input[]>; /** * Evaluates if a value of an event isn't NULL or undefined. */ isNotNulls?: pulumi.Input[]>; /** * Evaluates if a value of an event is NULL or undefined. * * Each nested block consists of a key and a value(s) element. */ isNullOrUndefineds?: pulumi.Input[]>; /** * Compares a value of an event using a single floating point number. */ numberGreaterThanOrEquals?: pulumi.Input[]>; /** * Compares a value of an event using a single floating point number. */ numberGreaterThans?: pulumi.Input[]>; /** * Compares a value of an event using multiple floating point number ranges. */ numberInRanges?: pulumi.Input[]>; /** * Compares a value of an event using multiple floating point numbers. */ numberIns?: pulumi.Input[]>; /** * Compares a value of an event using a single floating point number. */ numberLessThanOrEquals?: pulumi.Input[]>; /** * Compares a value of an event using a single floating point number. */ numberLessThans?: pulumi.Input[]>; /** * Compares a value of an event using multiple floating point number ranges. */ numberNotInRanges?: pulumi.Input[]>; /** * Compares a value of an event using multiple floating point numbers. */ numberNotIns?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringBeginsWiths?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringContains?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringEndsWiths?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringIns?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringNotBeginsWiths?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringNotContains?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringNotEndsWiths?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringNotIns?: pulumi.Input[]>; } interface SystemTopicEventSubscriptionAdvancedFilterBoolEqual { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface SystemTopicEventSubscriptionAdvancedFilterIsNotNull { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; } interface SystemTopicEventSubscriptionAdvancedFilterIsNullOrUndefined { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; } interface SystemTopicEventSubscriptionAdvancedFilterNumberGreaterThan { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface SystemTopicEventSubscriptionAdvancedFilterNumberGreaterThanOrEqual { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface SystemTopicEventSubscriptionAdvancedFilterNumberIn { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface SystemTopicEventSubscriptionAdvancedFilterNumberInRange { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>[]>; } interface SystemTopicEventSubscriptionAdvancedFilterNumberLessThan { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface SystemTopicEventSubscriptionAdvancedFilterNumberLessThanOrEqual { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface SystemTopicEventSubscriptionAdvancedFilterNumberNotIn { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface SystemTopicEventSubscriptionAdvancedFilterNumberNotInRange { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>[]>; } interface SystemTopicEventSubscriptionAdvancedFilterStringBeginsWith { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface SystemTopicEventSubscriptionAdvancedFilterStringContain { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface SystemTopicEventSubscriptionAdvancedFilterStringEndsWith { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface SystemTopicEventSubscriptionAdvancedFilterStringIn { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface SystemTopicEventSubscriptionAdvancedFilterStringNotBeginsWith { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface SystemTopicEventSubscriptionAdvancedFilterStringNotContain { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface SystemTopicEventSubscriptionAdvancedFilterStringNotEndsWith { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface SystemTopicEventSubscriptionAdvancedFilterStringNotIn { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface SystemTopicEventSubscriptionAzureFunctionEndpoint { /** * Specifies the ID of the Function where the Event Subscription will receive events. This must be the functions ID in format {function_app.id}/functions/{name}. */ functionId: pulumi.Input; /** * Maximum number of events per batch. */ maxEventsPerBatch?: pulumi.Input; /** * Preferred batch size in Kilobytes. */ preferredBatchSizeInKilobytes?: pulumi.Input; } interface SystemTopicEventSubscriptionDeadLetterIdentity { /** * Specifies the type of Managed Service Identity that is used for dead lettering. Allowed value is `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; /** * The user identity associated with the resource. */ userAssignedIdentity?: pulumi.Input; } interface SystemTopicEventSubscriptionDeliveryIdentity { /** * Specifies the type of Managed Service Identity that is used for event delivery. Allowed value is `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; /** * The user identity associated with the resource. */ userAssignedIdentity?: pulumi.Input; } interface SystemTopicEventSubscriptionDeliveryProperty { /** * The name of the header to send on to the destination. */ headerName: pulumi.Input; /** * Set to `true` if the `value` is a secret and should be protected, otherwise `false`. If `true` then this value won't be returned from Azure API calls. */ secret?: pulumi.Input; /** * If the `type` is `Dynamic`, then provide the payload field to be used as the value. Valid source fields differ by subscription type. */ sourceField?: pulumi.Input; /** * Either `Static` or `Dynamic`. */ type: pulumi.Input; /** * If the `type` is `Static`, then provide the value to use. */ value?: pulumi.Input; } interface SystemTopicEventSubscriptionRetryPolicy { /** * Specifies the time to live (in minutes) for events. Supported range is `1` to `1440`. See [official documentation](https://docs.microsoft.com/azure/event-grid/manage-event-delivery#set-retry-policy) for more details. */ eventTimeToLive: pulumi.Input; /** * Specifies the maximum number of delivery retry attempts for events. */ maxDeliveryAttempts: pulumi.Input; } interface SystemTopicEventSubscriptionStorageBlobDeadLetterDestination { /** * Specifies the id of the storage account id where the storage blob is located. */ storageAccountId: pulumi.Input; /** * Specifies the name of the Storage blob container that is the destination of the deadletter events. */ storageBlobContainerName: pulumi.Input; } interface SystemTopicEventSubscriptionStorageQueueEndpoint { /** * Storage queue message time to live in seconds. */ queueMessageTimeToLiveInSeconds?: pulumi.Input; /** * Specifies the name of the storage queue where the Event Subscription will receive events. */ queueName: pulumi.Input; /** * Specifies the id of the storage account id where the storage queue is located. */ storageAccountId: pulumi.Input; } interface SystemTopicEventSubscriptionSubjectFilter { /** * Specifies if `subjectBeginsWith` and `subjectEndsWith` case sensitive. This value */ caseSensitive?: pulumi.Input; /** * A string to filter events for an event subscription based on a resource path prefix. */ subjectBeginsWith?: pulumi.Input; /** * A string to filter events for an event subscription based on a resource path suffix. */ subjectEndsWith?: pulumi.Input; } interface SystemTopicEventSubscriptionWebhookEndpoint { /** * The Azure Active Directory Application ID or URI to get the access token that will be included as the bearer token in delivery requests. */ activeDirectoryAppIdOrUri?: pulumi.Input; /** * The Azure Active Directory Tenant ID to get the access token that will be included as the bearer token in delivery requests. */ activeDirectoryTenantId?: pulumi.Input; /** * The base url of the webhook where the Event Subscription will receive events. */ baseUrl?: pulumi.Input; /** * Maximum number of events per batch. */ maxEventsPerBatch?: pulumi.Input; /** * Preferred batch size in Kilobytes. */ preferredBatchSizeInKilobytes?: pulumi.Input; /** * Specifies the url of the webhook where the Event Subscription will receive events. */ url: pulumi.Input; } interface SystemTopicIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Event Grid System Topic. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. * * > **Note:** When `type` is set to `SystemAssigned`, The assigned `principalId` and `tenantId` can be retrieved after the Event Grid System Topic has been created. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Event Grid System Topic. Possible values are `SystemAssigned`, `UserAssigned`, and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface TopicIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Event Grid Topic. * * > **Note:** This is required when `type` is set to `UserAssigned` * * > **Note:** When `type` is set to `SystemAssigned`, The assigned `principalId` and `tenantId` can be retrieved after the Event Grid Topic has been created. More details are available below. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Event Grid Topic. Possible values are `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; } interface TopicInboundIpRule { /** * The action to take when the rule is matched. Possible values are `Allow`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The IP mask (CIDR) to match on. */ ipMask: pulumi.Input; } interface TopicInputMappingDefaultValues { /** * Specifies the default data version of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ dataVersion?: pulumi.Input; /** * Specifies the default event type of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ eventType?: pulumi.Input; /** * Specifies the default subject of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ subject?: pulumi.Input; } interface TopicInputMappingFields { /** * Specifies the data version of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ dataVersion?: pulumi.Input; /** * Specifies the event time of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ eventTime?: pulumi.Input; /** * Specifies the event type of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ eventType?: pulumi.Input; /** * Specifies the id of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ id?: pulumi.Input; /** * Specifies the subject of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ subject?: pulumi.Input; /** * Specifies the topic of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ topic?: pulumi.Input; } } export declare namespace eventhub { interface DomainIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Event Grid Domain. * * > **Note:** This is required when `type` is set to `UserAssigned` * * > **Note:** When `type` is set to `SystemAssigned`, The assigned `principalId` and `tenantId` can be retrieved after the Event Grid Domain has been created. More details are available below. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Event Grid Domain. Possible values are `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; } interface DomainInboundIpRule { /** * The action to take when the rule is matched. Possible values are `Allow`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The IP mask (CIDR) to match on. */ ipMask: pulumi.Input; } interface DomainInputMappingDefaultValues { /** * Specifies the default data version of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ dataVersion?: pulumi.Input; /** * Specifies the default event type of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ eventType?: pulumi.Input; /** * Specifies the default subject of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ subject?: pulumi.Input; } interface DomainInputMappingFields { /** * Specifies the data version of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ dataVersion?: pulumi.Input; /** * Specifies the event time of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ eventTime?: pulumi.Input; /** * Specifies the event type of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ eventType?: pulumi.Input; /** * Specifies the id of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ id?: pulumi.Input; /** * Specifies the subject of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ subject?: pulumi.Input; /** * Specifies the topic of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ topic?: pulumi.Input; } interface EventGridTopicIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Event Grid Topic. * * > **Note:** This is required when `type` is set to `UserAssigned` * * > **Note:** When `type` is set to `SystemAssigned`, The assigned `principalId` and `tenantId` can be retrieved after the Event Grid Topic has been created. More details are available below. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Event Grid Topic. Possible values are `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; } interface EventGridTopicInboundIpRule { /** * The action to take when the rule is matched. Possible values are `Allow`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The IP mask (CIDR) to match on. */ ipMask: pulumi.Input; } interface EventGridTopicInputMappingDefaultValues { /** * Specifies the default data version of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ dataVersion?: pulumi.Input; /** * Specifies the default event type of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ eventType?: pulumi.Input; /** * Specifies the default subject of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ subject?: pulumi.Input; } interface EventGridTopicInputMappingFields { /** * Specifies the data version of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ dataVersion?: pulumi.Input; /** * Specifies the event time of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ eventTime?: pulumi.Input; /** * Specifies the event type of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ eventType?: pulumi.Input; /** * Specifies the id of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ id?: pulumi.Input; /** * Specifies the subject of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ subject?: pulumi.Input; /** * Specifies the topic of the EventGrid Event to associate with the domain. Changing this forces a new resource to be created. */ topic?: pulumi.Input; } interface EventHubCaptureDescription { /** * A `destination` block as defined below. */ destination: pulumi.Input; /** * Specifies if the Capture Description is Enabled. */ enabled: pulumi.Input; /** * Specifies the Encoding used for the Capture Description. Possible values are `Avro` and `AvroDeflate`. */ encoding: pulumi.Input; /** * Specifies the time interval in seconds at which the capture will happen. Values can be between `60` and `900` seconds. Defaults to `300` seconds. */ intervalInSeconds?: pulumi.Input; /** * Specifies the amount of data built up in your EventHub before a Capture Operation occurs. Value should be between `10485760` and `524288000` bytes. Defaults to `314572800` bytes. */ sizeLimitInBytes?: pulumi.Input; /** * Specifies if empty files should not be emitted if no events occur during the Capture time window. Defaults to `false`. */ skipEmptyArchives?: pulumi.Input; } interface EventHubCaptureDescriptionDestination { /** * The Blob naming convention for archiving. e.g. `{Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}`. Here all the parameters (Namespace,EventHub .. etc) are mandatory irrespective of order */ archiveNameFormat: pulumi.Input; /** * The name of the Container within the Blob Storage Account where messages should be archived. */ blobContainerName: pulumi.Input; /** * The Name of the Destination where the capture should take place. At this time the only supported value is `EventHubArchive.AzureBlockBlob`. * * > **Note:** At this time it's only possible to Capture EventHub messages to Blob Storage. There's [a Feature Request for the Azure SDK to add support for Capturing messages to Azure Data Lake here](https://github.com/Azure/azure-rest-api-specs/issues/2255). */ name: pulumi.Input; /** * The ID of the Blob Storage Account where messages should be archived. */ storageAccountId: pulumi.Input; } interface EventHubNamespaceIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this EventHub namespace. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. * * > **Note:** Due to the limitation of the current Azure API, once an EventHub Namespace has been assigned an identity, it cannot be removed. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Event Hub Namespace. Possible values are `SystemAssigned` or `UserAssigned`. */ type: pulumi.Input; } interface EventHubNamespaceNetworkRulesets { /** * The default action to take when a rule is not matched. Possible values are `Allow` and `Deny`. */ defaultAction: pulumi.Input; /** * One or more `ipRule` blocks as defined below. */ ipRules?: pulumi.Input[]>; /** * Is public network access enabled for the EventHub Namespace? Defaults to `true`. * * > **Note:** The public network access setting at the network rule sets level should be the same as it's at the namespace level. */ publicNetworkAccessEnabled?: pulumi.Input; /** * Whether Trusted Microsoft Services are allowed to bypass firewall. */ trustedServiceAccessEnabled?: pulumi.Input; /** * One or more `virtualNetworkRule` blocks as defined below. */ virtualNetworkRules?: pulumi.Input[]>; } interface EventHubNamespaceNetworkRulesetsIpRule { /** * The action to take when the rule is matched. Possible values are `Allow`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The IP mask to match on. */ ipMask: pulumi.Input; } interface EventHubNamespaceNetworkRulesetsVirtualNetworkRule { /** * Are missing virtual network service endpoints ignored? */ ignoreMissingVirtualNetworkServiceEndpoint?: pulumi.Input; /** * The id of the subnet to match on. */ subnetId: pulumi.Input; } interface EventHubRetentionDescription { /** * Specifies the Cleanup Policy for the EventHub. Possible values are `Delete` and `Compact`. Changing this forces a new resource to be created. */ cleanupPolicy: pulumi.Input; /** * Specifies the number of hours to retain the events for this Event Hub. The value is only used when `cleanupPolicy` is `Delete`. */ retentionTimeInHours?: pulumi.Input; /** * Specifies the number of hours to retain the tombstones markers of a compacted Event Hub. The value is only used when `cleanupPolicy` is `Compact`. */ tombstoneRetentionTimeInHours?: pulumi.Input; } interface EventSubscriptionAdvancedFilter { /** * Compares a value of an event using a single boolean value. */ boolEquals?: pulumi.Input[]>; /** * Evaluates if a value of an event isn't NULL or undefined. */ isNotNulls?: pulumi.Input[]>; /** * Evaluates if a value of an event is NULL or undefined. * * Each nested block consists of a key and a value(s) element. */ isNullOrUndefineds?: pulumi.Input[]>; /** * Compares a value of an event using a single floating point number. */ numberGreaterThanOrEquals?: pulumi.Input[]>; /** * Compares a value of an event using a single floating point number. */ numberGreaterThans?: pulumi.Input[]>; /** * Compares a value of an event using multiple floating point number ranges. */ numberInRanges?: pulumi.Input[]>; /** * Compares a value of an event using multiple floating point numbers. */ numberIns?: pulumi.Input[]>; /** * Compares a value of an event using a single floating point number. */ numberLessThanOrEquals?: pulumi.Input[]>; /** * Compares a value of an event using a single floating point number. */ numberLessThans?: pulumi.Input[]>; /** * Compares a value of an event using multiple floating point number ranges. */ numberNotInRanges?: pulumi.Input[]>; /** * Compares a value of an event using multiple floating point numbers. */ numberNotIns?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringBeginsWiths?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringContains?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringEndsWiths?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringIns?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringNotBeginsWiths?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringNotContains?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringNotEndsWiths?: pulumi.Input[]>; /** * Compares a value of an event using multiple string values. */ stringNotIns?: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterBoolEqual { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface EventSubscriptionAdvancedFilterIsNotNull { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; } interface EventSubscriptionAdvancedFilterIsNullOrUndefined { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; } interface EventSubscriptionAdvancedFilterNumberGreaterThan { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface EventSubscriptionAdvancedFilterNumberGreaterThanOrEqual { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface EventSubscriptionAdvancedFilterNumberIn { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterNumberInRange { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>[]>; } interface EventSubscriptionAdvancedFilterNumberLessThan { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface EventSubscriptionAdvancedFilterNumberLessThanOrEqual { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; value: pulumi.Input; } interface EventSubscriptionAdvancedFilterNumberNotIn { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterNumberNotInRange { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>[]>; } interface EventSubscriptionAdvancedFilterStringBeginsWith { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringContain { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringEndsWith { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringIn { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringNotBeginsWith { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringNotContain { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringNotEndsWith { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAdvancedFilterStringNotIn { /** * Specifies the field within the event data that you want to use for filtering. Type of the field can be a number, boolean, or string. */ key: pulumi.Input; /** * Specifies an array of values to compare to when using a multiple values operator. * * > **Note:** A maximum of total number of advanced filter values allowed on event subscription is 25. */ values: pulumi.Input[]>; } interface EventSubscriptionAzureFunctionEndpoint { /** * Specifies the ID of the Function where the Event Subscription will receive events. This must be the functions ID in format {function_app.id}/functions/{name}. */ functionId: pulumi.Input; /** * Maximum number of events per batch. */ maxEventsPerBatch?: pulumi.Input; /** * Preferred batch size in Kilobytes. */ preferredBatchSizeInKilobytes?: pulumi.Input; } interface EventSubscriptionDeadLetterIdentity { /** * Specifies the type of Managed Service Identity that is used for dead lettering. Allowed value is `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; /** * The user identity associated with the resource. */ userAssignedIdentity?: pulumi.Input; } interface EventSubscriptionDeliveryIdentity { /** * Specifies the type of Managed Service Identity that is used for event delivery. Allowed value is `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; /** * The user identity associated with the resource. */ userAssignedIdentity?: pulumi.Input; } interface EventSubscriptionDeliveryProperty { /** * The name of the header to send on to the destination */ headerName: pulumi.Input; /** * True if the `value` is a secret and should be protected, otherwise false. If True, then this value won't be returned from Azure API calls */ secret?: pulumi.Input; /** * If the `type` is `Dynamic`, then provide the payload field to be used as the value. Valid source fields differ by subscription type. */ sourceField?: pulumi.Input; /** * Either `Static` or `Dynamic` */ type: pulumi.Input; /** * If the `type` is `Static`, then provide the value to use */ value?: pulumi.Input; } interface EventSubscriptionRetryPolicy { /** * Specifies the time to live (in minutes) for events. Supported range is `1` to `1440`. See [official documentation](https://docs.microsoft.com/azure/event-grid/manage-event-delivery#set-retry-policy) for more details. */ eventTimeToLive: pulumi.Input; /** * Specifies the maximum number of delivery retry attempts for events. */ maxDeliveryAttempts: pulumi.Input; } interface EventSubscriptionStorageBlobDeadLetterDestination { /** * Specifies the id of the storage account id where the storage blob is located. */ storageAccountId: pulumi.Input; /** * Specifies the name of the Storage blob container that is the destination of the deadletter events. */ storageBlobContainerName: pulumi.Input; } interface EventSubscriptionStorageQueueEndpoint { /** * Storage queue message time to live in seconds. */ queueMessageTimeToLiveInSeconds?: pulumi.Input; /** * Specifies the name of the storage queue where the Event Subscription will receive events. */ queueName: pulumi.Input; /** * Specifies the id of the storage account id where the storage queue is located. */ storageAccountId: pulumi.Input; } interface EventSubscriptionSubjectFilter { /** * Specifies if `subjectBeginsWith` and `subjectEndsWith` case sensitive. This value */ caseSensitive?: pulumi.Input; /** * A string to filter events for an event subscription based on a resource path prefix. */ subjectBeginsWith?: pulumi.Input; /** * A string to filter events for an event subscription based on a resource path suffix. */ subjectEndsWith?: pulumi.Input; } interface EventSubscriptionWebhookEndpoint { /** * The Azure Active Directory Application ID or URI to get the access token that will be included as the bearer token in delivery requests. */ activeDirectoryAppIdOrUri?: pulumi.Input; /** * The Azure Active Directory Tenant ID to get the access token that will be included as the bearer token in delivery requests. */ activeDirectoryTenantId?: pulumi.Input; /** * The base url of the webhook where the Event Subscription will receive events. */ baseUrl?: pulumi.Input; /** * Maximum number of events per batch. */ maxEventsPerBatch?: pulumi.Input; /** * Preferred batch size in Kilobytes. */ preferredBatchSizeInKilobytes?: pulumi.Input; /** * Specifies the url of the webhook where the Event Subscription will receive events. */ url: pulumi.Input; } interface NamespaceCustomerManagedKey { /** * The ID of the User Assigned Identity that has access to the key. */ identityId: pulumi.Input; /** * Used to specify whether enable Infrastructure Encryption (Double Encryption). Changing this forces a new resource to be created. */ infrastructureEncryptionEnabled?: pulumi.Input; /** * The ID of the Key Vault Key which should be used to Encrypt the data in this Service Bus Namespace. */ keyVaultKeyId: pulumi.Input; } interface NamespaceIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Service Bus namespace. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this Service Bus Namespace. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this Service Bus Namespace. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Service Bus Namespace. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface NamespaceNetworkRuleSet { /** * Specifies the default action for the Network Rule Set. Possible values are `Allow` and `Deny`. Defaults to `Allow`. */ defaultAction?: pulumi.Input; /** * One or more IP Addresses, or CIDR Blocks which should be able to access the Service Bus Namespace. */ ipRules?: pulumi.Input[]>; /** * One or more `networkRules` blocks as defined below. */ networkRules?: pulumi.Input[]>; /** * Whether to allow traffic over public network. Possible values are `true` and `false`. Defaults to `true`. * * > **Note:** To disable public network access, you must also configure the property `publicNetworkAccessEnabled`. */ publicNetworkAccessEnabled?: pulumi.Input; /** * Are Azure Services that are known and trusted for this resource type are allowed to bypass firewall configuration? See [Trusted Microsoft Services](https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/service-bus-messaging/includes/service-bus-trusted-services.md) */ trustedServicesAllowed?: pulumi.Input; } interface NamespaceNetworkRuleSetNetworkRule { /** * Should the Service Bus Namespace Network Rule Set ignore missing Virtual Network Service Endpoint option in the Subnet? Defaults to `false`. */ ignoreMissingVnetServiceEndpoint?: pulumi.Input; /** * The Subnet ID which should be able to access this Service Bus Namespace. */ subnetId: pulumi.Input; } interface SubscriptionClientScopedSubscription { /** * Specifies the Client ID of the application that created the client-scoped subscription. Changing this forces a new resource to be created. * * > **Note:** Client ID can be null or empty, but it must match the client ID set on the JMS client application. From the Azure Service Bus perspective, a null client ID and an empty client id have the same behavior. If the client ID is set to null or empty, it is only accessible to client applications whose client ID is also set to null or empty. */ clientId?: pulumi.Input; /** * Whether the client scoped subscription is durable. This property can only be controlled from the application side. */ isClientScopedSubscriptionDurable?: pulumi.Input; /** * Whether the client scoped subscription is shareable. Defaults to `true` Changing this forces a new resource to be created. */ isClientScopedSubscriptionShareable?: pulumi.Input; } interface SubscriptionRuleCorrelationFilter { /** * Content type of the message. */ contentType?: pulumi.Input; /** * Identifier of the correlation. */ correlationId?: pulumi.Input; /** * Application specific label. */ label?: pulumi.Input; /** * Identifier of the message. */ messageId?: pulumi.Input; /** * A list of user defined properties to be included in the filter. Specified as a map of name/value pairs. * * > **Note:** When creating a subscription rule of type `CorrelationFilter` at least one property must be set in the `correlationFilter` block. */ properties?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Address of the queue to reply to. */ replyTo?: pulumi.Input; /** * Session identifier to reply to. */ replyToSessionId?: pulumi.Input; /** * Session identifier. */ sessionId?: pulumi.Input; /** * Address to send to. */ to?: pulumi.Input; } } export declare namespace extendedlocation { interface CustomLocationAuthentication { /** * Specifies the type of authentication. */ type?: pulumi.Input; /** * Specifies the value of authentication. */ value: pulumi.Input; } } export declare namespace fabric { interface CapacitySku { /** * The name of the SKU to use for the Fabric Capacity. Possible values are `F2`, `F4`, `F8`, `F16`, `F32`, `F64`, `F128`, `F256`, `F512`, `F1024`, `F2048`. */ name: pulumi.Input; /** * The tier of the SKU to use for the Fabric Capacity. The only possible value is `Fabric`. */ tier: pulumi.Input; } } export declare namespace fluidrelay { interface ServerCustomerManagedKey { /** * The Key Vault Key Id that will be used to encrypt the Fluid Relay Server. */ keyVaultKeyId: pulumi.Input; /** * The User Assigned Managed Identity ID to be used for accessing the Customer Managed Key for encryption. */ userAssignedIdentityId: pulumi.Input; } interface ServerIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Fluid Relay Service. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Identity of this Fluid Relay Server. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Identity of this Fluid Relay Server. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Fluid Relay Service. Possible values are `SystemAssigned`,`UserAssigned` and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } } export declare namespace frontdoor { interface CustomHttpsConfigurationCustomHttpsConfiguration { /** * The name of the Key Vault secret representing the full certificate PFX. */ azureKeyVaultCertificateSecretName?: pulumi.Input; /** * The version of the Key Vault secret representing the full certificate PFX. * * > **Note:** In order to enable the use of your own custom `HTTPS certificate` you must grant `Azure Front Door Service` access to your key vault. For instructions on how to configure your `Key Vault` correctly please refer to the [product documentation](https://docs.microsoft.com/azure/frontdoor/front-door-custom-domain-https#option-2-use-your-own-certificate). */ azureKeyVaultCertificateSecretVersion?: pulumi.Input; /** * The ID of the Key Vault containing the SSL certificate. */ azureKeyVaultCertificateVaultId?: pulumi.Input; /** * Certificate source to encrypted `HTTPS` traffic with. Allowed values are `FrontDoor` or `AzureKeyVault`. Defaults to `FrontDoor`. * * The following attributes are only valid if `certificateSource` is set to `AzureKeyVault`: */ certificateSource?: pulumi.Input; /** * Minimum client TLS version supported. */ minimumTlsVersion?: pulumi.Input; provisioningState?: pulumi.Input; provisioningSubstate?: pulumi.Input; } interface FirewallPolicyCustomRule { /** * The action to perform when the rule is matched. Possible values are `Allow`, `Block`, `Log`, or `Redirect`. */ action: pulumi.Input; /** * Is the rule is enabled or disabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * One or more `matchCondition` block defined below. Can support up to `10` `matchCondition` blocks. */ matchConditions?: pulumi.Input[]>; /** * Gets name of the resource that is unique within a policy. This name can be used to access the resource. */ name: pulumi.Input; /** * The priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. Defaults to `1`. */ priority?: pulumi.Input; /** * The rate limit duration in minutes. Defaults to `1`. */ rateLimitDurationInMinutes?: pulumi.Input; /** * The rate limit threshold. Defaults to `10`. */ rateLimitThreshold?: pulumi.Input; /** * The type of rule. Possible values are `MatchRule` or `RateLimitRule`. */ type: pulumi.Input; } interface FirewallPolicyCustomRuleMatchCondition { /** * Up to `600` possible values to match. Limit is in total across all `matchCondition` blocks and `matchValues` arguments. String value itself can be up to `256` characters long. */ matchValues: pulumi.Input[]>; /** * The request variable to compare with. Possible values are `Cookies`, `PostArgs`, `QueryString`, `RemoteAddr`, `RequestBody`, `RequestHeader`, `RequestMethod`, `RequestUri`, or `SocketAddr`. */ matchVariable: pulumi.Input; /** * Should the result of the condition be negated. */ negationCondition?: pulumi.Input; /** * Comparison type to use for matching with the variable value. Possible values are `Any`, `BeginsWith`, `Contains`, `EndsWith`, `Equal`, `GeoMatch`, `GreaterThan`, `GreaterThanOrEqual`, `IPMatch`, `LessThan`, `LessThanOrEqual` or `RegEx`. */ operator: pulumi.Input; /** * Match against a specific key if the `matchVariable` is `QueryString`, `PostArgs`, `RequestHeader` or `Cookies`. */ selector?: pulumi.Input; /** * Up to `5` transforms to apply. Possible values are `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `URLDecode` or`URLEncode`. */ transforms?: pulumi.Input[]>; } interface FirewallPolicyManagedRule { /** * One or more `exclusion` blocks as defined below. */ exclusions?: pulumi.Input[]>; /** * One or more `override` blocks as defined below. */ overrides?: pulumi.Input[]>; /** * The name of the managed rule to use with this resource. */ type: pulumi.Input; /** * The version on the managed rule to use with this resource. */ version: pulumi.Input; } interface FirewallPolicyManagedRuleExclusion { /** * The variable type to be excluded. Possible values are `QueryStringArgNames`, `RequestBodyPostArgNames`, `RequestCookieNames`, `RequestHeaderNames`. */ matchVariable: pulumi.Input; /** * Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: `Equals`, `Contains`, `StartsWith`, `EndsWith`, `EqualsAny`. */ operator: pulumi.Input; /** * Selector for the value in the `matchVariable` attribute this exclusion applies to. */ selector: pulumi.Input; } interface FirewallPolicyManagedRuleOverride { /** * One or more `exclusion` blocks as defined below. */ exclusions?: pulumi.Input[]>; /** * The managed rule group to override. */ ruleGroupName: pulumi.Input; /** * One or more `rule` blocks as defined below. If none are specified, all of the rules in the group will be disabled. */ rules?: pulumi.Input[]>; } interface FirewallPolicyManagedRuleOverrideExclusion { /** * The variable type to be excluded. Possible values are `QueryStringArgNames`, `RequestBodyPostArgNames`, `RequestCookieNames`, `RequestHeaderNames`. */ matchVariable: pulumi.Input; /** * Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: `Equals`, `Contains`, `StartsWith`, `EndsWith`, `EqualsAny`. */ operator: pulumi.Input; /** * Selector for the value in the `matchVariable` attribute this exclusion applies to. */ selector: pulumi.Input; } interface FirewallPolicyManagedRuleOverrideRule { /** * The action to be applied when the rule matches. Possible values are `Allow`, `Block`, `Log`, or `Redirect`. */ action: pulumi.Input; /** * Is the managed rule override enabled or disabled. Defaults to `false` */ enabled?: pulumi.Input; /** * One or more `exclusion` blocks as defined below. */ exclusions?: pulumi.Input[]>; /** * Identifier for the managed rule. */ ruleId: pulumi.Input; } interface FirewallPolicyManagedRuleOverrideRuleExclusion { /** * The variable type to be excluded. Possible values are `QueryStringArgNames`, `RequestBodyPostArgNames`, `RequestCookieNames`, `RequestHeaderNames`. */ matchVariable: pulumi.Input; /** * Comparison operator to apply to the selector when specifying which elements in the collection this exclusion applies to. Possible values are: `Equals`, `Contains`, `StartsWith`, `EndsWith`, `EqualsAny`. */ operator: pulumi.Input; /** * Selector for the value in the `matchVariable` attribute this exclusion applies to. */ selector: pulumi.Input; } interface FrontdoorBackendPool { /** * A `backend` block as defined below. */ backends: pulumi.Input[]>; /** * Specifies the name of the `backendPoolHealthProbe` block within this resource to use for this `Backend Pool`. */ healthProbeName: pulumi.Input; /** * The ID of the FrontDoor. */ id?: pulumi.Input; /** * Specifies the name of the `backendPoolLoadBalancing` block within this resource to use for this `Backend Pool`. */ loadBalancingName: pulumi.Input; /** * Specifies the name of the Backend Pool. */ name: pulumi.Input; } interface FrontdoorBackendPoolBackend { /** * Location of the backend (IP address or FQDN) */ address: pulumi.Input; /** * Specifies if the backend is enabled or not. Valid options are `true` or `false`. Defaults to `true`. */ enabled?: pulumi.Input; /** * The value to use as the host header sent to the backend. */ hostHeader: pulumi.Input; /** * The HTTP TCP port number. Possible values are between `1` - `65535`. */ httpPort: pulumi.Input; /** * The HTTPS TCP port number. Possible values are between `1` - `65535`. */ httpsPort: pulumi.Input; /** * Priority to use for load balancing. Higher priorities will not be used for load balancing if any lower priority backend is healthy. Defaults to `1`. */ priority?: pulumi.Input; /** * Weight of this endpoint for load balancing purposes. Defaults to `50`. */ weight?: pulumi.Input; } interface FrontdoorBackendPoolHealthProbe { /** * Is this health probe enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The ID of the FrontDoor. */ id?: pulumi.Input; /** * The number of seconds between each Health Probe. Defaults to `120`. */ intervalInSeconds?: pulumi.Input; /** * Specifies the name of the Health Probe. */ name: pulumi.Input; /** * The path to use for the Health Probe. Default is `/`. */ path?: pulumi.Input; /** * Specifies HTTP method the health probe uses when querying the backend pool instances. Possible values include: `GET` and `HEAD`. Defaults to `GET`. * * > **NOTE:** Use the `HEAD` method if you do not need to check the response body of your health probe. */ probeMethod?: pulumi.Input; /** * Protocol scheme to use for the Health Probe. Possible values are `Http` and `Https`. Defaults to `Http`. */ protocol?: pulumi.Input; } interface FrontdoorBackendPoolLoadBalancing { /** * The additional latency in milliseconds for probes to fall into the lowest latency bucket. Defaults to `0`. */ additionalLatencyMilliseconds?: pulumi.Input; /** * The ID of the FrontDoor. */ id?: pulumi.Input; /** * Specifies the name of the Load Balancer. */ name: pulumi.Input; /** * The number of samples to consider for load balancing decisions. Defaults to `4`. */ sampleSize?: pulumi.Input; /** * The number of samples within the sample period that must succeed. Defaults to `2`. */ successfulSamplesRequired?: pulumi.Input; } interface FrontdoorBackendPoolSetting { /** * Specifies the send and receive timeout on forwarding request to the backend. When the timeout is reached, the request fails and returns. Possible values are between `0` - `240`. Defaults to `60`. */ backendPoolsSendReceiveTimeoutSeconds?: pulumi.Input; /** * Enforce certificate name check on `HTTPS` requests to all backend pools, this setting will have no effect on `HTTP` requests. Permitted values are `true` or `false`. * * > **NOTE:** `backendPoolsSendReceiveTimeoutSeconds` and `enforceBackendPoolsCertificateNameCheck` apply to all backend pools. */ enforceBackendPoolsCertificateNameCheck: pulumi.Input; } interface FrontdoorExplicitResourceOrder { backendPoolHealthProbeIds?: pulumi.Input[]>; backendPoolIds?: pulumi.Input[]>; backendPoolLoadBalancingIds?: pulumi.Input[]>; frontendEndpointIds?: pulumi.Input[]>; routingRuleIds?: pulumi.Input[]>; } interface FrontdoorFrontendEndpoint { /** * Specifies the host name of the `frontendEndpoint`. Must be a domain name. In order to use a name.azurefd.net domain, the name value must match the Front Door name. */ hostName: pulumi.Input; /** * The ID of the FrontDoor. */ id?: pulumi.Input; /** * Specifies the name of the `frontendEndpoint`. */ name: pulumi.Input; /** * Whether to allow session affinity on this host. Valid options are `true` or `false` Defaults to `false`. */ sessionAffinityEnabled?: pulumi.Input; /** * The TTL to use in seconds for session affinity, if applicable. Defaults to `0`. */ sessionAffinityTtlSeconds?: pulumi.Input; /** * Defines the Web Application Firewall policy `ID` for each host. */ webApplicationFirewallPolicyLinkId?: pulumi.Input; } interface FrontdoorRoutingRule { /** * Protocol schemes to match for the Backend Routing Rule. Possible values are `Http` and `Https`. */ acceptedProtocols: pulumi.Input[]>; /** * `Enable` or `Disable` use of this Backend Routing Rule. Permitted values are `true` or `false`. Defaults to `true`. */ enabled?: pulumi.Input; /** * A `forwardingConfiguration` block as defined below. */ forwardingConfiguration?: pulumi.Input; /** * The names of the `frontendEndpoint` blocks within this resource to associate with this `routingRule`. */ frontendEndpoints: pulumi.Input[]>; /** * The ID of the FrontDoor. */ id?: pulumi.Input; /** * Specifies the name of the Routing Rule. */ name: pulumi.Input; /** * The route patterns for the Backend Routing Rule. */ patternsToMatches: pulumi.Input[]>; /** * A `redirectConfiguration` block as defined below. */ redirectConfiguration?: pulumi.Input; } interface FrontdoorRoutingRuleForwardingConfiguration { /** * Specifies the name of the Backend Pool to forward the incoming traffic to. */ backendPoolName: pulumi.Input; /** * Specify the minimum caching duration (in ISO8601 notation e.g. `P1DT2H` for 1 day and 2 hours). Needs to be greater than 0 and smaller than 365 days. `cacheDuration` works only in combination with `cacheEnabled` set to `true`. */ cacheDuration?: pulumi.Input; /** * Specifies whether to Enable caching or not. Valid options are `true` or `false`. Defaults to `false`. */ cacheEnabled?: pulumi.Input; /** * Defines cache behaviour in relation to query string parameters. Valid options are `StripAll`, `StripAllExcept`, `StripOnly` or `StripNone`. Defaults to `StripAll`. */ cacheQueryParameterStripDirective?: pulumi.Input; /** * Specify query parameters (array). Works only in combination with `cacheQueryParameterStripDirective` set to `StripAllExcept` or `StripOnly`. */ cacheQueryParameters?: pulumi.Input[]>; /** * Whether to use dynamic compression when caching. Valid options are `true` or `false`. Defaults to `false`. */ cacheUseDynamicCompression?: pulumi.Input; /** * Path to use when constructing the request to forward to the backend. This functions as a URL Rewrite. Default behaviour preserves the URL path. */ customForwardingPath?: pulumi.Input; /** * Protocol to use when redirecting. Valid options are `HttpOnly`, `HttpsOnly`, or `MatchRequest`. Defaults to `HttpsOnly`. */ forwardingProtocol?: pulumi.Input; } interface FrontdoorRoutingRuleRedirectConfiguration { /** * The destination fragment in the portion of URL after '#'. Set this to add a fragment to the redirect URL. */ customFragment?: pulumi.Input; /** * Set this to change the URL for the redirection. */ customHost?: pulumi.Input; /** * The path to retain as per the incoming request, or update in the URL for the redirection. */ customPath?: pulumi.Input; /** * Replace any existing query string from the incoming request URL. */ customQueryString?: pulumi.Input; /** * Protocol to use when redirecting. Valid options are `HttpOnly`, `HttpsOnly`, or `MatchRequest`. */ redirectProtocol: pulumi.Input; /** * Status code for the redirect. Valida options are `Moved`, `Found`, `TemporaryRedirect`, `PermanentRedirect`. */ redirectType: pulumi.Input; } interface RulesEngineRule { /** * An `action` block as defined below. */ action?: pulumi.Input; /** * One or more `matchCondition` block as defined below. */ matchConditions?: pulumi.Input[]>; /** * The name of the rule. */ name: pulumi.Input; /** * Priority of the rule, must be unique per rules engine definition. */ priority: pulumi.Input; } interface RulesEngineRuleAction { /** * A `requestHeader` block as defined below. */ requestHeaders?: pulumi.Input[]>; /** * A `responseHeader` block as defined below. */ responseHeaders?: pulumi.Input[]>; } interface RulesEngineRuleActionRequestHeader { /** * can be set to `Overwrite`, `Append` or `Delete`. */ headerActionType?: pulumi.Input; /** * header name (string). */ headerName?: pulumi.Input; /** * value name (string). */ value?: pulumi.Input; } interface RulesEngineRuleActionResponseHeader { /** * can be set to `Overwrite`, `Append` or `Delete`. */ headerActionType?: pulumi.Input; /** * header name (string). */ headerName?: pulumi.Input; /** * value name (string). */ value?: pulumi.Input; } interface RulesEngineRuleMatchCondition { /** * can be set to `true` or `false` to negate the given condition. Defaults to `false`. */ negateCondition?: pulumi.Input; /** * can be set to `Any`, `IPMatch`, `GeoMatch`, `Equal`, `Contains`, `LessThan`, `GreaterThan`, `LessThanOrEqual`, `GreaterThanOrEqual`, `BeginsWith` or `EndsWith` */ operator: pulumi.Input; /** * match against a specific key when `variable` is set to `PostArgs` or `RequestHeader`. It cannot be used with `QueryString` and `RequestMethod`. */ selector?: pulumi.Input; /** * can be set to one or more values out of `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `UrlDecode` and `UrlEncode` */ transforms?: pulumi.Input[]>; /** * (array) can contain one or more strings. */ values?: pulumi.Input[]>; /** * can be set to `IsMobile`, `RemoteAddr`, `RequestMethod`, `QueryString`, `PostArgs`, `RequestURI`, `RequestPath`, `RequestFilename`, `RequestFilenameExtension`,`RequestHeader`,`RequestBody` or `RequestScheme`. */ variable?: pulumi.Input; } } export declare namespace hdinsight { interface HBaseClusterComponentVersion { /** * The version of HBase which should be used for this HDInsight HBase Cluster. Changing this forces a new resource to be created. */ hbase: pulumi.Input; } interface HBaseClusterComputeIsolation { /** * This field indicates whether enable compute isolation or not. Possible values are `true` or `false`. */ computeIsolationEnabled?: pulumi.Input; /** * The name of the host SKU. */ hostSku?: pulumi.Input; } interface HBaseClusterDiskEncryption { /** * This is an algorithm identifier for encryption. Possible values are `RSA1_5`, `RSA-OAEP`, `RSA-OAEP-256`. */ encryptionAlgorithm?: pulumi.Input; /** * This is indicator to show whether resource disk encryption is enabled. */ encryptionAtHostEnabled?: pulumi.Input; /** * The ID of the key vault key. */ keyVaultKeyId?: pulumi.Input; /** * This is the resource ID of Managed Identity used to access the key vault. */ keyVaultManagedIdentityId?: pulumi.Input; } interface HBaseClusterExtension { /** * The workspace ID of the log analytics extension. */ logAnalyticsWorkspaceId: pulumi.Input; /** * The workspace key of the log analytics extension. */ primaryKey: pulumi.Input; } interface HBaseClusterGateway { /** * The password used for the Ambari Portal. * * > **Note:** This password must be different from the one used for the `headNode`, `workerNode` and `zookeeperNode` roles. */ password: pulumi.Input; /** * The username used for the Ambari Portal. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface HBaseClusterMetastores { /** * An `ambari` block as defined below. */ ambari?: pulumi.Input; /** * A `hive` block as defined below. */ hive?: pulumi.Input; /** * An `oozie` block as defined below. */ oozie?: pulumi.Input; } interface HBaseClusterMetastoresAmbari { /** * The external Hive metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Ambari metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Ambari metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Ambari metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface HBaseClusterMetastoresHive { /** * The external Hive metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Hive metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Hive metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Hive metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface HBaseClusterMetastoresOozie { /** * The external Oozie metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Oozie metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Oozie metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Oozie metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface HBaseClusterMonitor { /** * The Operations Management Suite (OMS) workspace ID. */ logAnalyticsWorkspaceId: pulumi.Input; /** * The Operations Management Suite (OMS) workspace key. */ primaryKey: pulumi.Input; } interface HBaseClusterNetwork { /** * The direction of the resource provider connection. Possible values include `Inbound` or `Outbound`. Defaults to `Inbound`. Changing this forces a new resource to be created. * * > **Note:** To enable the private link the `connectionDirection` must be set to `Outbound`. */ connectionDirection?: pulumi.Input; /** * Is the private link enabled? Possible values include `true` or `false`. Defaults to `false`. Changing this forces a new resource to be created. */ privateLinkEnabled?: pulumi.Input; } interface HBaseClusterPrivateLinkConfiguration { /** * The ID of the private link service group. */ groupId: pulumi.Input; /** * An `ipConfiguration` block as defined below. */ ipConfiguration: pulumi.Input; /** * The name of the private link configuration. */ name: pulumi.Input; } interface HBaseClusterPrivateLinkConfigurationIpConfiguration { /** * The name of the IP configuration. */ name: pulumi.Input; /** * Indicates whether this IP configuration is primary. */ primary?: pulumi.Input; /** * The private IP address of the IP configuration. */ privateIpAddress?: pulumi.Input; /** * The private IP allocation method. Possible values are `Dynamic` and `Static`. */ privateIpAllocationMethod?: pulumi.Input; /** * The ID of the Subnet within the Virtual Network where the IP configuration should be provisioned. */ subnetId?: pulumi.Input; } interface HBaseClusterRoles { /** * A `headNode` block as defined above. */ headNode: pulumi.Input; /** * A `workerNode` block as defined below. */ workerNode: pulumi.Input; /** * A `zookeeperNode` block as defined below. */ zookeeperNode: pulumi.Input; } interface HBaseClusterRolesHeadNode { /** * The Password associated with the local administrator for the Head Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined below. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Head Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Head Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The Username of the local administrator for the Head Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Head Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Head Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_E96a_V4`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface HBaseClusterRolesHeadNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface HBaseClusterRolesWorkerNode { /** * A `autoscale` block as defined below. */ autoscale?: pulumi.Input; /** * The Password associated with the local administrator for the Worker Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined above. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Worker Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Worker Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The number of instances which should be run for the Worker Nodes. */ targetInstanceCount: pulumi.Input; /** * The Username of the local administrator for the Worker Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Worker Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Worker Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface HBaseClusterRolesWorkerNodeAutoscale { /** * A `recurrence` block as defined below. * * > **Note:** Either a `capacity` or `recurrence` block must be specified - but not both. */ recurrence?: pulumi.Input; } interface HBaseClusterRolesWorkerNodeAutoscaleRecurrence { /** * A list of `schedule` blocks as defined below. */ schedules: pulumi.Input[]>; /** * The time zone for the autoscale schedule times. */ timezone: pulumi.Input; } interface HBaseClusterRolesWorkerNodeAutoscaleRecurrenceSchedule { /** * The days of the week to perform autoscale. Possible values are `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` and `Sunday`. */ days: pulumi.Input[]>; /** * The number of worker nodes to autoscale at the specified time. */ targetInstanceCount: pulumi.Input; /** * The time of day to perform the autoscale in 24hour format. */ time: pulumi.Input; } interface HBaseClusterRolesWorkerNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface HBaseClusterRolesZookeeperNode { /** * The Password associated with the local administrator for the Zookeeper Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined above. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Zookeeper Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Zookeeper Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The Username of the local administrator for the Zookeeper Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Zookeeper Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Zookeeper Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface HBaseClusterRolesZookeeperNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface HBaseClusterSecurityProfile { /** * The resource ID of the Azure Active Directory Domain Service. Changing this forces a new resource to be created. */ aaddsResourceId: pulumi.Input; /** * A list of the distinguished names for the cluster user groups. Changing this forces a new resource to be created. */ clusterUsersGroupDns?: pulumi.Input[]>; /** * The name of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainName: pulumi.Input; /** * The user password of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainUserPassword: pulumi.Input; /** * The username of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainUsername: pulumi.Input; /** * A list of the LDAPS URLs to communicate with the Azure Active Directory. Changing this forces a new resource to be created. */ ldapsUrls: pulumi.Input[]>; /** * The User Assigned Identity for the HDInsight Cluster. Changing this forces a new resource to be created. */ msiResourceId: pulumi.Input; } interface HBaseClusterStorageAccount { /** * Is this the Default Storage Account for the HDInsight Hadoop Cluster? Changing this forces a new resource to be created. * * > **Note:** One of the `storageAccount` or `storageAccountGen2` blocks must be marked as the default. */ isDefault: pulumi.Input; /** * The Access Key which should be used to connect to the Storage Account. Changing this forces a new resource to be created. */ storageAccountKey: pulumi.Input; /** * The ID of the Storage Container. Changing this forces a new resource to be created. * * > **Note:** When the `azure.storage.Container` resource is created with `storageAccountName`, this can be obtained from the `id` of the `azure.storage.Container` resource. When the `azure.storage.Container` resource is created with `storageAccountId`, please use `azure.storage.getContainers` data source to get the `dataPlaneId` of the `azure.storage.Container` resource for this field. */ storageContainerId: pulumi.Input; /** * The ID of the Storage Account. Changing this forces a new resource to be created. */ storageResourceId?: pulumi.Input; } interface HBaseClusterStorageAccountGen2 { /** * The ID of the Gen2 Filesystem. Changing this forces a new resource to be created. */ filesystemId: pulumi.Input; /** * Is this the Default Storage Account for the HDInsight Hadoop Cluster? Changing this forces a new resource to be created. * * > **Note:** One of the `storageAccount` or `storageAccountGen2` blocks must be marked as the default. */ isDefault: pulumi.Input; /** * The ID of Managed Identity to use for accessing the Gen2 filesystem. Changing this forces a new resource to be created. * * > **Note:** This can be obtained from the `id` of the `azure.storage.Container` resource. */ managedIdentityResourceId: pulumi.Input; /** * The ID of the Storage Account. Changing this forces a new resource to be created. */ storageResourceId: pulumi.Input; } interface HadoopClusterComponentVersion { /** * The version of Hadoop which should be used for this HDInsight Hadoop Cluster. Changing this forces a new resource to be created. */ hadoop: pulumi.Input; } interface HadoopClusterComputeIsolation { /** * This field indicates whether enable compute isolation or not. Possible values are `true` or `false`. */ computeIsolationEnabled?: pulumi.Input; /** * The name of the host SKU. */ hostSku?: pulumi.Input; } interface HadoopClusterDiskEncryption { /** * This is an algorithm identifier for encryption. Possible values are `RSA1_5`, `RSA-OAEP`, `RSA-OAEP-256`. */ encryptionAlgorithm?: pulumi.Input; /** * This is indicator to show whether resource disk encryption is enabled. */ encryptionAtHostEnabled?: pulumi.Input; /** * The ID of the key vault key. */ keyVaultKeyId?: pulumi.Input; /** * This is the resource ID of Managed Identity used to access the key vault. */ keyVaultManagedIdentityId?: pulumi.Input; } interface HadoopClusterExtension { /** * The workspace ID of the log analytics extension. */ logAnalyticsWorkspaceId: pulumi.Input; /** * The workspace key of the log analytics extension. */ primaryKey: pulumi.Input; } interface HadoopClusterGateway { /** * The password used for the Ambari Portal. * * > **Note:** This password must be different from the one used for the `headNode`, `workerNode` and `zookeeperNode` roles. */ password: pulumi.Input; /** * The username used for the Ambari Portal. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface HadoopClusterMetastores { /** * An `ambari` block as defined below. */ ambari?: pulumi.Input; /** * A `hive` block as defined below. */ hive?: pulumi.Input; /** * An `oozie` block as defined below. */ oozie?: pulumi.Input; } interface HadoopClusterMetastoresAmbari { /** * The external Hive metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Ambari metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Ambari metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Ambari metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface HadoopClusterMetastoresHive { /** * The external Hive metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Hive metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Hive metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Hive metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface HadoopClusterMetastoresOozie { /** * The external Oozie metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Oozie metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Oozie metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Oozie metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface HadoopClusterMonitor { /** * The Operations Management Suite (OMS) workspace ID. */ logAnalyticsWorkspaceId: pulumi.Input; /** * The Operations Management Suite (OMS) workspace key. */ primaryKey: pulumi.Input; } interface HadoopClusterNetwork { /** * The direction of the resource provider connection. Possible values include `Inbound` or `Outbound`. Defaults to `Inbound`. Changing this forces a new resource to be created. * * > **Note:** To enabled the private link the `connectionDirection` must be set to `Outbound`. */ connectionDirection?: pulumi.Input; /** * Is the private link enabled? Possible values include `true` or `false`. Defaults to `false`. Changing this forces a new resource to be created. */ privateLinkEnabled?: pulumi.Input; } interface HadoopClusterPrivateLinkConfiguration { /** * The ID of the private link service group. */ groupId: pulumi.Input; /** * An `ipConfiguration` block as defined below. */ ipConfiguration: pulumi.Input; /** * The name of the private link configuration. */ name: pulumi.Input; } interface HadoopClusterPrivateLinkConfigurationIpConfiguration { /** * The name of the IP configuration. */ name: pulumi.Input; /** * Indicates whether this IP configuration is primary. */ primary?: pulumi.Input; /** * The private IP address of the IP configuration. */ privateIpAddress?: pulumi.Input; /** * The private IP allocation method. Possible values are `Dynamic` and `Static`. */ privateIpAllocationMethod?: pulumi.Input; /** * The ID of the Subnet within the Virtual Network where the IP configuration should be provisioned. */ subnetId?: pulumi.Input; } interface HadoopClusterRoles { /** * A `edgeNode` block as defined below. */ edgeNode?: pulumi.Input; /** * A `headNode` block as defined above. */ headNode: pulumi.Input; /** * A `workerNode` block as defined below. */ workerNode: pulumi.Input; /** * A `zookeeperNode` block as defined below. */ zookeeperNode: pulumi.Input; } interface HadoopClusterRolesEdgeNode { /** * The HTTPS Connectivity Endpoint for this HDInsight Hadoop Cluster. One or more `httpsEndpoints` blocks as defined below. */ httpsEndpoints?: pulumi.Input[]>; /** * A `installScriptAction` block as defined below. */ installScriptActions: pulumi.Input[]>; /** * The number of instances which should be run for the Worker Nodes. */ targetInstanceCount: pulumi.Input; /** * A `uninstallScriptActions` block as defined below. Changing this forces a new resource to be created. */ uninstallScriptActions?: pulumi.Input[]>; /** * The Size of the Virtual Machine which should be used as the Edge Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. */ vmSize: pulumi.Input; } interface HadoopClusterRolesEdgeNodeHttpsEndpoint { /** * A list of access modes for the application. */ accessModes?: pulumi.Input[]>; /** * The destination port to connect to. */ destinationPort?: pulumi.Input; /** * The value indicates whether the gateway authentication is enabled or not. */ disableGatewayAuth?: pulumi.Input; /** * The private ip address of the endpoint. */ privateIpAddress?: pulumi.Input; /** * The application's subdomain suffix. */ subDomainSuffix?: pulumi.Input; } interface HadoopClusterRolesEdgeNodeInstallScriptAction { /** * The name of the install script action. */ name: pulumi.Input; /** * The parameters for the script. */ parameters?: pulumi.Input; /** * The URI pointing to the script to run during the installation of the edge node. */ uri: pulumi.Input; } interface HadoopClusterRolesEdgeNodeUninstallScriptAction { /** * The name of the uninstall script action. */ name: pulumi.Input; /** * The parameters for the script. */ parameters?: pulumi.Input; /** * The URI pointing to the script to run during the installation of the edge node. */ uri: pulumi.Input; } interface HadoopClusterRolesHeadNode { /** * The Password associated with the local administrator for the Head Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined below. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Head Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Head Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The Username of the local administrator for the Head Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Head Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Head Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface HadoopClusterRolesHeadNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface HadoopClusterRolesWorkerNode { /** * A `autoscale` block as defined below. */ autoscale?: pulumi.Input; /** * The Password associated with the local administrator for the Worker Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined above. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Worker Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Worker Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The number of instances which should be run for the Worker Nodes. */ targetInstanceCount: pulumi.Input; /** * The Username of the local administrator for the Worker Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Worker Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Worker Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface HadoopClusterRolesWorkerNodeAutoscale { /** * A `capacity` block as defined below. */ capacity?: pulumi.Input; /** * A `recurrence` block as defined below. * * > **Note:** Either a `capacity` or `recurrence` block must be specified - but not both. */ recurrence?: pulumi.Input; } interface HadoopClusterRolesWorkerNodeAutoscaleCapacity { /** * The maximum number of worker nodes to autoscale to based on the cluster's activity. */ maxInstanceCount: pulumi.Input; /** * The minimum number of worker nodes to autoscale to based on the cluster's activity. */ minInstanceCount: pulumi.Input; } interface HadoopClusterRolesWorkerNodeAutoscaleRecurrence { /** * A list of `schedule` blocks as defined below. */ schedules: pulumi.Input[]>; /** * The time zone for the autoscale schedule times. */ timezone: pulumi.Input; } interface HadoopClusterRolesWorkerNodeAutoscaleRecurrenceSchedule { /** * The days of the week to perform autoscale. Possible values are `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` and `Sunday`. */ days: pulumi.Input[]>; /** * The number of worker nodes to autoscale at the specified time. */ targetInstanceCount: pulumi.Input; /** * The time of day to perform the autoscale in 24hour format. */ time: pulumi.Input; } interface HadoopClusterRolesWorkerNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface HadoopClusterRolesZookeeperNode { /** * The Password associated with the local administrator for the Zookeeper Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined above. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Zookeeper Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Zookeeper Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The Username of the local administrator for the Zookeeper Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Zookeeper Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Zookeeper Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface HadoopClusterRolesZookeeperNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface HadoopClusterSecurityProfile { /** * The resource ID of the Azure Active Directory Domain Service. Changing this forces a new resource to be created. */ aaddsResourceId: pulumi.Input; /** * A list of the distinguished names for the cluster user groups. Changing this forces a new resource to be created. */ clusterUsersGroupDns?: pulumi.Input[]>; /** * The name of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainName: pulumi.Input; /** * The user password of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainUserPassword: pulumi.Input; /** * The username of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainUsername: pulumi.Input; /** * A list of the LDAPS URLs to communicate with the Azure Active Directory. Changing this forces a new resource to be created. */ ldapsUrls: pulumi.Input[]>; /** * The User Assigned Identity for the HDInsight Cluster. Changing this forces a new resource to be created. */ msiResourceId: pulumi.Input; } interface HadoopClusterStorageAccount { /** * Is this the Default Storage Account for the HDInsight Hadoop Cluster? Changing this forces a new resource to be created. * * > **Note:** One of the `storageAccount` or `storageAccountGen2` blocks must be marked as the default. */ isDefault: pulumi.Input; /** * The Access Key which should be used to connect to the Storage Account. Changing this forces a new resource to be created. */ storageAccountKey: pulumi.Input; /** * The ID of the Storage Container. Changing this forces a new resource to be created. * * > **Note:** When the `azure.storage.Container` resource is created with `storageAccountName`, this can be obtained from the `id` of the `azure.storage.Container` resource. When the `azure.storage.Container` resource is created with `storageAccountId`, please use `azure.storage.getContainers` data source to get the `dataPlaneId` of the `azure.storage.Container` resource for this field. */ storageContainerId: pulumi.Input; /** * The ID of the Storage Account. Changing this forces a new resource to be created. */ storageResourceId?: pulumi.Input; } interface HadoopClusterStorageAccountGen2 { /** * The ID of the Gen2 Filesystem. Changing this forces a new resource to be created. */ filesystemId: pulumi.Input; /** * Is this the Default Storage Account for the HDInsight Hadoop Cluster? Changing this forces a new resource to be created. * * > **Note:** One of the `storageAccount` or `storageAccountGen2` blocks must be marked as the default. */ isDefault: pulumi.Input; /** * The ID of Managed Identity to use for accessing the Gen2 filesystem. Changing this forces a new resource to be created. * * > **Note:** This can be obtained from the `id` of the `azure.storage.Container` resource. */ managedIdentityResourceId: pulumi.Input; /** * The ID of the Storage Account. Changing this forces a new resource to be created. */ storageResourceId: pulumi.Input; } interface InteractiveQueryClusterComponentVersion { /** * The version of Interactive Query which should be used for this HDInsight Interactive Query Cluster. Changing this forces a new resource to be created. */ interactiveHive: pulumi.Input; } interface InteractiveQueryClusterComputeIsolation { /** * This field indicates whether enable compute isolation or not. Possible values are `true` or `false`. */ computeIsolationEnabled?: pulumi.Input; /** * The name of the host SKU. */ hostSku?: pulumi.Input; } interface InteractiveQueryClusterDiskEncryption { /** * This is an algorithm identifier for encryption. Possible values are `RSA1_5`, `RSA-OAEP`, `RSA-OAEP-256`. */ encryptionAlgorithm?: pulumi.Input; /** * This is indicator to show whether resource disk encryption is enabled. */ encryptionAtHostEnabled?: pulumi.Input; /** * The ID of the key vault key. */ keyVaultKeyId?: pulumi.Input; /** * This is the resource ID of Managed Identity used to access the key vault. */ keyVaultManagedIdentityId?: pulumi.Input; } interface InteractiveQueryClusterExtension { /** * The workspace ID of the log analytics extension. */ logAnalyticsWorkspaceId: pulumi.Input; /** * The workspace key of the log analytics extension. */ primaryKey: pulumi.Input; } interface InteractiveQueryClusterGateway { /** * The password used for the Ambari Portal. * * > **Note:** This password must be different from the one used for the `headNode`, `workerNode` and `zookeeperNode` roles. */ password: pulumi.Input; /** * The username used for the Ambari Portal. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface InteractiveQueryClusterMetastores { /** * An `ambari` block as defined below. */ ambari?: pulumi.Input; /** * A `hive` block as defined below. */ hive?: pulumi.Input; /** * An `oozie` block as defined below. */ oozie?: pulumi.Input; } interface InteractiveQueryClusterMetastoresAmbari { /** * The external Hive metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Ambari metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Ambari metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Ambari metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface InteractiveQueryClusterMetastoresHive { /** * The external Hive metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Hive metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Hive metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Hive metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface InteractiveQueryClusterMetastoresOozie { /** * The external Oozie metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Oozie metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Oozie metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Oozie metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface InteractiveQueryClusterMonitor { /** * The Operations Management Suite (OMS) workspace ID. */ logAnalyticsWorkspaceId: pulumi.Input; /** * The Operations Management Suite (OMS) workspace key. */ primaryKey: pulumi.Input; } interface InteractiveQueryClusterNetwork { /** * The direction of the resource provider connection. Possible values include `Inbound` or `Outbound`. Defaults to `Inbound`. Changing this forces a new resource to be created. * * > **Note:** To enabled the private link the `connectionDirection` must be set to `Outbound`. */ connectionDirection?: pulumi.Input; /** * Is the private link enabled? Possible values include `true` or `false`. Defaults to `false`. Changing this forces a new resource to be created. */ privateLinkEnabled?: pulumi.Input; } interface InteractiveQueryClusterPrivateLinkConfiguration { /** * The ID of the private link service group. */ groupId: pulumi.Input; /** * An `ipConfiguration` block as defined below. */ ipConfiguration: pulumi.Input; /** * The name of the private link configuration. */ name: pulumi.Input; } interface InteractiveQueryClusterPrivateLinkConfigurationIpConfiguration { /** * The name of the IP configuration. */ name: pulumi.Input; /** * Indicates whether this IP configuration is primary. */ primary?: pulumi.Input; /** * The private IP address of the IP configuration. */ privateIpAddress?: pulumi.Input; /** * The private IP allocation method. Possible values are `Dynamic` and `Static`. */ privateIpAllocationMethod?: pulumi.Input; /** * The ID of the Subnet within the Virtual Network where the IP configuration should be provisioned. */ subnetId?: pulumi.Input; } interface InteractiveQueryClusterRoles { /** * A `headNode` block as defined above. */ headNode: pulumi.Input; /** * A `workerNode` block as defined below. */ workerNode: pulumi.Input; /** * A `zookeeperNode` block as defined below. */ zookeeperNode: pulumi.Input; } interface InteractiveQueryClusterRolesHeadNode { /** * The Password associated with the local administrator for the Head Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined below. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Head Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Head Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The Username of the local administrator for the Head Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Head Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Head Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. * * > **Note:** High memory instances must be specified for the Head Node (Azure suggests a `Standard_D13_V2`). */ vmSize: pulumi.Input; } interface InteractiveQueryClusterRolesHeadNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface InteractiveQueryClusterRolesWorkerNode { /** * A `autoscale` block as defined below. */ autoscale?: pulumi.Input; /** * The Password associated with the local administrator for the Worker Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined above. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Worker Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Worker Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The number of instances which should be run for the Worker Nodes. */ targetInstanceCount: pulumi.Input; /** * The Username of the local administrator for the Worker Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Worker Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Worker Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. * * > **Note:** High memory instances must be specified for the Head Node (Azure suggests a `Standard_D14_V2`). */ vmSize: pulumi.Input; } interface InteractiveQueryClusterRolesWorkerNodeAutoscale { /** * A `recurrence` block as defined below. */ recurrence?: pulumi.Input; } interface InteractiveQueryClusterRolesWorkerNodeAutoscaleRecurrence { /** * A list of `schedule` blocks as defined below. */ schedules: pulumi.Input[]>; /** * The time zone for the autoscale schedule times. */ timezone: pulumi.Input; } interface InteractiveQueryClusterRolesWorkerNodeAutoscaleRecurrenceSchedule { /** * The days of the week to perform autoscale. Possible values are `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` and `Sunday`. */ days: pulumi.Input[]>; /** * The number of worker nodes to autoscale at the specified time. */ targetInstanceCount: pulumi.Input; /** * The time of day to perform the autoscale in 24hour format. */ time: pulumi.Input; } interface InteractiveQueryClusterRolesWorkerNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface InteractiveQueryClusterRolesZookeeperNode { /** * The Password associated with the local administrator for the Zookeeper Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined above. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Zookeeper Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Zookeeper Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The Username of the local administrator for the Zookeeper Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Zookeeper Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Zookeeper Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface InteractiveQueryClusterRolesZookeeperNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface InteractiveQueryClusterSecurityProfile { /** * The resource ID of the Azure Active Directory Domain Service. Changing this forces a new resource to be created. */ aaddsResourceId: pulumi.Input; /** * A list of the distinguished names for the cluster user groups. Changing this forces a new resource to be created. */ clusterUsersGroupDns?: pulumi.Input[]>; /** * The name of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainName: pulumi.Input; /** * The user password of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainUserPassword: pulumi.Input; /** * The username of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainUsername: pulumi.Input; /** * A list of the LDAPS URLs to communicate with the Azure Active Directory. Changing this forces a new resource to be created. */ ldapsUrls: pulumi.Input[]>; /** * The User Assigned Identity for the HDInsight Cluster. Changing this forces a new resource to be created. */ msiResourceId: pulumi.Input; } interface InteractiveQueryClusterStorageAccount { /** * Is this the Default Storage Account for the HDInsight Hadoop Cluster? Changing this forces a new resource to be created. * * > **Note:** One of the `storageAccount` or `storageAccountGen2` blocks must be marked as the default. */ isDefault: pulumi.Input; /** * The Access Key which should be used to connect to the Storage Account. Changing this forces a new resource to be created. */ storageAccountKey: pulumi.Input; /** * The ID of the Storage Container. Changing this forces a new resource to be created. * * > **Note:** When the `azure.storage.Container` resource is created with `storageAccountName`, this can be obtained from the `id` of the `azure.storage.Container` resource. When the `azure.storage.Container` resource is created with `storageAccountId`, please use `azure.storage.getContainers` data source to get the `dataPlaneId` of the `azure.storage.Container` resource for this field. */ storageContainerId: pulumi.Input; /** * The ID of the Storage Account. Changing this forces a new resource to be created. */ storageResourceId?: pulumi.Input; } interface InteractiveQueryClusterStorageAccountGen2 { /** * The ID of the Gen2 Filesystem. Changing this forces a new resource to be created. */ filesystemId: pulumi.Input; /** * Is this the Default Storage Account for the HDInsight Hadoop Cluster? Changing this forces a new resource to be created. * * > **Note:** One of the `storageAccount` or `storageAccountGen2` blocks must be marked as the default. */ isDefault: pulumi.Input; /** * The ID of Managed Identity to use for accessing the Gen2 filesystem. Changing this forces a new resource to be created. * * > **Note:** This can be obtained from the `id` of the `azure.storage.Container` resource. */ managedIdentityResourceId: pulumi.Input; /** * The ID of the Storage Account. Changing this forces a new resource to be created. */ storageResourceId: pulumi.Input; } interface KafkaClusterComponentVersion { /** * The version of Kafka which should be used for this HDInsight Kafka Cluster. Changing this forces a new resource to be created. */ kafka: pulumi.Input; } interface KafkaClusterComputeIsolation { /** * This field indicates whether enable compute isolation or not. Possible values are `true` or `false`. */ computeIsolationEnabled?: pulumi.Input; /** * The name of the host SKU. */ hostSku?: pulumi.Input; } interface KafkaClusterDiskEncryption { /** * This is an algorithm identifier for encryption. Possible values are `RSA1_5`, `RSA-OAEP`, `RSA-OAEP-256`. */ encryptionAlgorithm?: pulumi.Input; /** * This is indicator to show whether resource disk encryption is enabled. */ encryptionAtHostEnabled?: pulumi.Input; /** * The ID of the key vault key. */ keyVaultKeyId?: pulumi.Input; /** * This is the resource ID of Managed Identity used to access the key vault. */ keyVaultManagedIdentityId?: pulumi.Input; } interface KafkaClusterExtension { /** * The workspace ID of the log analytics extension. */ logAnalyticsWorkspaceId: pulumi.Input; /** * The workspace key of the log analytics extension. */ primaryKey: pulumi.Input; } interface KafkaClusterGateway { /** * The password used for the Ambari Portal. * * > **Note:** This password must be different from the one used for the `headNode`, `workerNode` and `zookeeperNode` roles. */ password: pulumi.Input; /** * The username used for the Ambari Portal. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface KafkaClusterMetastores { /** * An `ambari` block as defined below. */ ambari?: pulumi.Input; /** * A `hive` block as defined below. */ hive?: pulumi.Input; /** * An `oozie` block as defined below. */ oozie?: pulumi.Input; } interface KafkaClusterMetastoresAmbari { /** * The external Hive metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Ambari metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Ambari metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Ambari metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface KafkaClusterMetastoresHive { /** * The external Hive metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Hive metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Hive metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Hive metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface KafkaClusterMetastoresOozie { /** * The external Oozie metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Oozie metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Oozie metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Oozie metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface KafkaClusterMonitor { /** * The Operations Management Suite (OMS) workspace ID. */ logAnalyticsWorkspaceId: pulumi.Input; /** * The Operations Management Suite (OMS) workspace key. */ primaryKey: pulumi.Input; } interface KafkaClusterNetwork { /** * The direction of the resource provider connection. Possible values include `Inbound` or `Outbound`. Defaults to `Inbound`. Changing this forces a new resource to be created. * * > **Note:** To enabled the private link the `connectionDirection` must be set to `Outbound`. */ connectionDirection?: pulumi.Input; /** * Is the private link enabled? Possible values include `true` or `false`. Defaults to `false`. Changing this forces a new resource to be created. */ privateLinkEnabled?: pulumi.Input; } interface KafkaClusterPrivateLinkConfiguration { /** * The ID of the private link service group. */ groupId: pulumi.Input; /** * An `ipConfiguration` block as defined below. */ ipConfiguration: pulumi.Input; /** * The name of the private link configuration. */ name: pulumi.Input; } interface KafkaClusterPrivateLinkConfigurationIpConfiguration { /** * The name of the IP configuration. */ name: pulumi.Input; /** * Indicates whether this IP configuration is primary. */ primary?: pulumi.Input; /** * The private IP address of the IP configuration. */ privateIpAddress?: pulumi.Input; /** * The private IP allocation method. Possible values are `Dynamic` and `Static`. */ privateIpAllocationMethod?: pulumi.Input; /** * The ID of the Subnet within the Virtual Network where the IP configuration should be provisioned. */ subnetId?: pulumi.Input; } interface KafkaClusterRestProxy { /** * The Azure Active Directory Security Group ID. Changing this forces a new resource to be created. */ securityGroupId: pulumi.Input; /** * The Azure Active Directory Security Group name. Changing this forces a new resource to be created. * * > **Note:** The `securityGroupName` property will be Required in version 3.0 of the AzureRM Provider. */ securityGroupName: pulumi.Input; } interface KafkaClusterRoles { /** * A `headNode` block as defined above. */ headNode: pulumi.Input; /** * A `kafkaManagementNode` block as defined below. * * > **Note:** This property has been deprecated and will be removed in version 4.0. */ kafkaManagementNode?: pulumi.Input; /** * A `workerNode` block as defined below. */ workerNode: pulumi.Input; /** * A `zookeeperNode` block as defined below. */ zookeeperNode: pulumi.Input; } interface KafkaClusterRolesHeadNode { /** * The Password associated with the local administrator for the Head Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined below. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Head Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Head Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The Username of the local administrator for the Head Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Head Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Head Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface KafkaClusterRolesHeadNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface KafkaClusterRolesKafkaManagementNode { /** * The Password associated with the local administrator for the Kafka Management Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined below. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Kafka Management Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Kafka Management Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The Username of the local administrator for the Kafka Management Nodes. * * > **Note:** The `username` value is automatically generated by the service and cannot be user specified. This property will become `Computed` only in 4.0 of the provider. */ username?: pulumi.Input; /** * The ID of the Virtual Network where the Kafka Management Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Kafka Management Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface KafkaClusterRolesKafkaManagementNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface KafkaClusterRolesWorkerNode { /** * The number of Data Disks which should be assigned to each Worker Node, which can be between 1 and 8. Changing this forces a new resource to be created. */ numberOfDisksPerNode: pulumi.Input; /** * The Password associated with the local administrator for the Worker Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined below. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Worker Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Worker Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The number of instances which should be run for the Worker Nodes. */ targetInstanceCount: pulumi.Input; /** * The Username of the local administrator for the Worker Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Worker Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Worker Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface KafkaClusterRolesWorkerNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface KafkaClusterRolesZookeeperNode { /** * The Password associated with the local administrator for the Zookeeper Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined below. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Zookeeper Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Zookeeper Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The Username of the local administrator for the Zookeeper Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Zookeeper Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Zookeeper Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface KafkaClusterRolesZookeeperNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface KafkaClusterSecurityProfile { /** * The resource ID of the Azure Active Directory Domain Service. Changing this forces a new resource to be created. */ aaddsResourceId: pulumi.Input; /** * A list of the distinguished names for the cluster user groups. Changing this forces a new resource to be created. */ clusterUsersGroupDns?: pulumi.Input[]>; /** * The name of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainName: pulumi.Input; /** * The user password of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainUserPassword: pulumi.Input; /** * The username of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainUsername: pulumi.Input; /** * A list of the LDAPS URLs to communicate with the Azure Active Directory. Changing this forces a new resource to be created. */ ldapsUrls: pulumi.Input[]>; /** * The User Assigned Identity for the HDInsight Cluster. Changing this forces a new resource to be created. */ msiResourceId: pulumi.Input; } interface KafkaClusterStorageAccount { /** * Is this the Default Storage Account for the HDInsight Hadoop Cluster? Changing this forces a new resource to be created. * * > **Note:** One of the `storageAccount` or `storageAccountGen2` blocks must be marked as the default. */ isDefault: pulumi.Input; /** * The Access Key which should be used to connect to the Storage Account. Changing this forces a new resource to be created. */ storageAccountKey: pulumi.Input; /** * The ID of the Storage Container. Changing this forces a new resource to be created. * * > **Note:** When the `azure.storage.Container` resource is created with `storageAccountName`, this can be obtained from the `id` of the `azure.storage.Container` resource. When the `azure.storage.Container` resource is created with `storageAccountId`, please use `azure.storage.getContainers` data source to get the `dataPlaneId` of the `azure.storage.Container` resource for this field. */ storageContainerId: pulumi.Input; /** * The ID of the Storage Account. Changing this forces a new resource to be created. */ storageResourceId?: pulumi.Input; } interface KafkaClusterStorageAccountGen2 { /** * The ID of the Gen2 Filesystem. Changing this forces a new resource to be created. */ filesystemId: pulumi.Input; /** * Is this the Default Storage Account for the HDInsight Hadoop Cluster? Changing this forces a new resource to be created. * * > **Note:** One of the `storageAccount` or `storageAccountGen2` blocks must be marked as the default. */ isDefault: pulumi.Input; /** * The ID of Managed Identity to use for accessing the Gen2 filesystem. Changing this forces a new resource to be created. * * > **Note:** This can be obtained from the `id` of the `azure.storage.Container` resource. */ managedIdentityResourceId: pulumi.Input; /** * The ID of the Storage Account. Changing this forces a new resource to be created. */ storageResourceId: pulumi.Input; } interface SparkClusterComponentVersion { /** * The version of Spark which should be used for this HDInsight Spark Cluster. Changing this forces a new resource to be created. */ spark: pulumi.Input; } interface SparkClusterComputeIsolation { /** * This field indicates whether enable compute isolation or not. Possible values are `true` or `false`. */ computeIsolationEnabled?: pulumi.Input; /** * The name of the host SKU. */ hostSku?: pulumi.Input; } interface SparkClusterDiskEncryption { /** * This is an algorithm identifier for encryption. Possible values are `RSA1_5`, `RSA-OAEP`, `RSA-OAEP-256`. */ encryptionAlgorithm?: pulumi.Input; /** * This is indicator to show whether resource disk encryption is enabled. */ encryptionAtHostEnabled?: pulumi.Input; /** * The ID of the key vault key. */ keyVaultKeyId?: pulumi.Input; /** * This is the resource ID of Managed Identity used to access the key vault. */ keyVaultManagedIdentityId?: pulumi.Input; } interface SparkClusterExtension { /** * The workspace ID of the log analytics extension. */ logAnalyticsWorkspaceId: pulumi.Input; /** * The workspace key of the log analytics extension. */ primaryKey: pulumi.Input; } interface SparkClusterGateway { /** * The password used for the Ambari Portal. * * > **Note:** This password must be different from the one used for the `headNode`, `workerNode` and `zookeeperNode` roles. */ password: pulumi.Input; /** * The username used for the Ambari Portal. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface SparkClusterMetastores { /** * An `ambari` block as defined below. */ ambari?: pulumi.Input; /** * A `hive` block as defined below. */ hive?: pulumi.Input; /** * An `oozie` block as defined below. */ oozie?: pulumi.Input; } interface SparkClusterMetastoresAmbari { /** * The external Hive metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Ambari metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Ambari metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Ambari metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface SparkClusterMetastoresHive { /** * The external Hive metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Hive metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Hive metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Hive metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface SparkClusterMetastoresOozie { /** * The external Oozie metastore's existing SQL database. Changing this forces a new resource to be created. */ databaseName: pulumi.Input; /** * The external Oozie metastore's existing SQL server admin password. Changing this forces a new resource to be created. */ password: pulumi.Input; /** * The fully-qualified domain name (FQDN) of the SQL server to use for the external Oozie metastore. Changing this forces a new resource to be created. */ server: pulumi.Input; /** * The external Oozie metastore's existing SQL server admin username. Changing this forces a new resource to be created. */ username: pulumi.Input; } interface SparkClusterMonitor { /** * The Operations Management Suite (OMS) workspace ID. */ logAnalyticsWorkspaceId: pulumi.Input; /** * The Operations Management Suite (OMS) workspace key. */ primaryKey: pulumi.Input; } interface SparkClusterNetwork { /** * The direction of the resource provider connection. Possible values include `Inbound` or `Outbound`. Defaults to `Inbound`. Changing this forces a new resource to be created. * * > **Note:** To enabled the private link the `connectionDirection` must be set to `Outbound`. */ connectionDirection?: pulumi.Input; /** * Is the private link enabled? Possible values include `true` or `false`. Defaults to `false`. Changing this forces a new resource to be created. */ privateLinkEnabled?: pulumi.Input; } interface SparkClusterPrivateLinkConfiguration { /** * The ID of the private link service group. */ groupId: pulumi.Input; /** * An `ipConfiguration` block as defined below. */ ipConfiguration: pulumi.Input; /** * The name of the private link configuration. */ name: pulumi.Input; } interface SparkClusterPrivateLinkConfigurationIpConfiguration { /** * The name of the IP configuration. */ name: pulumi.Input; /** * Indicates whether this IP configuration is primary. */ primary?: pulumi.Input; /** * The private IP address of the IP configuration. */ privateIpAddress?: pulumi.Input; /** * The private IP allocation method. Possible values are `Dynamic` and `Static`. */ privateIpAllocationMethod?: pulumi.Input; /** * The ID of the Subnet within the Virtual Network where the IP configuration should be provisioned. */ subnetId?: pulumi.Input; } interface SparkClusterRoles { /** * A `headNode` block as defined above. */ headNode: pulumi.Input; /** * A `workerNode` block as defined below. */ workerNode: pulumi.Input; /** * A `zookeeperNode` block as defined below. */ zookeeperNode: pulumi.Input; } interface SparkClusterRolesHeadNode { /** * The Password associated with the local administrator for the Head Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined below. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Head Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Head Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The Username of the local administrator for the Head Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Head Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Head Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface SparkClusterRolesHeadNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface SparkClusterRolesWorkerNode { /** * A `autoscale` block as defined below. */ autoscale?: pulumi.Input; /** * The Password associated with the local administrator for the Worker Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined above. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Worker Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Worker Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The number of instances which should be run for the Worker Nodes. */ targetInstanceCount: pulumi.Input; /** * The Username of the local administrator for the Worker Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Worker Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Worker Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface SparkClusterRolesWorkerNodeAutoscale { /** * A `capacity` block as defined below. */ capacity?: pulumi.Input; /** * A `recurrence` block as defined below. * * > **Note:** Either a `capacity` or `recurrence` block must be specified - but not both. */ recurrence?: pulumi.Input; } interface SparkClusterRolesWorkerNodeAutoscaleCapacity { /** * The maximum number of worker nodes to autoscale to based on the cluster's activity. */ maxInstanceCount: pulumi.Input; /** * The minimum number of worker nodes to autoscale to based on the cluster's activity. */ minInstanceCount: pulumi.Input; } interface SparkClusterRolesWorkerNodeAutoscaleRecurrence { /** * A list of `schedule` blocks as defined below. */ schedules: pulumi.Input[]>; /** * The time zone for the autoscale schedule times. */ timezone: pulumi.Input; } interface SparkClusterRolesWorkerNodeAutoscaleRecurrenceSchedule { /** * The days of the week to perform autoscale. Possible values are `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` and `Sunday`. */ days: pulumi.Input[]>; /** * The number of worker nodes to autoscale at the specified time. */ targetInstanceCount: pulumi.Input; /** * The time of day to perform the autoscale in 24hour format. */ time: pulumi.Input; } interface SparkClusterRolesWorkerNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface SparkClusterRolesZookeeperNode { /** * The Password associated with the local administrator for the Zookeeper Nodes. Changing this forces a new resource to be created. * * > **Note:** If specified, this password must be at least 10 characters in length and must contain at least one digit, one uppercase and one lower case letter, one non-alphanumeric character (except characters ' " ` \). */ password?: pulumi.Input; /** * The script action which will run on the cluster. One or more `scriptActions` blocks as defined above. Changing this forces a new resource to be created. */ scriptActions?: pulumi.Input[]>; /** * A list of SSH Keys which should be used for the local administrator on the Zookeeper Nodes. Changing this forces a new resource to be created. * * > **Note:** Either a `password` or one or more `sshKeys` must be specified - but not both. */ sshKeys?: pulumi.Input[]>; /** * The ID of the Subnet within the Virtual Network where the Zookeeper Nodes should be provisioned within. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * The Username of the local administrator for the Zookeeper Nodes. Changing this forces a new resource to be created. */ username: pulumi.Input; /** * The ID of the Virtual Network where the Zookeeper Nodes should be provisioned within. Changing this forces a new resource to be created. */ virtualNetworkId?: pulumi.Input; /** * The Size of the Virtual Machine which should be used as the Zookeeper Nodes. Possible values are `ExtraSmall`, `Small`, `Medium`, `Large`, `ExtraLarge`, `A5`, `A6`, `A7`, `A8`, `A9`, `A10`, `A11`, `Standard_A1_V2`, `Standard_A2_V2`, `Standard_A2m_V2`, `Standard_A3`, `Standard_A4_V2`, `Standard_A4m_V2`, `Standard_A8_V2`, `Standard_A8m_V2`, `Standard_D1`, `Standard_D2`, `Standard_D3`, `Standard_D4`, `Standard_D11`, `Standard_D12`, `Standard_D13`, `Standard_D14`, `Standard_D1_V2`, `Standard_D2_V2`, `Standard_D3_V2`, `Standard_D4_V2`, `Standard_D5_V2`, `Standard_D11_V2`, `Standard_D12_V2`, `Standard_D13_V2`, `Standard_D14_V2`, `Standard_DS1_V2`, `Standard_DS2_V2`, `Standard_DS3_V2`, `Standard_DS4_V2`, `Standard_DS5_V2`, `Standard_DS11_V2`, `Standard_DS12_V2`, `Standard_DS13_V2`, `Standard_DS14_V2`, `Standard_E2_V3`, `Standard_E4_V3`, `Standard_E8_V3`, `Standard_E16_V3`, `Standard_E20_V3`, `Standard_E32_V3`, `Standard_E64_V3`, `Standard_E64i_V3`, `Standard_E2s_V3`, `Standard_E4s_V3`, `Standard_E8s_V3`, `Standard_E16s_V3`, `Standard_E20s_V3`, `Standard_E32s_V3`, `Standard_E64s_V3`, `Standard_E64is_V3`, `Standard_D2a_V4`, `Standard_D4a_V4`, `Standard_D8a_V4`, `Standard_D16a_V4`, `Standard_D32a_V4`, `Standard_D48a_V4`, `Standard_D64a_V4`, `Standard_D96a_V4`, `Standard_E2a_V4`, `Standard_E4a_V4`, `Standard_E8a_V4`, `Standard_E16a_V4`, `Standard_E20a_V4`, `Standard_E32a_V4`, `Standard_E48a_V4`, `Standard_E64a_V4`, `Standard_E96a_V4`, `Standard_D2ads_V5`, `Standard_D4ads_V5`, `Standard_D8ads_V5`, `Standard_D16ads_V5`, `Standard_D32ads_V5`, `Standard_D48ads_V5`, `Standard_D64ads_V5`, `Standard_D96ads_V5`, `Standard_E2ads_V5`, `Standard_E4ads_V5`, `Standard_E8ads_V5`, `Standard_E16ads_V5`, `Standard_E20ads_V5`, `Standard_E32ads_V5`, `Standard_E48ads_V5`, `Standard_E64ads_V5`, `Standard_E96ads_V5`, `Standard_G1`, `Standard_G2`, `Standard_G3`, `Standard_G4`, `Standard_G5`, `Standard_F2s_V2`, `Standard_F4s_V2`, `Standard_F8s_V2`, `Standard_F16s_V2`, `Standard_F32s_V2`, `Standard_F64s_V2`, `Standard_F72s_V2`, `Standard_GS1`, `Standard_GS2`, `Standard_GS3`, `Standard_GS4`, `Standard_GS5` and `Standard_NC24`. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface SparkClusterRolesZookeeperNodeScriptAction { /** * The name of the script action. */ name: pulumi.Input; /** * The parameters for the script provided. */ parameters?: pulumi.Input; /** * The URI to the script. */ uri: pulumi.Input; } interface SparkClusterSecurityProfile { /** * The resource ID of the Azure Active Directory Domain Service. Changing this forces a new resource to be created. */ aaddsResourceId: pulumi.Input; /** * A list of the distinguished names for the cluster user groups. Changing this forces a new resource to be created. */ clusterUsersGroupDns?: pulumi.Input[]>; /** * The name of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainName: pulumi.Input; /** * The user password of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainUserPassword: pulumi.Input; /** * The username of the Azure Active Directory Domain. Changing this forces a new resource to be created. */ domainUsername: pulumi.Input; /** * A list of the LDAPS URLs to communicate with the Azure Active Directory. Changing this forces a new resource to be created. */ ldapsUrls: pulumi.Input[]>; /** * The User Assigned Identity for the HDInsight Cluster. Changing this forces a new resource to be created. */ msiResourceId: pulumi.Input; } interface SparkClusterStorageAccount { /** * Is this the Default Storage Account for the HDInsight Hadoop Cluster? Changing this forces a new resource to be created. * * > **Note:** One of the `storageAccount` or `storageAccountGen2` blocks must be marked as the default. */ isDefault: pulumi.Input; /** * The Access Key which should be used to connect to the Storage Account. Changing this forces a new resource to be created. */ storageAccountKey: pulumi.Input; /** * The ID of the Storage Container. Changing this forces a new resource to be created. * * > **Note:** When the `azure.storage.Container` resource is created with `storageAccountName`, this can be obtained from the `id` of the `azure.storage.Container` resource. When the `azure.storage.Container` resource is created with `storageAccountId`, please use `azure.storage.getContainers` data source to get the `dataPlaneId` of the `azure.storage.Container` resource for this field. */ storageContainerId: pulumi.Input; /** * The ID of the Storage Account. Changing this forces a new resource to be created. */ storageResourceId?: pulumi.Input; } interface SparkClusterStorageAccountGen2 { /** * The ID of the Gen2 Filesystem. Changing this forces a new resource to be created. */ filesystemId: pulumi.Input; /** * Is this the Default Storage Account for the HDInsight Hadoop Cluster? Changing this forces a new resource to be created. * * > **Note:** One of the `storageAccount` or `storageAccountGen2` blocks must be marked as the default. */ isDefault: pulumi.Input; /** * The ID of Managed Identity to use for accessing the Gen2 filesystem. Changing this forces a new resource to be created. * * > **Note:** This can be obtained from the `id` of the `azure.storage.Container` resource. */ managedIdentityResourceId: pulumi.Input; /** * The ID of the Storage Account. Changing this forces a new resource to be created. */ storageResourceId: pulumi.Input; } } export declare namespace healthcare { interface DicomServiceAuthentication { /** * The intended audience to receive authentication tokens for the service. The default value is */ audiences?: pulumi.Input[]>; /** * The Azure Active Directory (tenant) that serves as the authentication authority to access the service. The default authority is the Directory defined in the authentication scheme in use when running Terraform. * Authority must be registered to Azure AD and in the following format: }. */ authority?: pulumi.Input; } interface DicomServiceCors { /** * Whether to allow credentials in CORS. Defaults to `false`. */ allowCredentials?: pulumi.Input; /** * A list of allowed headers for CORS. */ allowedHeaders?: pulumi.Input[]>; /** * A list of allowed methods for CORS. */ allowedMethods?: pulumi.Input[]>; /** * A list of allowed origins for CORS. */ allowedOrigins?: pulumi.Input[]>; /** * The maximum age in seconds for the CORS configuration (must be between 0 and 99998 inclusive). */ maxAgeInSeconds?: pulumi.Input; } interface DicomServiceIdentity { /** * A list of User Assigned Identity IDs which should be assigned to this Healthcare DICOM service. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * The type of identity used for the Healthcare DICOM service. Possible values are `UserAssigned`, `SystemAssigned` and `SystemAssigned, UserAssigned`. If `UserAssigned` is set, an `identityIds` must be set as well. */ type: pulumi.Input; } interface DicomServicePrivateEndpoint { /** * The ID of the Healthcare DICOM Service. */ id?: pulumi.Input; /** * Specifies the name of the Healthcare DICOM Service. Changing this forces a new Healthcare DICOM Service to be created. */ name?: pulumi.Input; } interface DicomServiceStorage { /** * The filesystem name of connected storage account. Changing this forces a new Healthcare DICOM Service to be created. */ fileSystemName: pulumi.Input; /** * The resource ID of connected storage account. Changing this forces a new Healthcare DICOM Service to be created. * * > **Note:** The `isHnsEnabled` needs to be set to `true` for the storage account to be used with the Healthcare DICOM Service. */ storageAccountId: pulumi.Input; } interface FhirServiceAuthentication { /** * The intended audience to receive authentication tokens for the service. */ audience: pulumi.Input; /** * The Azure Active Directory (tenant) that serves as the authentication authority to access the service. The default authority is the Directory defined in the authentication scheme in use when running Terraform. * Authority must be registered to Azure AD and in the following format: }. */ authority: pulumi.Input; /** * Whether smart proxy is enabled. */ smartProxyEnabled?: pulumi.Input; } interface FhirServiceCors { /** * A set of headers to be allowed via CORS. */ allowedHeaders: pulumi.Input[]>; /** * The methods to be allowed via CORS. Possible values are `DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS`, `PATCH` and `PUT`. */ allowedMethods: pulumi.Input[]>; /** * A set of origins to be allowed via CORS. */ allowedOrigins: pulumi.Input[]>; /** * If credentials are allowed via CORS. */ credentialsAllowed?: pulumi.Input; /** * The max age to be allowed via CORS. */ maxAgeInSeconds?: pulumi.Input; } interface FhirServiceIdentity { /** * A list of one or more Resource IDs for User Assigned Managed identities to assign. Required when `type` is set to `UserAssigned`. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * The type of managed identity to assign. Possible values are `UserAssigned` and `SystemAssigned`. */ type: pulumi.Input; } interface FhirServiceOciArtifact { /** * A digest of an image within Azure container registry used for export operations of the service instance to narrow the artifacts down. */ digest?: pulumi.Input; /** * An image within Azure container registry used for export operations of the service instance. */ imageName?: pulumi.Input; /** * An Azure container registry used for export operations of the service instance. */ loginServer: pulumi.Input; } interface MedtechServiceIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Healthcare Med Tech Service. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this System Assigned Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this System Assigned Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Healthcare Med Tech Service. Possible values are `SystemAssigned`. */ type: pulumi.Input; } interface ServiceAuthenticationConfiguration { /** * The intended audience to receive authentication tokens for the service. The default value is https://azurehealthcareapis.com */ audience?: pulumi.Input; /** * The Azure Active Directory (tenant) that serves as the authentication authority to access the service. The default authority is the Directory defined in the authentication scheme in use when running this provider. * Authority must be registered to Azure AD and in the following format: https://{Azure-AD-endpoint}/{tenant-id}. */ authority?: pulumi.Input; /** * (Boolean) Enables the 'SMART on FHIR' option for mobile and web implementations. */ smartProxyEnabled?: pulumi.Input; } interface ServiceCorsConfiguration { /** * (Boolean) If credentials are allowed via CORS. */ allowCredentials?: pulumi.Input; /** * A set of headers to be allowed via CORS. */ allowedHeaders?: pulumi.Input[]>; /** * The methods to be allowed via CORS. Possible values are `DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS`, `PATCH` and `PUT`. */ allowedMethods?: pulumi.Input[]>; /** * A set of origins to be allowed via CORS. */ allowedOrigins?: pulumi.Input[]>; /** * The max age to be allowed via CORS. */ maxAgeInSeconds?: pulumi.Input; } interface ServiceIdentity { principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * The type of managed identity to assign. The only possible value is `SystemAssigned`. */ type: pulumi.Input; } interface WorkspacePrivateEndpointConnection { /** * The ID of the Healthcare Workspace. */ id?: pulumi.Input; /** * Specifies the name of the Healthcare Workspace. Changing this forces a new Healthcare Workspace to be created. */ name?: pulumi.Input; } } export declare namespace hpc { interface CacheAccessPolicyAccessRule { /** * The access level for this rule. Possible values are: `rw`, `ro`, `no`. */ access: pulumi.Input; /** * The anonymous GID used when `rootSquashEnabled` is `true`. */ anonymousGid?: pulumi.Input; /** * The anonymous UID used when `rootSquashEnabled` is `true`. */ anonymousUid?: pulumi.Input; /** * The filter applied to the `scope` for this rule. The filter's format depends on its scope: `default` scope matches all clients and has no filter value; `network` scope takes a CIDR format; `host` takes an IP address or fully qualified domain name. If a client does not match any filter rule and there is no default rule, access is denied. */ filter?: pulumi.Input; /** * Whether to enable [root squash](https://docs.microsoft.com/azure/hpc-cache/access-policies#root-squash)? */ rootSquashEnabled?: pulumi.Input; /** * The scope of this rule. The `scope` and (potentially) the `filter` determine which clients match the rule. Possible values are: `default`, `network`, `host`. * * > **Note:** Each `accessRule` should set a unique `scope`. */ scope: pulumi.Input; /** * Whether allow access to subdirectories under the root export? */ submountAccessEnabled?: pulumi.Input; /** * Whether [SUID](https://docs.microsoft.com/azure/hpc-cache/access-policies#suid) is allowed? */ suidEnabled?: pulumi.Input; } interface CacheDefaultAccessPolicy { /** * One or more `accessRule` blocks (up to three) as defined above. */ accessRules: pulumi.Input[]>; } interface CacheDefaultAccessPolicyAccessRule { /** * The access level for this rule. Possible values are: `rw`, `ro`, `no`. */ access: pulumi.Input; /** * The anonymous GID used when `rootSquashEnabled` is `true`. */ anonymousGid?: pulumi.Input; /** * The anonymous UID used when `rootSquashEnabled` is `true`. */ anonymousUid?: pulumi.Input; /** * The filter applied to the `scope` for this rule. The filter's format depends on its scope: `default` scope matches all clients and has no filter value; `network` scope takes a CIDR format; `host` takes an IP address or fully qualified domain name. If a client does not match any filter rule and there is no default rule, access is denied. */ filter?: pulumi.Input; /** * Whether to enable [root squash](https://docs.microsoft.com/azure/hpc-cache/access-policies#root-squash)? */ rootSquashEnabled?: pulumi.Input; /** * The scope of this rule. The `scope` and (potentially) the `filter` determine which clients match the rule. Possible values are: `default`, `network`, `host`. * * > **Note:** Each `accessRule` should set a unique `scope`. */ scope: pulumi.Input; /** * Whether allow access to subdirectories under the root export? */ submountAccessEnabled?: pulumi.Input; /** * Whether [SUID](https://docs.microsoft.com/azure/hpc-cache/access-policies#suid) is allowed? */ suidEnabled?: pulumi.Input; } interface CacheDirectoryActiveDirectory { /** * The NetBIOS name to assign to the HPC Cache when it joins the Active Directory domain as a server. */ cacheNetbiosName: pulumi.Input; /** * The primary DNS IP address used to resolve the Active Directory domain controller's FQDN. */ dnsPrimaryIp: pulumi.Input; /** * The secondary DNS IP address used to resolve the Active Directory domain controller's FQDN. */ dnsSecondaryIp?: pulumi.Input; /** * The fully qualified domain name of the Active Directory domain controller. */ domainName: pulumi.Input; /** * The Active Directory domain's NetBIOS name. */ domainNetbiosName: pulumi.Input; /** * The password of the Active Directory domain administrator. */ password: pulumi.Input; /** * The username of the Active Directory domain administrator. */ username: pulumi.Input; } interface CacheDirectoryFlatFile { /** * The URI of the file containing group information (`/etc/group` file format in Unix-like OS). */ groupFileUri: pulumi.Input; /** * The URI of the file containing user information (`/etc/passwd` file format in Unix-like OS). */ passwordFileUri: pulumi.Input; } interface CacheDirectoryLdap { /** * The base distinguished name (DN) for the LDAP domain. */ baseDn: pulumi.Input; /** * A `bind` block as defined above. */ bind?: pulumi.Input; /** * The URI of the CA certificate to validate the LDAP secure connection. */ certificateValidationUri?: pulumi.Input; /** * Whether the certificate should be automatically downloaded. This can be set to `true` only when `certificateValidationUri` is provided. */ downloadCertificateAutomatically?: pulumi.Input; /** * Whether the LDAP connection should be encrypted? */ encrypted?: pulumi.Input; /** * The FQDN or IP address of the LDAP server. */ server: pulumi.Input; } interface CacheDirectoryLdapBind { /** * The Bind Distinguished Name (DN) identity to be used in the secure LDAP connection. */ dn: pulumi.Input; /** * The Bind password to be used in the secure LDAP connection. */ password: pulumi.Input; } interface CacheDns { /** * The DNS search domain for the HPC Cache. */ searchDomain?: pulumi.Input; /** * A list of DNS servers for the HPC Cache. At most three IP(s) are allowed to set. */ servers: pulumi.Input[]>; } interface CacheIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this HPC Cache. Changing this forces a new resource to be created. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this HPC Cache. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). Changing this forces a new resource to be created. */ type: pulumi.Input; } interface CacheNfsTargetNamespaceJunction { /** * The name of the access policy applied to this target. Defaults to `default`. */ accessPolicyName?: pulumi.Input; /** * The client-facing file path of this NFS target within the HPC Cache NFS Target. */ namespacePath: pulumi.Input; /** * The NFS export of this NFS target within the HPC Cache NFS Target. */ nfsExport: pulumi.Input; /** * The relative subdirectory path from the `nfsExport` to map to the `namespacePath`. Defaults to `""`, in which case the whole `nfsExport` is exported. */ targetPath?: pulumi.Input; } } export declare namespace hsm { interface ModuleManagementNetworkProfile { /** * The private IPv4 address of the network interface. Changing this forces a new Dedicated Hardware Security Module to be created. */ networkInterfacePrivateIpAddresses: pulumi.Input[]>; /** * The ID of the subnet. Changing this forces a new Dedicated Hardware Security Module to be created. */ subnetId: pulumi.Input; } interface ModuleNetworkProfile { /** * The private IPv4 address of the network interface. Changing this forces a new Dedicated Hardware Security Module to be created. */ networkInterfacePrivateIpAddresses: pulumi.Input[]>; /** * The ID of the subnet. Changing this forces a new Dedicated Hardware Security Module to be created. */ subnetId: pulumi.Input; } } export declare namespace iot { interface IoTHubCloudToDevice { /** * The default time to live for cloud-to-device messages, specified as an [ISO 8601 timespan duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). This value must be between 1 minute and 48 hours. Defaults to `PT1H`. */ defaultTtl?: pulumi.Input; /** * A `feedback` block as defined below. */ feedbacks?: pulumi.Input[]>; /** * The maximum delivery count for cloud-to-device per-device queues. This value must be between `1` and `100`. Defaults to `10`. */ maxDeliveryCount?: pulumi.Input; } interface IoTHubCloudToDeviceFeedback { /** * The lock duration for the feedback queue, specified as an [ISO 8601 timespan duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). This value must be between 5 and 300 seconds. Defaults to `PT60S`. */ lockDuration?: pulumi.Input; /** * The maximum delivery count for the feedback queue. This value must be between `1` and `100`. Defaults to `10`. */ maxDeliveryCount?: pulumi.Input; /** * The retention time for service-bound feedback messages, specified as an [ISO 8601 timespan duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). This value must be between 1 minute and 48 hours. Defaults to `PT1H`. */ timeToLive?: pulumi.Input; } interface IoTHubEndpoint { /** * The type used to authenticate against the endpoint. Possible values are `keyBased` and `identityBased`. Defaults to `keyBased`. */ authenticationType?: pulumi.Input; /** * Time interval at which blobs are written to storage. Value should be between 60 and 720 seconds. Default value is 300 seconds. This attribute is applicable for endpoint type `AzureIotHub.StorageContainer`. */ batchFrequencyInSeconds?: pulumi.Input; /** * The connection string for the endpoint. This attribute is mandatory and can only be specified when `authenticationType` is `keyBased`. */ connectionString?: pulumi.Input; /** * The name of storage container in the storage account. This attribute is mandatory for endpoint type `AzureIotHub.StorageContainer`. */ containerName?: pulumi.Input; /** * Encoding that is used to serialize messages to blobs. Supported values are `Avro`, `AvroDeflate` and `JSON`. Default value is `Avro`. This attribute is applicable for endpoint type `AzureIotHub.StorageContainer`. Changing this forces a new resource to be created. */ encoding?: pulumi.Input; /** * URI of the Service Bus or Event Hubs Namespace endpoint. This attribute can only be specified and is mandatory when `authenticationType` is `identityBased` for endpoint type `AzureIotHub.ServiceBusQueue`, `AzureIotHub.ServiceBusTopic` or `AzureIotHub.EventHub`. */ endpointUri?: pulumi.Input; /** * Name of the Service Bus Queue/Topic or Event Hub. This attribute can only be specified and is mandatory when `authenticationType` is `identityBased` for endpoint type `AzureIotHub.ServiceBusQueue`, `AzureIotHub.ServiceBusTopic` or `AzureIotHub.EventHub`. */ entityPath?: pulumi.Input; /** * File name format for the blob. All parameters are mandatory but can be reordered. This attribute is applicable for endpoint type `AzureIotHub.StorageContainer`. Defaults to `{iothub}/{partition}/{YYYY}/{MM}/{DD}/{HH}/{mm}`. */ fileNameFormat?: pulumi.Input; /** * The ID of the User Managed Identity used to authenticate against the endpoint. * * > **Note:** `identityId` can only be specified when `authenticationType` is `identityBased`. It must be one of the `identityIds` of the IoT Hub. If `identityId` is omitted when `authenticationType` is `identityBased`, then the System-Assigned Managed Identity of the IoT Hub will be used. * * > **Note:** An IoT Hub can only be updated to use the System-Assigned Managed Identity for `endpoint` since it is not possible to grant access to the endpoint until after creation. The extracted resources `azurerm_iothub_endpoint_*` can be used to configure Endpoints with the IoT Hub's System-Assigned Managed Identity without the need for an update. */ identityId?: pulumi.Input; /** * Maximum number of bytes for each blob written to storage. Value should be between 10485760(10MB) and 524288000(500MB). Default value is 314572800(300MB). This attribute is applicable for endpoint type `AzureIotHub.StorageContainer`. */ maxChunkSizeInBytes?: pulumi.Input; /** * The name of the endpoint. The name must be unique across endpoint types. The following names are reserved: `events`, `operationsMonitoringEvents`, `fileNotifications` and `$default`. */ name: pulumi.Input; /** * The resource group in which the endpoint will be created. */ resourceGroupName?: pulumi.Input; /** * The subscription ID for the endpoint. * * > **Note:** When `subscriptionId` isn't specified it will be set to the subscription ID of the IoT Hub resource. */ subscriptionId?: pulumi.Input; /** * The type of the endpoint. Possible values are `AzureIotHub.StorageContainer`, `AzureIotHub.ServiceBusQueue`, `AzureIotHub.ServiceBusTopic` or `AzureIotHub.EventHub`. */ type: pulumi.Input; } interface IoTHubEnrichment { /** * The list of endpoints which will be enriched. */ endpointNames: pulumi.Input[]>; /** * The key of the enrichment. */ key: pulumi.Input; /** * The value of the enrichment. Value can be any static string, the name of the IoT Hub sending the message (use `$iothubname`) or information from the device twin (ex: `$twin.tags.latitude`) */ value: pulumi.Input; } interface IoTHubFallbackRoute { /** * The condition that is evaluated to apply the routing rule. Defaults to `true`. For grammar, see: . */ condition?: pulumi.Input; /** * Used to specify whether the fallback route is enabled. Defaults to `true`. */ enabled?: pulumi.Input; /** * The endpoints to which messages that satisfy the condition are routed. Currently only 1 endpoint is allowed. */ endpointNames?: pulumi.Input[]>; /** * The source that the routing rule is to be applied to, such as `DeviceMessages`. Possible values include: `Invalid`, `DeviceMessages`, `TwinChangeEvents`, `DeviceLifecycleEvents`, `DeviceConnectionStateEvents`, `DeviceJobLifecycleEvents` and `DigitalTwinChangeEvents`. Defaults to `DeviceMessages`. */ source?: pulumi.Input; } interface IoTHubFileUpload { /** * The type used to authenticate against the storage account. Possible values are `keyBased` and `identityBased`. Defaults to `keyBased`. */ authenticationType?: pulumi.Input; /** * The connection string for the Azure Storage account to which files are uploaded. */ connectionString: pulumi.Input; /** * The name of the root container where the files should be uploaded to. The container need not exist but should be creatable using the connectionString specified. */ containerName: pulumi.Input; /** * The period of time for which a file upload notification message is available to consume before it expires, specified as an [ISO 8601 timespan duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). This value must be between 1 minute and 48 hours. Defaults to `PT1H`. */ defaultTtl?: pulumi.Input; /** * The ID of the User Managed Identity used to authenticate against the storage account. * * > **Note:** `identityId` can only be specified when `authenticationType` is `identityBased`. It must be one of the `identityIds` of the IoT Hub. If `identityId` is omitted when `authenticationType` is `identityBased`, then the System-Assigned Managed Identity of the IoT Hub will be used. * * > **Note:** An IoT Hub can only be updated to use the System-Assigned Managed Identity for `fileUpload` since it is not possible to grant access to the endpoint until after creation. */ identityId?: pulumi.Input; /** * The lock duration for the file upload notifications queue, specified as an [ISO 8601 timespan duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). This value must be between 5 and 300 seconds. Defaults to `PT1M`. */ lockDuration?: pulumi.Input; /** * The number of times the IoT Hub attempts to deliver a file upload notification message. Defaults to `10`. */ maxDeliveryCount?: pulumi.Input; /** * Used to specify whether file notifications are sent to IoT Hub on upload. Defaults to `false`. */ notifications?: pulumi.Input; /** * The period of time for which the SAS URI generated by IoT Hub for file upload is valid, specified as an [ISO 8601 timespan duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). This value must be between 1 minute and 24 hours. Defaults to `PT1H`. */ sasTtl?: pulumi.Input; } interface IoTHubIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this IoT Hub. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this IoT Hub. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface IoTHubNetworkRuleSet { /** * Determines if Network Rule Set is also applied to the BuiltIn EventHub EndPoint of the IotHub. Defaults to `false`. */ applyToBuiltinEventhubEndpoint?: pulumi.Input; /** * Default Action for Network Rule Set. Possible values are `DefaultActionDeny`, `DefaultActionAllow`. Defaults to `DefaultActionDeny`. */ defaultAction?: pulumi.Input; /** * One or more `ipRule` blocks as defined below. */ ipRules?: pulumi.Input[]>; } interface IoTHubNetworkRuleSetIpRule { /** * The desired action for requests captured by this rule. Possible values are `Allow`. Defaults to `Allow`. */ action?: pulumi.Input; /** * The IP address range in CIDR notation for the ip rule. */ ipMask: pulumi.Input; /** * The name of the ip rule. */ name: pulumi.Input; } interface IoTHubRoute { /** * The condition that is evaluated to apply the routing rule. Defaults to `true`. For grammar, see: . */ condition?: pulumi.Input; /** * Used to specify whether a route is enabled. */ enabled: pulumi.Input; /** * The list of endpoints to which messages that satisfy the condition are routed. */ endpointNames: pulumi.Input[]>; /** * The name of the route. */ name: pulumi.Input; /** * The source that the routing rule is to be applied to, such as `DeviceMessages`. Possible values include: `Invalid`, `DeviceMessages`, `TwinChangeEvents`, `DeviceLifecycleEvents`, `DeviceConnectionStateEvents`, `DeviceJobLifecycleEvents` and `DigitalTwinChangeEvents`. */ source: pulumi.Input; } interface IoTHubSharedAccessPolicy { /** * The name of the shared access policy. */ keyName?: pulumi.Input; /** * The permissions assigned to the shared access policy. */ permissions?: pulumi.Input; /** * The primary key. */ primaryKey?: pulumi.Input; /** * The secondary key. */ secondaryKey?: pulumi.Input; } interface IoTHubSku { /** * The number of provisioned IoT Hub units. * * > **Note:** Only one IotHub can be on the `Free` tier per subscription. */ capacity: pulumi.Input; /** * The name of the sku. Possible values are `B1`, `B2`, `B3`, `F1`, `S1`, `S2`, and `S3`. * * > **Note:** The `F1` sku is on `Free` tier. */ name: pulumi.Input; } interface IotHubDeviceUpdateAccountIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this IoT Hub Device Update Account. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this IoT Hub Device Update Account. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this IoT Hub Device Update Account. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this IoT Hub Device Update Account. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface IotHubDeviceUpdateInstanceDiagnosticStorageAccount { /** * Connection String of the Diagnostic Storage Account. */ connectionString: pulumi.Input; /** * Resource ID of the Diagnostic Storage Account. */ id: pulumi.Input; } interface IotHubDpsIpFilterRule { /** * The desired action for requests captured by this rule. Possible values are `Accept`, `Reject` */ action: pulumi.Input; /** * The IP address range in CIDR notation for the rule. */ ipMask: pulumi.Input; /** * The name of the filter. */ name: pulumi.Input; /** * Target for requests captured by this rule. Possible values are `all`, `deviceApi` and `serviceApi`. */ target?: pulumi.Input; } interface IotHubDpsLinkedHub { /** * The weight applied to the IoT Hub. Defaults to `1`. */ allocationWeight?: pulumi.Input; /** * Determines whether to apply allocation policies to the IoT Hub. Defaults to `true`. */ applyAllocationPolicy?: pulumi.Input; /** * The connection string to connect to the IoT Hub. */ connectionString: pulumi.Input; /** * The IoT Hub hostname. */ hostname?: pulumi.Input; /** * The location of the IoT hub. */ location: pulumi.Input; } interface IotHubDpsSku { /** * The number of provisioned IoT Device Provisioning Service units. */ capacity: pulumi.Input; /** * The name of the sku. Currently can only be set to `S1`. */ name: pulumi.Input; } interface SecurityDeviceGroupAllowRule { /** * Specifies which IP is not allowed to be connected to in current device group for inbound connection. */ connectionFromIpsNotAlloweds?: pulumi.Input[]>; /** * Specifies which IP is not allowed to be connected to in current device group for outbound connection. */ connectionToIpsNotAlloweds?: pulumi.Input[]>; /** * Specifies which local user is not allowed to login in current device group. */ localUsersNotAlloweds?: pulumi.Input[]>; /** * Specifies which process is not allowed to be executed in current device group. */ processesNotAlloweds?: pulumi.Input[]>; } interface SecurityDeviceGroupRangeRule { /** * Specifies the time range. represented in ISO 8601 duration format. */ duration: pulumi.Input; /** * The maximum threshold in the given time window. */ max: pulumi.Input; /** * The minimum threshold in the given time window. */ min: pulumi.Input; /** * The type of supported rule type. Possible Values are `ActiveConnectionsNotInAllowedRange`, `AmqpC2DMessagesNotInAllowedRange`, `MqttC2DMessagesNotInAllowedRange`, `HttpC2DMessagesNotInAllowedRange`, `AmqpC2DRejectedMessagesNotInAllowedRange`, `MqttC2DRejectedMessagesNotInAllowedRange`, `HttpC2DRejectedMessagesNotInAllowedRange`, `AmqpD2CMessagesNotInAllowedRange`, `MqttD2CMessagesNotInAllowedRange`, `HttpD2CMessagesNotInAllowedRange`, `DirectMethodInvokesNotInAllowedRange`, `FailedLocalLoginsNotInAllowedRange`, `FileUploadsNotInAllowedRange`, `QueuePurgesNotInAllowedRange`, `TwinUpdatesNotInAllowedRange` and `UnauthorizedOperationsNotInAllowedRange`. */ type: pulumi.Input; } interface SecuritySolutionAdditionalWorkspace { /** * A list of data types which sent to workspace. Possible values are `Alerts` and `RawEvents`. */ dataTypes: pulumi.Input[]>; /** * The resource ID of the Log Analytics Workspace. */ workspaceId: pulumi.Input; } interface SecuritySolutionRecommendationsEnabled { /** * Is Principal Authentication enabled for the ACR repository? Defaults to `true`. */ acrAuthentication?: pulumi.Input; /** * Is Agent send underutilized messages enabled? Defaults to `true`. */ agentSendUnutilizedMsg?: pulumi.Input; /** * Is Security related system configuration issues identified? Defaults to `true`. */ baseline?: pulumi.Input; /** * Is IoT Edge Hub memory optimized? Defaults to `true`. */ edgeHubMemOptimize?: pulumi.Input; /** * Is logging configured for IoT Edge module? Defaults to `true`. */ edgeLoggingOption?: pulumi.Input; /** * Is inconsistent module settings enabled for SecurityGroup? Defaults to `true`. */ inconsistentModuleSettings?: pulumi.Input; /** * is Azure IoT Security agent installed? Defaults to `true`. */ installAgent?: pulumi.Input; /** * Is Default IP filter policy denied? Defaults to `true`. */ ipFilterDenyAll?: pulumi.Input; /** * Is IP filter rule source allowable IP range too large? Defaults to `true`. */ ipFilterPermissiveRule?: pulumi.Input; /** * Is any ports open on the device? Defaults to `true`. */ openPorts?: pulumi.Input; /** * Does firewall policy exist which allow necessary communication to/from the device? Defaults to `true`. */ permissiveFirewallPolicy?: pulumi.Input; /** * Is only necessary addresses or ports are permitted in? Defaults to `true`. */ permissiveInputFirewallRules?: pulumi.Input; /** * Is only necessary addresses or ports are permitted out? Defaults to `true`. */ permissiveOutputFirewallRules?: pulumi.Input; /** * Is high level permissions are needed for the module? Defaults to `true`. */ privilegedDockerOptions?: pulumi.Input; /** * Is any credentials shared among devices? Defaults to `true`. */ sharedCredentials?: pulumi.Input; /** * Does TLS cipher suite need to be updated? Defaults to `true`. */ vulnerableTlsCipherSuite?: pulumi.Input; } } export declare namespace iotcentral { interface ApplicationIdentity { /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this IoT Central Application. The only possible value is `SystemAssigned`. */ type: pulumi.Input; } interface ApplicationNetworkRuleSetIpRule { /** * The IP address range in CIDR notation for the IP Rule. */ ipMask: pulumi.Input; /** * The name of the IP Rule */ name: pulumi.Input; } } export declare namespace keyvault { interface CertifiateCertificate { /** * The base64-encoded certificate contents. */ contents: pulumi.Input; /** * The password associated with the certificate. * * > **NOTE:** A PEM certificate is already base64 encoded. To successfully import, the `contents` property should include a PEM encoded X509 certificate and a privateKey in pkcs8 format. There should only be linux style `\n` line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data. * * To convert a private key to pkcs8 format with openssl use: * ```shell * openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem * ``` * * The PEM content should look something like: * ```text * -----BEGIN CERTIFICATE----- * aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K * : * aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K * -----END CERTIFICATE----- * -----BEGIN PRIVATE KEY----- * d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK * : * d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK * -----END PRIVATE KEY----- * ``` */ password?: pulumi.Input; } interface CertifiateCertificateAttribute { /** * The create time of the Key Vault Certificate. */ created?: pulumi.Input; /** * whether the Key Vault Certificate is enabled. */ enabled?: pulumi.Input; /** * The expires time of the Key Vault Certificate. */ expires?: pulumi.Input; /** * The not before valid time of the Key Vault Certificate. */ notBefore?: pulumi.Input; /** * The deletion recovery level of the Key Vault Certificate. */ recoveryLevel?: pulumi.Input; /** * The recent update time of the Key Vault Certificate. */ updated?: pulumi.Input; } interface CertifiateCertificatePolicy { /** * A `issuerParameters` block as defined below. */ issuerParameters: pulumi.Input; /** * A `keyProperties` block as defined below. */ keyProperties: pulumi.Input; /** * A `lifetimeAction` block as defined below. */ lifetimeActions?: pulumi.Input[]>; /** * A `secretProperties` block as defined below. */ secretProperties: pulumi.Input; /** * A `x509CertificateProperties` block as defined below. Required when `certificate` block is not specified. */ x509CertificateProperties?: pulumi.Input; } interface CertifiateCertificatePolicyIssuerParameters { /** * The name of the Certificate Issuer. Possible values include `Self` (for self-signed certificate), or `Unknown` (for a certificate issuing authority like `Let's Encrypt` and Azure direct supported ones). */ name: pulumi.Input; } interface CertifiateCertificatePolicyKeyProperties { /** * Specifies the curve to use when creating an `EC` key. Possible values are `P-256`, `P-256K`, `P-384`, and `P-521`. This field will be required in a future release if `keyType` is `EC` or `EC-HSM`. */ curve?: pulumi.Input; /** * Is this certificate exportable? */ exportable: pulumi.Input; /** * The size of the key used in the certificate. Possible values include `2048`, `3072`, and `4096` for `RSA` keys, or `256`, `384`, and `521` for `EC` keys. This property is required when using RSA keys. */ keySize?: pulumi.Input; /** * Specifies the type of key. Possible values are `EC`, `EC-HSM`, `RSA`, `RSA-HSM` and `oct`. */ keyType: pulumi.Input; /** * Is the key reusable? */ reuseKey: pulumi.Input; } interface CertifiateCertificatePolicyLifetimeAction { /** * A `action` block as defined below. */ action: pulumi.Input; /** * A `trigger` block as defined below. */ trigger: pulumi.Input; } interface CertifiateCertificatePolicyLifetimeActionAction { /** * The Type of action to be performed when the lifetime trigger is triggerec. Possible values include `AutoRenew` and `EmailContacts`. */ actionType: pulumi.Input; } interface CertifiateCertificatePolicyLifetimeActionTrigger { /** * The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with `lifetimePercentage`. */ daysBeforeExpiry?: pulumi.Input; /** * The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with `daysBeforeExpiry`. */ lifetimePercentage?: pulumi.Input; } interface CertifiateCertificatePolicySecretProperties { /** * The Content-Type of the Certificate, such as `application/x-pkcs12` for a PFX or `application/x-pem-file` for a PEM. */ contentType: pulumi.Input; } interface CertifiateCertificatePolicyX509CertificateProperties { /** * A list of Extended/Enhanced Key Usages. */ extendedKeyUsages?: pulumi.Input[]>; /** * A list of uses associated with this Key. Possible values include `cRLSign`, `dataEncipherment`, `decipherOnly`, `digitalSignature`, `encipherOnly`, `keyAgreement`, `keyCertSign`, `keyEncipherment` and `nonRepudiation` and are case-sensitive. */ keyUsages: pulumi.Input[]>; /** * The Certificate's Subject. */ subject: pulumi.Input; /** * A `subjectAlternativeNames` block as defined below. */ subjectAlternativeNames?: pulumi.Input; /** * The Certificates Validity Period in Months. */ validityInMonths: pulumi.Input; } interface CertifiateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames { /** * A list of alternative DNS names (FQDNs) identified by the Certificate. */ dnsNames?: pulumi.Input[]>; /** * A list of email addresses identified by this Certificate. */ emails?: pulumi.Input[]>; /** * A list of User Principal Names identified by the Certificate. */ upns?: pulumi.Input[]>; } interface CertificateCertificate { /** * The base64-encoded certificate contents. */ contents: pulumi.Input; /** * The password associated with the certificate. * * > **NOTE:** A PEM certificate is already base64 encoded. To successfully import, the `contents` property should include a PEM encoded X509 certificate and a privateKey in pkcs8 format. There should only be linux style `\n` line endings and the whole block should have the PEM begin/end blocks around the certificate data and the private key data. * * To convert a private key to pkcs8 format with openssl use: * ```shell * openssl pkcs8 -topk8 -nocrypt -in private_key.pem > private_key_pk8.pem * ``` * * The PEM content should look something like: * ```text * -----BEGIN CERTIFICATE----- * aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K * : * aGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8KaGVsbG8K * -----END CERTIFICATE----- * -----BEGIN PRIVATE KEY----- * d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK * : * d29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQKd29ybGQK * -----END PRIVATE KEY----- * ``` */ password?: pulumi.Input; } interface CertificateCertificateAttribute { /** * The create time of the Key Vault Certificate. */ created?: pulumi.Input; /** * whether the Key Vault Certificate is enabled. */ enabled?: pulumi.Input; /** * The expires time of the Key Vault Certificate. */ expires?: pulumi.Input; /** * The not before valid time of the Key Vault Certificate. */ notBefore?: pulumi.Input; /** * The deletion recovery level of the Key Vault Certificate. */ recoveryLevel?: pulumi.Input; /** * The recent update time of the Key Vault Certificate. */ updated?: pulumi.Input; } interface CertificateCertificatePolicy { /** * A `issuerParameters` block as defined below. */ issuerParameters: pulumi.Input; /** * A `keyProperties` block as defined below. */ keyProperties: pulumi.Input; /** * A `lifetimeAction` block as defined below. */ lifetimeActions?: pulumi.Input[]>; /** * A `secretProperties` block as defined below. */ secretProperties: pulumi.Input; /** * A `x509CertificateProperties` block as defined below. Required when `certificate` block is not specified. */ x509CertificateProperties?: pulumi.Input; } interface CertificateCertificatePolicyIssuerParameters { /** * The name of the Certificate Issuer. Possible values include `Self` (for self-signed certificate), or `Unknown` (for a certificate issuing authority like `Let's Encrypt` and Azure direct supported ones). */ name: pulumi.Input; } interface CertificateCertificatePolicyKeyProperties { /** * Specifies the curve to use when creating an `EC` key. Possible values are `P-256`, `P-256K`, `P-384`, and `P-521`. This field will be required in a future release if `keyType` is `EC` or `EC-HSM`. */ curve?: pulumi.Input; /** * Is this certificate exportable? */ exportable: pulumi.Input; /** * The size of the key used in the certificate. Possible values include `2048`, `3072`, and `4096` for `RSA` keys, or `256`, `384`, and `521` for `EC` keys. This property is required when using RSA keys. */ keySize?: pulumi.Input; /** * Specifies the type of key. Possible values are `EC`, `EC-HSM`, `RSA`, `RSA-HSM` and `oct`. */ keyType: pulumi.Input; /** * Is the key reusable? */ reuseKey: pulumi.Input; } interface CertificateCertificatePolicyLifetimeAction { /** * A `action` block as defined below. */ action: pulumi.Input; /** * A `trigger` block as defined below. */ trigger: pulumi.Input; } interface CertificateCertificatePolicyLifetimeActionAction { /** * The Type of action to be performed when the lifetime trigger is triggerec. Possible values include `AutoRenew` and `EmailContacts`. */ actionType: pulumi.Input; } interface CertificateCertificatePolicyLifetimeActionTrigger { /** * The number of days before the Certificate expires that the action associated with this Trigger should run. Conflicts with `lifetimePercentage`. */ daysBeforeExpiry?: pulumi.Input; /** * The percentage at which during the Certificates Lifetime the action associated with this Trigger should run. Conflicts with `daysBeforeExpiry`. */ lifetimePercentage?: pulumi.Input; } interface CertificateCertificatePolicySecretProperties { /** * The Content-Type of the Certificate, such as `application/x-pkcs12` for a PFX or `application/x-pem-file` for a PEM. */ contentType: pulumi.Input; } interface CertificateCertificatePolicyX509CertificateProperties { /** * A list of Extended/Enhanced Key Usages. */ extendedKeyUsages?: pulumi.Input[]>; /** * A list of uses associated with this Key. Possible values include `cRLSign`, `dataEncipherment`, `decipherOnly`, `digitalSignature`, `encipherOnly`, `keyAgreement`, `keyCertSign`, `keyEncipherment` and `nonRepudiation` and are case-sensitive. */ keyUsages: pulumi.Input[]>; /** * The Certificate's Subject. */ subject: pulumi.Input; /** * A `subjectAlternativeNames` block as defined below. */ subjectAlternativeNames?: pulumi.Input; /** * The Certificates Validity Period in Months. */ validityInMonths: pulumi.Input; } interface CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNames { /** * A list of alternative DNS names (FQDNs) identified by the Certificate. */ dnsNames?: pulumi.Input[]>; /** * A list of email addresses identified by this Certificate. */ emails?: pulumi.Input[]>; /** * A list of User Principal Names identified by the Certificate. */ upns?: pulumi.Input[]>; } interface CertificateContactsContact { /** * E-mail address of the contact. */ email: pulumi.Input; /** * Name of the contact. */ name?: pulumi.Input; /** * Phone number of the contact. */ phone?: pulumi.Input; } interface CertificateIssuerAdmin { /** * E-mail address of the admin. */ emailAddress: pulumi.Input; /** * First name of the admin. */ firstName?: pulumi.Input; /** * Last name of the admin. */ lastName?: pulumi.Input; /** * Phone number of the admin. */ phone?: pulumi.Input; } interface KeyRotationPolicy { /** * An `automatic` block as defined below. */ automatic?: pulumi.Input; /** * Expire a Key Vault Key after given duration as an [ISO 8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). */ expireAfter?: pulumi.Input; /** * Notify at a given duration before expiry as an [ISO 8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). */ notifyBeforeExpiry?: pulumi.Input; } interface KeyRotationPolicyAutomatic { /** * Rotate automatically at a duration after create as an [ISO 8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). */ timeAfterCreation?: pulumi.Input; /** * Rotate automatically at a duration before expiry as an [ISO 8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations). */ timeBeforeExpiry?: pulumi.Input; } interface KeyVaultAccessPolicy { /** * The object ID of an Application in Azure Active Directory. */ applicationId?: pulumi.Input; /** * List of certificate permissions, must be one or more from the following: `Backup`, `Create`, `Delete`, `DeleteIssuers`, `Get`, `GetIssuers`, `Import`, `List`, `ListIssuers`, `ManageContacts`, `ManageIssuers`, `Purge`, `Recover`, `Restore`, `SetIssuers` and `Update`. */ certificatePermissions?: pulumi.Input[]>; /** * List of key permissions. Possible values are `Backup`, `Create`, `Decrypt`, `Delete`, `Encrypt`, `Get`, `Import`, `List`, `Purge`, `Recover`, `Restore`, `Sign`, `UnwrapKey`, `Update`, `Verify`, `WrapKey`, `Release`, `Rotate`, `GetRotationPolicy` and `SetRotationPolicy`. */ keyPermissions?: pulumi.Input[]>; /** * The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. */ objectId: pulumi.Input; /** * List of secret permissions, must be one or more from the following: `Backup`, `Delete`, `Get`, `List`, `Purge`, `Recover`, `Restore` and `Set`. */ secretPermissions?: pulumi.Input[]>; /** * List of storage permissions, must be one or more from the following: `Backup`, `Delete`, `DeleteSAS`, `Get`, `GetSAS`, `List`, `ListSAS`, `Purge`, `Recover`, `RegenerateKey`, `Restore`, `Set`, `SetSAS` and `Update`. */ storagePermissions?: pulumi.Input[]>; /** * The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Must match the `tenantId` used above. */ tenantId: pulumi.Input; } interface KeyVaultContact { email: pulumi.Input; /** * Specifies the name of the Key Vault. Changing this forces a new resource to be created. The name must be globally unique. If the vault is in a recoverable state then the vault will need to be purged before reusing the name. */ name?: pulumi.Input; phone?: pulumi.Input; } interface KeyVaultNetworkAcls { /** * Specifies which traffic can bypass the network rules. Possible values are `AzureServices` and `None`. */ bypass: pulumi.Input; /** * The Default Action to use when no rules match from `ipRules` / `virtualNetworkSubnetIds`. Possible values are `Allow` and `Deny`. */ defaultAction: pulumi.Input; /** * One or more IP Addresses, or CIDR Blocks which should be able to access the Key Vault. */ ipRules?: pulumi.Input[]>; /** * One or more Subnet IDs which should be able to access this Key Vault. */ virtualNetworkSubnetIds?: pulumi.Input[]>; } interface ManagedHardwareSecurityModuleNetworkAcls { /** * Specifies which traffic can bypass the network rules. Possible values are `AzureServices` and `None`. */ bypass: pulumi.Input; /** * The Default Action to use. Possible values are `Allow` and `Deny`. */ defaultAction: pulumi.Input; } interface ManagedHardwareSecurityModuleRoleDefinitionPermission { /** * One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. */ actions?: pulumi.Input[]>; /** * Specifies a list of data action permission to grant. Possible values are `Microsoft.KeyVault/managedHsm/keys/read/action`, `Microsoft.KeyVault/managedHsm/keys/write/action`, `Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action`, `Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action`, `Microsoft.KeyVault/managedHsm/keys/backup/action`, `Microsoft.KeyVault/managedHsm/keys/restore/action`, `Microsoft.KeyVault/managedHsm/roleAssignments/delete/action`, `Microsoft.KeyVault/managedHsm/roleAssignments/read/action`, `Microsoft.KeyVault/managedHsm/roleAssignments/write/action`, `Microsoft.KeyVault/managedHsm/roleDefinitions/read/action`, `Microsoft.KeyVault/managedHsm/roleDefinitions/write/action`, `Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action`, `Microsoft.KeyVault/managedHsm/keys/encrypt/action`, `Microsoft.KeyVault/managedHsm/keys/decrypt/action`, `Microsoft.KeyVault/managedHsm/keys/wrap/action`, `Microsoft.KeyVault/managedHsm/keys/unwrap/action`, `Microsoft.KeyVault/managedHsm/keys/sign/action`, `Microsoft.KeyVault/managedHsm/keys/verify/action`, `Microsoft.KeyVault/managedHsm/keys/create`, `Microsoft.KeyVault/managedHsm/keys/delete`, `Microsoft.KeyVault/managedHsm/keys/export/action`, `Microsoft.KeyVault/managedHsm/keys/release/action`, `Microsoft.KeyVault/managedHsm/keys/import/action`, `Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete`, `Microsoft.KeyVault/managedHsm/securitydomain/download/action`, `Microsoft.KeyVault/managedHsm/securitydomain/download/read`, `Microsoft.KeyVault/managedHsm/securitydomain/upload/action`, `Microsoft.KeyVault/managedHsm/securitydomain/upload/read`, `Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read`, `Microsoft.KeyVault/managedHsm/backup/start/action`, `Microsoft.KeyVault/managedHsm/restore/start/action`, `Microsoft.KeyVault/managedHsm/backup/status/action`, `Microsoft.KeyVault/managedHsm/restore/status/action` and `Microsoft.KeyVault/managedHsm/rng/action`. */ dataActions?: pulumi.Input[]>; /** * One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. */ notActions?: pulumi.Input[]>; /** * Specifies a list of data action permission not to grant. Possible values are `Microsoft.KeyVault/managedHsm/keys/read/action`, `Microsoft.KeyVault/managedHsm/keys/write/action`, `Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action`, `Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action`, `Microsoft.KeyVault/managedHsm/keys/backup/action`, `Microsoft.KeyVault/managedHsm/keys/restore/action`, `Microsoft.KeyVault/managedHsm/roleAssignments/delete/action`, `Microsoft.KeyVault/managedHsm/roleAssignments/read/action`, `Microsoft.KeyVault/managedHsm/roleAssignments/write/action`, `Microsoft.KeyVault/managedHsm/roleDefinitions/read/action`, `Microsoft.KeyVault/managedHsm/roleDefinitions/write/action`, `Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action`, `Microsoft.KeyVault/managedHsm/keys/encrypt/action`, `Microsoft.KeyVault/managedHsm/keys/decrypt/action`, `Microsoft.KeyVault/managedHsm/keys/wrap/action`, `Microsoft.KeyVault/managedHsm/keys/unwrap/action`, `Microsoft.KeyVault/managedHsm/keys/sign/action`, `Microsoft.KeyVault/managedHsm/keys/verify/action`, `Microsoft.KeyVault/managedHsm/keys/create`, `Microsoft.KeyVault/managedHsm/keys/delete`, `Microsoft.KeyVault/managedHsm/keys/export/action`, `Microsoft.KeyVault/managedHsm/keys/release/action`, `Microsoft.KeyVault/managedHsm/keys/import/action`, `Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete`, `Microsoft.KeyVault/managedHsm/securitydomain/download/action`, `Microsoft.KeyVault/managedHsm/securitydomain/download/read`, `Microsoft.KeyVault/managedHsm/securitydomain/upload/action`, `Microsoft.KeyVault/managedHsm/securitydomain/upload/read`, `Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read`, `Microsoft.KeyVault/managedHsm/backup/start/action`, `Microsoft.KeyVault/managedHsm/restore/start/action`, `Microsoft.KeyVault/managedHsm/backup/status/action`, `Microsoft.KeyVault/managedHsm/restore/status/action` and `Microsoft.KeyVault/managedHsm/rng/action`. */ notDataActions?: pulumi.Input[]>; } } export declare namespace kusto { interface AttachedDatabaseConfigurationSharing { /** * List of external tables exclude from the follower database. */ externalTablesToExcludes?: pulumi.Input[]>; /** * List of external tables to include in the follower database. */ externalTablesToIncludes?: pulumi.Input[]>; /** * List of functions to exclude from the follower database. */ functionsToExcludes?: pulumi.Input[]>; /** * List of functions to include in the follower database. */ functionsToIncludes?: pulumi.Input[]>; /** * List of materialized views exclude from the follower database. */ materializedViewsToExcludes?: pulumi.Input[]>; /** * List of materialized views to include in the follower database. */ materializedViewsToIncludes?: pulumi.Input[]>; /** * List of tables to exclude from the follower database. */ tablesToExcludes?: pulumi.Input[]>; /** * List of tables to include in the follower database. */ tablesToIncludes?: pulumi.Input[]>; } interface ClusterIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kusto Cluster. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this System Assigned Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this System Assigned Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that is configured on this Kusto Cluster. Possible values are: `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface ClusterLanguageExtension { /** * The language extension image. Possible values are `Python3_11_7`, `Python3_11_7_DL`, `Python3_10_8`, `Python3_10_8_DL`, `Python3_6_5`, `PythonCustomImage`, and `R`. */ image: pulumi.Input; /** * The name of the Kusto Cluster to create. Only lowercase Alphanumeric characters allowed, starting with a letter. Changing this forces a new resource to be created. */ name: pulumi.Input; } interface ClusterOptimizedAutoScale { /** * The maximum number of allowed instances. Possible values range between `0` and `1000`. */ maximumInstances: pulumi.Input; /** * The minimum number of allowed instances. Possible values range between `0` and `1000`. */ minimumInstances: pulumi.Input; } interface ClusterSku { /** * Specifies the node count for the cluster. Boundaries depend on the SKU name. * * > **Note:** If no `optimizedAutoScale` block is defined, then the capacity is required. * * > **Note:** If an `optimizedAutoScale` block is defined and no capacity is set, then the capacity is initially set to the value of `minimumInstances`. */ capacity?: pulumi.Input; /** * The name of the SKU. Possible values are `Dev(No SLA)_Standard_D11_v2`, `Dev(No SLA)_Standard_E2a_v4`, `Standard_D14_v2`, `Standard_D11_v2`, `Standard_D16d_v5`, `Standard_D13_v2`, `Standard_D12_v2`, `Standard_DS14_v2+4TB_PS`, `Standard_DS14_v2+3TB_PS`, `Standard_DS13_v2+1TB_PS`, `Standard_DS13_v2+2TB_PS`, `Standard_D32d_v5`, `Standard_D32d_v4`, `Standard_EC8ads_v5`, `Standard_EC8as_v5+1TB_PS`, `Standard_EC8as_v5+2TB_PS`, `Standard_EC16ads_v5`, `Standard_EC16as_v5+4TB_PS`, `Standard_EC16as_v5+3TB_PS`, `Standard_E80ids_v4`, `Standard_E8a_v4`, `Standard_E8ads_v5`, `Standard_E8as_v5+1TB_PS`, `Standard_E8as_v5+2TB_PS`, `Standard_E8as_v4+1TB_PS`, `Standard_E8as_v4+2TB_PS`, `Standard_E8d_v5`, `Standard_E8d_v4`, `Standard_E8s_v5+1TB_PS`, `Standard_E8s_v5+2TB_PS`, `Standard_E8s_v4+1TB_PS`, `Standard_E8s_v4+2TB_PS`, `Standard_E4a_v4`, `Standard_E4ads_v5`, `Standard_E4d_v5`, `Standard_E4d_v4`, `Standard_E16a_v4`, `Standard_E16ads_v5`, `Standard_E16as_v5+4TB_PS`, `Standard_E16as_v5+3TB_PS`, `Standard_E16as_v4+4TB_PS`, `Standard_E16as_v4+3TB_PS`, `Standard_E16d_v5`, `Standard_E16d_v4`, `Standard_E16s_v5+4TB_PS`, `Standard_E16s_v5+3TB_PS`, `Standard_E16s_v4+4TB_PS`, `Standard_E16s_v4+3TB_PS`, `Standard_E64i_v3`, `Standard_E2a_v4`, `Standard_E2ads_v5`, `Standard_E2d_v5`, `Standard_E2d_v4`, `Standard_L8as_v3`, `Standard_L8s`, `Standard_L8s_v3`, `Standard_L8s_v2`, `Standard_L4s`, `Standard_L16as_v3`, `Standard_L16s`, `Standard_L16s_v3`, `Standard_L16s_v2`, `Standard_L32as_v3` and `Standard_L32s_v3`. */ name: pulumi.Input; } interface ClusterVirtualNetworkConfiguration { dataManagementPublicIpId: pulumi.Input; enginePublicIpId: pulumi.Input; subnetId: pulumi.Input; } } export declare namespace lb { interface BackendAddressPoolAddressInboundNatRulePortMapping { /** * The Backend Port of the Load Balancing Inbound NAT Rules associated with this Backend Address Pool Address. */ backendPort?: pulumi.Input; /** * The Frontend Port of the Load Balancing Inbound NAT Rules associated with this Backend Address Pool Address. */ frontendPort?: pulumi.Input; /** * The name of the Load Balancing Inbound NAT Rules associated with this Backend Address Pool Address. */ inboundNatRuleName?: pulumi.Input; } interface BackendAddressPoolTunnelInterface { /** * The unique identifier of this Gateway Load Balancer Tunnel Interface. */ identifier: pulumi.Input; /** * The port number that this Gateway Load Balancer Tunnel Interface listens to. */ port: pulumi.Input; /** * The protocol used for this Gateway Load Balancer Tunnel Interface. Possible values are `None`, `Native` and `VXLAN`. */ protocol: pulumi.Input; /** * The traffic type of this Gateway Load Balancer Tunnel Interface. Possible values are `None`, `Internal` and `External`. */ type: pulumi.Input; } interface LoadBalancerFrontendIpConfiguration { /** * The Frontend IP Configuration ID of a Gateway SKU Load Balancer. */ gatewayLoadBalancerFrontendIpConfigurationId?: pulumi.Input; /** * The id of the Frontend IP Configuration. */ id?: pulumi.Input; /** * The list of IDs of inbound rules that use this frontend IP. */ inboundNatRules?: pulumi.Input[]>; /** * The list of IDs of load balancing rules that use this frontend IP. */ loadBalancerRules?: pulumi.Input[]>; /** * Specifies the name of the frontend IP configuration. */ name: pulumi.Input; /** * The list of IDs outbound rules that use this frontend IP. */ outboundRules?: pulumi.Input[]>; /** * Private IP Address to assign to the Load Balancer. The last one and first four IPs in any range are reserved and cannot be manually assigned. */ privateIpAddress?: pulumi.Input; /** * The allocation method for the Private IP Address used by this Load Balancer. Possible values as `Dynamic` and `Static`. */ privateIpAddressAllocation?: pulumi.Input; /** * The version of IP that the Private IP Address is. Possible values are `IPv4` or `IPv6`. */ privateIpAddressVersion?: pulumi.Input; /** * The ID of a Public IP Address which should be associated with the Load Balancer. */ publicIpAddressId?: pulumi.Input; /** * The ID of a Public IP Prefix which should be associated with the Load Balancer. Public IP Prefix can only be used with outbound rules. */ publicIpPrefixId?: pulumi.Input; /** * The ID of the Subnet which should be associated with the IP Configuration. */ subnetId?: pulumi.Input; /** * Specifies a list of Availability Zones in which the IP Address for this Load Balancer should be located. * * > **Note:** Availability Zones are only supported with a [Standard SKU](https://docs.microsoft.com/azure/load-balancer/load-balancer-standard-availability-zones) and [in select regions](https://docs.microsoft.com/azure/availability-zones/az-overview) at this time. */ zones?: pulumi.Input[]>; } interface OutboundRuleFrontendIpConfiguration { /** * The ID of the Load Balancer Outbound Rule. */ id?: pulumi.Input; /** * The name of the Frontend IP Configuration. */ name: pulumi.Input; } } export declare namespace lighthouse { interface DefinitionAuthorization { /** * The set of role definition ids which define all the permissions that the principal id can assign. */ delegatedRoleDefinitionIds?: pulumi.Input[]>; /** * The display name of the security group/service principal/user that would be assigned permissions to the projected subscription. */ principalDisplayName?: pulumi.Input; /** * Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription. */ principalId: pulumi.Input; /** * The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an `Owner` role. */ roleDefinitionId: pulumi.Input; } interface DefinitionEligibleAuthorization { /** * A `justInTimeAccessPolicy` block as defined below. */ justInTimeAccessPolicy?: pulumi.Input; /** * The display name of the Azure Active Directory Principal. */ principalDisplayName?: pulumi.Input; /** * Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription. */ principalId: pulumi.Input; /** * The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope. */ roleDefinitionId: pulumi.Input; } interface DefinitionEligibleAuthorizationJustInTimeAccessPolicy { /** * An `approver` block as defined below. */ approvers?: pulumi.Input[]>; /** * The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to `PT8H`. */ maximumActivationDuration?: pulumi.Input; /** * The multi-factor authorization provider to be used for just-in-time access requests. Possible value is `Azure`. * * > **Note:** When this property isn't set, it would be set to `None`. */ multiFactorAuthProvider?: pulumi.Input; } interface DefinitionEligibleAuthorizationJustInTimeAccessPolicyApprover { /** * The display name of the Azure Active Directory Principal for the approver. */ principalDisplayName?: pulumi.Input; /** * The Principal ID of the Azure Active Directory principal for the approver. */ principalId: pulumi.Input; } interface DefinitionPlan { /** * The plan name of the marketplace offer. */ name: pulumi.Input; /** * The product code of the plan. */ product: pulumi.Input; /** * The publisher ID of the plan. */ publisher: pulumi.Input; /** * The version of the plan. */ version: pulumi.Input; } } export declare namespace loadtest { interface LoadTestEncryption { /** * An `identity` block as defined below. Changing this forces a new Load Test to be created. */ identity: pulumi.Input; /** * The URI specifying the Key vault and key to be used to encrypt data in this resource. The URI should include the key version. Changing this forces a new Load Test to be created. */ keyUrl: pulumi.Input; } interface LoadTestEncryptionIdentity { /** * The User Assigned Identity ID that should be assigned to this Load Test Encryption. Changing this forces a new Load Test to be created. * * > **Note:** The User Assigned Identity ID specified here must also exist in `identity.identity_ids`. */ identityId: pulumi.Input; /** * Specifies the type of Managed Identity that should be assigned to this Load Test Encryption. Possible values are `SystemAssigned` or `UserAssigned`. Changing this forces a new Load Test to be created. */ type: pulumi.Input; } interface LoadTestIdentity { /** * A list of the User Assigned Identity IDs that should be assigned to this Load Test. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the System-Assigned Managed Identity assigned to this Load Test. */ principalId?: pulumi.Input; /** * The Tenant ID for the System-Assigned Managed Identity assigned to this Load Test. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Identity that should be assigned to this Load Test Encryption. Possible values are `SystemAssigned` or `UserAssigned`. Changing this forces a new Load Test to be created. */ type: pulumi.Input; } } export declare namespace loganalytics { interface ClusterIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Windows Web App Slot. Changing this forces a new resource to be created. * * > **Note:** This is required when `type` is set to `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Log Analytics Cluster. Possible values are `SystemAssigned` and `UserAssigned`. Changing this forces a new resource to be created. * * > **Note:** The assigned `principalId` and `tenantId` can be retrieved after the identity `type` has been set to `SystemAssigned` and the Log Analytics Cluster has been created. More details are available below. */ type: pulumi.Input; } interface WorkspaceTableCustomLogColumn { /** * The description of the column. */ description?: pulumi.Input; /** * The display name of the column. */ displayName?: pulumi.Input; /** * Specifies the name of the column. */ name: pulumi.Input; /** * The data type of the column. Possible values are `boolean`, `datetime`, `dynamic`, `guid`, `int`, `long`, `real`, and `string`. */ type: pulumi.Input; } interface WorkspaceTableCustomLogStandardColumn { /** * The description of the table. */ description?: pulumi.Input; /** * The display name of the table. */ displayName?: pulumi.Input; /** * Specifies the name of the Log Analytics Workspace Table Custom Log. Changing this forces a new resource to be created. * * > **Note:** `name` must end with `_CL`. */ name?: pulumi.Input; /** * The data type of the standard column. */ type?: pulumi.Input; } } export declare namespace logicapps { interface ActionHttpRunAfter { /** * Specifies the name of the precedent HTTP Action. */ actionName: pulumi.Input; /** * Specifies the expected result of the precedent HTTP Action, only after which the current HTTP Action will be triggered. Possible values include `Succeeded`, `Failed`, `Skipped` and `TimedOut`. */ actionResult: pulumi.Input; } interface IntegrationAccountAgreementGuestIdentity { /** * The authenticating body that provides unique guest identities to organizations. */ qualifier: pulumi.Input; /** * The value that identifies the documents that your logic apps receive. */ value: pulumi.Input; } interface IntegrationAccountAgreementHostIdentity { /** * The authenticating body that provides unique host identities to organizations. */ qualifier: pulumi.Input; /** * The value that identifies the documents that your logic apps receive. */ value: pulumi.Input; } interface IntegrationAccountBatchConfigurationReleaseCriteria { /** * The batch size in bytes for the Logic App Integration Batch Configuration. */ batchSize?: pulumi.Input; /** * The message count for the Logic App Integration Batch Configuration. */ messageCount?: pulumi.Input; /** * A `recurrence` block as documented below. */ recurrence?: pulumi.Input; } interface IntegrationAccountBatchConfigurationReleaseCriteriaRecurrence { /** * The end time of the schedule, formatted as an RFC3339 string. */ endTime?: pulumi.Input; /** * The frequency of the schedule. Possible values are `Day`, `Hour`, `Minute`, `Month`, `NotSpecified`, `Second`, `Week` and `Year`. */ frequency: pulumi.Input; /** * The number of `frequency`s between runs. */ interval: pulumi.Input; /** * A `schedule` block as documented below. */ schedule?: pulumi.Input; /** * The start time of the schedule, formatted as an RFC3339 string. */ startTime?: pulumi.Input; /** * The timezone of the start/end time. */ timeZone?: pulumi.Input; } interface IntegrationAccountBatchConfigurationReleaseCriteriaRecurrenceSchedule { /** * A list containing a single item, which specifies the Hour interval at which this recurrence should be triggered. */ hours?: pulumi.Input[]>; /** * A list containing a single item which specifies the Minute interval at which this recurrence should be triggered. */ minutes?: pulumi.Input[]>; /** * A list of days of the month that the job should execute on. */ monthDays?: pulumi.Input[]>; /** * A `monthly` block as documented below. */ monthlies?: pulumi.Input[]>; /** * A list of days of the week that the job should execute on. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` and `Saturday`. */ weekDays?: pulumi.Input[]>; } interface IntegrationAccountBatchConfigurationReleaseCriteriaRecurrenceScheduleMonthly { /** * The occurrence of the week within the month. */ week: pulumi.Input; /** * The day of the occurrence. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` and `Saturday`. */ weekday: pulumi.Input; } interface IntegrationAccountCertificateKeyVaultKey { /** * The name of Key Vault Key. */ keyName: pulumi.Input; /** * The ID of the Key Vault. */ keyVaultId: pulumi.Input; /** * The version of Key Vault Key. */ keyVersion?: pulumi.Input; } interface IntegrationAccountPartnerBusinessIdentity { /** * The authenticating body that provides unique business identities to organizations. */ qualifier: pulumi.Input; /** * The value that identifies the documents that your logic apps receive. */ value: pulumi.Input; } interface StandardConnectionString { /** * The name of the Connection String. */ name: pulumi.Input; /** * The type of the Connection String. Possible values are `APIHub`, `Custom`, `DocDb`, `EventHub`, `MySQL`, `NotificationHub`, `PostgreSQL`, `RedisCache`, `ServiceBus`, `SQLAzure` and `SQLServer`. */ type: pulumi.Input; /** * The value for the Connection String. */ value: pulumi.Input; } interface StandardIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Logic App Standard. * * > **Note:** When `type` is set to `SystemAssigned`, The assigned `principalId` and `tenantId` can be retrieved after the Logic App has been created. More details are available below. * * > **Note:** The `identityIds` is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this App Service. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this App Service. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Logic App Standard. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface StandardSiteConfig { /** * Should the Logic App be loaded at all times? Defaults to `false`. */ alwaysOn?: pulumi.Input; /** * The number of workers this Logic App can scale out to. Only applicable to apps on the Consumption and Premium plan. */ appScaleLimit?: pulumi.Input; /** * The Auto-swap slot name. */ autoSwapSlotName?: pulumi.Input; /** * A `cors` block as defined below. */ cors?: pulumi.Input; /** * The version of the .NET framework's CLR used in this Logic App Possible values are `v4.0` (including .NET Core 2.1 and 3.1), `v5.0`, `v6.0` and `v8.0`. [For more information on which .NET Framework version to use based on the runtime version you're targeting - please see this table](https://docs.microsoft.com/azure/azure-functions/functions-dotnet-class-library#supported-versions). Defaults to `v4.0`. */ dotnetFrameworkVersion?: pulumi.Input; /** * The number of minimum instances for this Logic App Only affects apps on the Premium plan. */ elasticInstanceMinimum?: pulumi.Input; /** * State of FTP / FTPS service for this Logic App. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `AllAllowed`. */ ftpsState?: pulumi.Input; /** * Path which will be checked for this Logic App health. */ healthCheckPath?: pulumi.Input; /** * Specifies whether the HTTP2 protocol should be enabled. Defaults to `false`. */ http2Enabled?: pulumi.Input; /** * The action to take when no `ipRestriction` rules match. Possible values are `Allow` and `Deny`. * * > **Note:** If `ipRestrictionDefaultAction` is not configured, it is implicitly set to `Allow` when no `ipRestriction` rules are defined and `Deny` when at least one `ipRestriction` rule is defined. */ ipRestrictionDefaultAction?: pulumi.Input; /** * A list of `ipRestriction` objects representing IP restrictions as defined below. * * > **Note:** User has to explicitly set `ipRestriction` to empty slice (`[]`) to remove it. */ ipRestrictions?: pulumi.Input[]>; /** * Linux App Framework and version for the App Service, e.g. `DOCKER|(golang:latest)`. Setting this value will also set the `kind` of application deployed to `functionapp,linux,container,workflowapp`. * * > **Note:** You must set `osType` in `azure.appservice.ServicePlan` to `Linux` when this property is set. */ linuxFxVersion?: pulumi.Input; /** * The minimum supported TLS version for the Logic App. Possible values are `1.0`, `1.1`, `1.2` and `1.3`. Defaults to `1.2` for new Logic Apps. * * > **Note:** Azure Services will require TLS 1.2+ by August 2025, please see this [announcement](https://azure.microsoft.com/en-us/updates/v2/update-retirement-tls1-0-tls1-1-versions-azure-services/) for more. */ minTlsVersion?: pulumi.Input; /** * The number of pre-warmed instances for this Logic App Only affects apps on the Premium plan. */ preWarmedInstanceCount?: pulumi.Input; /** * @deprecated the `site_config.public_network_access_enabled` property has been superseded by the `publicNetworkAccess` property and will be removed in v5.0 of the AzureRM Provider. */ publicNetworkAccessEnabled?: pulumi.Input; /** * Should Runtime Scale Monitoring be enabled?. Only applicable to apps on the Premium plan. Defaults to `false`. */ runtimeScaleMonitoringEnabled?: pulumi.Input; /** * The action to take when no `scmIpRestriction` rules match. Possible values are `Allow` and `Deny`. */ scmIpRestrictionDefaultAction?: pulumi.Input; /** * A list of `scmIpRestriction` objects representing SCM IP restrictions as defined below. * * > **Note:** User has to explicitly set `scmIpRestriction` to empty slice (`[]`) to remove it. */ scmIpRestrictions?: pulumi.Input[]>; /** * Configures the minimum version of TLS required for SSL requests to the SCM site. Possible values are `1.0`, `1.1`, `1.2` and `1.3`. * * > **Note:** Azure Services will require TLS 1.2+ by August 2025, please see this [announcement](https://azure.microsoft.com/en-us/updates/v2/update-retirement-tls1-0-tls1-1-versions-azure-services/) for more. */ scmMinTlsVersion?: pulumi.Input; /** * The type of Source Control used by the Logic App in use by the Windows Function App. Defaults to `None`. Possible values are: `BitbucketGit`, `BitbucketHg`, `CodePlexGit`, `CodePlexHg`, `Dropbox`, `ExternalGit`, `ExternalHg`, `GitHub`, `LocalGit`, `None`, `OneDrive`, `Tfs`, `VSO`, and `VSTSRM` */ scmType?: pulumi.Input; /** * Should the Logic App `ipRestriction` configuration be used for the SCM too. Defaults to `false`. */ scmUseMainIpRestriction?: pulumi.Input; /** * Should the Logic App run in 32 bit mode, rather than 64 bit mode? Defaults to `true`. * * > **Note:** when using an App Service Plan in the `Free` or `Shared` Tiers `use32BitWorkerProcess` must be set to `true`. */ use32BitWorkerProcess?: pulumi.Input; /** * Should all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. */ vnetRouteAllEnabled?: pulumi.Input; /** * Should WebSockets be enabled? */ websocketsEnabled?: pulumi.Input; } interface StandardSiteConfigCors { /** * A list of origins which should be able to make cross-origin calls. `*` can be used to allow all calls. */ allowedOrigins?: pulumi.Input[]>; /** * Are credentials supported? */ supportCredentials?: pulumi.Input; } interface StandardSiteConfigIpRestriction { /** * Does this restriction `Allow` or `Deny` access for this IP range. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * The `headers` block for this specific as a `ipRestriction` block as defined below. */ headers?: pulumi.Input; /** * The IP Address used for this IP Restriction in CIDR notation. */ ipAddress?: pulumi.Input; /** * The name for this IP Restriction. */ name?: pulumi.Input; /** * The priority for this IP Restriction. Restrictions are enforced in priority order. By default, the priority is set to 65000 if not specified. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One of either `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified */ virtualNetworkSubnetId?: pulumi.Input; } interface StandardSiteConfigIpRestrictionHeaders { /** * A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8. */ xAzureFdids?: pulumi.Input[]>; /** * A list to allow the Azure FrontDoor health probe header. Only allowed value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8. */ xForwardedFors?: pulumi.Input[]>; /** * A list of allowed 'X-Forwarded-Host' domains with a maximum of 8. */ xForwardedHosts?: pulumi.Input[]>; } interface StandardSiteConfigScmIpRestriction { /** * Does this restriction `Allow` or `Deny` access for this IP range. Defaults to `Allow`. */ action?: pulumi.Input; /** * The Description of this IP Restriction. */ description?: pulumi.Input; /** * The `headers` block for this specific `ipRestriction` as defined below. */ headers?: pulumi.Input; /** * The IP Address used for this IP Restriction in CIDR notation. */ ipAddress?: pulumi.Input; /** * The name for this IP Restriction. */ name?: pulumi.Input; /** * The priority for this IP Restriction. Restrictions are enforced in priority order. By default, the priority is set to `65000` if not specified. */ priority?: pulumi.Input; /** * The Service Tag used for this IP Restriction. */ serviceTag?: pulumi.Input; /** * The Virtual Network Subnet ID used for this IP Restriction. * * > **Note:** One of either `ipAddress`, `serviceTag` or `virtualNetworkSubnetId` must be specified. */ virtualNetworkSubnetId?: pulumi.Input; } interface StandardSiteConfigScmIpRestrictionHeaders { /** * A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8. */ xAzureFdids?: pulumi.Input[]>; /** * A list to allow the Azure FrontDoor health probe header. Only allowed value is `1`. */ xFdHealthProbe?: pulumi.Input; /** * A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8. */ xForwardedFors?: pulumi.Input[]>; /** * A list of allowed 'X-Forwarded-Host' domains with a maximum of 8. */ xForwardedHosts?: pulumi.Input[]>; } interface StandardSiteCredential { /** * The password associated with the username, which can be used to publish to this App Service. */ password?: pulumi.Input; /** * The username which can be used to publish to this App Service. */ username?: pulumi.Input; } interface TriggerRecurrenceSchedule { /** * Specifies a list of hours when the trigger should run. Valid values are between 0 and 23. */ atTheseHours?: pulumi.Input[]>; /** * Specifies a list of minutes when the trigger should run. Valid values are between 0 and 59. */ atTheseMinutes?: pulumi.Input[]>; /** * Specifies a list of days when the trigger should run. Valid values include `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday`, and `Sunday`. */ onTheseDays?: pulumi.Input[]>; } interface WorkflowAccessControl { /** * A `action` block as defined below. */ action?: pulumi.Input; /** * A `content` block as defined below. */ content?: pulumi.Input; /** * A `trigger` block as defined below. */ trigger?: pulumi.Input; /** * A `workflowManagement` block as defined below. */ workflowManagement?: pulumi.Input; } interface WorkflowAccessControlAction { /** * A list of the allowed caller IP address ranges. */ allowedCallerIpAddressRanges: pulumi.Input[]>; } interface WorkflowAccessControlContent { /** * A list of the allowed caller IP address ranges. */ allowedCallerIpAddressRanges: pulumi.Input[]>; } interface WorkflowAccessControlTrigger { /** * A list of the allowed caller IP address ranges. */ allowedCallerIpAddressRanges?: pulumi.Input[]>; /** * A `openAuthenticationPolicy` block as defined below. */ openAuthenticationPolicies?: pulumi.Input[]>; } interface WorkflowAccessControlTriggerOpenAuthenticationPolicy { /** * A `claim` block as defined below. */ claims: pulumi.Input[]>; /** * The OAuth policy name for the Logic App Workflow. */ name: pulumi.Input; } interface WorkflowAccessControlTriggerOpenAuthenticationPolicyClaim { /** * The name of the OAuth policy claim for the Logic App Workflow. */ name: pulumi.Input; /** * The value of the OAuth policy claim for the Logic App Workflow. */ value: pulumi.Input; } interface WorkflowAccessControlWorkflowManagement { /** * A list of the allowed caller IP address ranges. */ allowedCallerIpAddressRanges: pulumi.Input[]>; } interface WorkflowIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Logic App Workflow. * * > **Note:** This is required when `type` is set to `UserAssigned` */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this Logic App Workflow. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this Logic App Workflow. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Logic App Workflow. Possible values are `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; } } export declare namespace machinelearning { interface ComputeClusterIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Machine Learning Compute Cluster. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this Machine Learning Compute Cluster. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this Machine Learning Compute Cluster. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Machine Learning Compute Cluster. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface ComputeClusterScaleSettings { /** * Maximum node count. */ maxNodeCount: pulumi.Input; /** * Minimal node count. */ minNodeCount: pulumi.Input; /** * Node Idle Time Before Scale Down: defines the time until the compute is shutdown when it has gone into Idle state. Is defined according to W3C XML schema standard for duration. */ scaleDownNodesAfterIdleDuration: pulumi.Input; } interface ComputeClusterSsh { /** * Password of the administrator user account. Changing this forces a new Machine Learning Compute Cluster to be created. */ adminPassword?: pulumi.Input; /** * Name of the administrator user account which can be used to SSH to nodes. Changing this forces a new Machine Learning Compute Cluster to be created. */ adminUsername: pulumi.Input; /** * SSH public key of the administrator user account. Changing this forces a new Machine Learning Compute Cluster to be created. * * > **Note:** At least one of `adminPassword` and `keyValue` shoud be specified. */ keyValue?: pulumi.Input; } interface ComputeInstanceAssignToUser { /** * User’s AAD Object Id. */ objectId?: pulumi.Input; /** * User’s AAD Tenant Id. */ tenantId?: pulumi.Input; } interface ComputeInstanceIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Machine Learning Compute Instance. Changing this forces a new resource to be created. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this Machine Learning Compute Instance. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this Machine Learning Compute Instance. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Machine Learning Compute Instance. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). Changing this forces a new resource to be created. */ type: pulumi.Input; } interface ComputeInstanceSsh { /** * Describes the port for connecting through SSH. */ port?: pulumi.Input; /** * Specifies the SSH rsa public key file as a string. Use "ssh-keygen -t rsa -b 2048" to generate your SSH key pairs. */ publicKey: pulumi.Input; /** * The admin username of this Machine Learning Compute Instance. */ username?: pulumi.Input; } interface InferenceClusterIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Machine Learning Inference Cluster. Changing this forces a new resource to be created. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this Machine Learning Inference Cluster. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this Machine Learning Inference Cluster. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Machine Learning Inference Cluster. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). Changing this forces a new resource to be created. */ type: pulumi.Input; } interface InferenceClusterSsl { /** * The certificate for the SSL configuration.Conflicts with `ssl[0].leaf_domain_label`,`ssl[0].overwrite_existing_domain`. Changing this forces a new Machine Learning Inference Cluster to be created. Defaults to `""`. */ cert?: pulumi.Input; /** * The cname of the SSL configuration.Conflicts with `ssl[0].leaf_domain_label`,`ssl[0].overwrite_existing_domain`. Changing this forces a new Machine Learning Inference Cluster to be created. Defaults to `""`. */ cname?: pulumi.Input; /** * The key content for the SSL configuration.Conflicts with `ssl[0].leaf_domain_label`,`ssl[0].overwrite_existing_domain`. Changing this forces a new Machine Learning Inference Cluster to be created. Defaults to `""`. */ key?: pulumi.Input; /** * The leaf domain label for the SSL configuration. Conflicts with `ssl[0].cert`,`ssl[0].key`,`ssl[0].cname`. Changing this forces a new Machine Learning Inference Cluster to be created. Defaults to `""`. */ leafDomainLabel?: pulumi.Input; /** * Whether or not to overwrite existing leaf domain. Conflicts with `ssl[0].cert`,`ssl[0].key`,`ssl[0].cname` Changing this forces a new Machine Learning Inference Cluster to be created. */ overwriteExistingDomain?: pulumi.Input; } interface SynapseSparkIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Machine Learning Synapse Spark. Changing this forces a new resource to be created. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this Machine Learning Synapse Spark. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this Machine Learning Synapse Spark. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Machine Learning Synapse Spark. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). Changing this forces a new resource to be created. */ type: pulumi.Input; } interface WorkspaceEncryption { /** * The Key Vault URI to access the encryption key. */ keyId: pulumi.Input; /** * The ID of the keyVault where the customer owned encryption key is present. */ keyVaultId: pulumi.Input; /** * The Key Vault URI to access the encryption key. * * > **Note:** `userAssignedIdentityId` must set when`identity.type` is `UserAssigned` or service won't be able to find the assigned permissions. */ userAssignedIdentityId?: pulumi.Input; } interface WorkspaceFeatureStore { /** * The version of Spark runtime. */ computerSparkRuntimeVersion?: pulumi.Input; /** * The name of offline store connection. */ offlineConnectionName?: pulumi.Input; /** * The name of online store connection. * * > **Note:** `featureStore` must be set when`kind` is `FeatureStore` */ onlineConnectionName?: pulumi.Input; } interface WorkspaceIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Machine Learning Workspace. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Machine Learning Workspace. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface WorkspaceManagedNetwork { /** * The isolation mode of the Machine Learning Workspace. Possible values are `Disabled`, `AllowOnlyApprovedOutbound`, and `AllowInternetOutbound`. */ isolationMode?: pulumi.Input; /** * Set to trigger the provisioning of the managed VNet with the default options when creating a Machine Learning Workspace with the managed VNet enabled. Defaults to `false`. Changing this forces a new resource to be created. */ provisionOnCreationEnabled?: pulumi.Input; } interface WorkspaceServerlessCompute { /** * Should serverless compute nodes deployed in a custom Virtual Network have public IP addresses enabled for a workspace with private endpoint? Defaults to `false`. * * > **Note:** `publicIpEnabled` cannot be updated from `true` to `false` when `subnetId` is not set. `publicIpEnabled` must be set to `true` if `subnetId` is not set and when `publicNetworkAccessEnabled` is `false`. */ publicIpEnabled?: pulumi.Input; /** * The ID of an existing Virtual Network Subnet in which the serverless compute nodes should be deployed to. */ subnetId?: pulumi.Input; } } export declare namespace maintenance { interface AssignmentDynamicScopeFilter { /** * Specifies a list of locations to scope the query to. */ locations?: pulumi.Input[]>; /** * Specifies a list of allowed operating systems. Possible values are `Linux` and `Windows`. */ osTypes?: pulumi.Input[]>; /** * Specifies a list of allowed resource groups. */ resourceGroups?: pulumi.Input[]>; /** * Specifies a list of allowed resources. Possible values are `Microsoft.Compute/virtualMachines` and `Microsoft.HybridCompute/machines`. */ resourceTypes?: pulumi.Input[]>; /** * Filter VMs by `Any` or `All` specified tags. Defaults to `Any`. */ tagFilter?: pulumi.Input; /** * One or more `tags` blocks as defined below. */ tags?: pulumi.Input[]>; } interface AssignmentDynamicScopeFilterTag { /** * Specifies the tag to filter by. */ tag: pulumi.Input; /** * Specifies a list of values the defined tag can have. */ values: pulumi.Input[]>; } interface ConfigurationInstallPatches { /** * A `linux` block as defined above. This property only applies when `scope` is set to `InGuestPatch` */ linuxes?: pulumi.Input[]>; /** * Possible reboot preference as defined by the user based on which it would be decided to reboot the machine or not after the patch operation is completed. Possible values are `Always`, `IfRequired` and `Never`. This property only applies when `scope` is set to `InGuestPatch`. */ reboot?: pulumi.Input; /** * A `windows` block as defined above. This property only applies when `scope` is set to `InGuestPatch` */ windows?: pulumi.Input[]>; } interface ConfigurationInstallPatchesLinux { /** * List of Classification category of patches to be patched. Possible values are `Critical`, `Security` and `Other`. */ classificationsToIncludes?: pulumi.Input[]>; /** * List of package names to be excluded from patching. */ packageNamesMaskToExcludes?: pulumi.Input[]>; /** * List of package names to be included for patching. */ packageNamesMaskToIncludes?: pulumi.Input[]>; } interface ConfigurationInstallPatchesWindow { /** * List of Classification category of patches to be patched. Possible values are `Critical`, `Security`, `UpdateRollup`, `FeaturePack`, `ServicePack`, `Definition`, `Tools` and `Updates`. */ classificationsToIncludes?: pulumi.Input[]>; /** * List of KB numbers to be excluded from patching. */ kbNumbersToExcludes?: pulumi.Input[]>; /** * List of KB numbers to be included for patching. */ kbNumbersToIncludes?: pulumi.Input[]>; } interface ConfigurationWindow { /** * The duration of the maintenance window in HH:mm format. */ duration?: pulumi.Input; /** * Effective expiration date of the maintenance window in YYYY-MM-DD hh:mm format. */ expirationDateTime?: pulumi.Input; /** * The rate at which a maintenance window is expected to recur. The rate can be expressed as daily, weekly, or monthly schedules. */ recurEvery?: pulumi.Input; /** * Effective start date of the maintenance window in YYYY-MM-DD hh:mm format. */ startDateTime: pulumi.Input; /** * The time zone for the maintenance window. A list of timezones can be obtained by executing [System.TimeZoneInfo]::GetSystemTimeZones() in PowerShell. */ timeZone: pulumi.Input; } } export declare namespace managedapplication { interface ApplicationPlan { /** * Specifies the name of the plan from the marketplace. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specifies the product of the plan from the marketplace. Changing this forces a new resource to be created. */ product: pulumi.Input; /** * Specifies the promotion code to use with the plan. Changing this forces a new resource to be created. * * > **Note:** When `plan` is specified, legal terms must be accepted for this item on this subscription before creating the Managed Application. The `azure.marketplace.Agreement` resource or AZ CLI tool can be used to do this. */ promotionCode?: pulumi.Input; /** * Specifies the publisher of the plan. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * Specifies the version of the plan from the marketplace. Changing this forces a new resource to be created. */ version: pulumi.Input; } interface DefinitionAuthorization { /** * Specifies a role definition identifier for the provider. This role will define all the permissions that the provider must have on the managed application's container resource group. This role definition cannot have permission to delete the resource group. */ roleDefinitionId: pulumi.Input; /** * Specifies a service principal identifier for the provider. This is the identity that the provider will use to call ARM to manage the managed application resources. */ servicePrincipalId: pulumi.Input; } } export declare namespace managedlustre { interface FileSystemEncryptionKey { /** * The URL to the Key Vault Key used as the Encryption Key. This can be found as `id` on the `azure.keyvault.Key` resource. */ keyUrl: pulumi.Input; /** * The ID of the source Key Vault. This can be found as `id` on the `azure.keyvault.KeyVault` resource. */ sourceVaultId: pulumi.Input; } interface FileSystemHsmSetting { /** * The resource ID of the storage container that is used for hydrating the namespace and archiving from the namespace. Changing this forces a new resource to be created. */ containerId: pulumi.Input; /** * The import prefix for the Azure Managed Lustre File System. Only blobs in the non-logging container that start with this path/prefix get hydrated into the cluster namespace. Changing this forces a new resource to be created. * * > **Note:** The roles `Contributor` and `Storage Blob Data Contributor` must be added to the Service Principal `HPC Cache Resource Provider` for the Storage Account. See official docs for more information. */ importPrefix?: pulumi.Input; /** * The resource ID of the storage container that is used for logging events and errors. Changing this forces a new resource to be created. */ loggingContainerId: pulumi.Input; } interface FileSystemIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Azure Managed Lustre File System. Changing this forces a new resource to be created. */ identityIds: pulumi.Input[]>; /** * The type of Managed Service Identity that should be configured on this Azure Managed Lustre File System. Only possible value is `UserAssigned`. Changing this forces a new resource to be created. */ type: pulumi.Input; } interface FileSystemMaintenanceWindow { /** * The day of the week on which the maintenance window will occur. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` and `Saturday`. */ dayOfWeek: pulumi.Input; /** * The time of day (in UTC) to start the maintenance window. */ timeOfDayInUtc: pulumi.Input; } interface FileSystemRootSquash { /** * Squash mode of the AML file system. Possible values are `RootOnly`, and `All`. */ mode: pulumi.Input; /** * NID IP Address list(s) to be added to the TrustedSystems, separated by semicolons. */ noSquashNids: pulumi.Input; /** * The GID to be used for the root squash. Defaults to `0`. */ squashGid?: pulumi.Input; /** * The UID to be used for the root squash. Defaults to `0`. */ squashUid?: pulumi.Input; } } export declare namespace managedredis { interface ManagedRedisCustomerManagedKey { /** * The ID of the key vault key used for encryption. For example: `https://example-vault-name.vault.azure.net/keys/example-key-name/a1b2c3d4`. */ keyVaultKeyId: pulumi.Input; /** * The ID of the User Assigned Identity that has access to the Key Vault Key. */ userAssignedIdentityId: pulumi.Input; } interface ManagedRedisDefaultDatabase { /** * Whether access key authentication is enabled for the database. Defaults to `false`. */ accessKeysAuthenticationEnabled?: pulumi.Input; /** * Specifies whether redis clients can connect using TLS-encrypted or plaintext redis protocols. Possible values are `Encrypted` and `Plaintext`. Defaults to `Encrypted`. */ clientProtocol?: pulumi.Input; /** * Clustering policy specified at create time. Possible values are `EnterpriseCluster`, `OSSCluster` and `NoCluster`. Defaults to `OSSCluster`. * * !> **Note:** Changing `clusteringPolicy` forces database recreation. Data will be lost and Managed Redis will be unavailable during the operation. */ clusteringPolicy?: pulumi.Input; /** * Specifies the Redis eviction policy. Possible values are `AllKeysLFU`, `AllKeysLRU`, `AllKeysRandom`, `VolatileLRU`, `VolatileLFU`, `VolatileTTL`, `VolatileRandom` and `NoEviction`. Defaults to `VolatileLRU`. */ evictionPolicy?: pulumi.Input; /** * The name of the geo-replication group. If provided, a geo-replication group will be created for this database with itself as the only member. Use `azure.managedredis.GeoReplication` resource to manage group membership, linking and unlinking. All databases to be linked have to have the same group name. Refer to the [Managed Redis geo-replication documentation](https://learn.microsoft.com/azure/redis/how-to-active-geo-replication) for more information. * * !> **Note:** Changing `geoReplicationGroupName` forces database recreation. Data will be lost and Managed Redis will be unavailable during the operation. */ geoReplicationGroupName?: pulumi.Input; /** * The ID of the Managed Redis Database Instance. */ id?: pulumi.Input; /** * A `module` block as defined below. Refer to [the modules documentation](https://learn.microsoft.com/azure/redis/redis-modules) to learn more. */ modules?: pulumi.Input[]>; /** * The frequency of Append Only File (AOF) backups. The only possible value is `1s`. Providing this value implies AOF persistence method is enabled. Conflicts with `persistenceRedisDatabaseBackupFrequency`, only one persistence method is allowed. Conflicts with `geoReplicationGroupName`, persistence can only be enabled on non-geo-replicated databases. Refer to [the persistence documentation](https://learn.microsoft.com/azure/redis/how-to-persistence) to learn more. */ persistenceAppendOnlyFileBackupFrequency?: pulumi.Input; /** * The frequency of Redis Database (RDB) backups. Possible values are `1h`, `6h` and `12h`. Providing this value implies RDB persistence method is enabled. Conflicts with `persistenceAppendOnlyFileBackupFrequency`, only one persistence method is allowed. Conflicts with `geoReplicationGroupName`, persistence can only be enabled on non-geo-replicated databases. Refer to [the persistence documentation](https://learn.microsoft.com/azure/redis/how-to-persistence) to learn more. */ persistenceRedisDatabaseBackupFrequency?: pulumi.Input; /** * TCP port of the database endpoint. */ port?: pulumi.Input; /** * The Primary Access Key for the Managed Redis Database Instance. Only exported if `accessKeysAuthenticationEnabled` is set to `true`. */ primaryAccessKey?: pulumi.Input; /** * The Secondary Access Key for the Managed Redis Database Instance. Only exported if `accessKeysAuthenticationEnabled` is set to `true`. */ secondaryAccessKey?: pulumi.Input; } interface ManagedRedisDefaultDatabaseModule { /** * Configuration options for the module (e.g. `ERROR_RATE 0.00 INITIAL_SIZE 400`). * * !> **Note:** Changing `args` forces database recreation. Data will be lost and Managed Redis will be unavailable during the operation. * * > **Note:** Only `RediSearch` and `RedisJSON` modules are allowed with geo-replication. */ args?: pulumi.Input; /** * The name which should be used for this module. Possible values are `RedisBloom`, `RedisTimeSeries`, `RediSearch` and `RedisJSON`. * * !> **Note:** Changing `name` forces database recreation. Data will be lost and Managed Redis will be unavailable during the operation. */ name: pulumi.Input; /** * Version of the module to be used. */ version?: pulumi.Input; } interface ManagedRedisIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Managed Redis instance. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Managed Redis instance. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } } export declare namespace management { interface GroupPolicyAssignmentIdentity { /** * A list of User Managed Identity IDs which should be assigned to the Policy Definition. * * > **Note:** This is required when `type` is set to `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID of the Policy Assignment for this Management Group. */ principalId?: pulumi.Input; /** * The Tenant ID of the Policy Assignment for this Management Group. */ tenantId?: pulumi.Input; /** * The Type of Managed Identity which should be added to this Policy Definition. Possible values are `SystemAssigned` and `UserAssigned`. */ type: pulumi.Input; } interface GroupPolicyAssignmentNonComplianceMessage { /** * The non-compliance message text. When assigning policy sets (initiatives), unless `policyDefinitionReferenceId` is specified then this message will be the default for all policies. */ content: pulumi.Input; /** * When assigning policy sets (initiatives), this is the ID of the policy definition that the non-compliance message applies to. */ policyDefinitionReferenceId?: pulumi.Input; } interface GroupPolicyAssignmentOverride { /** * One or more `overrideSelector` block as defined below. */ selectors?: pulumi.Input[]>; /** * Specifies the value to override the policy property. Possible values for `policyEffect` override listed [policy effects](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects). */ value: pulumi.Input; } interface GroupPolicyAssignmentOverrideSelector { ins?: pulumi.Input[]>; kind?: pulumi.Input; notIns?: pulumi.Input[]>; } interface GroupPolicyAssignmentResourceSelector { /** * Specifies a name for the resource selector. */ name?: pulumi.Input; /** * One or more `resourceSelector` block as defined below. */ selectors: pulumi.Input[]>; } interface GroupPolicyAssignmentResourceSelectorSelector { ins?: pulumi.Input[]>; kind: pulumi.Input; notIns?: pulumi.Input[]>; } interface GroupPolicySetDefinitionPolicyDefinitionGroup { /** * The ID of a resource that contains additional metadata for this Policy Definition Group. */ additionalMetadataResourceId?: pulumi.Input; /** * The category of this Policy Definition Group. */ category?: pulumi.Input; /** * The description of this Policy Definition Group. */ description?: pulumi.Input; /** * The display name of this Policy Definition Group. */ displayName?: pulumi.Input; /** * The name which should be used for this Policy Definition Group. */ name: pulumi.Input; } interface GroupPolicySetDefinitionPolicyDefinitionReference { /** * Parameter values for the references Policy Definition in JSON format. */ parameterValues?: pulumi.Input; /** * The ID of the Policy Definition to include in this Policy Set Definition. */ policyDefinitionId: pulumi.Input; /** * Specifies a list of Policy Definition Groups names that this Policy Definition Reference belongs to. */ policyGroupNames?: pulumi.Input[]>; /** * A unique ID within this Policy Set Definition for this Policy Definition Reference. */ referenceId?: pulumi.Input; /** * The version of the Policy Definition to use. */ version?: pulumi.Input; } } export declare namespace maps { interface AccountCors { /** * A list of origins that should be allowed to make cross-origin calls. */ allowedOrigins: pulumi.Input[]>; } interface AccountDataStore { /** * The ID of the Storage Account that should be linked to this Azure Maps Account. */ storageAccountId?: pulumi.Input; /** * The name given to the linked Storage Account. */ uniqueName: pulumi.Input; } interface AccountIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Azure Maps Account. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Azure Maps Account. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } } export declare namespace mongocluster { interface MongoClusterConnectionString { /** * The description of the connection string. */ description?: pulumi.Input; /** * The name which should be used for the MongoDB Cluster. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * The value of the Mongo Cluster connection string. The `:` placeholder returned from API will be replaced by the real `administratorUsername` and `administratorPassword` if available in the state. */ value?: pulumi.Input; } interface MongoClusterCustomerManagedKey { /** * The ID of the key vault key used for encryption. For example: `https://example-vault-name.vault.azure.net/keys/example-key-name`. */ keyVaultKeyId: pulumi.Input; /** * The ID of the User Assigned Identity that has access to the Key Vault Key. */ userAssignedIdentityId: pulumi.Input; } interface MongoClusterIdentity { /** * A list of one or more Resource IDs for User Assigned Managed identities to assign. * * > **Note:** Required when `type` is set to `UserAssigned`. */ identityIds: pulumi.Input[]>; /** * The type of managed identity to assign. Possible value is `UserAssigned`. */ type: pulumi.Input; } interface MongoClusterRestore { /** * The point in time (in UTC) to restore from, in ISO 8601 format (e.g., `2024-01-01T00:00:00Z`). Changing this forces a new resource to be created. */ pointInTimeUtc: pulumi.Input; /** * The ID of the source MongoDB Cluster to restore from. Changing this forces a new resource to be created. */ sourceId: pulumi.Input; } interface UserRole { /** * The name of the database to which the role will be applied. Changing this forces a new resource to be created. */ database: pulumi.Input; /** * The role name. The only possible value is `root`. Changing this forces a new resource to be created. */ name: pulumi.Input; } } export declare namespace monitoring { interface AadDiagnosticSettingEnabledLog { /** * The log category for the Azure Active Directory Diagnostic. */ category: pulumi.Input; /** * @deprecated Azure does not support retention for new Azure Active Directory Diagnostic Settings */ retentionPolicy?: pulumi.Input; } interface AadDiagnosticSettingEnabledLogRetentionPolicy { days?: pulumi.Input; enabled?: pulumi.Input; } interface ActionGroupArmRoleReceiver { /** * The name of the ARM role receiver. */ name: pulumi.Input; /** * The arm role id. */ roleId: pulumi.Input; /** * Enables or disables the common alert schema. */ useCommonAlertSchema?: pulumi.Input; } interface ActionGroupAutomationRunbookReceiver { /** * The automation account ID which holds this runbook and authenticates to Azure resources. */ automationAccountId: pulumi.Input; /** * Indicates whether this instance is global runbook. */ isGlobalRunbook: pulumi.Input; /** * The name of the automation runbook receiver. */ name: pulumi.Input; /** * The name for this runbook. */ runbookName: pulumi.Input; /** * The URI where webhooks should be sent. */ serviceUri: pulumi.Input; /** * Enables or disables the common alert schema. */ useCommonAlertSchema?: pulumi.Input; /** * The resource id for webhook linked to this runbook. */ webhookResourceId: pulumi.Input; } interface ActionGroupAzureAppPushReceiver { /** * The email address of the user signed into the mobile app who will receive push notifications from this receiver. */ emailAddress: pulumi.Input; /** * The name of the Azure app push receiver. */ name: pulumi.Input; } interface ActionGroupAzureFunctionReceiver { /** * The Azure resource ID of the function app. */ functionAppResourceId: pulumi.Input; /** * The function name in the function app. */ functionName: pulumi.Input; /** * The HTTP trigger url where HTTP request sent to. */ httpTriggerUrl: pulumi.Input; /** * The name of the Azure Function receiver. */ name: pulumi.Input; /** * Enables or disables the common alert schema. */ useCommonAlertSchema?: pulumi.Input; } interface ActionGroupEmailReceiver { /** * The email address of this receiver. */ emailAddress: pulumi.Input; /** * The name of the email receiver. Names must be unique (case-insensitive) across all receivers within an action group. */ name: pulumi.Input; /** * Enables or disables the common alert schema. */ useCommonAlertSchema?: pulumi.Input; } interface ActionGroupEventHubReceiver { /** * The name of the specific Event Hub queue. */ eventHubName: pulumi.Input; /** * The namespace name of the Event Hub. */ eventHubNamespace: pulumi.Input; /** * The name of the EventHub Receiver, must be unique within action group. */ name: pulumi.Input; /** * The ID for the subscription containing this Event Hub. Default to the subscription ID of the Action Group. */ subscriptionId?: pulumi.Input; /** * The Tenant ID for the subscription containing this Event Hub. */ tenantId?: pulumi.Input; /** * Indicates whether to use common alert schema. */ useCommonAlertSchema?: pulumi.Input; } interface ActionGroupItsmReceiver { /** * The unique connection identifier of the ITSM connection. */ connectionId: pulumi.Input; /** * The name of the ITSM receiver. */ name: pulumi.Input; /** * The region of the workspace. * * > **Note:** `ticketConfiguration` should be JSON blob with `PayloadRevision` and `WorkItemType` keys (e.g., `ticket_configuration="{\"PayloadRevision\":0,\"WorkItemType\":\"Incident\"}"`), and `ticket_configuration="{}"` will return an error, see more at this [REST API issue](https://github.com/Azure/azure-rest-api-specs/issues/20488) */ region: pulumi.Input; /** * A JSON blob for the configurations of the ITSM action. CreateMultipleWorkItems option will be part of this blob as well. */ ticketConfiguration: pulumi.Input; /** * The Azure Log Analytics workspace ID where this connection is defined. Format is `|`, for example `00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000`. */ workspaceId: pulumi.Input; } interface ActionGroupLogicAppReceiver { /** * The callback url where HTTP request sent to. */ callbackUrl: pulumi.Input; /** * The name of the logic app receiver. */ name: pulumi.Input; /** * The Azure resource ID of the logic app. */ resourceId: pulumi.Input; /** * Enables or disables the common alert schema. */ useCommonAlertSchema?: pulumi.Input; } interface ActionGroupSmsReceiver { /** * The country code of the SMS receiver. */ countryCode: pulumi.Input; /** * The name of the SMS receiver. Names must be unique (case-insensitive) across all receivers within an action group. */ name: pulumi.Input; /** * The phone number of the SMS receiver. */ phoneNumber: pulumi.Input; } interface ActionGroupVoiceReceiver { /** * The country code of the voice receiver. */ countryCode: pulumi.Input; /** * The name of the voice receiver. */ name: pulumi.Input; /** * The phone number of the voice receiver. */ phoneNumber: pulumi.Input; } interface ActionGroupWebhookReceiver { /** * The `aadAuth` block as defined below. * * > **Note:** Before adding a secure webhook receiver by setting `aadAuth`, please read [the configuration instruction of the AAD application](https://docs.microsoft.com/azure/azure-monitor/platform/action-groups#secure-webhook). */ aadAuth?: pulumi.Input; /** * The name of the webhook receiver. Names must be unique (case-insensitive) across all receivers within an action group. */ name: pulumi.Input; /** * The URI where webhooks should be sent. */ serviceUri: pulumi.Input; /** * Enables or disables the common alert schema. */ useCommonAlertSchema?: pulumi.Input; } interface ActionGroupWebhookReceiverAadAuth { /** * The identifier URI for AAD auth. */ identifierUri?: pulumi.Input; /** * The webhook application object Id for AAD auth. */ objectId: pulumi.Input; /** * The tenant id for AAD auth. */ tenantId?: pulumi.Input; } interface ActivityLogAlertAction { /** * The ID of the Action Group can be sourced from the `azure.monitoring.ActionGroup` resource. */ actionGroupId: pulumi.Input; /** * The map of custom string properties to include with the post operation. These data are appended to the webhook payload. */ webhookProperties?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface ActivityLogAlertCriteria { /** * The email address or Azure Active Directory identifier of the user who performed the operation. */ caller?: pulumi.Input; /** * The category of the operation. Possible values are `Administrative`, `Autoscale`, `Policy`, `Recommendation`, `ResourceHealth`, `Security` and `ServiceHealth`. */ category: pulumi.Input; /** * The severity level of the event. Possible values are `Verbose`, `Informational`, `Warning`, `Error`, and `Critical`. */ level?: pulumi.Input; /** * A list of severity level of the event. Possible values are `Verbose`, `Informational`, `Warning`, `Error`, and `Critical`. * * > **Note:** `level` and `levels` are mutually exclusive. */ levels?: pulumi.Input[]>; /** * The Resource Manager Role-Based Access Control operation name. Supported operation should be of the form: `//`. */ operationName?: pulumi.Input; /** * The recommendation category of the event. Possible values are `Cost`, `Reliability`, `OperationalExcellence`, `HighAvailability`, `Performance` and `Security`. */ recommendationCategory?: pulumi.Input; /** * The recommendation impact of the event. Possible values are `High`, `Medium` and `Low`. * * > **Note:** The `recommendationType`, `recommendationCategory`, and `recommendationImpact` fields can only be defined if the `category` field has been set to `Recommendation`. */ recommendationImpact?: pulumi.Input; /** * The recommendation type of the event. */ recommendationType?: pulumi.Input; /** * The name of resource group monitored by the activity log alert. */ resourceGroup?: pulumi.Input; /** * A list of names of resource groups monitored by the activity log alert. * * > **Note:** `resourceGroup` and `resourceGroups` are mutually exclusive. */ resourceGroups?: pulumi.Input[]>; /** * A block to define fine grain resource health settings. */ resourceHealth?: pulumi.Input; /** * The specific resource monitored by the activity log alert. It should be within one of the `scopes`. */ resourceId?: pulumi.Input; /** * A list of specific resources monitored by the activity log alert. It should be within one of the `scopes`. * * > **Note:** `resourceId` and `resourceIds` are mutually exclusive. */ resourceIds?: pulumi.Input[]>; /** * The name of the resource provider monitored by the activity log alert. */ resourceProvider?: pulumi.Input; /** * A list of names of resource providers monitored by the activity log alert. * * > **Note:** `resourceProvider` and `resourceProviders` are mutually exclusive. */ resourceProviders?: pulumi.Input[]>; /** * The resource type monitored by the activity log alert. */ resourceType?: pulumi.Input; /** * A list of resource types monitored by the activity log alert. * * > **Note:** `resourceType` and `resourceTypes` are mutually exclusive. */ resourceTypes?: pulumi.Input[]>; /** * A block to define fine grain service health settings. */ serviceHealth?: pulumi.Input; /** * The status of the event. For example, `Started`, `Failed`, or `Succeeded`. */ status?: pulumi.Input; /** * A list of status of the event. For example, `Started`, `Failed`, or `Succeeded`. * * > **Note:** `status` and `statuses` are mutually exclusive. */ statuses?: pulumi.Input[]>; /** * The sub status of the event. */ subStatus?: pulumi.Input; /** * A list of sub status of the event. * * > **Note:** `subStatus` and `subStatuses` are mutually exclusive. */ subStatuses?: pulumi.Input[]>; } interface ActivityLogAlertCriteriaResourceHealth { /** * The current resource health statuses that will log an alert. Possible values are `Available`, `Degraded`, `Unavailable` and `Unknown`. */ currents?: pulumi.Input[]>; /** * The previous resource health statuses that will log an alert. Possible values are `Available`, `Degraded`, `Unavailable` and `Unknown`. */ previouses?: pulumi.Input[]>; /** * The reason that will log an alert. Possible values are `PlatformInitiated` (such as a problem with the resource in an affected region of an Azure incident), `UserInitiated` (such as a shutdown request of a VM) and `Unknown`. */ reasons?: pulumi.Input[]>; } interface ActivityLogAlertCriteriaServiceHealth { /** * Events this alert will monitor Possible values are `Incident`, `Maintenance`, `Informational`, `ActionRequired` and `Security`. */ events?: pulumi.Input[]>; /** * Locations this alert will monitor. For example, `West Europe`. */ locations?: pulumi.Input[]>; /** * Services this alert will monitor. For example, `Activity Logs & Alerts`, `Action Groups`. Defaults to all Services. */ services?: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupCondition { /** * A `alertContext` block as defined above. */ alertContext?: pulumi.Input; /** * A `alertRuleId` block as defined above. */ alertRuleId?: pulumi.Input; /** * A `alertRuleName` block as defined above. */ alertRuleName?: pulumi.Input; /** * A `description` block as defined below. */ description?: pulumi.Input; /** * A `monitorCondition` block as defined below. */ monitorCondition?: pulumi.Input; /** * A `monitorService` block as defined below. */ monitorService?: pulumi.Input; /** * A `severity` block as defined below. */ severity?: pulumi.Input; /** * A `signalType` block as defined below. */ signalType?: pulumi.Input; /** * A `targetResource` block as defined below. */ targetResource?: pulumi.Input; /** * A `targetResourceGroup` block as defined below. */ targetResourceGroup?: pulumi.Input; /** * A `targetResourceType` block as defined below. * * > **Note:** At least one of the `alertContext`, `alertRuleId`, `alertRuleName`, `description`, `monitorCondition`, `monitorService`, `severity`, `signalType`, `targetResource`, `targetResourceGroup`, `targetResourceType` must be specified. */ targetResourceType?: pulumi.Input; } interface AlertProcessingRuleActionGroupConditionAlertContext { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * Specifies a list of values to match for a given condition. */ values: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupConditionAlertRuleId { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * Specifies a list of values to match for a given condition. */ values: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupConditionAlertRuleName { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * Specifies a list of values to match for a given condition. */ values: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupConditionDescription { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * Specifies a list of values to match for a given condition. */ values: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupConditionMonitorCondition { /** * The operator for a given condition. Possible values are `Equals` and `NotEquals`. */ operator: pulumi.Input; /** * Specifies a list of values to match for a given condition. Possible values are `Fired` and `Resolved`. */ values: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupConditionMonitorService { /** * The operator for a given condition. Possible values are `Equals` and `NotEquals`. */ operator: pulumi.Input; /** * A list of values to match for a given condition. Possible values are `ActivityLog Administrative`, `ActivityLog Autoscale`, `ActivityLog Policy`, `ActivityLog Recommendation`, `ActivityLog Security`, `Application Insights`, `Azure Backup`, `Azure Stack Edge`, `Azure Stack Hub`, `Custom`, `Data Box Gateway`, `Health Platform`, `Log Alerts V2`, `Log Analytics`, `Platform`, `Prometheus`, `Resource Health`, `Smart Detector`, and `VM Insights - Health`. */ values: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupConditionSeverity { /** * The operator for a given condition. Possible values are `Equals` and `NotEquals`. */ operator: pulumi.Input; /** * Specifies list of values to match for a given condition. Possible values are `Sev0`, `Sev1`, `Sev2`, `Sev3`, and `Sev4`. */ values: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupConditionSignalType { /** * The operator for a given condition. Possible values are `Equals` and `NotEquals`. */ operator: pulumi.Input; /** * Specifies a list of values to match for a given condition. Possible values are `Metric`, `Log`, `Unknown`, and `Health`. */ values: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupConditionTargetResource { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * A list of values to match for a given condition. The values should be valid resource IDs. */ values: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupConditionTargetResourceGroup { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * A list of values to match for a given condition. The values should be valid resource group IDs. */ values: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupConditionTargetResourceType { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * A list of values to match for a given condition. The values should be valid resource types. (e.g. Microsoft.Compute/VirtualMachines) */ values: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupSchedule { /** * Specifies the Alert Processing Rule effective start time (Y-m-d'T'H:M:S). */ effectiveFrom?: pulumi.Input; /** * Specifies the Alert Processing Rule effective end time (Y-m-d'T'H:M:S). */ effectiveUntil?: pulumi.Input; /** * A `recurrence` block as defined above. */ recurrence?: pulumi.Input; /** * The time zone (e.g. Pacific Standard time, Eastern Standard Time). Defaults to `UTC`. [possible values are defined here](https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ms912391(v=winembedded.11)). */ timeZone?: pulumi.Input; } interface AlertProcessingRuleActionGroupScheduleRecurrence { /** * One or more `daily` blocks as defined above. */ dailies?: pulumi.Input[]>; /** * One or more `monthly` blocks as defined above. */ monthlies?: pulumi.Input[]>; /** * One or more `weekly` blocks as defined below. */ weeklies?: pulumi.Input[]>; } interface AlertProcessingRuleActionGroupScheduleRecurrenceDaily { /** * Specifies the recurrence end time (H:M:S). */ endTime: pulumi.Input; /** * Specifies the recurrence start time (H:M:S). */ startTime: pulumi.Input; } interface AlertProcessingRuleActionGroupScheduleRecurrenceMonthly { /** * Specifies a list of dayOfMonth to recurrence. Possible values are integers between `1` - `31`. */ daysOfMonths: pulumi.Input[]>; /** * Specifies the recurrence end time (H:M:S). */ endTime?: pulumi.Input; /** * Specifies the recurrence start time (H:M:S). */ startTime?: pulumi.Input; } interface AlertProcessingRuleActionGroupScheduleRecurrenceWeekly { /** * Specifies a list of dayOfWeek to recurrence. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, and `Saturday`. */ daysOfWeeks: pulumi.Input[]>; /** * Specifies the recurrence end time (H:M:S). */ endTime?: pulumi.Input; /** * Specifies the recurrence start time (H:M:S). */ startTime?: pulumi.Input; } interface AlertProcessingRuleSuppressionCondition { /** * A `alertContext` block as defined above. */ alertContext?: pulumi.Input; /** * A `alertRuleId` block as defined above. */ alertRuleId?: pulumi.Input; /** * A `alertRuleName` block as defined above. */ alertRuleName?: pulumi.Input; /** * A `description` block as defined below. */ description?: pulumi.Input; /** * A `monitorCondition` block as defined below. */ monitorCondition?: pulumi.Input; /** * A `monitorService` block as defined below. */ monitorService?: pulumi.Input; /** * A `severity` block as defined below. */ severity?: pulumi.Input; /** * A `signalType` block as defined below. */ signalType?: pulumi.Input; /** * A `targetResource` block as defined below. */ targetResource?: pulumi.Input; /** * A `targetResourceGroup` block as defined below. */ targetResourceGroup?: pulumi.Input; /** * A `targetResourceType` block as defined below. */ targetResourceType?: pulumi.Input; } interface AlertProcessingRuleSuppressionConditionAlertContext { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * Specifies a list of values to match for a given condition. */ values: pulumi.Input[]>; } interface AlertProcessingRuleSuppressionConditionAlertRuleId { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * Specifies a list of values to match for a given condition. */ values: pulumi.Input[]>; } interface AlertProcessingRuleSuppressionConditionAlertRuleName { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * Specifies a list of values to match for a given condition. */ values: pulumi.Input[]>; } interface AlertProcessingRuleSuppressionConditionDescription { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * Specifies a list of values to match for a given condition. */ values: pulumi.Input[]>; } interface AlertProcessingRuleSuppressionConditionMonitorCondition { /** * The operator for a given condition. Possible values are `Equals` and `NotEquals`. */ operator: pulumi.Input; /** * Specifies a list of values to match for a given condition. Possible values are `Fired` and `Resolved`. */ values: pulumi.Input[]>; } interface AlertProcessingRuleSuppressionConditionMonitorService { /** * The operator for a given condition. Possible values are `Equals` and `NotEquals`. */ operator: pulumi.Input; /** * A list of values to match for a given condition. Possible values are `ActivityLog Administrative`, `ActivityLog Autoscale`, `ActivityLog Policy`, `ActivityLog Recommendation`, `ActivityLog Security`, `Application Insights`, `Azure Backup`, `Azure Stack Edge`, `Azure Stack Hub`, `Custom`, `Data Box Gateway`, `Health Platform`, `Log Alerts V2`, `Log Analytics`, `Platform`, `Prometheus`, `Resource Health`, `Smart Detector`, and `VM Insights - Health`. */ values: pulumi.Input[]>; } interface AlertProcessingRuleSuppressionConditionSeverity { /** * The operator for a given condition. Possible values are `Equals` and `NotEquals`. */ operator: pulumi.Input; /** * Specifies list of values to match for a given condition. Possible values are `Sev0`, `Sev1`, `Sev2`, `Sev3`, and `Sev4`. */ values: pulumi.Input[]>; } interface AlertProcessingRuleSuppressionConditionSignalType { /** * The operator for a given condition. Possible values are `Equals` and `NotEquals`. */ operator: pulumi.Input; /** * Specifies a list of values to match for a given condition. Possible values are `Metric`, `Log`, `Unknown`, and `Health`. */ values: pulumi.Input[]>; } interface AlertProcessingRuleSuppressionConditionTargetResource { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * A list of values to match for a given condition. The values should be valid resource IDs. */ values: pulumi.Input[]>; } interface AlertProcessingRuleSuppressionConditionTargetResourceGroup { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * A list of values to match for a given condition. The values should be valid resource group IDs. */ values: pulumi.Input[]>; } interface AlertProcessingRuleSuppressionConditionTargetResourceType { /** * The operator for a given condition. Possible values are `Equals`, `NotEquals`, `Contains`, and `DoesNotContain`. */ operator: pulumi.Input; /** * A list of values to match for a given condition. The values should be valid resource types. (e.g. Microsoft.Compute/VirtualMachines) */ values: pulumi.Input[]>; } interface AlertProcessingRuleSuppressionSchedule { /** * Specifies the Alert Processing Rule effective start time (Y-m-d'T'H:M:S). */ effectiveFrom?: pulumi.Input; /** * Specifies the Alert Processing Rule effective end time (Y-m-d'T'H:M:S). */ effectiveUntil?: pulumi.Input; /** * A `recurrence` block as defined above. */ recurrence?: pulumi.Input; /** * The time zone (e.g. Pacific Standard time, Eastern Standard Time). Defaults to `UTC`. [possible values are defined here](https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ms912391(v=winembedded.11)). */ timeZone?: pulumi.Input; } interface AlertProcessingRuleSuppressionScheduleRecurrence { /** * One or more `daily` blocks as defined above. */ dailies?: pulumi.Input[]>; /** * One or more `monthly` blocks as defined above. */ monthlies?: pulumi.Input[]>; /** * One or more `weekly` blocks as defined below. */ weeklies?: pulumi.Input[]>; } interface AlertProcessingRuleSuppressionScheduleRecurrenceDaily { /** * Specifies the recurrence end time (H:M:S). */ endTime: pulumi.Input; /** * Specifies the recurrence start time (H:M:S). */ startTime: pulumi.Input; } interface AlertProcessingRuleSuppressionScheduleRecurrenceMonthly { /** * Specifies a list of dayOfMonth to recurrence. Possible values are integers between `1` - `31`. */ daysOfMonths: pulumi.Input[]>; /** * Specifies the recurrence end time (H:M:S). */ endTime?: pulumi.Input; /** * Specifies the recurrence start time (H:M:S). */ startTime?: pulumi.Input; } interface AlertProcessingRuleSuppressionScheduleRecurrenceWeekly { /** * Specifies a list of dayOfWeek to recurrence. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, and `Saturday`. */ daysOfWeeks: pulumi.Input[]>; /** * Specifies the recurrence end time (H:M:S). */ endTime?: pulumi.Input; /** * Specifies the recurrence start time (H:M:S). */ startTime?: pulumi.Input; } interface AlertPrometheusRuleGroupRule { /** * An `action` block as defined below. */ actions?: pulumi.Input[]>; /** * Specifies the Alert rule name. */ alert?: pulumi.Input; /** * An `alertResolution` block as defined below. */ alertResolution?: pulumi.Input; /** * Specifies a set of informational labels that can be used to store longer additional information such as alert descriptions or runbook links. */ annotations?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Is this rule enabled? Possible values are `true` and `false`. */ enabled?: pulumi.Input; /** * Specifies the Prometheus Query Language expression to evaluate. For more details see [this doc](https://prometheus.io/docs/prometheus/latest/querying/basics). Evaluate at the period given by `interval` and record the result as a new set of time series with the metric name given by `record`. */ expression: pulumi.Input; /** * Specifies the amount of time alert must be active before firing, represented in ISO 8601 duration format. */ for?: pulumi.Input; /** * Specifies the labels to add or overwrite before storing the result. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the recorded metrics name. */ record?: pulumi.Input; /** * Specifies the severity of the alerts fired by the rule. Possible values are between 0 and 4. */ severity?: pulumi.Input; } interface AlertPrometheusRuleGroupRuleAction { /** * Specifies the resource id of the monitor action group. */ actionGroupId: pulumi.Input; /** * Specifies the properties of an action group object. * * > **Note:** `actionProperties` can only be configured for IcM Connector Action Groups for now. Other public features will be supported in the future. */ actionProperties?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface AlertPrometheusRuleGroupRuleAlertResolution { /** * Is the alert auto-resolution? Possible values are `true` and `false`. */ autoResolved?: pulumi.Input; /** * Specifies the alert auto-resolution interval, represented in ISO 8601 duration format. */ timeToResolve?: pulumi.Input; } interface AutoscaleSettingNotification { /** * A `email` block as defined below. */ email?: pulumi.Input; /** * One or more `webhook` blocks as defined below. */ webhooks?: pulumi.Input[]>; } interface AutoscaleSettingNotificationEmail { /** * Specifies a list of custom email addresses to which the email notifications will be sent. */ customEmails?: pulumi.Input[]>; /** * Should email notifications be sent to the subscription administrator? Defaults to `false`. */ sendToSubscriptionAdministrator?: pulumi.Input; /** * Should email notifications be sent to the subscription co-administrator? Defaults to `false`. */ sendToSubscriptionCoAdministrator?: pulumi.Input; } interface AutoscaleSettingNotificationWebhook { /** * A map of settings. */ properties?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The HTTPS URI which should receive scale notifications. */ serviceUri: pulumi.Input; } interface AutoscaleSettingPredictive { /** * Specifies the amount of time by which instances are launched in advance. It must be between `PT1M` and `PT1H` in ISO 8601 format. */ lookAheadTime?: pulumi.Input; /** * Specifies the predictive scale mode. Possible values are `Enabled` or `ForecastOnly`. */ scaleMode: pulumi.Input; } interface AutoscaleSettingProfile { /** * A `capacity` block as defined below. */ capacity: pulumi.Input; /** * A `fixedDate` block as defined below. This cannot be specified if a `recurrence` block is specified. */ fixedDate?: pulumi.Input; /** * Specifies the name of the profile. */ name: pulumi.Input; /** * A `recurrence` block as defined below. This cannot be specified if a `fixedDate` block is specified. */ recurrence?: pulumi.Input; /** * One or more (up to 10) `rule` blocks as defined below. */ rules?: pulumi.Input[]>; } interface AutoscaleSettingProfileCapacity { /** * The number of instances that are available for scaling if metrics are not available for evaluation. The default is only used if the current instance count is lower than the default. Valid values are between `0` and `1000`. */ default: pulumi.Input; /** * The maximum number of instances for this resource. Valid values are between `0` and `1000`. * * > **Note:** The maximum number of instances is also limited by the amount of Cores available in the subscription. */ maximum: pulumi.Input; /** * The minimum number of instances for this resource. Valid values are between `0` and `1000`. */ minimum: pulumi.Input; } interface AutoscaleSettingProfileFixedDate { /** * Specifies the end date for the profile, formatted as an RFC3339 date string. */ end: pulumi.Input; /** * Specifies the start date for the profile, formatted as an RFC3339 date string. */ start: pulumi.Input; /** * The Time Zone of the `start` and `end` times. A list of [possible values can be found here](https://learn.microsoft.com/en-us/rest/api/monitor/autoscale-settings/create-or-update?view=rest-monitor-2022-10-01&tabs=HTTP#recurrentschedule). Defaults to `UTC`. */ timezone?: pulumi.Input; } interface AutoscaleSettingProfileRecurrence { /** * A list of days that this profile takes effect on. Possible values include `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` and `Sunday`. */ days: pulumi.Input[]>; /** * A list containing a single item, which specifies the Hour interval at which this recurrence should be triggered (in 24-hour time). Possible values are from `0` to `23`. */ hours: pulumi.Input; /** * A list containing a single item which specifies the Minute interval at which this recurrence should be triggered. */ minutes: pulumi.Input; /** * The Time Zone used for the `hours` field. A list of possible values can be found here). Defaults to `UTC`. */ timezone?: pulumi.Input; } interface AutoscaleSettingProfileRule { /** * A `metricTrigger` block as defined below. */ metricTrigger: pulumi.Input; /** * A `scaleAction` block as defined below. */ scaleAction: pulumi.Input; } interface AutoscaleSettingProfileRuleMetricTrigger { /** * One or more `dimensions` block as defined below. */ dimensions?: pulumi.Input[]>; /** * Whether to enable metric divide by instance count. */ divideByInstanceCount?: pulumi.Input; /** * The name of the metric that defines what the rule monitors, such as `Percentage CPU` for `Virtual Machine Scale Sets` and `CpuPercentage` for `App Service Plan`. * * > **Note:** The allowed value of `metricName` highly depends on the targeting resource type, please visit [Supported metrics with Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/platform/metrics-supported) for more details. */ metricName: pulumi.Input; /** * The namespace of the metric that defines what the rule monitors, such as `microsoft.compute/virtualmachinescalesets` for `Virtual Machine Scale Sets`. */ metricNamespace?: pulumi.Input; /** * The ID of the Resource which the Rule monitors. */ metricResourceId: pulumi.Input; /** * Specifies the operator used to compare the metric data and threshold. Possible values are: `Equals`, `NotEquals`, `GreaterThan`, `GreaterThanOrEqual`, `LessThan`, `LessThanOrEqual`. */ operator: pulumi.Input; /** * Specifies how the metrics from multiple instances are combined. Possible values are `Average`, `Max`, `Min` and `Sum`. */ statistic: pulumi.Input; /** * Specifies the threshold of the metric that triggers the scale action. */ threshold: pulumi.Input; /** * Specifies how the data that's collected should be combined over time. Possible values include `Average`, `Count`, `Maximum`, `Minimum`, `Last` and `Total`. */ timeAggregation: pulumi.Input; /** * Specifies the granularity of metrics that the rule monitors, which must be one of the pre-defined values returned from the metric definitions for the metric. This value must be between 1 minute and 12 hours an be formatted as an ISO 8601 string. */ timeGrain: pulumi.Input; /** * Specifies the time range for which data is collected, which must be greater than the delay in metric collection (which varies from resource to resource). This value must be between 5 minutes and 12 hours and be formatted as an ISO 8601 string. */ timeWindow: pulumi.Input; } interface AutoscaleSettingProfileRuleMetricTriggerDimension { /** * The name of the dimension. */ name: pulumi.Input; /** * The dimension operator. Possible values are `Equals` and `NotEquals`. `Equals` means being equal to any of the values. `NotEquals` means being not equal to any of the values. */ operator: pulumi.Input; /** * A list of dimension values. */ values: pulumi.Input[]>; } interface AutoscaleSettingProfileRuleScaleAction { /** * The amount of time to wait since the last scaling action before this action occurs. Must be between 1 minute and 1 week and formatted as a ISO 8601 string. */ cooldown: pulumi.Input; /** * The scale direction. Possible values are `Increase` and `Decrease`. */ direction: pulumi.Input; /** * The type of action that should occur. Possible values are `ChangeCount`, `ExactCount`, `PercentChangeCount` and `ServiceAllowedNextValue`. */ type: pulumi.Input; /** * The number of instances involved in the scaling action. */ value: pulumi.Input; } interface DataCollectionRuleDataFlow { /** * The built-in transform to transform stream data. */ builtInTransform?: pulumi.Input; /** * Specifies a list of destination names. A `azureMonitorMetrics` data source only allows for stream of kind `Microsoft-InsightsMetrics`. */ destinations: pulumi.Input[]>; /** * The output stream of the transform. Only required if the data flow changes data to a different stream. */ outputStream?: pulumi.Input; /** * Specifies a list of streams. Possible values include but not limited to `Microsoft-Event`, `Microsoft-InsightsMetrics`, `Microsoft-Perf`, `Microsoft-Syslog`, `Microsoft-WindowsEvent`, and `Microsoft-PrometheusMetrics`. */ streams: pulumi.Input[]>; /** * The KQL query to transform stream data. */ transformKql?: pulumi.Input; } interface DataCollectionRuleDataSources { /** * A `dataImport` block as defined above. */ dataImport?: pulumi.Input; /** * One or more `extension` blocks as defined below. */ extensions?: pulumi.Input[]>; /** * One or more `iisLog` blocks as defined below. */ iisLogs?: pulumi.Input[]>; /** * One or more `logFile` blocks as defined below. */ logFiles?: pulumi.Input[]>; /** * One or more `performanceCounter` blocks as defined below. */ performanceCounters?: pulumi.Input[]>; /** * One or more `platformTelemetry` blocks as defined below. */ platformTelemetries?: pulumi.Input[]>; /** * One or more `prometheusForwarder` blocks as defined below. */ prometheusForwarders?: pulumi.Input[]>; /** * One or more `syslog` blocks as defined below. */ syslogs?: pulumi.Input[]>; /** * One or more `windowsEventLog` blocks as defined below. */ windowsEventLogs?: pulumi.Input[]>; /** * One or more `windowsFirewallLog` blocks as defined below. */ windowsFirewallLogs?: pulumi.Input[]>; } interface DataCollectionRuleDataSourcesDataImport { /** * An `eventHubDataSource` block as defined below. */ eventHubDataSources: pulumi.Input[]>; } interface DataCollectionRuleDataSourcesDataImportEventHubDataSource { /** * The Event Hub consumer group name. */ consumerGroup?: pulumi.Input; /** * The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * The stream to collect from Event Hub. Possible value should be a custom stream name. */ stream: pulumi.Input; } interface DataCollectionRuleDataSourcesExtension { /** * A JSON String which specifies the extension setting. */ extensionJson?: pulumi.Input; /** * The name of the VM extension. */ extensionName: pulumi.Input; /** * Specifies a list of data sources this extension needs data from. An item should be a name of a supported data source which produces only one stream. Supported data sources type: `performanceCounter`, `windowsEventLog`,and `syslog`. */ inputDataSources?: pulumi.Input[]>; /** * The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible values include but not limited to `Microsoft-Event`, `Microsoft-InsightsMetrics`, `Microsoft-Perf`, `Microsoft-Syslog`, `Microsoft-WindowsEvent`. */ streams: pulumi.Input[]>; } interface DataCollectionRuleDataSourcesIisLog { /** * Specifies a list of absolute paths where the log files are located. */ logDirectories?: pulumi.Input[]>; /** * The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible value is `Microsoft-W3CIISLog`. */ streams: pulumi.Input[]>; } interface DataCollectionRuleDataSourcesLogFile { /** * Specifies a list of file patterns where the log files are located. For example, `C:\\JavaLogs\\*.log`. */ filePatterns: pulumi.Input[]>; /** * The data format of the log files. Possible values are `text` and `json`. */ format: pulumi.Input; /** * The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * A `settings` block as defined below. */ settings?: pulumi.Input; /** * Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible value should be custom stream names. */ streams: pulumi.Input[]>; } interface DataCollectionRuleDataSourcesLogFileSettings { /** * A `text` block as defined below. */ text: pulumi.Input; } interface DataCollectionRuleDataSourcesLogFileSettingsText { /** * The timestamp format of the text log files. Possible values are `ISO 8601`, `YYYY-MM-DD HH:MM:SS`, `M/D/YYYY HH:MM:SS AM/PM`, `Mon DD, YYYY HH:MM:SS`, `yyMMdd HH:mm:ss`, `ddMMyy HH:mm:ss`, `MMM d hh:mm:ss`, `dd/MMM/yyyy:HH:mm:ss zzz`,and `yyyy-MM-ddTHH:mm:ssK`. */ recordStartTimestampFormat: pulumi.Input; } interface DataCollectionRuleDataSourcesPerformanceCounter { /** * Specifies a list of specifier names of the performance counters you want to collect. To get a list of performance counters on Windows, run the command `typeperf`. Please see [this document](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-performance-counters#configure-performance-counters) for more information. */ counterSpecifiers: pulumi.Input[]>; /** * The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * The number of seconds between consecutive counter measurements (samples). The value should be integer between `1` and `1800` inclusive. `samplingFrequencyInSeconds` must be equal to `60` seconds for counters collected with `Microsoft-InsightsMetrics` stream. */ samplingFrequencyInSeconds: pulumi.Input; /** * Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible values include but not limited to `Microsoft-InsightsMetrics`,and `Microsoft-Perf`. */ streams: pulumi.Input[]>; } interface DataCollectionRuleDataSourcesPlatformTelemetry { /** * The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible values include but not limited to `Microsoft.Cache/redis:Metrics-Group-All`. */ streams: pulumi.Input[]>; } interface DataCollectionRuleDataSourcesPrometheusForwarder { /** * One or more `labelIncludeFilter` blocks as defined above. */ labelIncludeFilters?: pulumi.Input[]>; /** * The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible value is `Microsoft-PrometheusMetrics`. */ streams: pulumi.Input[]>; } interface DataCollectionRuleDataSourcesPrometheusForwarderLabelIncludeFilter { /** * The label of the filter. This label should be unique across all `labelIncludeFileter` block. Possible value is `microsoftMetricsIncludeLabel`. */ label: pulumi.Input; /** * The value of the filter. */ value: pulumi.Input; } interface DataCollectionRuleDataSourcesSyslog { /** * Specifies a list of facility names. Use a wildcard `*` to collect logs for all facility names. Possible values are `alert`, `*`, `audit`, `auth`, `authpriv`, `clock`, `cron`, `daemon`, `ftp`, `kern`, `local5`, `local4`, `local1`, `local7`, `local6`, `local3`, `local2`, `local0`, `lpr`, `mail`, `mark`, `news`, `nopri`, `ntp`, `syslog`, `user` and `uucp`. */ facilityNames: pulumi.Input[]>; /** * Specifies a list of log levels. Use a wildcard `*` to collect logs for all log levels. Possible values are `Debug`, `Info`, `Notice`, `Warning`, `Error`, `Critical`, `Alert`, `Emergency`,and `*`. */ logLevels: pulumi.Input[]>; /** * The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible values include but not limited to `Microsoft-Syslog`,and `Microsoft-CiscoAsa`, and `Microsoft-CommonSecurityLog`. */ streams: pulumi.Input[]>; } interface DataCollectionRuleDataSourcesWindowsEventLog { /** * The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible values include but not limited to `Microsoft-Event`,and `Microsoft-WindowsEvent` and `Microsoft-SecurityEvent`. */ streams: pulumi.Input[]>; /** * Specifies a list of Windows Event Log queries in XPath expression. Please see [this document](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent?tabs=cli#filter-events-using-xpath-queries) for more information. */ xPathQueries: pulumi.Input[]>; } interface DataCollectionRuleDataSourcesWindowsFirewallLog { /** * The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. */ streams: pulumi.Input[]>; } interface DataCollectionRuleDestinations { /** * A `azureMonitorMetrics` block as defined above. */ azureMonitorMetrics?: pulumi.Input; /** * One or more `eventHub` blocks as defined below. */ eventHub?: pulumi.Input; /** * One or more `eventHub` blocks as defined below. */ eventHubDirect?: pulumi.Input; /** * One or more `logAnalytics` blocks as defined below. */ logAnalytics?: pulumi.Input[]>; /** * One or more `monitorAccount` blocks as defined below. */ monitorAccounts?: pulumi.Input[]>; /** * One or more `storageBlobDirect` blocks as defined below. */ storageBlobDirects?: pulumi.Input[]>; /** * One or more `storageBlob` blocks as defined below. */ storageBlobs?: pulumi.Input[]>; /** * One or more `storageTableDirect` blocks as defined below. * * > **Note:** `eventHubDirect`, `storageBlobDirect`, and `storageTableDirect` are only available for rules of kind `AgentDirectToStore`. * * > **Note:** At least one of `azureMonitorMetrics`, `eventHub`, `eventHubDirect`, `logAnalytics`, `monitorAccount`, `storageBlob`, `storageBlobDirect`,and `storageTableDirect` blocks must be specified. */ storageTableDirects?: pulumi.Input[]>; } interface DataCollectionRuleDestinationsAzureMonitorMetrics { /** * The name which should be used for this destination. This name should be unique across all destinations regardless of type within the Data Collection Rule. */ name: pulumi.Input; } interface DataCollectionRuleDestinationsEventHub { /** * The resource ID of the Event Hub. */ eventHubId: pulumi.Input; /** * The name which should be used for this destination. This name should be unique across all destinations regardless of type within the Data Collection Rule. */ name: pulumi.Input; } interface DataCollectionRuleDestinationsEventHubDirect { /** * The resource ID of the Event Hub. */ eventHubId: pulumi.Input; /** * The name which should be used for this destination. This name should be unique across all destinations regardless of type within the Data Collection Rule. */ name: pulumi.Input; } interface DataCollectionRuleDestinationsLogAnalytic { /** * The name which should be used for this destination. This name should be unique across all destinations regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * The ID of a Log Analytic Workspace resource. */ workspaceResourceId: pulumi.Input; } interface DataCollectionRuleDestinationsMonitorAccount { /** * The resource ID of the Monitor Account. */ monitorAccountId: pulumi.Input; /** * The name which should be used for this destination. This name should be unique across all destinations regardless of type within the Data Collection Rule. */ name: pulumi.Input; } interface DataCollectionRuleDestinationsStorageBlob { /** * The Storage Container name. */ containerName: pulumi.Input; /** * The name which should be used for this destination. This name should be unique across all destinations regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * The resource ID of the Storage Account. */ storageAccountId: pulumi.Input; } interface DataCollectionRuleDestinationsStorageBlobDirect { /** * The Storage Container name. */ containerName: pulumi.Input; /** * The name which should be used for this destination. This name should be unique across all destinations regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * The resource ID of the Storage Account. */ storageAccountId: pulumi.Input; } interface DataCollectionRuleDestinationsStorageTableDirect { /** * The name which should be used for this destination. This name should be unique across all destinations regardless of type within the Data Collection Rule. */ name: pulumi.Input; /** * The resource ID of the Storage Account. */ storageAccountId: pulumi.Input; /** * The Storage Table name. */ tableName: pulumi.Input; } interface DataCollectionRuleIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Data Collection Rule. Currently, up to 1 identity is supported. * * > **Note:** This is required when `type` is set to `UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Data Collection Rule. Possible values are `SystemAssigned` and `UserAssigned`. */ type: pulumi.Input; } interface DataCollectionRuleStreamDeclaration { /** * One or more `column` blocks as defined above. */ columns: pulumi.Input[]>; /** * The name of the custom stream. This name should be unique across all `streamDeclaration` blocks and must begin with a prefix of `Custom-`. */ streamName: pulumi.Input; } interface DataCollectionRuleStreamDeclarationColumn { /** * The name of the column. */ name: pulumi.Input; /** * The type of the column data. Possible values are `string`, `int`, `long`, `real`, `boolean`, `datetime`,and `dynamic`. */ type: pulumi.Input; } interface DiagnosticSettingEnabledLog { /** * The name of a Diagnostic Log Category for this Resource. * * > **NOTE:** The Log Categories available vary depending on the Resource being used. You may wish to use the `azure.monitoring.getDiagnosticCategories` Data Source or [list of service specific schemas](https://docs.microsoft.com/azure/azure-monitor/platform/resource-logs-schema#service-specific-schemas) to identify which categories are available for a given Resource. */ category?: pulumi.Input; /** * The name of a Diagnostic Log Category Group for this Resource. * * > **NOTE:** Not all resources have category groups available. * * > **NOTE:** Exactly one of `category` or `categoryGroup` must be specified. */ categoryGroup?: pulumi.Input; /** * @deprecated `retentionPolicy` has been deprecated in favour of `azure.storage.ManagementPolicy` resource and will be removed in v5.0 of the AzureRM provider - to learn more https://aka.ms/diagnostic_settings_log_retention */ retentionPolicy?: pulumi.Input; } interface DiagnosticSettingEnabledLogRetentionPolicy { days?: pulumi.Input; enabled: pulumi.Input; } interface DiagnosticSettingEnabledMetric { /** * The name of a Diagnostic Metric Category for this Resource. * * > **NOTE:** The Metric Categories available vary depending on the Resource being used. You may wish to use the `azure.monitoring.getDiagnosticCategories` Data Source to identify which categories are available for a given Resource. */ category: pulumi.Input; } interface DiagnosticSettingMetric { category: pulumi.Input; enabled?: pulumi.Input; /** * @deprecated `retentionPolicy` has been deprecated in favour of the `azure.storage.ManagementPolicy` resource and will be removed in v5.0 of the AzureRM provider - to learn more go to https://aka.ms/diagnostic_settings_log_retention */ retentionPolicy?: pulumi.Input; } interface DiagnosticSettingMetricRetentionPolicy { days?: pulumi.Input; enabled: pulumi.Input; } interface MetricAlertAction { /** * The ID of the Action Group can be sourced from the `azure.monitoring.ActionGroup` resource */ actionGroupId: pulumi.Input; /** * The map of custom string properties to include with the post operation. These data are appended to the webhook payload. */ webhookProperties?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface MetricAlertApplicationInsightsWebTestLocationAvailabilityCriteria { /** * The ID of the Application Insights Resource. */ componentId: pulumi.Input; /** * The number of failed locations. */ failedLocationCount: pulumi.Input; /** * The ID of the Application Insights Web Test. */ webTestId: pulumi.Input; } interface MetricAlertCriteria { /** * The statistic that runs over the metric values. Possible values are `Average`, `Count`, `Minimum`, `Maximum` and `Total`. */ aggregation: pulumi.Input; /** * One or more `dimension` blocks as defined below. */ dimensions?: pulumi.Input[]>; /** * One of the metric names to be monitored. */ metricName: pulumi.Input; /** * One of the metric namespaces to be monitored. */ metricNamespace: pulumi.Input; /** * The criteria operator. Possible values are `Equals`, `GreaterThan`, `GreaterThanOrEqual`, `LessThan` and `LessThanOrEqual`. */ operator: pulumi.Input; /** * Skip the metric validation to allow creating an alert rule on a custom metric that isn't yet emitted? Defaults to `false`. */ skipMetricValidation?: pulumi.Input; /** * The criteria threshold value that activates the alert. */ threshold: pulumi.Input; } interface MetricAlertCriteriaDimension { /** * One of the dimension names. */ name: pulumi.Input; /** * The dimension operator. Possible values are `Include`, `Exclude` and `StartsWith`. */ operator: pulumi.Input; /** * The list of dimension values. */ values: pulumi.Input[]>; } interface MetricAlertDynamicCriteria { /** * The statistic that runs over the metric values. Possible values are `Average`, `Count`, `Minimum`, `Maximum` and `Total`. */ aggregation: pulumi.Input; /** * The extent of deviation required to trigger an alert. Possible values are `Low`, `Medium` and `High`. */ alertSensitivity: pulumi.Input; /** * One or more `dimension` blocks as defined below. */ dimensions?: pulumi.Input[]>; /** * The number of violations to trigger an alert. Should be smaller or equal to `evaluationTotalCount`. Defaults to `4`. */ evaluationFailureCount?: pulumi.Input; /** * The number of aggregated lookback points. The lookback time window is calculated based on the aggregation granularity (`windowSize`) and the selected number of aggregated points. Defaults to `4`. */ evaluationTotalCount?: pulumi.Input; /** * The [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) date from which to start learning the metric historical data and calculate the dynamic thresholds. */ ignoreDataBefore?: pulumi.Input; /** * One of the metric names to be monitored. */ metricName: pulumi.Input; /** * One of the metric namespaces to be monitored. */ metricNamespace: pulumi.Input; /** * The criteria operator. Possible values are `LessThan`, `GreaterThan` and `GreaterOrLessThan`. */ operator: pulumi.Input; /** * Skip the metric validation to allow creating an alert rule on a custom metric that isn't yet emitted? */ skipMetricValidation?: pulumi.Input; } interface MetricAlertDynamicCriteriaDimension { /** * One of the dimension names. */ name: pulumi.Input; /** * The dimension operator. Possible values are `Include`, `Exclude` and `StartsWith`. */ operator: pulumi.Input; /** * The list of dimension values. */ values: pulumi.Input[]>; } interface ScheduledQueryRulesAlertAction { /** * List of action group reference resource IDs. */ actionGroups: pulumi.Input[]>; /** * Custom payload to be sent for all webhook payloads in alerting action. */ customWebhookPayload?: pulumi.Input; /** * Custom subject override for all email ids in Azure action group. */ emailSubject?: pulumi.Input; } interface ScheduledQueryRulesAlertTrigger { /** * A `metricTrigger` block as defined above. Trigger condition for metric query rule. */ metricTrigger?: pulumi.Input; /** * Evaluation operation for rule - 'GreaterThan', GreaterThanOrEqual', 'LessThan', or 'LessThanOrEqual'. */ operator: pulumi.Input; /** * Result or count threshold based on which rule should be triggered. Values must be between 0 and 10000 inclusive. */ threshold: pulumi.Input; } interface ScheduledQueryRulesAlertTriggerMetricTrigger { /** * Evaluation of metric on a particular column. */ metricColumn?: pulumi.Input; /** * Metric Trigger Type - 'Consecutive' or 'Total'. */ metricTriggerType: pulumi.Input; /** * Evaluation operation for rule - 'Equal', 'GreaterThan', GreaterThanOrEqual', 'LessThan', or 'LessThanOrEqual'. */ operator: pulumi.Input; /** * The threshold of the metric trigger. Values must be between 0 and 10000 inclusive. */ threshold: pulumi.Input; } interface ScheduledQueryRulesAlertV2Action { /** * List of Action Group resource IDs to invoke when the alert fires. */ actionGroups?: pulumi.Input[]>; /** * Specifies the properties of an alert payload. */ customProperties?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Custom subject override for all email ids in Azure action group. */ emailSubject?: pulumi.Input; } interface ScheduledQueryRulesAlertV2Criteria { /** * A `dimension` block as defined below. */ dimensions?: pulumi.Input[]>; /** * A `failingPeriods` block as defined below. */ failingPeriods?: pulumi.Input; /** * Specifies the column containing the metric measure number. * * > **Note:** `metricMeasureColumn` is required if `timeAggregationMethod` is `Average`, `Maximum`, `Minimum`, or `Total`. And `metricMeasureColumn` can not be specified if `timeAggregationMethod` is `Count`. */ metricMeasureColumn?: pulumi.Input; /** * Specifies the criteria operator. Possible values are `Equal`, `GreaterThan`, `GreaterThanOrEqual`, `LessThan`,and `LessThanOrEqual`. */ operator: pulumi.Input; /** * The query to run on logs. The results returned by this query are used to populate the alert. */ query: pulumi.Input; /** * Specifies the column containing the resource ID. The content of the column must be an uri formatted as resource ID. */ resourceIdColumn?: pulumi.Input; /** * Specifies the criteria threshold value that activates the alert. */ threshold: pulumi.Input; /** * The type of aggregation to apply to the data points in aggregation granularity. Possible values are `Average`, `Count`, `Maximum`, `Minimum`,and `Total`. */ timeAggregationMethod: pulumi.Input; } interface ScheduledQueryRulesAlertV2CriteriaDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Operator for dimension values. Possible values are `Exclude`,and `Include`. */ operator: pulumi.Input; /** * List of dimension values. Use a wildcard `*` to collect all. */ values: pulumi.Input[]>; } interface ScheduledQueryRulesAlertV2CriteriaFailingPeriods { /** * Specifies the number of violations to trigger an alert. Should be smaller or equal to `numberOfEvaluationPeriods`. Possible value is integer between 1 and 6. */ minimumFailingPeriodsToTriggerAlert: pulumi.Input; /** * Specifies the number of aggregated look-back points. The look-back time window is calculated based on the aggregation granularity `windowDuration` and the selected number of aggregated points. Possible value is integer between 1 and 6. * * > **Note:** The query look back which is `windowDuration`*`numberOfEvaluationPeriods` cannot exceed 48 hours. * * > **Note:** `numberOfEvaluationPeriods` must be `1` for queries that do not project timestamp column */ numberOfEvaluationPeriods: pulumi.Input; } interface ScheduledQueryRulesAlertV2Identity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Scheduled Query Rule. * * > **Note:** This is required when `type` is set to `UserAssigned`. The identity associated must have required roles, read the [Azure documentation](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-log-alert-rule#configure-the-alert-rule-details) for more information. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this App Service slot. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this App Service slot. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Scheduled Query Rule. Possible values are `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; } interface ScheduledQueryRulesLogCriteria { /** * A `dimension` block as defined below. */ dimensions: pulumi.Input[]>; /** * Name of the metric. Supported metrics are listed in the Azure Monitor [Microsoft.OperationalInsights/workspaces](https://docs.microsoft.com/azure/azure-monitor/platform/metrics-supported#microsoftoperationalinsightsworkspaces) metrics namespace. */ metricName: pulumi.Input; } interface ScheduledQueryRulesLogCriteriaDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Operator for dimension values, - 'Include'. Defaults to `Include`. */ operator?: pulumi.Input; /** * List of dimension values. */ values: pulumi.Input[]>; } interface SmartDetectorAlertRuleActionGroup { /** * Specifies a custom email subject if Email Receiver is specified in Monitor Action Group resource. */ emailSubject?: pulumi.Input; /** * Specifies the action group ids. */ ids: pulumi.Input[]>; /** * A JSON String which Specifies the custom webhook payload if Webhook Receiver is specified in Monitor Action Group resource. */ webhookPayload?: pulumi.Input; } } export declare namespace mssql { interface DatabaseIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Database. */ identityIds: pulumi.Input[]>; /** * Specifies the type of Managed Service Identity that should be configured on this SQL Database. Possible value is `UserAssigned`. */ type: pulumi.Input; } interface DatabaseImport { /** * Specifies the name of the SQL administrator. */ administratorLogin: pulumi.Input; /** * Specifies the password of the SQL administrator. */ administratorLoginPassword: pulumi.Input; /** * Specifies the type of authentication used to access the server. Valid values are `SQL` or `ADPassword`. */ authenticationType: pulumi.Input; /** * The resource id for the storage account used to store BACPAC file. If set, private endpoint connection will be created for the storage account. Must match storage account used for storageUri parameter. */ storageAccountId?: pulumi.Input; /** * Specifies the access key for the storage account. */ storageKey: pulumi.Input; /** * Specifies the type of access key for the storage account. Valid values are `StorageAccessKey` or `SharedAccessKey`. */ storageKeyType: pulumi.Input; /** * Specifies the blob URI of the .bacpac file. */ storageUri: pulumi.Input; } interface DatabaseLongTermRetentionPolicy { /** * Specifies if the backups are immutable. Defaults to `false`. */ immutableBackupsEnabled?: pulumi.Input; /** * The monthly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 120 months. e.g. `P1Y`, `P1M`, `P4W` or `P30D`. Defaults to `PT0S`. */ monthlyRetention?: pulumi.Input; /** * The week of year to take the yearly backup. Value has to be between `1` and `52`. */ weekOfYear?: pulumi.Input; /** * The weekly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 520 weeks. e.g. `P1Y`, `P1M`, `P1W` or `P7D`. Defaults to `PT0S`. */ weeklyRetention?: pulumi.Input; /** * The yearly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 10 years. e.g. `P1Y`, `P12M`, `P52W` or `P365D`. Defaults to `PT0S`. */ yearlyRetention?: pulumi.Input; } interface DatabaseShortTermRetentionPolicy { /** * The hours between each differential backup. This is only applicable to live databases but not dropped databases. Value has to be `12` or `24`. Defaults to `12` hours. */ backupIntervalInHours?: pulumi.Input; /** * Point In Time Restore configuration. Value has to be between `1` and `35`. */ retentionDays: pulumi.Input; } interface DatabaseThreatDetectionPolicy { /** * Specifies a list of alerts which should be disabled. Possible values include `Access_Anomaly`, `Sql_Injection` and `Sql_Injection_Vulnerability`. */ disabledAlerts?: pulumi.Input[]>; /** * Should the account administrators be emailed when this alert is triggered? Possible values are `Enabled` or `Disabled`. Defaults to `Disabled`. */ emailAccountAdmins?: pulumi.Input; /** * A list of email addresses which alerts should be sent to. */ emailAddresses?: pulumi.Input[]>; /** * Specifies the number of days to keep in the Threat Detection audit logs. */ retentionDays?: pulumi.Input; /** * The State of the Policy. Possible values are `Enabled` or `Disabled`. Defaults to `Disabled`. */ state?: pulumi.Input; /** * Specifies the identifier key of the Threat Detection audit storage account. Required if `state` is `Enabled`. */ storageAccountAccessKey?: pulumi.Input; /** * Specifies the blob storage endpoint (e.g. ). This blob storage will hold all Threat Detection audit logs. Required if `state` is `Enabled`. */ storageEndpoint?: pulumi.Input; } interface DatabaseVulnerabilityAssessmentRuleBaselineBaselineResult { /** * A list representing a result of the baseline. */ results: pulumi.Input[]>; } interface ElasticPoolPerDatabaseSettings { /** * The maximum capacity any one database can consume. */ maxCapacity: pulumi.Input; /** * The minimum capacity all databases are guaranteed. */ minCapacity: pulumi.Input; } interface ElasticPoolSku { /** * The scale up/out capacity, representing server's compute units. For more information see the documentation for your Elasticpool configuration: [vCore-based](https://docs.microsoft.com/azure/sql-database/sql-database-vcore-resource-limits-elastic-pools) or [DTU-based](https://docs.microsoft.com/azure/sql-database/sql-database-dtu-resource-limits-elastic-pools). */ capacity: pulumi.Input; /** * The `family` of hardware `Gen4`, `Gen5`, `Fsv2`, `MOPRMS`, `PRMS`, or `DC`. */ family?: pulumi.Input; /** * Specifies the SKU Name for this Elasticpool. The name of the SKU, will be either `vCore` based or `DTU` based. Possible `DTU` based values are `BasicPool`, `StandardPool`, `PremiumPool` while possible `vCore` based values are `GP_Gen4`, `GP_Gen5`, `GP_Fsv2`, `GP_DC`, `BC_Gen4`, `BC_Gen5`, `BC_DC`, `HS_PRMS`, `HS_MOPRMS`, or `HS_Gen5`. */ name: pulumi.Input; /** * The tier of the particular SKU. Possible values are `GeneralPurpose`, `BusinessCritical`, `Basic`, `Standard`, `Premium`, or `Hyperscale`. For more information see the documentation for your Elasticpool configuration: [vCore-based](https://docs.microsoft.com/azure/sql-database/sql-database-vcore-resource-limits-elastic-pools) or [DTU-based](https://docs.microsoft.com/azure/sql-database/sql-database-dtu-resource-limits-elastic-pools). */ tier: pulumi.Input; } interface FailoverGroupPartnerServer { /** * The ID of a partner SQL server to include in the failover group. */ id: pulumi.Input; /** * The location of the partner server. */ location?: pulumi.Input; /** * The replication role of the partner server. Possible values include `Primary` or `Secondary`. */ role?: pulumi.Input; } interface FailoverGroupReadWriteEndpointFailoverPolicy { /** * The grace period in minutes, before failover with data loss is attempted for the read-write endpoint. Required when `mode` is `Automatic`. */ graceMinutes?: pulumi.Input; /** * The failover policy of the read-write endpoint for the failover group. Possible values are `Automatic` or `Manual`. */ mode: pulumi.Input; } interface JobAgentIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to assign to this Elastic Job Agent. */ identityIds: pulumi.Input[]>; /** * Specifies the type of Managed Service Identity that should be configured on this Elastic Job Agent. Currently only `UserAssigned` is supported. */ type: pulumi.Input; } interface JobStepOutputTarget { /** * The ID of the Elastic Job Credential to use when connecting to the output destination. */ jobCredentialId?: pulumi.Input; /** * The ID of the output database. */ mssqlDatabaseId: pulumi.Input; /** * The name of the output schema. Defaults to `dbo`. */ schemaName?: pulumi.Input; /** * The name of the output table. */ tableName: pulumi.Input; } interface JobTargetGroupJobTarget { /** * The name of the MS SQL Database. * * > **Note:** This cannot be set in combination with `elasticPoolName`. */ databaseName?: pulumi.Input; /** * The name of the MS SQL Elastic Pool. * * > **Note:** This cannot be set in combination with `databaseName`. */ elasticPoolName?: pulumi.Input; /** * The ID of the job credential to use during execution of jobs. * * > **Note:** This is required when `membershipType` is `Include`, unless `databaseName` is set or the target resource is configured to use a managed identity for authentication. */ jobCredentialId?: pulumi.Input; /** * The membership type for this job target. Possible values are `Include` and `Exclude`. Defaults to `Include`. */ membershipType?: pulumi.Input; /** * The name of the MS SQL Server. */ serverName: pulumi.Input; /** * The job target type. This value is computed based on `serverName`, `databaseName`, and `elasticPoolName`. */ type?: pulumi.Input; } interface ManagedDatabaseLongTermRetentionPolicy { /** * Specifies if the backups are immutable. Defaults to `false`. */ immutableBackupsEnabled?: pulumi.Input; /** * The monthly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 120 months. e.g. `P1Y`, `P1M`, `P4W` or `P30D`. Defaults to `PT0S`. */ monthlyRetention?: pulumi.Input; /** * The week of year to take the yearly backup. Value has to be between `1` and `52`. */ weekOfYear?: pulumi.Input; /** * The weekly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 520 weeks. e.g. `P1Y`, `P1M`, `P1W` or `P7D`. Defaults to `PT0S`. */ weeklyRetention?: pulumi.Input; /** * The yearly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 10 years. e.g. `P1Y`, `P12M`, `P52W` or `P365D`. Defaults to `PT0S`. */ yearlyRetention?: pulumi.Input; } interface ManagedDatabasePointInTimeRestore { /** * The point in time for the restore from `sourceDatabaseId`. Changing this forces a new resource to be created. */ restorePointInTime: pulumi.Input; /** * The source database id that will be used to restore from. Changing this forces a new resource to be created. */ sourceDatabaseId: pulumi.Input; } interface ManagedInstanceAzureActiveDirectoryAdministrator { /** * Specifies whether only Azure AD authentication can be used to log in to this SQL Managed Instance. When `true`, the `administratorLogin` and `administratorLoginPassword` properties can be omitted. Defaults to `false`. */ azureadAuthenticationOnlyEnabled?: pulumi.Input; /** * The login username of the Azure AD Administrator of this SQL Managed Instance. */ loginUsername: pulumi.Input; /** * The object id of the Azure AD Administrator of this SQL Managed Instance. */ objectId: pulumi.Input; /** * The principal type of the Azure AD Administrator of this SQL Managed Instance. Possible values are `Application`, `Group`, `User`. */ principalType: pulumi.Input; /** * The tenant id of the Azure AD Administrator of this SQL Managed Instance. Should be specified if the Azure AD Administrator is homed in a different tenant to the SQL Managed Instance. */ tenantId?: pulumi.Input; } interface ManagedInstanceFailoverGroupPartnerRegion { /** * The Azure Region where the Managed Instance Failover Group should exist. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * The partner replication role of the Managed Instance Failover Group. */ role?: pulumi.Input; } interface ManagedInstanceFailoverGroupReadWriteEndpointFailoverPolicy { /** * Applies only if `mode` is `Automatic`. The grace period in minutes before failover with data loss is attempted. */ graceMinutes?: pulumi.Input; /** * The failover mode. Possible values are `Automatic` or `Manual`. */ mode: pulumi.Input; } interface ManagedInstanceIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Managed Instance. Required when `type` includes `UserAssigned`. * * > **Note:** The assigned `principalId` and `tenantId` can be retrieved after the identity `type` has been set to `SystemAssigned` and SQL Managed Instance has been created. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Identity of this SQL Managed Instance. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Identity of this SQL Managed Instance. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this SQL Managed Instance. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface ManagedInstanceStartStopScheduleSchedule { /** * Start day of the schedule. Possible values are `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday`, `Sunday`. */ startDay: pulumi.Input; /** * Start time of the schedule in 24-hour format (e.g., `08:00`). */ startTime: pulumi.Input; /** * Stop day of the schedule. Possible values are `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday`, `Sunday`. */ stopDay: pulumi.Input; /** * Stop time of the schedule in 24-hour format (e.g., `17:00`). */ stopTime: pulumi.Input; } interface ManagedInstanceVulnerabilityAssessmentRecurringScans { /** * Boolean flag which specifies if the schedule scan notification will be sent to the subscription administrators. Defaults to `true`. */ emailSubscriptionAdmins?: pulumi.Input; /** * Specifies an array of e-mail addresses to which the scan notification is sent. */ emails?: pulumi.Input[]>; /** * Boolean flag which specifies if recurring scans is enabled or disabled. Defaults to `false`. */ enabled?: pulumi.Input; } interface ServerAzureadAdministrator { /** * Specifies whether only AD Users and administrators (e.g. `azuread_administrator[0].login_username`) can be used to login, or also local database users (e.g. `administratorLogin`). When `true`, the `administratorLogin` and `administratorLoginPassword` properties can be omitted. */ azureadAuthenticationOnly?: pulumi.Input; /** * The login username of the Azure AD Administrator of this SQL Server. */ loginUsername: pulumi.Input; /** * The object id of the Azure AD Administrator of this SQL Server. */ objectId: pulumi.Input; /** * The tenant id of the Azure AD Administrator of this SQL Server. */ tenantId?: pulumi.Input; } interface ServerIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Server. * * > **Note:** This is required when `type` is set to `UserAssigned` * * > **Note:** When `type` is set to `SystemAssigned`, the assigned `principalId` and `tenantId` can be retrieved after the Microsoft SQL Server has been created. More details are available below. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Identity of this SQL Server. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Identity of this SQL Server. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this SQL Server. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface ServerVulnerabilityAssessmentRecurringScans { /** * Boolean flag which specifies if the schedule scan notification will be sent to the subscription administrators. Defaults to `false`. */ emailSubscriptionAdmins?: pulumi.Input; /** * Specifies an array of email addresses to which the scan notification is sent. */ emails?: pulumi.Input[]>; /** * Boolean flag which specifies if recurring scans is enabled or disabled. Defaults to `false`. */ enabled?: pulumi.Input; } interface VirtualMachineAssessment { /** * Should Assessment be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * Should Assessment be run immediately? Defaults to `false`. */ runImmediately?: pulumi.Input; /** * An `schedule` block as defined below. */ schedule?: pulumi.Input; } interface VirtualMachineAssessmentSchedule { /** * What day of the week the assessment will be run. Possible values are `Friday`, `Monday`, `Saturday`, `Sunday`, `Thursday`, `Tuesday` and `Wednesday`. */ dayOfWeek: pulumi.Input; /** * How many months between assessment runs. Valid values are between `1` and `5`. * * > **Note:** Either one of `weeklyInterval` or `monthlyOccurrence` must be specified. */ monthlyOccurrence?: pulumi.Input; /** * What time the assessment will be run. Must be in the format `HH:mm`. */ startTime: pulumi.Input; /** * How many weeks between assessment runs. Valid values are between `1` and `6`. */ weeklyInterval?: pulumi.Input; } interface VirtualMachineAutoBackup { /** * @deprecated `encryptionEnabled` has been deprecated and will be removed in v5.0 of the AzureRM Provider. Encryption is enabled when `encryptionPassword` is set; otherwise disabled. */ encryptionEnabled?: pulumi.Input; /** * Encryption password to use. Setting a password will enable encryption. */ encryptionPassword?: pulumi.Input; /** * A `manualSchedule` block as documented below. When this block is present, the schedule type is set to `Manual`. Without this block, the schedule type is set to `Automated`. */ manualSchedule?: pulumi.Input; /** * Retention period of backups, in days. Valid values are from `1` to `30`. */ retentionPeriodInDays: pulumi.Input; /** * Access key for the storage account where backups will be kept. */ storageAccountAccessKey: pulumi.Input; /** * Blob endpoint for the storage account where backups will be kept. */ storageBlobEndpoint: pulumi.Input; /** * Include or exclude system databases from auto backup. */ systemDatabasesBackupEnabled?: pulumi.Input; } interface VirtualMachineAutoBackupManualSchedule { /** * A list of days on which backup can take place. Possible values are `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` and `Sunday` * * > **Note:** `daysOfWeek` can only be specified when `manualSchedule` is set to `Weekly` */ daysOfWeeks?: pulumi.Input[]>; /** * Frequency of full backups. Valid values include `Daily` or `Weekly`. */ fullBackupFrequency: pulumi.Input; /** * Start hour of a given day during which full backups can take place. Valid values are from `0` to `23`. */ fullBackupStartHour: pulumi.Input; /** * Duration of the time window of a given day during which full backups can take place, in hours. Valid values are between `1` and `23`. */ fullBackupWindowInHours: pulumi.Input; /** * Frequency of log backups, in minutes. Valid values are from `5` to `60`. */ logBackupFrequencyInMinutes: pulumi.Input; } interface VirtualMachineAutoPatching { /** * The day of week to apply the patch on. Possible values are `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` and `Sunday`. */ dayOfWeek: pulumi.Input; /** * The size of the Maintenance Window in minutes. */ maintenanceWindowDurationInMinutes: pulumi.Input; /** * The Hour, in the Virtual Machine Time-Zone when the patching maintenance window should begin. */ maintenanceWindowStartingHour: pulumi.Input; } interface VirtualMachineAvailabilityGroupListenerLoadBalancerConfiguration { /** * The ID of the Load Balancer. Changing this forces a new resource to be created. */ loadBalancerId: pulumi.Input; /** * The private IP Address of the listener. Changing this forces a new resource to be created. */ privateIpAddress: pulumi.Input; /** * The probe port of the listener. Changing this forces a new resource to be created. */ probePort: pulumi.Input; /** * Specifies a list of SQL Virtual Machine IDs. Changing this forces a new resource to be created. */ sqlVirtualMachineIds: pulumi.Input[]>; /** * The ID of the Subnet to create the listener. Changing this forces a new resource to be created. * * > **Note:** `sqlVirtualMachineIds` should match with the SQL Virtual Machines specified in `replica`. */ subnetId: pulumi.Input; } interface VirtualMachineAvailabilityGroupListenerMultiSubnetIpConfiguration { /** * The private IP Address of the listener. Changing this forces a new resource to be created. */ privateIpAddress: pulumi.Input; /** * The ID of the Sql Virtual Machine. Changing this forces a new resource to be created. */ sqlVirtualMachineId: pulumi.Input; /** * The ID of the Subnet to create the listener. Changing this forces a new resource to be created. * * > **Note:** `sqlVirtualMachineId` should match with the SQL Virtual Machines specified in `replica`. */ subnetId: pulumi.Input; } interface VirtualMachineAvailabilityGroupListenerReplica { /** * The replica commit mode for the availability group. Possible values are `Synchronous_Commit` and `Asynchronous_Commit`. Changing this forces a new resource to be created. */ commit: pulumi.Input; /** * The replica failover mode for the availability group. Possible values are `Manual` and `Automatic`. Changing this forces a new resource to be created. */ failoverMode: pulumi.Input; /** * The replica readable secondary mode for the availability group. Possible values are `No`, `Read_Only` and `All`. Changing this forces a new resource to be created. */ readableSecondary: pulumi.Input; /** * The replica role for the availability group. Possible values are `Primary` and `Secondary`. Changing this forces a new resource to be created. */ role: pulumi.Input; /** * The ID of the SQL Virtual Machine. Changing this forces a new resource to be created. */ sqlVirtualMachineId: pulumi.Input; } interface VirtualMachineGroupWsfcDomainProfile { /** * The account name used for creating cluster. Changing this forces a new resource to be created. */ clusterBootstrapAccountName?: pulumi.Input; /** * The account name used for operating cluster. Changing this forces a new resource to be created. */ clusterOperatorAccountName?: pulumi.Input; /** * The subnet type of the SQL Virtual Machine cluster. Possible values are `MultiSubnet` and `SingleSubnet`. Changing this forces a new resource to be created. */ clusterSubnetType: pulumi.Input; /** * The fully qualified name of the domain. Changing this forces a new resource to be created. */ fqdn: pulumi.Input; /** * The organizational Unit path in which the nodes and cluster will be present. Changing this forces a new resource to be created. */ organizationalUnitPath?: pulumi.Input; /** * The account name under which SQL service will run on all participating SQL virtual machines in the cluster. Changing this forces a new resource to be created. */ sqlServiceAccountName?: pulumi.Input; /** * The primary key of the Storage Account. */ storageAccountPrimaryKey?: pulumi.Input; /** * The SAS URL to the Storage Container of the witness storage account. Changing this forces a new resource to be created. */ storageAccountUrl?: pulumi.Input; } interface VirtualMachineKeyVaultCredential { /** * The Azure Key Vault url. Changing this forces a new resource to be created. */ keyVaultUrl: pulumi.Input; /** * The credential name. */ name: pulumi.Input; /** * The service principal name to access key vault. Changing this forces a new resource to be created. */ servicePrincipalName: pulumi.Input; /** * The service principal name secret to access key vault. Changing this forces a new resource to be created. */ servicePrincipalSecret: pulumi.Input; } interface VirtualMachineSqlInstance { /** * Specifies if the SQL Server is optimized for adhoc workloads. Possible values are `true` and `false`. Defaults to `false`. */ adhocWorkloadsOptimizationEnabled?: pulumi.Input; /** * Collation of the SQL Server. Defaults to `SQL_Latin1_General_CP1_CI_AS`. Changing this forces a new resource to be created. */ collation?: pulumi.Input; /** * Specifies if Instant File Initialization is enabled for the SQL Server. Possible values are `true` and `false`. Defaults to `false`. Changing this forces a new resource to be created. */ instantFileInitializationEnabled?: pulumi.Input; /** * Specifies if Lock Pages in Memory is enabled for the SQL Server. Possible values are `true` and `false`. Defaults to `false`. Changing this forces a new resource to be created. */ lockPagesInMemoryEnabled?: pulumi.Input; /** * Maximum Degree of Parallelism of the SQL Server. Possible values are between `0` and `32767`. Defaults to `0`. */ maxDop?: pulumi.Input; /** * Maximum amount memory that SQL Server Memory Manager can allocate to the SQL Server process. Possible values are between `128` and `2147483647` Defaults to `2147483647`. */ maxServerMemoryMb?: pulumi.Input; /** * Minimum amount memory that SQL Server Memory Manager can allocate to the SQL Server process. Possible values are between `0` and `2147483647` Defaults to `0`. * * > **Note:** `maxServerMemoryMb` must be greater than or equal to `minServerMemoryMb` */ minServerMemoryMb?: pulumi.Input; } interface VirtualMachineStorageConfiguration { /** * A `storageSettings` block as defined below. */ dataSettings?: pulumi.Input; /** * The type of disk configuration to apply to the SQL Server. Valid values include `NEW`, `EXTEND`, or `ADD`. */ diskType: pulumi.Input; /** * A `storageSettings` block as defined below. */ logSettings?: pulumi.Input; /** * The type of storage workload. Valid values include `GENERAL`, `OLTP`, or `DW`. */ storageWorkloadType: pulumi.Input; /** * Specifies whether to set system databases (except tempDb) location to newly created data storage. Possible values are `true` and `false`. Defaults to `false`. */ systemDbOnDataDiskEnabled?: pulumi.Input; /** * An `tempDbSettings` block as defined below. */ tempDbSettings?: pulumi.Input; } interface VirtualMachineStorageConfigurationDataSettings { defaultFilePath: pulumi.Input; luns: pulumi.Input[]>; } interface VirtualMachineStorageConfigurationLogSettings { defaultFilePath: pulumi.Input; luns: pulumi.Input[]>; } interface VirtualMachineStorageConfigurationTempDbSettings { /** * The SQL Server default file count. This value defaults to `8` */ dataFileCount?: pulumi.Input; /** * The SQL Server default file size - This value defaults to `512` */ dataFileGrowthInMb?: pulumi.Input; /** * The SQL Server default file size - This value defaults to `256` */ dataFileSizeMb?: pulumi.Input; /** * The SQL Server default path */ defaultFilePath: pulumi.Input; /** * The SQL Server default file size - This value defaults to `512` */ logFileGrowthMb?: pulumi.Input; /** * The SQL Server default file size - This value defaults to `256` */ logFileSizeMb?: pulumi.Input; /** * A list of Logical Unit Numbers for the disks. */ luns: pulumi.Input[]>; } interface VirtualMachineWsfcDomainCredential { /** * The account password used for creating cluster. */ clusterBootstrapAccountPassword: pulumi.Input; /** * The account password used for operating cluster. */ clusterOperatorAccountPassword: pulumi.Input; /** * The account password under which SQL service will run on all participating SQL virtual machines in the cluster. */ sqlServiceAccountPassword: pulumi.Input; } } export declare namespace mysql { interface FlexibleServerCustomerManagedKey { /** * The ID of the geo backup Key Vault Key. It can't cross region and need Customer Managed Key in same region as geo backup. */ geoBackupKeyVaultKeyId?: pulumi.Input; /** * The geo backup user managed identity id for a Customer Managed Key. Should be added with `identityIds`. It can't cross region and need identity in same region as geo backup. * * > **Note:** `primaryUserAssignedIdentityId` or `geoBackupUserAssignedIdentityId` is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ geoBackupUserAssignedIdentityId?: pulumi.Input; /** * The ID of the Key Vault Key. */ keyVaultKeyId?: pulumi.Input; /** * The ID of the Managed HSM Key. */ managedHsmKeyId?: pulumi.Input; /** * Specifies the primary user managed identity id for a Customer Managed Key. Should be added with `identityIds`. */ primaryUserAssignedIdentityId?: pulumi.Input; } interface FlexibleServerHighAvailability { /** * The high availability mode for the MySQL Flexible Server. Possibles values are `SameZone` and `ZoneRedundant`. * * > **Note:** `storage[0].auto_grow_enabled` must be enabled when `highAvailability` is enabled. To change the `highAvailability` for a MySQL Flexible Server created with `highAvailability` disabled during creation, the resource has to be recreated. */ mode: pulumi.Input; /** * Specifies the Availability Zone in which the standby Flexible Server should be located. Possible values are `1`, `2` and `3`. * * > **Note:** Azure will automatically assign an Availability Zone if one is not specified. If the MySQL Flexible Server fails-over to the Standby Availability Zone, the `zone` will be updated to reflect the current Primary Availability Zone. You can use Terraform's `ignoreChanges` functionality to ignore changes to the `zone` and `high_availability[0].standby_availability_zone` fields should you wish for Terraform to not migrate the MySQL Flexible Server back to it's primary Availability Zone after a fail-over. * * > **Note:** The Availability Zones available depend on the Azure Region that the MySQL Flexible Server is being deployed into - see [the Azure Availability Zones documentation](https://azure.microsoft.com/global-infrastructure/geographies/#geographies) for more information on which Availability Zones are available in each Azure Region. */ standbyAvailabilityZone?: pulumi.Input; } interface FlexibleServerIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this MySQL Flexible Server. */ identityIds: pulumi.Input[]>; /** * Specifies the type of Managed Service Identity that should be configured on this MySQL Flexible Server. The only possible value is `UserAssigned`. */ type: pulumi.Input; } interface FlexibleServerMaintenanceWindow { /** * The day of week for maintenance window. Defaults to `0`. */ dayOfWeek?: pulumi.Input; /** * The start hour for maintenance window. Defaults to `0`. */ startHour?: pulumi.Input; /** * The start minute for maintenance window. Defaults to `0`. */ startMinute?: pulumi.Input; } interface FlexibleServerStorage { /** * Should Storage Auto Grow be enabled? Defaults to `true`. */ autoGrowEnabled?: pulumi.Input; /** * Should IOPS be scaled automatically? If `true`, `iops` can not be set. Defaults to `false`. */ ioScalingEnabled?: pulumi.Input; /** * The storage IOPS for the MySQL Flexible Server. Possible values are between `360` and `20000`. */ iops?: pulumi.Input; /** * Should Storage Log On Disk be enabled? Defaults to `false`. */ logOnDiskEnabled?: pulumi.Input; /** * The max storage allowed for the MySQL Flexible Server. Possible values are between `20` and `16384`. * * > **Note:** Decreasing `sizeGb` forces a new resource to be created. */ sizeGb?: pulumi.Input; } } export declare namespace netapp { interface AccountActiveDirectory { /** * If enabled, AES encryption will be enabled for SMB communication. Defaults to `false`. */ aesEncryptionEnabled?: pulumi.Input; /** * A list of DNS server IP addresses for the Active Directory domain. Only allows `IPv4` address. */ dnsServers: pulumi.Input[]>; /** * The name of the Active Directory domain. */ domain: pulumi.Input; /** * Name of the active directory machine. */ kerberosAdName?: pulumi.Input; /** * kdc server IP addresses for the active directory machine. * * > **Note:** If you plan on using **Kerberos** volumes, both `adName` and `kdcIp` are required in order to create the volume. */ kerberosKdcIp?: pulumi.Input; /** * Specifies whether or not the LDAP traffic needs to be secured via TLS. Defaults to `false`. */ ldapOverTlsEnabled?: pulumi.Input; /** * Specifies whether or not the LDAP traffic needs to be signed. Defaults to `false`. */ ldapSigningEnabled?: pulumi.Input; /** * If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. Defaults to `false`. */ localNfsUsersWithLdapAllowed?: pulumi.Input; /** * The Organizational Unit (OU) within Active Directory where machines will be created. If blank, defaults to `CN=Computers`. */ organizationalUnit?: pulumi.Input; /** * The password associated with the `username`. */ password: pulumi.Input; /** * When LDAP over SSL/TLS is enabled, the LDAP client is required to have a *base64 encoded Active Directory Certificate Service's self-signed root CA certificate*, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. Required if `ldapOverTlsEnabled` is set to `true`. */ serverRootCaCertificate?: pulumi.Input; /** * The Active Directory site the service will limit Domain Controller discovery to. If blank, defaults to `Default-First-Site-Name`. */ siteName?: pulumi.Input; /** * The NetBIOS name which should be used for the NetApp SMB Server, which will be registered as a computer account in the AD and used to mount volumes. */ smbServerName: pulumi.Input; /** * The Username of Active Directory Domain Administrator. */ username: pulumi.Input; } interface AccountIdentity { /** * The identity id of the user assigned identity to use when type is `UserAssigned` */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * The identity type, which can be `SystemAssigned` or `UserAssigned`. Only one type at a time is supported by Azure NetApp Files. */ type: pulumi.Input; } interface GetAccountIdentity { identityIds?: string[]; principalId?: string; tenantId?: string; type: string; } interface GetAccountIdentityArgs { identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; type: pulumi.Input; } interface SnapshotPolicyDailySchedule { /** * Hour of the day that the snapshots will be created, valid range is from 0 to 23. */ hour: pulumi.Input; /** * Minute of the hour that the snapshots will be created, valid range is from 0 to 59. */ minute: pulumi.Input; /** * How many hourly snapshots to keep, valid range is from 0 to 255. */ snapshotsToKeep: pulumi.Input; } interface SnapshotPolicyHourlySchedule { /** * Minute of the hour that the snapshots will be created, valid range is from 0 to 59. */ minute: pulumi.Input; /** * How many hourly snapshots to keep, valid range is from 0 to 255. */ snapshotsToKeep: pulumi.Input; } interface SnapshotPolicyMonthlySchedule { /** * List of the days of the month when the snapshots will be created, valid range is from 1 to 30. */ daysOfMonths: pulumi.Input[]>; /** * Hour of the day that the snapshots will be created, valid range is from 0 to 23. */ hour: pulumi.Input; /** * Minute of the hour that the snapshots will be created, valid range is from 0 to 59. */ minute: pulumi.Input; /** * How many hourly snapshots to keep, valid range is from 0 to 255. */ snapshotsToKeep: pulumi.Input; } interface SnapshotPolicyWeeklySchedule { /** * List of the week days using English names when the snapshots will be created. */ daysOfWeeks: pulumi.Input[]>; /** * Hour of the day that the snapshots will be created, valid range is from 0 to 23. */ hour: pulumi.Input; /** * Minute of the hour that the snapshots will be created, valid range is from 0 to 59. */ minute: pulumi.Input; /** * How many hourly snapshots to keep, valid range is from 0 to 255. */ snapshotsToKeep: pulumi.Input; } interface VolumeCoolAccess { /** * The coolness period in days for the volume. Possible vales are between `2` and `183`. */ coolnessPeriodInDays: pulumi.Input; /** * The cool access retrieval policy for the volume. Possible values are `Default`, `Never` and `OnRead`. */ retrievalPolicy: pulumi.Input; /** * The cool access tiering policy for the volume. Possible values are `Auto` and `SnapshotOnly`. */ tieringPolicy: pulumi.Input; } interface VolumeDataProtectionAdvancedRansomware { /** * Enable or disable the Advanced Ransomware Protection feature. * * > **Note:** Advanced Ransomware Protection is currently in preview and requires feature registration. For performance considerations and supported regions, please refer to the [Azure documentation](https://learn.microsoft.com/en-us/azure/azure-netapp-files/ransomware-configure). * * > **Note:** It is recommended to enable no more than five volumes per Azure region with ARP to mitigate performance issues, and to increase QoS capacity by 5 to 10 percent due to potential performance impacts. */ protectionEnabled: pulumi.Input; } interface VolumeDataProtectionBackupPolicy { /** * Resource ID of the backup policy to apply to the volume. */ backupPolicyId: pulumi.Input; /** * Resource ID of the backup backup vault to associate this volume to. */ backupVaultId: pulumi.Input; /** * Enables the backup policy on the volume, defaults to `true`. * * For more information on Azure NetApp Files Backup feature please see [Understand Azure NetApp Files backup](https://learn.microsoft.com/en-us/azure/azure-netapp-files/backup-introduction) */ policyEnabled?: pulumi.Input; } interface VolumeDataProtectionReplication { /** * The endpoint type, default value is `dst` for destination. */ endpointType?: pulumi.Input; /** * Location of the primary volume. Changing this forces a new resource to be created. */ remoteVolumeLocation: pulumi.Input; /** * Resource ID of the primary volume. */ remoteVolumeResourceId: pulumi.Input; /** * Replication frequency, supported values are '10minutes', 'hourly', 'daily', values are case sensitive. * * A full example of the `dataProtectionReplication` attribute can be found in the `./examples/netapp/volume_crr` directory within the GitHub Repository * * > **Note:** Each destination volume can have only one `dataProtectionReplication` block configured. However, a source volume can have up to 2 destination volumes replicating from it (fan-out deployment). For more information on fan-out replication topologies, see [Understand data protection in Azure NetApp Files](https://learn.microsoft.com/azure/azure-netapp-files/data-protection-disaster-recovery-options#supported-replication-topologies). * * > **Note:** For cross-zone replication (when `remoteVolumeLocation` is the same as the volume's `location`), both the source and destination volumes must have a `zone` assigned. For a complete example of cross-zone-region replication with fan-out deployment, see the `./examples/netapp/cross_zone_region_replication` directory within the GitHub Repository. For more information, see [Manage cross-zone-region replication for Azure NetApp Files](https://learn.microsoft.com/azure/azure-netapp-files/cross-zone-region-replication-configure). */ replicationFrequency: pulumi.Input; } interface VolumeDataProtectionSnapshotPolicy { /** * Resource ID of the snapshot policy to apply to the volume. * * A full example of the `dataProtectionSnapshotPolicy` attribute usage can be found in the `./examples/netapp/nfsv3_volume_with_snapshot_policy` directory within the GitHub Repository * * > **Note:** `dataProtectionSnapshotPolicy` block can be used alone or with dataProtectionReplication in the primary volume only, if enabling it in the secondary, an error will be thrown. */ snapshotPolicyId: pulumi.Input; } interface VolumeExportPolicyRule { /** * A list of allowed clients IPv4 addresses. */ allowedClients: pulumi.Input[]>; /** * Is Kerberos 5 read-only access permitted to this volume? */ kerberos5ReadOnlyEnabled?: pulumi.Input; /** * Is Kerberos 5 read/write permitted to this volume? */ kerberos5ReadWriteEnabled?: pulumi.Input; /** * Is Kerberos 5i read-only permitted to this volume? */ kerberos5iReadOnlyEnabled?: pulumi.Input; /** * Is Kerberos 5i read/write permitted to this volume? */ kerberos5iReadWriteEnabled?: pulumi.Input; /** * Is Kerberos 5p read-only permitted to this volume? */ kerberos5pReadOnlyEnabled?: pulumi.Input; /** * Is Kerberos 5p read/write permitted to this volume? */ kerberos5pReadWriteEnabled?: pulumi.Input; /** * A list of allowed protocols. Valid values include `CIFS`, `NFSv3`, or `NFSv4.1`. Only a single element is supported at this time. This replaces the previous arguments: `cifsEnabled`, `nfsv3Enabled` and `nfsv4Enabled`. */ protocol?: pulumi.Input; /** * @deprecated this property has been deprecated in favour of `export_policy_rule.protocol` and will be removed in version 5.0 of the Provider. */ protocolsEnabled?: pulumi.Input; /** * Is root access permitted to this volume? */ rootAccessEnabled?: pulumi.Input; /** * The index number of the rule. */ ruleIndex: pulumi.Input; /** * Is the file system on unix read only? */ unixReadOnly?: pulumi.Input; /** * Is the file system on unix read and write? */ unixReadWrite?: pulumi.Input; } interface VolumeGroupOracleVolume { /** * The ID of the Capacity Pool. Changing this forces a new Application Volume Group to be created and data will be lost. */ capacityPoolId: pulumi.Input; /** * A `dataProtectionReplication` block as defined below. Changing this forces a new Application Volume Group to be created and data will be lost. */ dataProtectionReplication?: pulumi.Input; /** * A `dataProtectionSnapshotPolicy` block as defined below. */ dataProtectionSnapshotPolicy?: pulumi.Input; /** * The encryption key source, it can be `Microsoft.NetApp` for platform managed keys or `Microsoft.KeyVault` for customer-managed keys. This is required with `keyVaultPrivateEndpointId`. Changing this forces a new resource to be created. */ encryptionKeySource?: pulumi.Input; /** * One or more `exportPolicyRule` blocks as defined below. */ exportPolicyRules: pulumi.Input[]>; /** * The ID of the Application Volume Group. */ id?: pulumi.Input; /** * The Private Endpoint ID for Key Vault, which is required when using customer-managed keys. This is required with `encryptionKeySource`. Changing this forces a new resource to be created. */ keyVaultPrivateEndpointId?: pulumi.Input; mountIpAddresses?: pulumi.Input[]>; /** * The name which should be used for this volume. Changing this forces a new Application Volume Group to be created and data will be lost. */ name: pulumi.Input; /** * Indicates which network feature to use, Possible values are `Basic`, `Basic_Standard`, `Standard` and `Standard_Basic`. It defaults to `Basic` if not defined. This is a feature in public preview and for more information about it and how to register, please refer to [Configure network features for an Azure NetApp Files volume](https://docs.microsoft.com/en-us/azure/azure-netapp-files/configure-network-features). This is required if enabling customer managed keys encryption scenario. */ networkFeatures?: pulumi.Input; /** * The target volume protocol expressed as a list. Protocol conversion between `NFSv3` and `NFSv4.1` and vice-versa is supported without recreating the volume group, however export policy rules must be updated accordingly to avoid configuration drift (e.g., when converting from `NFSv3` to `NFSv4.1`, set `nfsv3Enabled = false` and `nfsv41Enabled = true` in export policy rules). Supported values include `NFSv3` or `NFSv4.1`. * * > **Note:** When converting protocols between NFSv3 and NFSv4.1, ensure that export policy rules are updated accordingly to avoid configuration drift. Update the `nfsv3Enabled` and `nfsv41Enabled` flags to match the new protocol. */ protocols: pulumi.Input; /** * The ID of the proximity placement group (PPG). Changing this forces a new Application Volume Group to be created and data will be lost. * * > **Note:** For Oracle application, it is required to have PPG enabled so Azure NetApp Files can pin the volumes next to your compute resources, please check [Requirements and considerations for application volume group for Oracle](https://learn.microsoft.com/en-us/azure/azure-netapp-files/application-volume-group-oracle-considerations) for details and other requirements. Note that this cannot be used together with `zone`. */ proximityPlacementGroupId?: pulumi.Input; /** * Volume security style. Possible values are `ntfs` and `unix`. Changing this forces a new Application Volume Group to be created and data will be lost. */ securityStyle: pulumi.Input; /** * Volume security style. Possible values are `Premium`, `Standard`, `Ultra` and `Flexible`. Changing this forces a new Application Volume Group to be created and data will be lost. */ serviceLevel: pulumi.Input; /** * Specifies whether the .snapshot (NFS clients) path of a volume is visible. Changing this forces a new Application Volume Group to be created and data will be lost. */ snapshotDirectoryVisible: pulumi.Input; /** * The maximum Storage Quota allowed for a file system in Gigabytes. */ storageQuotaInGb: pulumi.Input; /** * The ID of the Subnet the NetApp Volume resides in, which must have the `Microsoft.NetApp/volumes` delegation. Changing this forces a new Application Volume Group to be created and data will be lost. */ subnetId: pulumi.Input; /** * A mapping of tags which should be assigned to the Application Volume Group. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Throughput of this volume in Mibps. */ throughputInMibps: pulumi.Input; /** * A unique file path for the volume. Changing this forces a new Application Volume Group to be created and data will be lost. */ volumePath: pulumi.Input; /** * Volume specification name. Possible values are `ora-data1`, `ora-data2`, `ora-data3`, `ora-data4`, `ora-data5`, `ora-data6`, `ora-data7`, `ora-data8`, `ora-log`, `ora-log-mirror`, `ora-binary` and `ora-backup`. Changing this forces a new Application Volume Group to be created and data will be lost. */ volumeSpecName: pulumi.Input; /** * Specifies the Availability Zone in which the Volume should be located. Possible values are `1`, `2` and `3`, depending on the Azure region. Changing this forces a new resource to be created. This feature is currently in preview, for more information on how to enable it, please refer to [Manage availability zone volume placement for Azure NetApp Files](https://learn.microsoft.com/en-us/azure/azure-netapp-files/manage-availability-zone-volume-placement). Note that this cannot be used together with `proximityPlacementGroupId`. */ zone?: pulumi.Input; } interface VolumeGroupOracleVolumeDataProtectionReplication { /** * The endpoint type. Possible values are `dst` and `src`. Defaults to `dst`. Changing this forces a new Application Volume Group to be created and data will be lost. */ endpointType?: pulumi.Input; /** * Location of the primary volume. */ remoteVolumeLocation: pulumi.Input; /** * Resource ID of the primary volume. Changing this forces a new Application Volume Group to be created and data will be lost. */ remoteVolumeResourceId: pulumi.Input; /** * Replication frequency. Possible values are `10minutes`, `daily` and `hourly`. Changing this forces a new Application Volume Group to be created and data will be lost. */ replicationFrequency: pulumi.Input; } interface VolumeGroupOracleVolumeDataProtectionSnapshotPolicy { /** * Resource ID of the snapshot policy to apply to the volume. */ snapshotPolicyId: pulumi.Input; } interface VolumeGroupOracleVolumeExportPolicyRule { /** * A comma-sperated list of allowed client IPv4 addresses. */ allowedClients: pulumi.Input; /** * Enables NFSv3. Please note that this cannot be enabled if volume has NFSv4.1 as its protocol. */ nfsv3Enabled: pulumi.Input; /** * Enables NFSv4.1. Please note that this cannot be enabled if volume has NFSv3 as its protocol. */ nfsv41Enabled: pulumi.Input; /** * Is root access permitted to this volume? Defaults to `true`. */ rootAccessEnabled?: pulumi.Input; /** * The index number of the rule, must start at 1 and maximum 5. */ ruleIndex: pulumi.Input; /** * Is the file system on unix read only? Defaults to `false. */ unixReadOnly?: pulumi.Input; /** * Is the file system on unix read and write? Defaults to `true`. */ unixReadWrite?: pulumi.Input; } interface VolumeGroupSapHanaVolume { /** * The ID of the Capacity Pool. Changing this forces a new Application Volume Group to be created and data will be lost. */ capacityPoolId: pulumi.Input; /** * A `dataProtectionReplication` block as defined below. Changing this forces a new Application Volume Group to be created and data will be lost. */ dataProtectionReplication?: pulumi.Input; /** * A `dataProtectionSnapshotPolicy` block as defined below. */ dataProtectionSnapshotPolicy?: pulumi.Input; /** * The encryption key source, it can be `Microsoft.NetApp` for platform managed keys or `Microsoft.KeyVault` for customer-managed keys. This is required with `keyVaultPrivateEndpointId`. Changing this forces a new Application Volume Group to be created and data will be lost. */ encryptionKeySource?: pulumi.Input; /** * One or more `exportPolicyRule` blocks as defined below. */ exportPolicyRules: pulumi.Input[]>; /** * The ID of the Application Volume Group. */ id?: pulumi.Input; /** * The Private Endpoint ID for Key Vault, which is required when using customer-managed keys. This is required with `encryptionKeySource`. Changing this forces a new Application Volume Group to be created and data will be lost. */ keyVaultPrivateEndpointId?: pulumi.Input; mountIpAddresses?: pulumi.Input[]>; /** * The name which should be used for this volume. Changing this forces a new Application Volume Group to be created and data will be lost. */ name: pulumi.Input; /** * Network features of the volume. Possible values are `Basic` or `Standard`. Default value is `Basic`. Changing this forces a new Application Volume Group to be created and data will be lost. */ networkFeatures?: pulumi.Input; /** * The target volume protocol expressed as a list. Protocol conversion between `NFSv3` and `NFSv4.1` and vice-versa is supported without recreating the volume group, however export policy rules must be updated accordingly to avoid configuration drift (e.g., when converting from `NFSv3` to `NFSv4.1`, set `nfsv3Enabled = false` and `nfsv41Enabled = true` in export policy rules). Supported values include `NFSv3` or `NFSv4.1`, multi-protocol is not supported. Please check [Configure application volume groups for the SAP HANA REST API](https://learn.microsoft.com/en-us/azure/azure-netapp-files/configure-application-volume-group-sap-hana-api) document for details. * * > **Note:** NFSv3 protocol is only supported for backup volumes (`data-backup`, `log-backup`) in SAP HANA volume groups. Critical volumes (`data`, `log`, `shared`) must use NFSv4.1. When converting protocols on backup volumes, ensure export policy rules are updated accordingly to avoid configuration drift. */ protocols: pulumi.Input; /** * The ID of the proximity placement group. Changing this forces a new Application Volume Group to be created and data will be lost. For SAP-HANA application, it is required to have PPG enabled so Azure NetApp Files can pin the volumes next to your compute resources, please check [Requirements and considerations for application volume group for SAP HANA](https://learn.microsoft.com/en-us/azure/azure-netapp-files/application-volume-group-considerations) for details and other requirements. */ proximityPlacementGroupId?: pulumi.Input; /** * Volume security style. Possible values are `ntfs` and `unix`. Changing this forces a new Application Volume Group to be created and data will be lost. */ securityStyle: pulumi.Input; /** * Volume security style. Possible values are `Premium`, `Standard`, `Ultra` and `Flexible`. Changing this forces a new Application Volume Group to be created and data will be lost. */ serviceLevel: pulumi.Input; /** * Specifies whether the .snapshot (NFS clients) path of a volume is visible. Changing this forces a new Application Volume Group to be created and data will be lost. */ snapshotDirectoryVisible: pulumi.Input; /** * The maximum Storage Quota allowed for a file system in Gigabytes. */ storageQuotaInGb: pulumi.Input; /** * The ID of the Subnet the NetApp Volume resides in, which must have the `Microsoft.NetApp/volumes` delegation. Changing this forces a new Application Volume Group to be created and data will be lost. */ subnetId: pulumi.Input; /** * A mapping of tags which should be assigned to the Application Volume Group. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Throughput of this volume in Mibps. */ throughputInMibps: pulumi.Input; /** * A unique file path for the volume. Changing this forces a new Application Volume Group to be created and data will be lost. */ volumePath: pulumi.Input; /** * Volume specification name. Possible values are `data`, `log`, `shared`, `data-backup` and `log-backup`. Changing this forces a new Application Volume Group to be created and data will be lost. */ volumeSpecName: pulumi.Input; /** * Specifies the Availability Zone in which the Volume should be located. Possible values are `1`, `2` and `3`. This feature is currently in preview, for more information on how to enable it, please refer to [Manage availability zone volume placement for Azure NetApp Files](https://learn.microsoft.com/en-us/azure/azure-netapp-files/manage-availability-zone-volume-placement). Changing this forces a new Application Volume Group to be created and data will be lost. */ zone?: pulumi.Input; } interface VolumeGroupSapHanaVolumeDataProtectionReplication { /** * The endpoint type. Possible values are `dst` and `src`. Defaults to `dst`. Changing this forces a new Application Volume Group to be created and data will be lost. */ endpointType?: pulumi.Input; /** * Location of the primary volume. */ remoteVolumeLocation: pulumi.Input; /** * Resource ID of the primary volume. Changing this forces a new Application Volume Group to be created and data will be lost. */ remoteVolumeResourceId: pulumi.Input; /** * eplication frequency. Possible values are `10minutes`, `daily` and `hourly`. Changing this forces a new Application Volume Group to be created and data will be lost. */ replicationFrequency: pulumi.Input; } interface VolumeGroupSapHanaVolumeDataProtectionSnapshotPolicy { /** * Resource ID of the snapshot policy to apply to the volume. */ snapshotPolicyId: pulumi.Input; } interface VolumeGroupSapHanaVolumeExportPolicyRule { /** * A comma-sperated list of allowed client IPv4 addresses. */ allowedClients: pulumi.Input; /** * Enables NFSv3. Please note that this cannot be enabled if volume has NFSv4.1 as its protocol. */ nfsv3Enabled: pulumi.Input; /** * Enables NFSv4.1. Please note that this cannot be enabled if volume has NFSv3 as its protocol. */ nfsv41Enabled: pulumi.Input; /** * Is root access permitted to this volume? Defaults to `true`. */ rootAccessEnabled?: pulumi.Input; /** * The index number of the rule, must start at 1 and maximum 5. */ ruleIndex: pulumi.Input; /** * Is the file system on unix read only? Defaults to `false. */ unixReadOnly?: pulumi.Input; /** * Is the file system on unix read and write? Defaults to `true`. */ unixReadWrite?: pulumi.Input; } } export declare namespace network { interface ApplicationGatewayAuthenticationCertificate { /** * The contents of the Authentication Certificate which should be used. */ data: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The Name of the Authentication Certificate to use. */ name: pulumi.Input; } interface ApplicationGatewayAutoscaleConfiguration { /** * Maximum capacity for autoscaling. Accepted values are in the range `2` to `125`. */ maxCapacity?: pulumi.Input; /** * Minimum capacity for autoscaling. Accepted values are in the range `0` to `100`. */ minCapacity: pulumi.Input; } interface ApplicationGatewayBackend { /** * Whether client IP preservation is enabled for this Backend Settings Collection. Defaults to `false`. */ clientIpPreservationEnabled?: pulumi.Input; /** * Host header to be sent to the backend servers. Can only be set when `protocol` is `Tls`. */ hostName?: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The name of the Backend Settings Collection. */ name: pulumi.Input; /** * The port which should be used for this Backend Settings Collection. */ port: pulumi.Input; /** * The ID of the associated Probe. */ probeId?: pulumi.Input; /** * The name of an associated Probe. */ probeName?: pulumi.Input; /** * The Protocol which should be used. Possible values are `Tcp` and `Tls`. */ protocol: pulumi.Input; /** * The connection timeout in seconds. Possible values range between `1` and `86400`. Defaults to `30`. */ timeoutInSeconds?: pulumi.Input; /** * A list of `trustedRootCertificate` names. */ trustedRootCertificateNames?: pulumi.Input[]>; } interface ApplicationGatewayBackendAddressPool { /** * A list of FQDN's which should be part of the Backend Address Pool. */ fqdns?: pulumi.Input[]>; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * A list of IP Addresses which should be part of the Backend Address Pool. */ ipAddresses?: pulumi.Input[]>; /** * The name of the Backend Address Pool. */ name: pulumi.Input; } interface ApplicationGatewayBackendHttpSetting { /** * The name of the affinity cookie. */ affinityCookieName?: pulumi.Input; /** * One or more `authenticationCertificateBackend` blocks as defined below. */ authenticationCertificates?: pulumi.Input[]>; /** * A `connectionDraining` block as defined below. */ connectionDraining?: pulumi.Input; /** * Is Cookie-Based Affinity enabled? Possible values are `Enabled` and `Disabled`. */ cookieBasedAffinity: pulumi.Input; /** * Whether to use a dedicated backend connection. Defaults to `false`. */ dedicatedBackendConnectionEnabled?: pulumi.Input; /** * Host header to be sent to the backend servers. Cannot be set if `pickHostNameFromBackendAddress` is set to `true`. */ hostName?: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The name of the Authentication Certificate. */ name: pulumi.Input; /** * The Path which should be used as a prefix for all HTTP requests. */ path?: pulumi.Input; /** * Whether host header should be picked from the host name of the backend server. Defaults to `false`. */ pickHostNameFromBackendAddress?: pulumi.Input; /** * The port which should be used for this Backend HTTP Settings Collection. */ port: pulumi.Input; /** * The ID of the associated Probe. */ probeId?: pulumi.Input; /** * The name of an associated HTTP Probe. */ probeName?: pulumi.Input; /** * The Protocol which should be used. Possible values are `Http` and `Https`. */ protocol: pulumi.Input; /** * The request timeout in seconds, which must be between 1 and 86400 seconds. Defaults to `30`. */ requestTimeout?: pulumi.Input; /** * A list of `trustedRootCertificate` names. */ trustedRootCertificateNames?: pulumi.Input[]>; } interface ApplicationGatewayBackendHttpSettingAuthenticationCertificate { /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The Name of the Authentication Certificate to use. */ name: pulumi.Input; } interface ApplicationGatewayBackendHttpSettingConnectionDraining { /** * The number of seconds connection draining is active. Acceptable values are from `1` second to `3600` seconds. */ drainTimeoutSec: pulumi.Input; /** * If connection draining is enabled or not. */ enabled: pulumi.Input; } interface ApplicationGatewayCustomErrorConfiguration { /** * Error page URL of the application gateway customer error. */ customErrorPageUrl: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * Status code of the application gateway customer error. Possible values are `HttpStatus400`, `HttpStatus403`, `HttpStatus404`, `HttpStatus405`, `HttpStatus408`, `HttpStatus500`, `HttpStatus502`, `HttpStatus503` and `HttpStatus504` */ statusCode: pulumi.Input; } interface ApplicationGatewayFrontendIpConfiguration { /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The name of the Frontend IP Configuration. */ name: pulumi.Input; /** * The Private IP Address to use for the Application Gateway. */ privateIpAddress?: pulumi.Input; /** * The Allocation Method for the Private IP Address. Possible values are `Dynamic` and `Static`. Defaults to `Dynamic`. */ privateIpAddressAllocation?: pulumi.Input; /** * The ID of the associated private link configuration. */ privateLinkConfigurationId?: pulumi.Input; /** * The name of the private link configuration to use for this frontend IP configuration. */ privateLinkConfigurationName?: pulumi.Input; /** * The ID of a Public IP Address which the Application Gateway should use. The allocation method for the Public IP Address depends on the `sku` of this Application Gateway. Please refer to the [Azure documentation for public IP addresses](https://docs.microsoft.com/azure/virtual-network/public-ip-addresses#application-gateways) for details. */ publicIpAddressId?: pulumi.Input; /** * The ID of the Subnet. */ subnetId?: pulumi.Input; } interface ApplicationGatewayFrontendPort { /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The name of the Frontend Port. */ name: pulumi.Input; /** * The port used for this Frontend Port. */ port: pulumi.Input; } interface ApplicationGatewayGatewayIpConfiguration { /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The Name of this Gateway IP Configuration. */ name: pulumi.Input; /** * The ID of the Subnet which the Application Gateway should be connected to. */ subnetId: pulumi.Input; } interface ApplicationGatewayGlobal { /** * Whether Application Gateway's Request buffer is enabled. */ requestBufferingEnabled: pulumi.Input; /** * Whether Application Gateway's Response buffer is enabled. */ responseBufferingEnabled: pulumi.Input; } interface ApplicationGatewayHttpListener { /** * One or more `customErrorConfiguration` blocks as defined below. */ customErrorConfigurations?: pulumi.Input[]>; /** * The ID of the Web Application Firewall Policy which should be used for this HTTP Listener. */ firewallPolicyId?: pulumi.Input; /** * The ID of the associated Frontend Configuration. */ frontendIpConfigurationId?: pulumi.Input; /** * The Name of the Frontend IP Configuration used for this HTTP Listener. */ frontendIpConfigurationName: pulumi.Input; /** * The ID of the associated Frontend Port. */ frontendPortId?: pulumi.Input; /** * The Name of the Frontend Port use for this HTTP Listener. */ frontendPortName: pulumi.Input; /** * The Hostname which should be used for this HTTP Listener. Setting this value changes Listener Type to 'Multi site'. */ hostName?: pulumi.Input; /** * A list of Hostname(s) should be used for this HTTP Listener. It allows special wildcard characters. * * > **Note:** The `hostNames` and `hostName` are mutually exclusive and cannot both be set. */ hostNames?: pulumi.Input[]>; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The Name of the HTTP Listener. */ name: pulumi.Input; /** * The Protocol to use for this HTTP Listener. Possible values are `Http` and `Https`. */ protocol: pulumi.Input; /** * Should Server Name Indication be Required? Defaults to `false`. */ requireSni?: pulumi.Input; /** * The ID of the associated SSL Certificate. */ sslCertificateId?: pulumi.Input; /** * The name of the associated SSL Certificate which should be used for this HTTP Listener. */ sslCertificateName?: pulumi.Input; /** * The ID of the associated SSL Profile. */ sslProfileId?: pulumi.Input; /** * The name of the associated SSL Profile which should be used for this HTTP Listener. */ sslProfileName?: pulumi.Input; } interface ApplicationGatewayHttpListenerCustomErrorConfiguration { /** * Error page URL of the application gateway customer error. */ customErrorPageUrl: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * Status code of the application gateway customer error. Possible values are `HttpStatus400`, `HttpStatus403`, `HttpStatus404`, `HttpStatus405`, `HttpStatus408`, `HttpStatus500`, `HttpStatus502`, `HttpStatus503` and `HttpStatus504` */ statusCode: pulumi.Input; } interface ApplicationGatewayIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Application Gateway. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Application Gateway. Only possible value is `UserAssigned`. */ type: pulumi.Input; } interface ApplicationGatewayListener { /** * The ID of the associated Frontend Configuration. */ frontendIpConfigurationId?: pulumi.Input; /** * The Name of the Frontend IP Configuration used for this Listener. */ frontendIpConfigurationName: pulumi.Input; /** * The ID of the associated Frontend Port. */ frontendPortId?: pulumi.Input; /** * The Name of the Frontend Port use for this Listener. */ frontendPortName: pulumi.Input; /** * A list of Hostname(s) should be used for this Listener. It allows special wildcard characters. * * > **Note:** `hostNames` cannot be set when `protocol` is set to `Tcp`. */ hostNames?: pulumi.Input[]>; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The Name of the Listener. */ name: pulumi.Input; /** * The Protocol to use for this Listener. Possible values are `Tcp`, and `Tls`. */ protocol: pulumi.Input; /** * The ID of the associated SSL Certificate. */ sslCertificateId?: pulumi.Input; /** * The name of the associated SSL Certificate which should be used for this Listener. * * > **Note:** `sslCertificateName` must be set when `protocol` is set to `Tls`. */ sslCertificateName?: pulumi.Input; /** * The ID of the associated SSL Profile. */ sslProfileId?: pulumi.Input; /** * The name of the associated SSL Profile which should be used for this Listener. */ sslProfileName?: pulumi.Input; } interface ApplicationGatewayPrivateEndpointConnection { /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The name of the Application Gateway. Changing this forces a new resource to be created. */ name?: pulumi.Input; } interface ApplicationGatewayPrivateLinkConfiguration { /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * One or more `ipConfiguration` blocks as defined below. * * > **Note:** The `AllowApplicationGatewayPrivateLink` feature must be registered on the subscription before enabling private link * * ```bash * az feature register --name AllowApplicationGatewayPrivateLink --namespace Microsoft.Network * ``` */ ipConfigurations: pulumi.Input[]>; /** * The name of the private link configuration. */ name: pulumi.Input; } interface ApplicationGatewayPrivateLinkConfigurationIpConfiguration { /** * The name of the IP configuration. */ name: pulumi.Input; /** * Is this the Primary IP Configuration? */ primary: pulumi.Input; /** * The Static IP Address which should be used. */ privateIpAddress?: pulumi.Input; /** * The allocation method used for the Private IP Address. Possible values are `Dynamic` and `Static`. */ privateIpAddressAllocation: pulumi.Input; /** * The ID of the subnet the private link configuration should connect to. */ subnetId: pulumi.Input; } interface ApplicationGatewayProbe { /** * The hostname used for this Probe. If the Application Gateway is configured for a single site, by default the hostname should be specified as `127.0.0.1`, unless otherwise configured in custom Probe. * * > **Note:** Exactly one of `host` or `pickHostNameFromBackendHttpSettings` must be set when `protocol` is `Http` or `Https`. Neither can be set when `protocol` is `Tcp` or `Tls`. */ host?: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The interval between two consecutive probes in seconds. Possible values range from `1` to `86400`. */ interval: pulumi.Input; /** * A `match` block as defined above. * * > **Note:** `match` cannot be set when `protocol` is set to `Tcp` or `Tls`. */ match?: pulumi.Input; /** * The minimum number of servers that are always marked as healthy. Defaults to `0`. */ minimumServers?: pulumi.Input; /** * The name of the Probe. */ name: pulumi.Input; /** * The relative URL path of the Probe. Valid value starts with `/`. * * > **Note:** `path` cannot be set when `protocol` is set to `Tcp` or `Tls`. `path` must be specified when `protocol` is `Http` or `Https`. */ path?: pulumi.Input; /** * Whether the host header should be picked from the backend HTTP settings. Defaults to `false`. * * > **Note:** `pickHostNameFromBackendHttpSettings` cannot be set when `protocol` is set to `Tcp` or `Tls`. */ pickHostNameFromBackendHttpSettings?: pulumi.Input; /** * Custom port which will be used for probing the backend servers. Possible values range from `1` to `65535`. * * > **Note:** In case `port` is not set, the port from the backend settings will be used. This property is valid for `Basic`, `Standard_v2`, and `WAF_v2` SKUs only. */ port?: pulumi.Input; /** * The protocol used for this Probe. Possible values are `Http`, `Https`, `Tcp`, and `Tls`. */ protocol: pulumi.Input; /** * Whether the proxy protocol header is enabled for this Probe. Defaults to `false`. * * > **Note:** `proxyProtocolHeaderEnabled` can only be set when `protocol` is `Tcp` or `Tls`. */ proxyProtocolHeaderEnabled?: pulumi.Input; /** * The timeout in seconds used for this Probe, which indicates when a Probe becomes unhealthy. Possible values range from `1` to `86400`. * * > **Note:** The `timeout` value should not be greater than the `interval` value. */ timeout: pulumi.Input; /** * The unhealthy threshold for this Probe, which indicates the amount of retries which should be attempted before a node is deemed unhealthy. Possible values range from `1` to `20`. */ unhealthyThreshold: pulumi.Input; } interface ApplicationGatewayProbeMatch { /** * A snippet from the Response Body which must be present in the Response. */ body?: pulumi.Input; /** * A list of allowed status codes for this Health Probe. */ statusCodes: pulumi.Input[]>; } interface ApplicationGatewayRedirectConfiguration { /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * Whether to include the path in the redirected URL. Defaults to `false` */ includePath?: pulumi.Input; /** * Whether to include the query string in the redirected URL. Default to `false` */ includeQueryString?: pulumi.Input; /** * Unique name of the redirect configuration block */ name: pulumi.Input; /** * The type of redirect. Possible values are `Permanent`, `Temporary`, `Found` and `SeeOther` */ redirectType: pulumi.Input; targetListenerId?: pulumi.Input; /** * The name of the listener to redirect to. Cannot be set if `targetUrl` is set. */ targetListenerName?: pulumi.Input; /** * The URL to redirect the request to. Cannot be set if `targetListenerName` is set. */ targetUrl?: pulumi.Input; } interface ApplicationGatewayRequestRoutingRule { /** * The ID of the associated Backend Address Pool. */ backendAddressPoolId?: pulumi.Input; /** * The Name of the Backend Address Pool which should be used for this Routing Rule. Cannot be set if `redirectConfigurationName` is set. */ backendAddressPoolName?: pulumi.Input; /** * The ID of the associated Backend HTTP Settings Configuration. */ backendHttpSettingsId?: pulumi.Input; /** * The Name of the Backend HTTP Settings Collection which should be used for this Routing Rule. Cannot be set if `redirectConfigurationName` is set. */ backendHttpSettingsName?: pulumi.Input; /** * The ID of the associated HTTP Listener. */ httpListenerId?: pulumi.Input; /** * The Name of the HTTP Listener which should be used for this Routing Rule. */ httpListenerName: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The Name of this Request Routing Rule. */ name: pulumi.Input; /** * Rule evaluation order can be dictated by specifying an integer value from `1` to `20000` with `1` being the highest priority and `20000` being the lowest priority. * * > **Note:** `priority` is required when `sku[0].tier` is set to `*_v2`. */ priority?: pulumi.Input; /** * The ID of the associated Redirect Configuration. */ redirectConfigurationId?: pulumi.Input; /** * The Name of the Redirect Configuration which should be used for this Routing Rule. Cannot be set if either `backendAddressPoolName` or `backendHttpSettingsName` is set. */ redirectConfigurationName?: pulumi.Input; /** * The ID of the associated Rewrite Rule Set. */ rewriteRuleSetId?: pulumi.Input; /** * The Name of the Rewrite Rule Set which should be used for this Routing Rule. Only valid for v2 SKUs. * * > **Note:** `backendAddressPoolName`, `backendHttpSettingsName`, `redirectConfigurationName`, and `rewriteRuleSetName` are applicable only when `ruleType` is `Basic`. */ rewriteRuleSetName?: pulumi.Input; /** * The Type of Routing that should be used for this Rule. Possible values are `Basic` and `PathBasedRouting`. */ ruleType: pulumi.Input; /** * The ID of the associated URL Path Map. */ urlPathMapId?: pulumi.Input; /** * The Name of the URL Path Map which should be associated with this Routing Rule. */ urlPathMapName?: pulumi.Input; } interface ApplicationGatewayRewriteRuleSet { /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * Unique name of the rewrite rule set block */ name: pulumi.Input; /** * One or more `rewriteRule` blocks as defined below. */ rewriteRules?: pulumi.Input[]>; } interface ApplicationGatewayRewriteRuleSetRewriteRule { /** * One or more `condition` blocks as defined above. */ conditions?: pulumi.Input[]>; /** * Unique name of the rewrite rule block */ name: pulumi.Input; /** * One or more `requestHeaderConfiguration` blocks as defined above. */ requestHeaderConfigurations?: pulumi.Input[]>; /** * One or more `responseHeaderConfiguration` blocks as defined above. */ responseHeaderConfigurations?: pulumi.Input[]>; /** * Rule sequence of the rewrite rule that determines the order of execution in a set. */ ruleSequence: pulumi.Input; /** * One `url` block as defined below */ url?: pulumi.Input; } interface ApplicationGatewayRewriteRuleSetRewriteRuleCondition { /** * Perform a case in-sensitive comparison. Defaults to `false` */ ignoreCase?: pulumi.Input; /** * Negate the result of the condition evaluation. Defaults to `false` */ negate?: pulumi.Input; /** * The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. */ pattern: pulumi.Input; /** * The [variable](https://docs.microsoft.com/azure/application-gateway/rewrite-http-headers#server-variables) of the condition. */ variable: pulumi.Input; } interface ApplicationGatewayRewriteRuleSetRewriteRuleRequestHeaderConfiguration { /** * Header name of the header configuration. */ headerName: pulumi.Input; /** * Header value of the header configuration. To delete a request header set this property to an empty string. */ headerValue: pulumi.Input; } interface ApplicationGatewayRewriteRuleSetRewriteRuleResponseHeaderConfiguration { /** * Header name of the header configuration. */ headerName: pulumi.Input; /** * Header value of the header configuration. To delete a response header set this property to an empty string. */ headerValue: pulumi.Input; } interface ApplicationGatewayRewriteRuleSetRewriteRuleUrl { /** * The components used to rewrite the URL. Possible values are `pathOnly` and `queryStringOnly` to limit the rewrite to the URL Path or URL Query String only. * * > **Note:** One or both of `path` and `queryString` must be specified. If one of these is not specified, it means the value will be empty. If you only want to rewrite `path` or `queryString`, use `components`. */ components?: pulumi.Input; /** * The URL path to rewrite. */ path?: pulumi.Input; /** * The query string to rewrite. */ queryString?: pulumi.Input; /** * Whether the URL path map should be reevaluated after this rewrite has been applied. [More info on rewrite configuration](https://docs.microsoft.com/azure/application-gateway/rewrite-http-headers-url#rewrite-configuration) */ reroute?: pulumi.Input; } interface ApplicationGatewayRoutingRule { /** * The ID of the associated Backend Address Pool. */ backendAddressPoolId?: pulumi.Input; /** * The Name of the Backend Address Pool which should be used for this Routing Rule. */ backendAddressPoolName: pulumi.Input; /** * The ID of the associated Backend Settings. */ backendId?: pulumi.Input; /** * The Name of the Backend Settings which should be used for this Routing Rule. */ backendName: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The ID of the associated Listener. */ listenerId?: pulumi.Input; /** * The Name of the Listener which should be used for this Routing Rule. */ listenerName: pulumi.Input; /** * The Name of this Routing Rule. */ name: pulumi.Input; /** * The routing rule priority, indicating the order in which rules are evaluated. Possible values range between `1` and `20000`, with `1` being the highest priority and `20000` being the lowest priority. */ priority: pulumi.Input; } interface ApplicationGatewaySku { /** * The Capacity of the SKU to use for this Application Gateway. When using a V1 SKU this value must be between `1` and `32`, and `1` to `125` for a V2 SKU. When using a `Basic` SKU this property must be between `1` and `2`. This property is optional if `autoscaleConfiguration` is set. */ capacity?: pulumi.Input; /** * The Name of the SKU to use for this Application Gateway. Possible values are `Basic`, `Standard_Small`, `Standard_Medium`, `Standard_Large`, `Standard_v2`, `WAF_Large`, `WAF_Medium` and `WAF_v2`. * * > **Note:** `Standard_Small`, `Standard_Medium`, `Standard_Large`, `WAF_Medium`, and `WAF_Large` values are deprecated. `name` can no longer be created with or updated to these values. Refer to . */ name: pulumi.Input; /** * The Tier of the SKU to use for this Application Gateway. Possible values are `Basic`, `Standard`, `Standard_v2`, `WAF`, and `WAF_v2`. * * > **Note:** `Standard` and `WAF` values are deprecated. `tier` can no longer be created with or updated to these values. Refer to . */ tier: pulumi.Input; } interface ApplicationGatewaySslCertificate { /** * The base64-encoded PFX certificate data. Required if `keyVaultSecretId` is not set. * * > **Note:** When specifying a file, use `data = filebase64("path/to/file")` to encode the contents of that file. */ data?: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The Secret ID of the (base-64 encoded unencrypted pfx) `Secret` or `Certificate` object stored in Azure KeyVault. You need to enable soft delete for Key Vault to use this feature. Required if `data` is not set. * * > **Note:** To implement certificate rotation, the `azure.keyvault.Secret` attribute `versionlessId` should be used, although `id` is also supported. * * > **Note:** TLS termination with Key Vault certificates is limited to the [v2 SKUs](https://docs.microsoft.com/azure/application-gateway/key-vault-certs). * * > **Note:** For TLS termination with Key Vault certificates to work properly, an existing user-assigned managed identity, which Application Gateway uses to retrieve certificates from Key Vault, should be defined via `identity` block. Additionally, access policies in the Key Vault to allow the identity to be granted *get* access to the secret should be defined. */ keyVaultSecretId?: pulumi.Input; /** * The Name of the SSL certificate that is unique within this Application Gateway */ name: pulumi.Input; /** * Password for the pfx file specified in data. Required if `data` is set. */ password?: pulumi.Input; /** * The Public Certificate Data associated with the SSL Certificate. */ publicCertData?: pulumi.Input; } interface ApplicationGatewaySslPolicy { cipherSuites?: pulumi.Input[]>; /** * A list of SSL Protocols which should be disabled on this Application Gateway. Possible values are `TLSv1_0`, `TLSv1_1`, `TLSv1_2` and `TLSv1_3`. * * > **Note:** `disabledProtocols` cannot be set when `policyName` or `policyType` are set. */ disabledProtocols?: pulumi.Input[]>; minProtocolVersion?: pulumi.Input; policyName?: pulumi.Input; /** * The Type of the Policy. Possible values are `Predefined`, `Custom` and `CustomV2`. * * > **Note:** `policyType` is Required when `policyName` is set - cannot be set if `disabledProtocols` is set. */ policyType?: pulumi.Input; } interface ApplicationGatewaySslProfile { /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The name of the SSL Profile that is unique within this Application Gateway. */ name: pulumi.Input; /** * a `sslPolicy` block as defined below. */ sslPolicy?: pulumi.Input; /** * The name of the Trusted Client Certificate that will be used to authenticate requests from clients. */ trustedClientCertificateNames?: pulumi.Input[]>; /** * @deprecated the `ssl_profile.verify_client_cert_issuer_dn` property has been deprecated in favour of the `ssl_profile.verify_client_certificate_issuer_dn` property and will be removed in v5.0 of the AzureRM provider */ verifyClientCertIssuerDn?: pulumi.Input; /** * Should client certificate issuer DN be verified? Defaults to `false`. */ verifyClientCertificateIssuerDn?: pulumi.Input; /** * Specify the method to check client certificate revocation status. Possible value is `OCSP`. */ verifyClientCertificateRevocation?: pulumi.Input; } interface ApplicationGatewaySslProfileSslPolicy { cipherSuites?: pulumi.Input[]>; /** * A list of SSL Protocols which should be disabled on this Application Gateway. Possible values are `TLSv1_0`, `TLSv1_1`, `TLSv1_2` and `TLSv1_3`. * * > **Note:** `disabledProtocols` cannot be set when `policyName` or `policyType` are set. */ disabledProtocols?: pulumi.Input[]>; minProtocolVersion?: pulumi.Input; policyName?: pulumi.Input; /** * The Type of the Policy. Possible values are `Predefined`, `Custom` and `CustomV2`. * * > **Note:** `policyType` is Required when `policyName` is set - cannot be set if `disabledProtocols` is set. */ policyType?: pulumi.Input; } interface ApplicationGatewayTrustedClientCertificate { /** * The base-64 encoded certificate. */ data: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The name of the Trusted Client Certificate that is unique within this Application Gateway. */ name: pulumi.Input; } interface ApplicationGatewayTrustedRootCertificate { /** * The contents of the Trusted Root Certificate which should be used. Required if `keyVaultSecretId` is not set. */ data?: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The Secret ID of the (base-64 encoded unencrypted pfx) `Secret` or `Certificate` object stored in Azure KeyVault. You need to enable soft delete for the Key Vault to use this feature. Required if `data` is not set. * * > **Note:** To implement certificate rotation, `versionlessSecretId` should be used, although `secretId` is also supported. * * > **Note:** TLS termination with Key Vault certificates is limited to the [v2 SKUs](https://docs.microsoft.com/azure/application-gateway/key-vault-certs). * * > **Note:** For TLS termination with Key Vault certificates to work properly, an existing user-assigned managed identity, which Application Gateway uses to retrieve certificates from Key Vault, should be defined via `identity` block. Additionally, access policies in the Key Vault to allow the identity to be granted *get* access to the secret should be defined. */ keyVaultSecretId?: pulumi.Input; /** * The Name of the Trusted Root Certificate to use. */ name: pulumi.Input; } interface ApplicationGatewayUrlPathMap { /** * The ID of the Default Backend Address Pool. */ defaultBackendAddressPoolId?: pulumi.Input; /** * The Name of the Default Backend Address Pool which should be used for this URL Path Map. Cannot be set if `defaultRedirectConfigurationName` is set. */ defaultBackendAddressPoolName?: pulumi.Input; /** * The ID of the Default Backend HTTP Settings Collection. */ defaultBackendHttpSettingsId?: pulumi.Input; /** * The Name of the Default Backend HTTP Settings Collection which should be used for this URL Path Map. Cannot be set if `defaultRedirectConfigurationName` is set. */ defaultBackendHttpSettingsName?: pulumi.Input; /** * The ID of the Default Redirect Configuration. */ defaultRedirectConfigurationId?: pulumi.Input; /** * The Name of the Default Redirect Configuration which should be used for this URL Path Map. Cannot be set if either `defaultBackendAddressPoolName` or `defaultBackendHttpSettingsName` is set. * * > **Note:** Both `defaultBackendAddressPoolName` and `defaultBackendHttpSettingsName` or `defaultRedirectConfigurationName` should be specified. */ defaultRedirectConfigurationName?: pulumi.Input; defaultRewriteRuleSetId?: pulumi.Input; /** * The Name of the Default Rewrite Rule Set which should be used for this URL Path Map. Only valid for v2 SKUs. */ defaultRewriteRuleSetName?: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The Name of the URL Path Map. */ name: pulumi.Input; /** * One or more `pathRule` blocks as defined above. */ pathRules: pulumi.Input[]>; } interface ApplicationGatewayUrlPathMapPathRule { /** * The ID of the associated Backend Address Pool. */ backendAddressPoolId?: pulumi.Input; /** * The Name of the Backend Address Pool to use for this Path Rule. Cannot be set if `redirectConfigurationName` is set. */ backendAddressPoolName?: pulumi.Input; /** * The ID of the associated Backend HTTP Settings Configuration. */ backendHttpSettingsId?: pulumi.Input; /** * The Name of the Backend HTTP Settings Collection to use for this Path Rule. Cannot be set if `redirectConfigurationName` is set. */ backendHttpSettingsName?: pulumi.Input; /** * The ID of the Web Application Firewall Policy which should be used as an HTTP Listener. */ firewallPolicyId?: pulumi.Input; /** * The ID of the Rewrite Rule Set */ id?: pulumi.Input; /** * The Name of the Path Rule. */ name: pulumi.Input; /** * A list of Paths used in this Path Rule. */ paths: pulumi.Input[]>; /** * The ID of the associated Redirect Configuration. */ redirectConfigurationId?: pulumi.Input; /** * The Name of a Redirect Configuration to use for this Path Rule. Cannot be set if `backendAddressPoolName` or `backendHttpSettingsName` is set. */ redirectConfigurationName?: pulumi.Input; /** * The ID of the associated Rewrite Rule Set. */ rewriteRuleSetId?: pulumi.Input; /** * The Name of the Rewrite Rule Set which should be used for this URL Path Map. Only valid for v2 SKUs. */ rewriteRuleSetName?: pulumi.Input; } interface ApplicationGatewayWafConfiguration { /** * One or more `disabledRuleGroup` blocks as defined below. */ disabledRuleGroups?: pulumi.Input[]>; /** * Is the Web Application Firewall enabled? */ enabled: pulumi.Input; /** * One or more `exclusion` blocks as defined below. */ exclusions?: pulumi.Input[]>; /** * The File Upload Limit in MB. Accepted values are in the range `1`MB to `750`MB for the `WAF_v2` SKU, and `1`MB to `500`MB for all other SKUs. Defaults to `100`MB. */ fileUploadLimitMb?: pulumi.Input; /** * The Web Application Firewall Mode. Possible values are `Detection` and `Prevention`. */ firewallMode: pulumi.Input; /** * The Maximum Request Body Size in KB. Accepted values are in the range `1`KB to `128`KB. Defaults to `128`KB. */ maxRequestBodySizeKb?: pulumi.Input; /** * Is Request Body Inspection enabled? Defaults to `true`. */ requestBodyCheck?: pulumi.Input; /** * The Type of the Rule Set used for this Web Application Firewall. Possible values are `OWASP`, `Microsoft_BotManagerRuleSet` and `Microsoft_DefaultRuleSet`. Defaults to `OWASP`. */ ruleSetType?: pulumi.Input; /** * The Version of the Rule Set used for this Web Application Firewall. Possible values are `0.1`, `1.0`, `1.1`, `2.1`, `2.2`, `2.2.9`, `3.0`, `3.1` and `3.2`. */ ruleSetVersion: pulumi.Input; } interface ApplicationGatewayWafConfigurationDisabledRuleGroup { /** * The rule group where specific rules should be disabled. Possible values are `BadBots`, `crs20ProtocolViolations`, `crs21ProtocolAnomalies`, `crs23RequestLimits`, `crs30HttpPolicy`, `crs35BadRobots`, `crs40GenericAttacks`, `crs41SqlInjectionAttacks`, `crs41XssAttacks`, `crs42TightSecurity`, `crs45Trojans`, `crs49InboundBlocking`, `General`, `GoodBots`, `KnownBadBots`, `Known-CVEs`, `REQUEST-911-METHOD-ENFORCEMENT`, `REQUEST-913-SCANNER-DETECTION`, `REQUEST-920-PROTOCOL-ENFORCEMENT`, `REQUEST-921-PROTOCOL-ATTACK`, `REQUEST-930-APPLICATION-ATTACK-LFI`, `REQUEST-931-APPLICATION-ATTACK-RFI`, `REQUEST-932-APPLICATION-ATTACK-RCE`, `REQUEST-933-APPLICATION-ATTACK-PHP`, `REQUEST-941-APPLICATION-ATTACK-XSS`, `REQUEST-942-APPLICATION-ATTACK-SQLI`, `REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION`, `REQUEST-944-APPLICATION-ATTACK-JAVA`, `UnknownBots`, `METHOD-ENFORCEMENT`, `PROTOCOL-ENFORCEMENT`, `PROTOCOL-ATTACK`, `LFI`, `RFI`, `RCE`, `PHP`, `NODEJS`, `XSS`, `SQLI`, `FIX`, `JAVA`, `MS-ThreatIntel-WebShells`, `MS-ThreatIntel-AppSec`, `MS-ThreatIntel-SQLI`, `MS-ThreatIntel-CVEs` and `MS-ThreatIntel-XSS`. */ ruleGroupName: pulumi.Input; /** * A list of rules which should be disabled in that group. Disables all rules in the specified group if `rules` is not specified. */ rules?: pulumi.Input[]>; } interface ApplicationGatewayWafConfigurationExclusion { /** * Match variable of the exclusion rule to exclude header, cookie or GET arguments. Possible values are `RequestArgKeys`, `RequestArgNames`, `RequestArgValues`, `RequestCookieKeys`, `RequestCookieNames`, `RequestCookieValues`, `RequestHeaderKeys`, `RequestHeaderNames` and `RequestHeaderValues` */ matchVariable: pulumi.Input; /** * String value which will be used for the filter operation. If empty will exclude all traffic on this `matchVariable` */ selector?: pulumi.Input; /** * Operator which will be used to search in the variable content. Possible values are `Contains`, `EndsWith`, `Equals`, `EqualsAny` and `StartsWith`. If empty will exclude all traffic on this `matchVariable` */ selectorMatchOperator?: pulumi.Input; } interface ExpressRouteCircuitPeeringIpv6 { /** * A boolean value indicating whether the IPv6 peering is enabled. Defaults to `true`. */ enabled?: pulumi.Input; /** * A `microsoftPeering` block as defined below. */ microsoftPeering?: pulumi.Input; /** * A subnet for the primary link. */ primaryPeerAddressPrefix: pulumi.Input; /** * The ID of the Route Filter. Only available when `peeringType` is set to `MicrosoftPeering`. * * > **Note:** `ipv6` can be specified when `peeringType` is `MicrosoftPeering` or `AzurePrivatePeering` */ routeFilterId?: pulumi.Input; /** * A subnet for the secondary link. */ secondaryPeerAddressPrefix: pulumi.Input; } interface ExpressRouteCircuitPeeringIpv6MicrosoftPeering { /** * The communities of Bgp Peering specified for microsoft peering. */ advertisedCommunities?: pulumi.Input[]>; /** * A list of Advertised Public Prefixes. */ advertisedPublicPrefixes?: pulumi.Input[]>; /** * The CustomerASN of the peering. Defaults to `0`. */ customerAsn?: pulumi.Input; /** * The Routing Registry against which the AS number and prefixes are registered. For example: `ARIN`, `RIPE`, `AFRINIC` etc. Defaults to `NONE`. */ routingRegistryName?: pulumi.Input; } interface ExpressRouteCircuitPeeringMicrosoftPeeringConfig { /** * The communities of Bgp Peering specified for microsoft peering. */ advertisedCommunities?: pulumi.Input[]>; /** * A list of Advertised Public Prefixes. */ advertisedPublicPrefixes: pulumi.Input[]>; /** * The CustomerASN of the peering. Defaults to `0`. */ customerAsn?: pulumi.Input; /** * The Routing Registry against which the AS number and prefixes are registered. For example: `ARIN`, `RIPE`, `AFRINIC` etc. Defaults to `NONE`. */ routingRegistryName?: pulumi.Input; } interface ExpressRouteCircuitSku { /** * The billing mode for bandwidth. Possible values are `MeteredData` or `UnlimitedData`. * * > **Note:** You can migrate from `MeteredData` to `UnlimitedData`, but not the other way around. */ family: pulumi.Input; /** * The service tier. Possible values are `Basic`, `Local`, `Standard` or `Premium`. */ tier: pulumi.Input; } interface ExpressRouteConnectionRouting { /** * The ID of the Virtual Hub Route Table associated with this Express Route Connection. */ associatedRouteTableId?: pulumi.Input; /** * The ID of the Route Map associated with this Express Route Connection for inbound routes. */ inboundRouteMapId?: pulumi.Input; /** * The ID of the Route Map associated with this Express Route Connection for outbound routes. */ outboundRouteMapId?: pulumi.Input; /** * A `propagatedRouteTable` block as defined below. */ propagatedRouteTable?: pulumi.Input; } interface ExpressRouteConnectionRoutingPropagatedRouteTable { /** * The list of labels to logically group route tables. */ labels?: pulumi.Input[]>; /** * A list of IDs of the Virtual Hub Route Table to propagate routes from Express Route Connection to the route table. */ routeTableIds?: pulumi.Input[]>; } interface ExpressRoutePortIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Express Route Port. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Express Route Port. Only possible value is `UserAssigned`. */ type: pulumi.Input; } interface ExpressRoutePortLink1 { /** * Whether enable administration state on the Express Route Port Link? Defaults to `false`. */ adminEnabled?: pulumi.Input; /** * The connector type of the Express Route Port Link. */ connectorType?: pulumi.Input; /** * The ID of this Express Route Port Link. */ id?: pulumi.Input; /** * The interface name of the Azure router associated with the Express Route Port Link. */ interfaceName?: pulumi.Input; /** * The ID of the Key Vault Secret that contains the Mac security CAK key for this Express Route Port Link. */ macsecCakKeyvaultSecretId?: pulumi.Input; /** * The MACSec cipher used for this Express Route Port Link. Possible values are `GcmAes128`, `GcmAes256`, `GcmAesXpn128` and `GcmAesXpn256`. Defaults to `GcmAes128`. */ macsecCipher?: pulumi.Input; /** * The ID of the Key Vault Secret that contains the MACSec CKN key for this Express Route Port Link. */ macsecCknKeyvaultSecretId?: pulumi.Input; /** * Should Secure Channel Identifier on the Express Route Port Link be enabled? Defaults to `false`. * * > **Note:** `macsecCknKeyvaultSecretId` and `macsecCakKeyvaultSecretId` should be used together with `identity`, so that the Express Route Port instance have the right permission to access the Key Vault. */ macsecSciEnabled?: pulumi.Input; /** * The ID that maps from the Express Route Port Link to the patch panel port. */ patchPanelId?: pulumi.Input; /** * The ID that maps from the patch panel port to the rack. */ rackId?: pulumi.Input; /** * The name of the Azure router associated with the Express Route Port Link. */ routerName?: pulumi.Input; } interface ExpressRoutePortLink2 { /** * Whether enable administration state on the Express Route Port Link? Defaults to `false`. */ adminEnabled?: pulumi.Input; /** * The connector type of the Express Route Port Link. */ connectorType?: pulumi.Input; /** * The ID of this Express Route Port Link. */ id?: pulumi.Input; /** * The interface name of the Azure router associated with the Express Route Port Link. */ interfaceName?: pulumi.Input; /** * The ID of the Key Vault Secret that contains the Mac security CAK key for this Express Route Port Link. */ macsecCakKeyvaultSecretId?: pulumi.Input; /** * The MACSec cipher used for this Express Route Port Link. Possible values are `GcmAes128`, `GcmAes256`, `GcmAesXpn128` and `GcmAesXpn256`. Defaults to `GcmAes128`. */ macsecCipher?: pulumi.Input; /** * The ID of the Key Vault Secret that contains the MACSec CKN key for this Express Route Port Link. */ macsecCknKeyvaultSecretId?: pulumi.Input; /** * Should Secure Channel Identifier on the Express Route Port Link be enabled? Defaults to `false`. * * > **Note:** `macsecCknKeyvaultSecretId` and `macsecCakKeyvaultSecretId` should be used together with `identity`, so that the Express Route Port instance have the right permission to access the Key Vault. */ macsecSciEnabled?: pulumi.Input; /** * The ID that maps from the Express Route Port Link to the patch panel port. */ patchPanelId?: pulumi.Input; /** * The ID that maps from the patch panel port to the rack. */ rackId?: pulumi.Input; /** * The name of the Azure router associated with the Express Route Port Link. */ routerName?: pulumi.Input; } interface FirewallApplicationRuleCollectionRule { /** * Specifies a description for the rule. */ description?: pulumi.Input; /** * A list of FQDN tags. Possible values are `AppServiceEnvironment`, `AzureBackup`, `AzureKubernetesService`, `HDInsight`, `MicrosoftActiveProtectionService`, `WindowsDiagnostics`, `WindowsUpdate` and `WindowsVirtualDesktop`. */ fqdnTags?: pulumi.Input[]>; /** * Specifies the name of the rule. */ name: pulumi.Input; /** * One or more `protocol` blocks as defined below. */ protocols?: pulumi.Input[]>; /** * A list of source IP addresses and/or IP ranges. */ sourceAddresses?: pulumi.Input[]>; /** * A list of source IP Group IDs for the rule. * * > **Note:** At least one of `sourceAddresses` and `sourceIpGroups` must be specified for a rule. */ sourceIpGroups?: pulumi.Input[]>; /** * A list of FQDNs. */ targetFqdns?: pulumi.Input[]>; } interface FirewallApplicationRuleCollectionRuleProtocol { /** * Specify a port for the connection. */ port: pulumi.Input; /** * Specifies the type of connection. Possible values are `Http`, `Https` and `Mssql`. */ type: pulumi.Input; } interface FirewallIpConfiguration { /** * Specifies the name of the IP Configuration. */ name: pulumi.Input; /** * The private IP address associated with the Firewall. */ privateIpAddress?: pulumi.Input; /** * The ID of the Public IP Address associated with the firewall. * * > **Note:** A public ip address is required unless a `managementIpConfiguration` block is specified. * * > **Note:** When multiple `ipConfiguration` blocks with `publicIpAddressId` are configured, `pulumi up` will raise an error when one or some of these `ipConfiguration` blocks are removed. because the `publicIpAddressId` is still used by the `firewall` resource until the `firewall` resource is updated. and the destruction of `azure.network.PublicIp` happens before the update of firewall by default. to destroy of `azure.network.PublicIp` will cause the error. The workaround is to set `create_before_destroy=true` to the `azure.network.PublicIp` resource `lifecycle` block. See more detail: destroying.md#create-before-destroy * * > **Note:** The Public IP must have a `Static` allocation and `Standard` SKU. */ publicIpAddressId?: pulumi.Input; /** * Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created. * * > **Note:** The Subnet used for the Firewall must have the name `AzureFirewallSubnet` and the subnet mask must be at least a `/26`. * * > **Note:** At least one and only one `ipConfiguration` block may contain a `subnetId`. */ subnetId?: pulumi.Input; } interface FirewallManagementIpConfiguration { /** * Specifies the name of the IP Configuration. */ name: pulumi.Input; /** * The private IP address associated with the Firewall. */ privateIpAddress?: pulumi.Input; /** * The ID of the Public IP Address associated with the firewall. * * > **Note:** The Public IP must have a `Static` allocation and `Standard` SKU. */ publicIpAddressId: pulumi.Input; /** * Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created. * * > **Note:** The Management Subnet used for the Firewall must have the name `AzureFirewallManagementSubnet` and the subnet mask must be at least a `/26`. */ subnetId: pulumi.Input; } interface FirewallNatRuleCollectionRule { /** * Specifies a description for the rule. */ description?: pulumi.Input; /** * A list of destination IP addresses and/or IP ranges. */ destinationAddresses: pulumi.Input[]>; /** * A list of destination ports. */ destinationPorts: pulumi.Input[]>; /** * Specifies the name of the rule. */ name: pulumi.Input; /** * A list of protocols. Possible values are `Any`, `ICMP`, `TCP` and `UDP`. If `action` is `Dnat`, protocols can only be `TCP` and `UDP`. */ protocols: pulumi.Input[]>; /** * A list of source IP addresses and/or IP ranges. */ sourceAddresses?: pulumi.Input[]>; /** * A list of source IP Group IDs for the rule. * * > **Note:** At least one of `sourceAddresses` and `sourceIpGroups` must be specified for a rule. */ sourceIpGroups?: pulumi.Input[]>; /** * The address of the service behind the Firewall. */ translatedAddress: pulumi.Input; /** * The port of the service behind the Firewall. */ translatedPort: pulumi.Input; } interface FirewallNetworkRuleCollectionRule { /** * Specifies a description for the rule. */ description?: pulumi.Input; /** * Either a list of destination IP addresses and/or IP ranges, or a list of destination [Service Tags](https://docs.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags). */ destinationAddresses?: pulumi.Input[]>; /** * A list of destination FQDNS for the rule. * * > **Note:** [You must enable DNS Proxy to use FQDNs in your network rules](https://docs.microsoft.com/azure/firewall/fqdn-filtering-network-rules). * * > **Note:** At least one of `destinationAddresses`, `destinationIpGroups` and `destinationFqdns` must be specified for a rule. */ destinationFqdns?: pulumi.Input[]>; /** * A list of destination IP Group IDs for the rule. */ destinationIpGroups?: pulumi.Input[]>; /** * A list of destination ports. */ destinationPorts: pulumi.Input[]>; /** * Specifies the name of the rule. */ name: pulumi.Input; /** * A list of protocols. Possible values are `Any`, `ICMP`, `TCP` and `UDP`. */ protocols: pulumi.Input[]>; /** * A list of source IP addresses and/or IP ranges. */ sourceAddresses?: pulumi.Input[]>; /** * A list of IP Group IDs for the rule. * * > **Note:** At least one of `sourceAddresses` and `sourceIpGroups` must be specified for a rule. */ sourceIpGroups?: pulumi.Input[]>; } interface FirewallPolicyDns { /** * Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to `false`. */ proxyEnabled?: pulumi.Input; /** * A list of custom DNS servers' IP addresses. */ servers?: pulumi.Input[]>; } interface FirewallPolicyExplicitProxy { /** * Whether the pac file port and url need to be provided. */ enablePacFile?: pulumi.Input; /** * Whether the explicit proxy is enabled for this Firewall Policy. */ enabled?: pulumi.Input; /** * The port number for explicit http protocol. */ httpPort?: pulumi.Input; /** * The port number for explicit proxy https protocol. */ httpsPort?: pulumi.Input; /** * Specifies a SAS URL for PAC file. */ pacFile?: pulumi.Input; /** * Specifies a port number for firewall to serve PAC file. */ pacFilePort?: pulumi.Input; } interface FirewallPolicyIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is `UserAssigned`. */ type: pulumi.Input; } interface FirewallPolicyInsights { /** * The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the `logAnalyticsWorkspace`. */ defaultLogAnalyticsWorkspaceId: pulumi.Input; /** * Whether the insights functionality is enabled for this Firewall Policy. */ enabled: pulumi.Input; /** * A list of `logAnalyticsWorkspace` block as defined below. */ logAnalyticsWorkspaces?: pulumi.Input[]>; /** * The log retention period in days. */ retentionInDays?: pulumi.Input; } interface FirewallPolicyInsightsLogAnalyticsWorkspace { /** * The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs. */ firewallLocation: pulumi.Input; /** * The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the `firewallLocation`. */ id: pulumi.Input; } interface FirewallPolicyIntrusionDetection { /** * In which mode you want to run intrusion detection: `Off`, `Alert` or `Deny`. */ mode?: pulumi.Input; /** * A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. */ privateRanges?: pulumi.Input[]>; /** * One or more `signatureOverrides` blocks as defined below. */ signatureOverrides?: pulumi.Input[]>; /** * One or more `trafficBypass` blocks as defined below. */ trafficBypasses?: pulumi.Input[]>; } interface FirewallPolicyIntrusionDetectionSignatureOverride { /** * 12-digit number (id) which identifies your signature. */ id?: pulumi.Input; /** * state can be any of `Off`, `Alert` or `Deny`. */ state?: pulumi.Input; } interface FirewallPolicyIntrusionDetectionTrafficBypass { /** * The description for this bypass traffic setting. */ description?: pulumi.Input; /** * Specifies a list of destination IP addresses that shall be bypassed by intrusion detection. */ destinationAddresses?: pulumi.Input[]>; /** * Specifies a list of destination IP groups that shall be bypassed by intrusion detection. */ destinationIpGroups?: pulumi.Input[]>; /** * Specifies a list of destination IP ports that shall be bypassed by intrusion detection. */ destinationPorts?: pulumi.Input[]>; /** * The name which should be used for this bypass traffic setting. */ name: pulumi.Input; /** * The protocols any of `ANY`, `TCP`, `ICMP`, `UDP` that shall be bypassed by intrusion detection. */ protocol: pulumi.Input; /** * Specifies a list of source addresses that shall be bypassed by intrusion detection. */ sourceAddresses?: pulumi.Input[]>; /** * Specifies a list of source IP groups that shall be bypassed by intrusion detection. */ sourceIpGroups?: pulumi.Input[]>; } interface FirewallPolicyRuleCollectionGroupApplicationRuleCollection { /** * The action to take for the application rules in this collection. Possible values are `Allow` and `Deny`. */ action: pulumi.Input; /** * The name which should be used for this application rule collection. */ name: pulumi.Input; /** * The priority of the application rule collection. The range is `100` - `65000`. */ priority: pulumi.Input; /** * One or more `applicationRule` blocks as defined below. */ rules: pulumi.Input[]>; } interface FirewallPolicyRuleCollectionGroupApplicationRuleCollectionRule { description?: pulumi.Input; destinationAddresses?: pulumi.Input[]>; /** * Specifies a list of destination FQDN tags. */ destinationFqdnTags?: pulumi.Input[]>; destinationFqdns?: pulumi.Input[]>; /** * Specifies a list of destination URLs for which policy should hold. Needs Premium SKU for Firewall Policy. Conflicts with `destinationFqdns`. */ destinationUrls?: pulumi.Input[]>; /** * Specifies a list of HTTP/HTTPS headers to insert. One or more `httpHeaders` blocks as defined below. */ httpHeaders?: pulumi.Input[]>; /** * The name which should be used for this Firewall Policy Rule Collection Group. Changing this forces a new Firewall Policy Rule Collection Group to be created. */ name: pulumi.Input; protocols?: pulumi.Input[]>; sourceAddresses?: pulumi.Input[]>; sourceIpGroups?: pulumi.Input[]>; /** * Boolean specifying if TLS shall be terminated (true) or not (false). Must be `true` when using `destinationUrls`. Needs Premium SKU for Firewall Policy. */ terminateTls?: pulumi.Input; /** * Specifies a list of web categories to which access is denied or allowed depending on the value of `action` above. Needs Premium SKU for Firewall Policy. */ webCategories?: pulumi.Input[]>; } interface FirewallPolicyRuleCollectionGroupApplicationRuleCollectionRuleHttpHeader { /** * Specifies the name of the header. */ name: pulumi.Input; /** * Specifies the value of the value. */ value: pulumi.Input; } interface FirewallPolicyRuleCollectionGroupApplicationRuleCollectionRuleProtocol { /** * Port number of the protocol. Range is 0-64000. */ port: pulumi.Input; /** * Protocol type. Possible values are `Http` and `Https`. */ type: pulumi.Input; } interface FirewallPolicyRuleCollectionGroupNatRuleCollection { /** * The action to take for the NAT rules in this collection. Currently, the only possible value is `Dnat`. */ action: pulumi.Input; /** * The name which should be used for this NAT rule collection. */ name: pulumi.Input; /** * The priority of the NAT rule collection. The range is `100` - `65000`. */ priority: pulumi.Input; /** * A `natRule` block as defined below. */ rules: pulumi.Input[]>; } interface FirewallPolicyRuleCollectionGroupNatRuleCollectionRule { description?: pulumi.Input; /** * The destination IP address (including CIDR). */ destinationAddress?: pulumi.Input; destinationPorts?: pulumi.Input; /** * The name which should be used for this Firewall Policy Rule Collection Group. Changing this forces a new Firewall Policy Rule Collection Group to be created. */ name: pulumi.Input; protocols: pulumi.Input[]>; sourceAddresses?: pulumi.Input[]>; sourceIpGroups?: pulumi.Input[]>; /** * Specifies the translated address. */ translatedAddress?: pulumi.Input; /** * Specifies the translated FQDN. * * > **Note:** Exactly one of `translatedAddress` and `translatedFqdn` should be set. */ translatedFqdn?: pulumi.Input; /** * Specifies the translated port. */ translatedPort: pulumi.Input; } interface FirewallPolicyRuleCollectionGroupNetworkRuleCollection { /** * The action to take for the network rules in this collection. Possible values are `Allow` and `Deny`. */ action: pulumi.Input; /** * The name which should be used for this network rule collection. */ name: pulumi.Input; /** * The priority of the network rule collection. The range is `100` - `65000`. */ priority: pulumi.Input; /** * One or more `networkRule` blocks as defined below. */ rules: pulumi.Input[]>; } interface FirewallPolicyRuleCollectionGroupNetworkRuleCollectionRule { description?: pulumi.Input; destinationAddresses?: pulumi.Input[]>; destinationFqdns?: pulumi.Input[]>; /** * Specifies a list of destination IP groups. */ destinationIpGroups?: pulumi.Input[]>; destinationPorts: pulumi.Input[]>; /** * The name which should be used for this Firewall Policy Rule Collection Group. Changing this forces a new Firewall Policy Rule Collection Group to be created. */ name: pulumi.Input; protocols: pulumi.Input[]>; sourceAddresses?: pulumi.Input[]>; sourceIpGroups?: pulumi.Input[]>; } interface FirewallPolicyThreatIntelligenceAllowlist { /** * A list of FQDNs that will be skipped for threat detection. */ fqdns?: pulumi.Input[]>; /** * A list of IP addresses or CIDR ranges that will be skipped for threat detection. */ ipAddresses?: pulumi.Input[]>; } interface FirewallPolicyTlsCertificate { /** * The Secret Identifier (URI) of the certificate stored in Azure Key Vault, either as a secret or certificate. */ keyVaultSecretId: pulumi.Input; /** * The name of the certificate. */ name: pulumi.Input; } interface FirewallVirtualHub { /** * The private IP address associated with the Firewall. */ privateIpAddress?: pulumi.Input; /** * The list of public IP addresses associated with the Firewall. */ publicIpAddresses?: pulumi.Input[]>; /** * Specifies the number of public IPs to assign to the Firewall. Defaults to `1`. */ publicIpCount?: pulumi.Input; /** * Specifies the ID of the Virtual Hub where the Firewall resides in. */ virtualHubId: pulumi.Input; } interface LocalNetworkGatewayBgpSettings { /** * The BGP speaker's ASN. */ asn: pulumi.Input; /** * The BGP peering address and BGP identifier of this BGP speaker. */ bgpPeeringAddress: pulumi.Input; /** * The weight added to routes learned from this BGP speaker. */ peerWeight?: pulumi.Input; } interface NetworkConnectionMonitorEndpoint { /** * The IP address or domain name of the Network Connection Monitor endpoint. */ address?: pulumi.Input; /** * The test coverage for the Network Connection Monitor endpoint. Possible values are `AboveAverage`, `Average`, `BelowAverage`, `Default`, `Full` and `Low`. */ coverageLevel?: pulumi.Input; /** * A list of IPv4/IPv6 subnet masks or IPv4/IPv6 IP addresses to be excluded to the Network Connection Monitor endpoint. */ excludedIpAddresses?: pulumi.Input[]>; /** * A `filter` block as defined below. */ filter?: pulumi.Input; /** * A list of IPv4/IPv6 subnet masks or IPv4/IPv6 IP addresses to be included to the Network Connection Monitor endpoint. */ includedIpAddresses?: pulumi.Input[]>; /** * The name of the endpoint for the Network Connection Monitor . */ name: pulumi.Input; /** * The resource ID which is used as the endpoint by the Network Connection Monitor. */ targetResourceId?: pulumi.Input; /** * The endpoint type of the Network Connection Monitor. Possible values are `AzureArcVM`, `AzureSubnet`, `AzureVM`, `AzureVNet`, `ExternalAddress`, `MMAWorkspaceMachine` and `MMAWorkspaceNetwork`. */ targetResourceType?: pulumi.Input; } interface NetworkConnectionMonitorEndpointFilter { /** * A `item` block as defined below. */ items?: pulumi.Input[]>; /** * The behaviour type of this endpoint filter. Currently the only allowed value is `Include`. Defaults to `Include`. */ type?: pulumi.Input; } interface NetworkConnectionMonitorEndpointFilterItem { /** * The address of the filter item. */ address?: pulumi.Input; /** * The type of items included in the filter. Possible values are `AgentAddress`. Defaults to `AgentAddress`. */ type?: pulumi.Input; } interface NetworkConnectionMonitorTestConfiguration { /** * A `httpConfiguration` block as defined below. */ httpConfiguration?: pulumi.Input; /** * A `icmpConfiguration` block as defined below. */ icmpConfiguration?: pulumi.Input; /** * The name of test configuration for the Network Connection Monitor. */ name: pulumi.Input; /** * The preferred IP version which is used in the test evaluation. Possible values are `IPv4` and `IPv6`. */ preferredIpVersion?: pulumi.Input; /** * The protocol used to evaluate tests. Possible values are `Tcp`, `Http` and `Icmp`. */ protocol: pulumi.Input; /** * A `successThreshold` block as defined below. */ successThreshold?: pulumi.Input; /** * A `tcpConfiguration` block as defined below. */ tcpConfiguration?: pulumi.Input; /** * The time interval in seconds at which the test evaluation will happen. Defaults to `60`. */ testFrequencyInSeconds?: pulumi.Input; } interface NetworkConnectionMonitorTestConfigurationHttpConfiguration { /** * The HTTP method for the HTTP request. Possible values are `Get` and `Post`. Defaults to `Get`. */ method?: pulumi.Input; /** * The path component of the URI. It only accepts the absolute path. */ path?: pulumi.Input; /** * The port for the HTTP connection. */ port?: pulumi.Input; /** * Should HTTPS be preferred over HTTP in cases where the choice is not explicit? Defaults to `false`. */ preferHttps?: pulumi.Input; /** * A `requestHeader` block as defined below. */ requestHeaders?: pulumi.Input[]>; /** * The HTTP status codes to consider successful. For instance, `2xx`, `301-304` and `418`. */ validStatusCodeRanges?: pulumi.Input[]>; } interface NetworkConnectionMonitorTestConfigurationHttpConfigurationRequestHeader { /** * The name of the HTTP header. */ name: pulumi.Input; /** * The value of the HTTP header. */ value: pulumi.Input; } interface NetworkConnectionMonitorTestConfigurationIcmpConfiguration { /** * Should path evaluation with trace route be enabled? Defaults to `true`. */ traceRouteEnabled?: pulumi.Input; } interface NetworkConnectionMonitorTestConfigurationSuccessThreshold { /** * The maximum percentage of failed checks permitted for a test to be successful. */ checksFailedPercent?: pulumi.Input; /** * The maximum round-trip time in milliseconds permitted for a test to be successful. */ roundTripTimeMs?: pulumi.Input; } interface NetworkConnectionMonitorTestConfigurationTcpConfiguration { /** * The destination port behavior for the TCP connection. Possible values are `None` and `ListenIfAvailable`. */ destinationPortBehavior?: pulumi.Input; /** * The port for the TCP connection. */ port: pulumi.Input; /** * Should path evaluation with trace route be enabled? Defaults to `true`. */ traceRouteEnabled?: pulumi.Input; } interface NetworkConnectionMonitorTestGroup { /** * A list of destination endpoint names. */ destinationEndpoints: pulumi.Input[]>; /** * Should the test group be enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * The name of the test group for the Network Connection Monitor. */ name: pulumi.Input; /** * A list of source endpoint names. */ sourceEndpoints: pulumi.Input[]>; /** * A list of test configuration names. */ testConfigurationNames: pulumi.Input[]>; } interface NetworkInterfaceIpConfiguration { /** * The Frontend IP Configuration ID of a Gateway SKU Load Balancer. */ gatewayLoadBalancerFrontendIpConfigurationId?: pulumi.Input; /** * A name used for this IP Configuration. */ name: pulumi.Input; /** * Is this the Primary IP Configuration? Must be `true` for the first `ipConfiguration` when multiple are specified. Defaults to `false`. */ primary?: pulumi.Input; /** * The first private IP address of the network interface. */ privateIpAddress?: pulumi.Input; /** * The allocation method used for the Private IP Address. Possible values are `Dynamic` and `Static`. * * > **Note:** `Dynamic` means "An IP is automatically assigned during creation of this Network Interface"; `Static` means "User supplied IP address will be used" */ privateIpAddressAllocation: pulumi.Input; /** * The IP Version to use. Possible values are `IPv4` or `IPv6`. Defaults to `IPv4`. */ privateIpAddressVersion?: pulumi.Input; /** * Reference to a Public IP Address to associate with this NIC */ publicIpAddressId?: pulumi.Input; /** * The ID of the Subnet where this Network Interface should be located in. * * > **Note:** This is required when `privateIpAddressVersion` is set to `IPv4`. */ subnetId?: pulumi.Input; } interface NetworkManagerAdminRuleDestination { /** * Specifies the address prefix. */ addressPrefix: pulumi.Input; /** * Specifies the address prefix type. Possible values are `IPPrefix` and `ServiceTag`. For more information, please see [this document](https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-security-admins#source-and-destination-types). */ addressPrefixType: pulumi.Input; } interface NetworkManagerAdminRuleSource { /** * Specifies the address prefix. */ addressPrefix: pulumi.Input; /** * Specifies the address prefix type. Possible values are `IPPrefix` and `ServiceTag`. For more information, please see [this document](https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-security-admins#source-and-destination-types). */ addressPrefixType: pulumi.Input; } interface NetworkManagerConnectivityConfigurationAppliesToGroup { /** * Indicates whether to global mesh is supported for this group. Possible values are `true` and `false`. * * > **Note:** A group can be global only if the `groupConnectivity` is `DirectlyConnected`. */ globalMeshEnabled?: pulumi.Input; /** * Specifies the group connectivity type. Possible values are `None` and `DirectlyConnected`. */ groupConnectivity: pulumi.Input; /** * Specifies the resource ID of Network Group which the configuration applies to. */ networkGroupId: pulumi.Input; /** * Indicates whether the hub gateway is used. Possible values are `true` and `false`. */ useHubGateway?: pulumi.Input; } interface NetworkManagerConnectivityConfigurationHub { /** * Specifies the resource ID used as hub in Hub And Spoke topology. */ resourceId: pulumi.Input; /** * Specifies the resource Type used as hub in Hub And Spoke topology. */ resourceType: pulumi.Input; } interface NetworkManagerCrossTenantScope { /** * List of management groups. */ managementGroups?: pulumi.Input[]>; /** * List of subscriptions. */ subscriptions?: pulumi.Input[]>; /** * Tenant ID. */ tenantId?: pulumi.Input; } interface NetworkManagerRoutingRuleDestination { /** * The destination address. */ address: pulumi.Input; /** * The type of destination. Possible values are `AddressPrefix` and `ServiceTag`. */ type: pulumi.Input; } interface NetworkManagerRoutingRuleNextHop { /** * The address of the next hop. This is required if the next hop type is `VirtualAppliance`. */ address?: pulumi.Input; /** * The type of next hop. Possible values are `Internet`, `NoNextHop`, `VirtualAppliance`, `VirtualNetworkGateway` and `VnetLocal`. */ type: pulumi.Input; } interface NetworkManagerScope { /** * A list of management group IDs. * * > **Note:** When specifying a scope at the management group level, you need to register the `Microsoft.Network` at the management group scope before deploying a Network Manager, more information can be found in the [Azure document](https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-network-manager-scope#scope). */ managementGroupIds?: pulumi.Input[]>; /** * A list of subscription IDs. */ subscriptionIds?: pulumi.Input[]>; } interface NetworkManagerVerifierWorkspaceReachabilityAnalysisIntentIpTraffic { /** * Specifies a list of IPv4 or IPv6 addresses or ranges using CIDR notation of the source you want to verify. Changing this forces a new Network Manager Verifier Workspace Reachability Analysis Intent to be created. */ destinationIps: pulumi.Input[]>; /** * Specifies a list of ports or ranges of the destination you want to verify. To specify any port, use `["*"]`. Changing this forces a new Network Manager Verifier Workspace Reachability Analysis Intent to be created. */ destinationPorts: pulumi.Input[]>; /** * Specifies a list of network protocols. Possible values are `Any`, `TCP`, `UDP` and `ICMP`. Changing this forces a new Network Manager Verifier Workspace Reachability Analysis Intent to be created. */ protocols: pulumi.Input[]>; /** * Specifies a list of IPv4 or IPv6 addresses or ranges using CIDR notation of the source you want to verify. Changing this forces a new Network Manager Verifier Workspace Reachability Analysis Intent to be created. */ sourceIps: pulumi.Input[]>; /** * Specifies a list of ports or ranges of the source you want to verify. To specify any port, use `["*"]`. Changing this forces a new Network Manager Verifier Workspace Reachability Analysis Intent to be created. */ sourcePorts: pulumi.Input[]>; } interface NetworkSecurityGroupSecurityRule { /** * Specifies whether network traffic is allowed or denied. Possible values are `Allow` and `Deny`. */ access: pulumi.Input; /** * A description for this rule. Restricted to 140 characters. */ description?: pulumi.Input; /** * CIDR or destination IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. This is required if `destinationAddressPrefixes` is not specified. */ destinationAddressPrefix?: pulumi.Input; /** * List of destination address prefixes. Tags may not be used. This is required if `destinationAddressPrefix` is not specified. */ destinationAddressPrefixes?: pulumi.Input[]>; /** * A List of destination Application Security Group IDs */ destinationApplicationSecurityGroupIds?: pulumi.Input[]>; /** * Destination Port or Range. Integer or range between `0` and `65535` or `*` to match any. This is required if `destinationPortRanges` is not specified. */ destinationPortRange?: pulumi.Input; /** * List of destination ports or port ranges. This is required if `destinationPortRange` is not specified. */ destinationPortRanges?: pulumi.Input[]>; /** * The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are `Inbound` and `Outbound`. */ direction: pulumi.Input; /** * The name of the security rule. */ name: pulumi.Input; /** * Specifies the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. */ priority: pulumi.Input; /** * Network protocol this rule applies to. Possible values include `Tcp`, `Udp`, `Icmp`, `Esp`, `Ah` or `*` (which matches all). */ protocol: pulumi.Input; /** * CIDR or source IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. This is required if `sourceAddressPrefixes` is not specified. */ sourceAddressPrefix?: pulumi.Input; /** * List of source address prefixes. Tags may not be used. This is required if `sourceAddressPrefix` is not specified. */ sourceAddressPrefixes?: pulumi.Input[]>; /** * A List of source Application Security Group IDs */ sourceApplicationSecurityGroupIds?: pulumi.Input[]>; /** * Source Port or Range. Integer or range between `0` and `65535` or `*` to match any. This is required if `sourcePortRanges` is not specified. */ sourcePortRange?: pulumi.Input; /** * List of source ports or port ranges. This is required if `sourcePortRange` is not specified. */ sourcePortRanges?: pulumi.Input[]>; } interface NetworkWatcherFlowLogRetentionPolicy { /** * The number of days to retain flow log records. */ days: pulumi.Input; /** * Boolean flag to enable/disable retention. */ enabled: pulumi.Input; } interface NetworkWatcherFlowLogTrafficAnalytics { /** * Boolean flag to enable/disable traffic analytics. */ enabled: pulumi.Input; /** * How frequently service should do flow analytics in minutes. Defaults to `60`. */ intervalInMinutes?: pulumi.Input; /** * The resource GUID of the attached workspace. */ workspaceId: pulumi.Input; /** * The location of the attached workspace. */ workspaceRegion: pulumi.Input; /** * The resource ID of the attached workspace. */ workspaceResourceId: pulumi.Input; } interface PointToPointVpnGatewayConnectionConfiguration { /** * Should Internet Security be enabled to secure internet traffic? Defaults to `false`. */ internetSecurityEnabled?: pulumi.Input; /** * The Name which should be used for this Connection Configuration. */ name: pulumi.Input; /** * A `route` block as defined below. */ route?: pulumi.Input; /** * A `vpnClientAddressPool` block as defined below. */ vpnClientAddressPool: pulumi.Input; } interface PointToPointVpnGatewayConnectionConfigurationRoute { /** * The Virtual Hub Route Table resource id associated with this Routing Configuration. */ associatedRouteTableId: pulumi.Input; /** * The resource ID of the Route Map associated with this Routing Configuration for inbound learned routes. */ inboundRouteMapId?: pulumi.Input; /** * The resource ID of the Route Map associated with this Routing Configuration for outbound advertised routes. */ outboundRouteMapId?: pulumi.Input; /** * A `propagatedRouteTable` block as defined below. */ propagatedRouteTable?: pulumi.Input; } interface PointToPointVpnGatewayConnectionConfigurationRoutePropagatedRouteTable { /** * The list of Virtual Hub Route Table resource id which the routes will be propagated to. */ ids: pulumi.Input[]>; /** * The list of labels to logically group Virtual Hub Route Tables which the routes will be propagated to. */ labels?: pulumi.Input[]>; } interface PointToPointVpnGatewayConnectionConfigurationVpnClientAddressPool { /** * A list of CIDR Ranges which should be used as Address Prefixes. */ addressPrefixes: pulumi.Input[]>; } interface ProfileContainerNetworkInterface { /** * One or more `ipConfiguration` blocks as documented below. */ ipConfigurations: pulumi.Input[]>; /** * Specifies the name of the IP Configuration. */ name: pulumi.Input; } interface ProfileContainerNetworkInterfaceIpConfiguration { /** * Specifies the name of the IP Configuration. */ name: pulumi.Input; /** * Reference to the subnet associated with the IP Configuration. */ subnetId: pulumi.Input; } interface RouteFilterRule { /** * The access type of the rule. The only possible value is `Allow`. */ access: pulumi.Input; /** * The collection for bgp community values to filter on. e.g. ['12076:5010','12076:5020']. */ communities: pulumi.Input[]>; /** * The name of the route filter rule. */ name: pulumi.Input; /** * The rule type of the rule. The only possible value is `Community`. */ ruleType: pulumi.Input; } interface RouteMapRule { /** * An `action` block as defined below. */ actions?: pulumi.Input[]>; /** * A `matchCriterion` block as defined below. */ matchCriterions?: pulumi.Input[]>; /** * The unique name for the rule. */ name: pulumi.Input; /** * The next step after the rule is evaluated. Possible values are `Continue`, `Terminate` and `Unknown`. Defaults to `Unknown`. */ nextStepIfMatched?: pulumi.Input; } interface RouteMapRuleAction { /** * A `parameter` block as defined below. Required if `type` is anything other than `Drop`. */ parameters?: pulumi.Input[]>; /** * The type of the action to be taken. Possible values are `Add`, `Drop`, `Remove`, `Replace` and `Unknown`. */ type: pulumi.Input; } interface RouteMapRuleActionParameter { /** * A list of AS paths. */ asPaths?: pulumi.Input[]>; /** * A list of BGP communities. */ communities?: pulumi.Input[]>; /** * A list of route prefixes. */ routePrefixes?: pulumi.Input[]>; } interface RouteMapRuleMatchCriterion { /** * A list of AS paths which this criterion matches. */ asPaths?: pulumi.Input[]>; /** * A list of BGP communities which this criterion matches. */ communities?: pulumi.Input[]>; /** * The match condition to apply the rule of the Route Map. Possible values are `Contains`, `Equals`, `NotContains`, `NotEquals` and `Unknown`. */ matchCondition: pulumi.Input; /** * A list of route prefixes which this criterion matches. */ routePrefixes?: pulumi.Input[]>; } interface RouteTableRoute { /** * The destination to which the route applies. Can be CIDR (such as `10.1.0.0/16`) or [Azure Service Tag](https://docs.microsoft.com/azure/virtual-network/service-tags-overview) (such as `ApiManagement`, `AzureBackup` or `AzureMonitor`) format. */ addressPrefix: pulumi.Input; /** * The name of the route. */ name: pulumi.Input; /** * Contains the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is `VirtualAppliance`. */ nextHopInIpAddress?: pulumi.Input; /** * The type of Azure hop the packet should be sent to. Possible values are `VirtualNetworkGateway`, `VnetLocal`, `Internet`, `VirtualAppliance` and `None`. */ nextHopType: pulumi.Input; } interface RoutingIntentRoutingPolicy { /** * A list of destinations which this routing policy is applicable to. Possible values are `Internet` and `PrivateTraffic`. */ destinations: pulumi.Input[]>; /** * The unique name for the routing policy. */ name: pulumi.Input; /** * The resource ID of the next hop on which this routing policy is applicable to. */ nextHop: pulumi.Input; } interface SubnetDelegation { /** * A name for this delegation. */ name: pulumi.Input; /** * A `serviceDelegation` block as defined below. */ serviceDelegation: pulumi.Input; } interface SubnetDelegationServiceDelegation { /** * A list of Actions which should be delegated. This list is specific to the service to delegate to. Possible values are `Microsoft.Network/networkinterfaces/*`, `Microsoft.Network/publicIPAddresses/join/action`, `Microsoft.Network/publicIPAddresses/read`, `Microsoft.Network/virtualNetworks/read`, `Microsoft.Network/virtualNetworks/subnets/action`, `Microsoft.Network/virtualNetworks/subnets/join/action`, `Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action`, and `Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action`. * * > **NOTE:** Azure may add default actions depending on the service delegation name and they can't be changed. */ actions?: pulumi.Input[]>; /** * The name of service to delegate to. Possible values are `GitHub.Network/networkSettings`, `Informatica.DataManagement/organizations`, `Microsoft.ApiManagement/service`, `Microsoft.Apollo/npu`, `Microsoft.App/environments`, `Microsoft.App/testClients`, `Microsoft.AVS/PrivateClouds`, `Microsoft.AzureCosmosDB/clusters`, `Microsoft.BareMetal/AzureHostedService`, `Microsoft.BareMetal/AzureHPC`, `Microsoft.BareMetal/AzurePaymentHSM`, `Microsoft.BareMetal/AzureVMware`, `Microsoft.BareMetal/CrayServers`, `Microsoft.BareMetal/MonitoringServers`, `Microsoft.Batch/batchAccounts`, `Microsoft.CloudTest/hostedpools`, `Microsoft.CloudTest/images`, `Microsoft.CloudTest/pools`, `Microsoft.Codespaces/plans`, `Microsoft.ContainerInstance/containerGroups`, `Microsoft.ContainerService/managedClusters`, `Microsoft.ContainerService/TestClients`, `Microsoft.Databricks/workspaces`, `Microsoft.DBforMySQL/flexibleServers`, `Microsoft.DBforMySQL/servers`, `Microsoft.DBforMySQL/serversv2`, `Microsoft.DBforPostgreSQL/flexibleServers`, `Microsoft.DBforPostgreSQL/serversv2`, `Microsoft.DBforPostgreSQL/singleServers`, `Microsoft.DelegatedNetwork/controller`, `Microsoft.DevCenter/networkConnection`, `Microsoft.DevOpsInfrastructure/pools`, `Microsoft.DocumentDB/cassandraClusters`, `Microsoft.Fidalgo/networkSettings`, `Microsoft.HardwareSecurityModules/dedicatedHSMs`, `Microsoft.Kusto/clusters`, `Microsoft.LabServices/labplans`, `Microsoft.Logic/integrationServiceEnvironments`, `Microsoft.MachineLearningServices/workspaces`, `Microsoft.Netapp/volumes`, `Microsoft.Network/applicationGateways`, `Microsoft.Network/dnsResolvers`, `Microsoft.Network/managedResolvers`, `Microsoft.Network/fpgaNetworkInterfaces`, `Microsoft.Network/networkWatchers.`, `Microsoft.Network/virtualNetworkGateways`, `Microsoft.Orbital/orbitalGateways`, `Microsoft.PowerAutomate/hostedRpa`, `Microsoft.PowerPlatform/enterprisePolicies`, `Microsoft.PowerPlatform/vnetaccesslinks`, `Microsoft.ServiceFabricMesh/networks`, `Microsoft.ServiceNetworking/trafficControllers`, `Microsoft.Singularity/accounts/networks`, `Microsoft.Singularity/accounts/npu`, `Microsoft.Sql/managedInstances`, `Microsoft.Sql/managedInstancesOnebox`, `Microsoft.Sql/managedInstancesStage`, `Microsoft.Sql/managedInstancesTest`, `Microsoft.Sql/servers`, `Microsoft.StoragePool/diskPools`, `Microsoft.StreamAnalytics/streamingJobs`, `Microsoft.Synapse/workspaces`, `Microsoft.Web/hostingEnvironments`, `Microsoft.Web/serverFarms`, `NGINX.NGINXPLUS/nginxDeployments`, `PaloAltoNetworks.Cloudngfw/firewalls`, `PureStorage.Block/storagePools`, `Qumulo.Storage/fileSystems`, and `Oracle.Database/networkAttachments`. */ name: pulumi.Input; } interface SubnetIpAddressPool { /** * The list of IP address prefixes allocated to the subnet. */ allocatedIpAddressPrefixes?: pulumi.Input[]>; /** * The ID of the Network Manager IP Address Management (IPAM) Pool. */ id: pulumi.Input; /** * The number of IP addresses to allocated to the subnet. The value must be a string that represents a positive number, e.g., `"100"`. * * > **Note:** `numberOfIpAddresses` cannot be decreased. */ numberOfIpAddresses: pulumi.Input; } interface SubnetServiceEndpointStoragePolicyDefinition { /** * The description of this Subnet Service Endpoint Storage Policy Definition. */ description?: pulumi.Input; /** * The name which should be used for this Subnet Service Endpoint Storage Policy Definition. */ name: pulumi.Input; /** * The type of service resources. Valid values are `Microsoft.Storage` or `Global`. When the `serviceResources` property contains resource IDs, this property must be `Microsoft.Storage`. When the `serviceResources` property contains Aliases, this property must be `Global`. Defaults to `Microsoft.Storage`. */ service?: pulumi.Input; /** * Specifies a list of resources or aliases that this Subnet Service Endpoint Storage Policy Definition applies to. * * > **Note:** The `serviceResources` property must contain either Aliases or Resource IDs, but not both. */ serviceResources: pulumi.Input[]>; } interface TrafficManagerAzureEndpointCustomHeader { /** * The name of the custom header. */ name: pulumi.Input; /** * The value of custom header. Applicable for HTTP and HTTPS protocol. */ value: pulumi.Input; } interface TrafficManagerAzureEndpointSubnet { /** * The first IP Address in this subnet. */ first: pulumi.Input; /** * The last IP Address in this subnet. */ last?: pulumi.Input; /** * The block size (number of leading bits in the subnet mask). */ scope?: pulumi.Input; } interface TrafficManagerExternalEndpointCustomHeader { /** * The name of the custom header. */ name: pulumi.Input; /** * The value of custom header. Applicable for HTTP and HTTPS protocol. */ value: pulumi.Input; } interface TrafficManagerExternalEndpointSubnet { /** * The first IP Address in this subnet. */ first: pulumi.Input; /** * The last IP Address in this subnet. */ last?: pulumi.Input; /** * The block size (number of leading bits in the subnet mask). */ scope?: pulumi.Input; } interface TrafficManagerNestedEndpointCustomHeader { /** * The name of the custom header. */ name: pulumi.Input; /** * The value of custom header. Applicable for HTTP and HTTPS protocol. */ value: pulumi.Input; } interface TrafficManagerNestedEndpointSubnet { /** * The first IP Address in this subnet. */ first: pulumi.Input; /** * The last IP Address in this subnet. */ last?: pulumi.Input; /** * The block size (number of leading bits in the subnet mask). */ scope?: pulumi.Input; } interface TrafficManagerProfileDnsConfig { /** * The relative domain name, this is combined with the domain name used by Traffic Manager to form the FQDN which is exported as documented below. Changing this forces a new resource to be created. */ relativeName: pulumi.Input; /** * The TTL value of the Profile used by Local DNS resolvers and clients. */ ttl: pulumi.Input; } interface TrafficManagerProfileMonitorConfig { /** * One or more `customHeader` blocks as defined below. */ customHeaders?: pulumi.Input[]>; /** * A list of status code ranges in the format of `100-101`. */ expectedStatusCodeRanges?: pulumi.Input[]>; /** * The interval used to check the endpoint health from a Traffic Manager probing agent. You can specify two values here: `30` (normal probing) and `10` (fast probing). The default value is `30`. */ intervalInSeconds?: pulumi.Input; /** * The path used by the monitoring checks. Required when `protocol` is set to `HTTP` or `HTTPS` - cannot be set when `protocol` is set to `TCP`. */ path?: pulumi.Input; /** * The port number used by the monitoring checks. */ port: pulumi.Input; /** * The protocol used by the monitoring checks, supported values are `HTTP`, `HTTPS` and `TCP`. */ protocol: pulumi.Input; /** * The amount of time the Traffic Manager probing agent should wait before considering that check a failure when a health check probe is sent to the endpoint. If `intervalInSeconds` is set to `30`, then `timeoutInSeconds` can be between `5` and `10`. The default value is `10`. If `intervalInSeconds` is set to `10`, then valid values are between `5` and `9` and `timeoutInSeconds` is required. */ timeoutInSeconds?: pulumi.Input; /** * The number of failures a Traffic Manager probing agent tolerates before marking that endpoint as unhealthy. Valid values are between `0` and `9`. The default value is `3` */ toleratedNumberOfFailures?: pulumi.Input; } interface TrafficManagerProfileMonitorConfigCustomHeader { /** * The name of the custom header. */ name: pulumi.Input; /** * The value of custom header. Applicable for HTTP and HTTPS protocol. */ value: pulumi.Input; } interface VirtualHubConnectionRouting { /** * The ID of the route table associated with this Virtual Hub connection. */ associatedRouteTableId?: pulumi.Input; /** * The resource ID of the Route Map associated with this Routing Configuration for inbound learned routes. */ inboundRouteMapId?: pulumi.Input; /** * The resource ID of the Route Map associated with this Routing Configuration for outbound advertised routes. */ outboundRouteMapId?: pulumi.Input; /** * A `propagatedRouteTable` block as defined below. */ propagatedRouteTable?: pulumi.Input; /** * The static VNet local route override criteria that is used to determine whether NVA in spoke VNet is bypassed for traffic with destination in spoke VNet. Possible values are `Contains` and `Equal`. Defaults to `Contains`. Changing this forces a new resource to be created. */ staticVnetLocalRouteOverrideCriteria?: pulumi.Input; /** * Whether the static routes should be propagated to the Virtual Hub. Defaults to `true`. */ staticVnetPropagateStaticRoutesEnabled?: pulumi.Input; /** * A `staticVnetRoute` block as defined below. */ staticVnetRoutes?: pulumi.Input[]>; } interface VirtualHubConnectionRoutingPropagatedRouteTable { /** * The list of labels to assign to this route table. */ labels?: pulumi.Input[]>; /** * A list of Route Table IDs to associated with this Virtual Hub Connection. */ routeTableIds?: pulumi.Input[]>; } interface VirtualHubConnectionRoutingStaticVnetRoute { /** * A list of CIDR Ranges which should be used as Address Prefixes. */ addressPrefixes?: pulumi.Input[]>; /** * The name which should be used for this Static Route. */ name?: pulumi.Input; /** * The IP Address which should be used for the Next Hop. */ nextHopIpAddress?: pulumi.Input; } interface VirtualHubRoute { /** * A list of Address Prefixes. */ addressPrefixes: pulumi.Input[]>; /** * The IP Address that Packets should be forwarded to as the Next Hop. */ nextHopIpAddress: pulumi.Input; } interface VirtualHubRouteTableRoute { /** * A list of destination addresses for this route. */ destinations: pulumi.Input[]>; /** * The type of destinations. Possible values are `CIDR`, `ResourceId` and `Service`. */ destinationsType: pulumi.Input; /** * The name which should be used for this route. */ name: pulumi.Input; /** * The next hop's resource ID. */ nextHop: pulumi.Input; /** * The type of next hop. Currently the only possible value is `ResourceId`. Defaults to `ResourceId`. * * > **Note:** The Routes can alternatively be created using the virtualHubRouteTableRoute resource. Using both inline and external routes is not supported and may result in unexpected configuration. */ nextHopType?: pulumi.Input; } interface VirtualNetworkDdosProtectionPlan { /** * Enable/disable DDoS Protection Plan on Virtual Network. */ enable: pulumi.Input; /** * The ID of DDoS Protection Plan. */ id: pulumi.Input; } interface VirtualNetworkEncryption { /** * Specifies if the encrypted Virtual Network allows VM that does not support encryption. Possible values are `DropUnencrypted` and `AllowUnencrypted`. * * > **Note:** Currently `AllowUnencrypted` is the only supported value for the `enforcement` property as `DropUnencrypted` is not yet in public preview or general availability. Please see the [official documentation](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-encryption-overview#limitations) for more information. */ enforcement: pulumi.Input; } interface VirtualNetworkGatewayBgpSettings { /** * The Autonomous System Number (ASN) to use as part of the BGP. */ asn?: pulumi.Input; /** * The weight added to routes which have been learned through BGP peering. Valid values can be between `0` and `100`. */ peerWeight?: pulumi.Input; /** * A list of `peeringAddresses` blocks as defined below. Only one `peeringAddresses` block can be specified except when `activeActive` of this Virtual Network Gateway is `true`. */ peeringAddresses?: pulumi.Input[]>; } interface VirtualNetworkGatewayBgpSettingsPeeringAddress { /** * A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway. * * > **Note:** The valid range for the reserved APIPA address in Azure Public is from `169.254.21.0` to `169.254.22.255`. */ apipaAddresses?: pulumi.Input[]>; /** * A list of peering address assigned to the BGP peer of the Virtual Network Gateway. */ defaultAddresses?: pulumi.Input[]>; /** * The name of the IP configuration of this Virtual Network Gateway. In case there are multiple `ipConfiguration` blocks defined, this property is **required** to specify. */ ipConfigurationName?: pulumi.Input; /** * A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway. */ tunnelIpAddresses?: pulumi.Input[]>; } interface VirtualNetworkGatewayConnectionCustomBgpAddresses { /** * single IP address that is part of the `azure.network.VirtualNetworkGateway` ipConfiguration (first one) */ primary: pulumi.Input; /** * single IP address that is part of the `azure.network.VirtualNetworkGateway` ipConfiguration (second one) */ secondary?: pulumi.Input; } interface VirtualNetworkGatewayConnectionIpsecPolicy { /** * The DH group used in IKE phase 1 for initial SA. Valid options are `DHGroup1`, `DHGroup14`, `DHGroup2`, `DHGroup2048`, `DHGroup24`, `ECP256`, `ECP384`, or `None`. */ dhGroup: pulumi.Input; /** * The IKE encryption algorithm. Valid options are `AES128`, `AES192`, `AES256`, `DES`, `DES3`, `GCMAES128`, or `GCMAES256`. */ ikeEncryption: pulumi.Input; /** * The IKE integrity algorithm. Valid options are `GCMAES128`, `GCMAES256`, `MD5`, `SHA1`, `SHA256`, or `SHA384`. */ ikeIntegrity: pulumi.Input; /** * The IPSec encryption algorithm. Valid options are `AES128`, `AES192`, `AES256`, `DES`, `DES3`, `GCMAES128`, `GCMAES192`, `GCMAES256`, or `None`. */ ipsecEncryption: pulumi.Input; /** * The IPSec integrity algorithm. Valid options are `GCMAES128`, `GCMAES192`, `GCMAES256`, `MD5`, `SHA1`, or `SHA256`. */ ipsecIntegrity: pulumi.Input; /** * The DH group used in IKE phase 2 for new child SA. * Valid options are `ECP256`, `ECP384`, `PFS1`, `PFS14`, `PFS2`, `PFS2048`, `PFS24`, `PFSMM`, * or `None`. */ pfsGroup: pulumi.Input; /** * The IPSec SA payload size in KB. Must be at least `1024` KB. Defaults to `102400000` KB. */ saDatasize?: pulumi.Input; /** * The IPSec SA lifetime in seconds. Must be at least `300` seconds. Defaults to `27000` seconds. */ saLifetime?: pulumi.Input; } interface VirtualNetworkGatewayConnectionTrafficSelectorPolicy { /** * List of local CIDRs. */ localAddressCidrs: pulumi.Input[]>; /** * List of remote CIDRs. */ remoteAddressCidrs: pulumi.Input[]>; } interface VirtualNetworkGatewayCustomRoute { /** * A list of address blocks reserved for this virtual network in CIDR notation. */ addressPrefixes?: pulumi.Input[]>; } interface VirtualNetworkGatewayIpConfiguration { /** * A user-defined name of the IP configuration. Defaults to `vnetGatewayConfig`. */ name?: pulumi.Input; /** * Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is `Dynamic` for Virtual Network Gateway (`Static` is not supported by the service yet). Defaults to `Dynamic`. */ privateIpAddressAllocation?: pulumi.Input; /** * The ID of the public IP address to associate with the Virtual Network Gateway. * * > **Note:** `publicIpAddressId` should not be specified when `type` is set to `ExpressRoute`. */ publicIpAddressId?: pulumi.Input; /** * The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named `GatewaySubnet`. Therefore, each virtual network can contain at most a single Virtual Network Gateway. */ subnetId: pulumi.Input; } interface VirtualNetworkGatewayNatRuleExternalMapping { /** * The string CIDR representing the address space for the Virtual Network Gateway Nat Rule external mapping. */ addressSpace: pulumi.Input; /** * The single port range for the Virtual Network Gateway Nat Rule external mapping. */ portRange?: pulumi.Input; } interface VirtualNetworkGatewayNatRuleInternalMapping { /** * The string CIDR representing the address space for the Virtual Network Gateway Nat Rule internal mapping. */ addressSpace: pulumi.Input; /** * The single port range for the Virtual Network Gateway Nat Rule internal mapping. */ portRange?: pulumi.Input; } interface VirtualNetworkGatewayPolicyGroup { /** * Is this a Default Virtual Network Gateway Policy Group? Defaults to `false`. */ isDefault?: pulumi.Input; /** * The name of the Virtual Network Gateway Policy Group. */ name: pulumi.Input; /** * One or more `policyMember` blocks as defined below. */ policyMembers: pulumi.Input[]>; /** * The priority for the Virtual Network Gateway Policy Group. Defaults to `0`. */ priority?: pulumi.Input; } interface VirtualNetworkGatewayPolicyGroupPolicyMember { /** * The name of the Virtual Network Gateway Policy Group Member. */ name: pulumi.Input; /** * The VPN Policy Member attribute type. Possible values are `AADGroupId`, `CertificateGroupId` and `RadiusAzureGroupId`. */ type: pulumi.Input; /** * The value of attribute that is used for this Virtual Network Gateway Policy Group Member. */ value: pulumi.Input; } interface VirtualNetworkGatewayVpnClientConfiguration { /** * The client id of the Azure VPN application. * See [Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections](https://docs.microsoft.com/en-gb/azure/vpn-gateway/openvpn-azure-ad-tenant-multi-app) for values */ aadAudience?: pulumi.Input; /** * The STS url for your tenant */ aadIssuer?: pulumi.Input; /** * AzureAD Tenant URL */ aadTenant?: pulumi.Input; /** * The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation. */ addressSpaces: pulumi.Input[]>; /** * An `ipsecPolicy` block as defined below. */ ipsecPolicy?: pulumi.Input; /** * The address of the Radius server. */ radiusServerAddress?: pulumi.Input; /** * The secret used by the Radius server. */ radiusServerSecret?: pulumi.Input; /** * One or more `radiusServer` blocks as defined below. */ radiusServers?: pulumi.Input[]>; /** * One or more `revokedCertificate` blocks which are defined below. */ revokedCertificates?: pulumi.Input[]>; /** * One or more `rootCertificate` blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway. */ rootCertificates?: pulumi.Input[]>; /** * One or more `virtualNetworkGatewayClientConnection` blocks as defined below. */ virtualNetworkGatewayClientConnections?: pulumi.Input[]>; /** * List of the vpn authentication types for the virtual network gateway. * The supported values are `AAD`, `Radius` and `Certificate`. * * > **Note:** `vpnAuthTypes` must be set when using multiple vpn authentication types. */ vpnAuthTypes?: pulumi.Input[]>; /** * List of the protocols supported by the vpn client. * The supported values are `SSTP`, `IkeV2` and `OpenVPN`. * Values `SSTP` and `IkeV2` are incompatible with the use of * `aadTenant`, `aadAudience` and `aadIssuer`. */ vpnClientProtocols?: pulumi.Input[]>; } interface VirtualNetworkGatewayVpnClientConfigurationIpsecPolicy { /** * The DH Group, used in IKE Phase 1. Possible values are `DHGroup1`, `DHGroup2`, `DHGroup14`, `DHGroup24`, `DHGroup2048`, `ECP256`, `ECP384` and `None`. */ dhGroup: pulumi.Input; /** * The IKE encryption algorithm, used for IKE Phase 2. Possible values are `AES128`, `AES192`, `AES256`, `DES`, `DES3`, `GCMAES128` and `GCMAES256`. */ ikeEncryption: pulumi.Input; /** * The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are `GCMAES128`, `GCMAES256`, `MD5`, `SHA1`, `SHA256` and `SHA384`. */ ikeIntegrity: pulumi.Input; /** * The IPSec encryption algorithm, used for IKE phase 1. Possible values are `AES128`, `AES192`, `AES256`, `DES`, `DES3`, `GCMAES128`, `GCMAES192`, `GCMAES256` and `None`. */ ipsecEncryption: pulumi.Input; /** * The IPSec integrity algorithm, used for IKE phase 1. Possible values are `GCMAES128`, `GCMAES192`, `GCMAES256`, `MD5`, `SHA1` and `SHA256`. */ ipsecIntegrity: pulumi.Input; /** * The Pfs Group, used in IKE Phase 2. Possible values are `ECP256`, `ECP384`, `PFS1`, `PFS2`, `PFS14`, `PFS24`, `PFS2048`, `PFSMM` and `None`. */ pfsGroup: pulumi.Input; /** * The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between `1024` and `2147483647`. */ saDataSizeInKilobytes: pulumi.Input; /** * The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between `300` and `172799`. */ saLifetimeInSeconds: pulumi.Input; } interface VirtualNetworkGatewayVpnClientConfigurationRadiusServer { /** * The address of the Radius Server. */ address: pulumi.Input; /** * The score of the Radius Server determines the priority of the server. Possible values are between `1` and `30`. */ score: pulumi.Input; /** * The secret that is used to communicate with the Radius Server. */ secret: pulumi.Input; } interface VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate { /** * Specifies the name of the certificate resource. */ name: pulumi.Input; /** * Specifies the public data of the certificate. */ thumbprint: pulumi.Input; } interface VirtualNetworkGatewayVpnClientConfigurationRootCertificate { /** * A user-defined name of the root certificate. */ name: pulumi.Input; /** * The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument *must not* include the `-----BEGIN CERTIFICATE-----` or `-----END CERTIFICATE-----` markers, nor any newlines. */ publicCertData: pulumi.Input; } interface VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnection { /** * A list of address prefixes for P2S VPN Client. */ addressPrefixes: pulumi.Input[]>; /** * The name of the Virtual Network Gateway Client Connection. */ name: pulumi.Input; /** * A list of names of Virtual Network Gateway Policy Groups. */ policyGroupNames: pulumi.Input[]>; } interface VirtualNetworkIpAddressPool { /** * The list of IP address prefixes allocated to the Virtual Network. */ allocatedIpAddressPrefixes?: pulumi.Input[]>; /** * The ID of the Network Manager IP Address Management (IPAM) Pool. */ id: pulumi.Input; /** * The number of IP addresses to allocated to the Virtual Network. The value must be a string that represents a positive number, e.g., `"100"`. * * > **Note:** `numberOfIpAddresses` cannot be decreased. */ numberOfIpAddresses: pulumi.Input; } interface VirtualNetworkSubnet { /** * The address prefixes to use for the subnet. */ addressPrefixes: pulumi.Input[]>; /** * Enable default outbound access to the internet for the subnet. Defaults to `true`. */ defaultOutboundAccessEnabled?: pulumi.Input; /** * One or more `delegation` blocks as defined below. */ delegation?: pulumi.Input; /** * The ID of this subnet. */ id?: pulumi.Input; /** * The name of the subnet. */ name: pulumi.Input; /** * Enable or Disable network policies for the private endpoint on the subnet. Possible values are `Disabled`, `Enabled`, `NetworkSecurityGroupEnabled` and `RouteTableEnabled`. Defaults to `Disabled`. * * > **Note:** If you don't want to use network policies like user-defined Routes and Network Security Groups, you need to set `privateEndpointNetworkPolicies` in the subnet to `Disabled`. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet. * * > **Note:** If you want to use network policies like user-defined Routes and Network Security Groups, you need to set the `privateEndpointNetworkPolicies` in the Subnet to `Enabled`/`NetworkSecurityGroupEnabled`/`RouteTableEnabled`. This setting only applies to Private Endpoints in the Subnet and affects all Private Endpoints in the Subnet. * * > **Note:** See more details from [Manage network policies for Private Endpoints](https://learn.microsoft.com/en-gb/azure/private-link/disable-private-endpoint-network-policy?tabs=network-policy-portal). */ privateEndpointNetworkPolicies?: pulumi.Input; /** * Enable or Disable network policies for the private link service on the subnet. Defaults to `true`. * * > **Note:** When configuring Azure Private Link service, the explicit setting `privateLinkServiceNetworkPoliciesEnabled` must be set to `false` in the subnet since Private Link Service does not support network policies like user-defined Routes and Network Security Groups. This setting only affects the Private Link service. For other resources in the subnet, access is controlled based on the Network Security Group which can be configured using the `azure.network.SubnetNetworkSecurityGroupAssociation` resource. See more details from [Manage network policies for Private Link Services](https://learn.microsoft.com/en-gb/azure/private-link/disable-private-link-service-network-policy?tabs=private-link-network-policy-powershell). */ privateLinkServiceNetworkPoliciesEnabled?: pulumi.Input; /** * The ID of the Route Table that should be associated with this subnet. * * > **Note:** If you declare the subnet inline inside `azure.network.VirtualNetwork`, set `routeTableId` in that `subnet` block — do not also create an `azure.network.SubnetRouteTableAssociation` for the same subnet. The association resource is for when you manage the subnet as a separate `azure.network.Subnet` resource. */ routeTableId?: pulumi.Input; /** * The Network Security Group to associate with the subnet. (Referenced by `id`, ie. `azurerm_network_security_group.example.id`) */ securityGroup?: pulumi.Input; /** * The list of IDs of Service Endpoint Policies to associate with the subnet. */ serviceEndpointPolicyIds?: pulumi.Input[]>; /** * The list of Service endpoints to associate with the subnet. Possible values include: `Microsoft.AzureActiveDirectory`, `Microsoft.AzureCosmosDB`, `Microsoft.ContainerRegistry`, `Microsoft.EventHub`, `Microsoft.KeyVault`, `Microsoft.ServiceBus`, `Microsoft.Sql`, `Microsoft.Storage`, `Microsoft.Storage.Global` and `Microsoft.Web`. */ serviceEndpoints?: pulumi.Input[]>; } interface VirtualNetworkSubnetDelegation { /** * A name for this delegation. */ name: pulumi.Input; /** * A `serviceDelegation` block as defined below. */ serviceDelegation: pulumi.Input; } interface VirtualNetworkSubnetDelegationServiceDelegation { /** * A list of Actions which should be delegated. This list is specific to the service to delegate to. Possible values are `Microsoft.Network/networkinterfaces/*`, `Microsoft.Network/publicIPAddresses/join/action`, `Microsoft.Network/publicIPAddresses/read`, `Microsoft.Network/virtualNetworks/read`, `Microsoft.Network/virtualNetworks/subnets/action`, `Microsoft.Network/virtualNetworks/subnets/join/action`, `Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action`, and `Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action`. * * > **Note:** Azure may add default actions depending on the service delegation name and they can't be changed. */ actions?: pulumi.Input[]>; /** * The name of service to delegate to. Possible values are `GitHub.Network/networkSettings`, `Informatica.DataManagement/organizations`, `Microsoft.ApiManagement/service`, `Microsoft.Apollo/npu`, `Microsoft.App/environments`, `Microsoft.App/testClients`, `Microsoft.AVS/PrivateClouds`, `Microsoft.AzureCosmosDB/clusters`, `Microsoft.BareMetal/AzureHostedService`, `Microsoft.BareMetal/AzureHPC`, `Microsoft.BareMetal/AzurePaymentHSM`, `Microsoft.BareMetal/AzureVMware`, `Microsoft.BareMetal/CrayServers`, `Microsoft.BareMetal/MonitoringServers`, `Microsoft.Batch/batchAccounts`, `Microsoft.CloudTest/hostedpools`, `Microsoft.CloudTest/images`, `Microsoft.CloudTest/pools`, `Microsoft.Codespaces/plans`, `Microsoft.ContainerInstance/containerGroups`, `Microsoft.ContainerService/managedClusters`, `Microsoft.ContainerService/TestClients`, `Microsoft.Databricks/workspaces`, `Microsoft.DBforMySQL/flexibleServers`, `Microsoft.DBforMySQL/servers`, `Microsoft.DBforMySQL/serversv2`, `Microsoft.DBforPostgreSQL/flexibleServers`, `Microsoft.DBforPostgreSQL/serversv2`, `Microsoft.DBforPostgreSQL/singleServers`, `Microsoft.DelegatedNetwork/controller`, `Microsoft.DevCenter/networkConnection`, `Microsoft.DevOpsInfrastructure/pools`, `Microsoft.DocumentDB/cassandraClusters`, `Microsoft.Fidalgo/networkSettings`, `Microsoft.HardwareSecurityModules/dedicatedHSMs`, `Microsoft.Kusto/clusters`, `Microsoft.LabServices/labplans`, `Microsoft.Logic/integrationServiceEnvironments`, `Microsoft.MachineLearningServices/workspaces`, `Microsoft.Netapp/volumes`, `Microsoft.Network/applicationGateways`, `Microsoft.Network/dnsResolvers`, `Microsoft.Network/managedResolvers`, `Microsoft.Network/fpgaNetworkInterfaces`, `Microsoft.Network/networkWatchers.`, `Microsoft.Network/virtualNetworkGateways`, `Microsoft.Orbital/orbitalGateways`, `Microsoft.PowerAutomate/hostedRpa`, `Microsoft.PowerPlatform/enterprisePolicies`, `Microsoft.PowerPlatform/vnetaccesslinks`, `Microsoft.ServiceFabricMesh/networks`, `Microsoft.ServiceNetworking/trafficControllers`, `Microsoft.Singularity/accounts/networks`, `Microsoft.Singularity/accounts/npu`, `Microsoft.Sql/managedInstances`, `Microsoft.Sql/managedInstancesOnebox`, `Microsoft.Sql/managedInstancesStage`, `Microsoft.Sql/managedInstancesTest`, `Microsoft.Sql/servers`, `Microsoft.StoragePool/diskPools`, `Microsoft.StreamAnalytics/streamingJobs`, `Microsoft.Synapse/workspaces`, `Microsoft.Web/hostingEnvironments`, `Microsoft.Web/serverFarms`, `NGINX.NGINXPLUS/nginxDeployments`, `PaloAltoNetworks.Cloudngfw/firewalls`, `PureStorage.Block/storagePools`, `Qumulo.Storage/fileSystems`, and `Oracle.Database/networkAttachments`. */ name: pulumi.Input; } interface VnpGatewayNatRuleExternalMapping { /** * The string CIDR representing the address space for the VPN Gateway Nat Rule external mapping. */ addressSpace: pulumi.Input; /** * The single port range for the VPN Gateway Nat Rule external mapping. */ portRange?: pulumi.Input; } interface VnpGatewayNatRuleInternalMapping { /** * The string CIDR representing the address space for the VPN Gateway Nat Rule internal mapping. */ addressSpace: pulumi.Input; /** * The single port range for the VPN Gateway Nat Rule internal mapping. */ portRange?: pulumi.Input; } interface VpnGatewayBgpSettings { /** * The ASN of the BGP Speaker. Changing this forces a new resource to be created. */ asn: pulumi.Input; /** * The Address which should be used for the BGP Peering. */ bgpPeeringAddress?: pulumi.Input; /** * An `instanceBgpPeeringAddress` block as defined below. */ instance0BgpPeeringAddress?: pulumi.Input; /** * An `instanceBgpPeeringAddress` block as defined below. */ instance1BgpPeeringAddress?: pulumi.Input; /** * The weight added to Routes learned from this BGP Speaker. Changing this forces a new resource to be created. */ peerWeight: pulumi.Input; } interface VpnGatewayBgpSettingsInstance0BgpPeeringAddress { /** * A list of custom BGP peering addresses to assign to this instance. */ customIps: pulumi.Input[]>; /** * The list of default BGP peering addresses which belong to the pre-defined VPN Gateway IP configuration. */ defaultIps?: pulumi.Input[]>; /** * The pre-defined id of VPN Gateway IP Configuration. */ ipConfigurationId?: pulumi.Input; /** * The list of tunnel public IP addresses which belong to the pre-defined VPN Gateway IP configuration. */ tunnelIps?: pulumi.Input[]>; } interface VpnGatewayBgpSettingsInstance1BgpPeeringAddress { /** * A list of custom BGP peering addresses to assign to this instance. */ customIps: pulumi.Input[]>; /** * The list of default BGP peering addresses which belong to the pre-defined VPN Gateway IP configuration. */ defaultIps?: pulumi.Input[]>; /** * The pre-defined id of VPN Gateway IP Configuration. */ ipConfigurationId?: pulumi.Input; /** * The list of tunnel public IP addresses which belong to the pre-defined VPN Gateway IP configuration. */ tunnelIps?: pulumi.Input[]>; } interface VpnGatewayConnectionRouting { /** * The ID of the Route Table associated with this VPN Connection. */ associatedRouteTable: pulumi.Input; /** * The resource ID of the Route Map associated with this Routing Configuration for inbound learned routes. */ inboundRouteMapId?: pulumi.Input; /** * The resource ID of the Route Map associated with this Routing Configuration for outbound advertised routes. */ outboundRouteMapId?: pulumi.Input; /** * A `propagatedRouteTable` block as defined below. */ propagatedRouteTable?: pulumi.Input; } interface VpnGatewayConnectionRoutingPropagatedRouteTable { /** * A list of labels to assign to this route table. */ labels?: pulumi.Input[]>; /** * A list of Route Table IDs to associated with this VPN Gateway Connection. */ routeTableIds: pulumi.Input[]>; } interface VpnGatewayConnectionTrafficSelectorPolicy { /** * A list of local address spaces in CIDR format for this VPN Gateway Connection. */ localAddressRanges: pulumi.Input[]>; /** * A list of remote address spaces in CIDR format for this VPN Gateway Connection. */ remoteAddressRanges: pulumi.Input[]>; } interface VpnGatewayConnectionVpnLink { /** * The expected connection bandwidth in MBPS. Defaults to `10`. */ bandwidthMbps?: pulumi.Input; /** * Should the BGP be enabled? Defaults to `false`. Changing this forces a new VPN Gateway Connection to be created. */ bgpEnabled?: pulumi.Input; /** * The connection mode of this VPN Link. Possible values are `Default`, `InitiatorOnly` and `ResponderOnly`. Defaults to `Default`. */ connectionMode?: pulumi.Input; /** * One or more `customBgpAddress` blocks as defined below. */ customBgpAddresses?: pulumi.Input[]>; /** * The dead peer detection timeout of this connection in seconds. Possible values are between `9` and `3600`. */ dpdTimeoutSeconds?: pulumi.Input; /** * A list of the egress NAT Rule Ids. */ egressNatRuleIds?: pulumi.Input[]>; /** * A list of the ingress NAT Rule Ids. */ ingressNatRuleIds?: pulumi.Input[]>; /** * One or more `ipsecPolicy` blocks as defined above. */ ipsecPolicies?: pulumi.Input[]>; /** * Whether to use local Azure IP to initiate connection? Defaults to `false`. */ localAzureIpAddressEnabled?: pulumi.Input; /** * The name which should be used for this VPN Link Connection. */ name: pulumi.Input; /** * Whether to enable policy-based traffic selectors? Defaults to `false`. */ policyBasedTrafficSelectorEnabled?: pulumi.Input; /** * The protocol used for this VPN Link Connection. Possible values are `IKEv1` and `IKEv2`. Defaults to `IKEv2`. */ protocol?: pulumi.Input; /** * Should the rate limit be enabled? Defaults to `false`. */ ratelimitEnabled?: pulumi.Input; /** * Routing weight for this VPN Link Connection. Defaults to `0`. */ routeWeight?: pulumi.Input; /** * SharedKey for this VPN Link Connection. */ sharedKey?: pulumi.Input; /** * The ID of the connected VPN Site Link. Changing this forces a new VPN Gateway Connection to be created. */ vpnSiteLinkId: pulumi.Input; } interface VpnGatewayConnectionVpnLinkCustomBgpAddress { /** * The custom bgp ip address which belongs to the IP Configuration. */ ipAddress: pulumi.Input; /** * The ID of the IP Configuration which belongs to the VPN Gateway. */ ipConfigurationId: pulumi.Input; } interface VpnGatewayConnectionVpnLinkIpsecPolicy { /** * The DH Group used in IKE Phase 1 for initial SA. Possible values are `None`, `DHGroup1`, `DHGroup2`, `DHGroup14`, `DHGroup24`, `DHGroup2048`, `ECP256`, `ECP384`. */ dhGroup: pulumi.Input; /** * The IPSec encryption algorithm (IKE phase 1). Possible values are `AES128`, `AES192`, `AES256`, `DES`, `DES3`, `GCMAES128`, `GCMAES192`, `GCMAES256`, `None`. */ encryptionAlgorithm: pulumi.Input; /** * The IKE encryption algorithm (IKE phase 2). Possible values are `DES`, `DES3`, `AES128`, `AES192`, `AES256`, `GCMAES128`, `GCMAES256`. */ ikeEncryptionAlgorithm: pulumi.Input; /** * The IKE integrity algorithm (IKE phase 2). Possible values are `MD5`, `SHA1`, `SHA256`, `SHA384`, `GCMAES128`, `GCMAES256`. */ ikeIntegrityAlgorithm: pulumi.Input; /** * The IPSec integrity algorithm (IKE phase 1). Possible values are `MD5`, `SHA1`, `SHA256`, `GCMAES128`, `GCMAES192`, `GCMAES256`. */ integrityAlgorithm: pulumi.Input; /** * The Pfs Group used in IKE Phase 2 for the new child SA. Possible values are `None`, `PFS1`, `PFS2`, `PFS14`, `PFS24`, `PFS2048`, `PFSMM`, `ECP256`, `ECP384`. */ pfsGroup: pulumi.Input; /** * The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for the site to site VPN tunnel. */ saDataSizeKb: pulumi.Input; /** * The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for the site to site VPN tunnel. */ saLifetimeSec: pulumi.Input; } interface VpnGatewayIpConfiguration { /** * The identifier of the IP configuration for the VPN Gateway. */ id?: pulumi.Input; /** * The private IP address of this IP configuration. */ privateIpAddress?: pulumi.Input; /** * The public IP address of this IP configuration. */ publicIpAddress?: pulumi.Input; } interface VpnServerConfigurationAzureActiveDirectoryAuthentication { /** * The Audience which should be used for authentication. */ audience: pulumi.Input; /** * The Issuer which should be used for authentication. */ issuer: pulumi.Input; /** * The Tenant which should be used for authentication. */ tenant: pulumi.Input; } interface VpnServerConfigurationClientRevokedCertificate { /** * A name used to uniquely identify this certificate. */ name: pulumi.Input; /** * The Thumbprint of the Certificate. */ thumbprint: pulumi.Input; } interface VpnServerConfigurationClientRootCertificate { /** * A name used to uniquely identify this certificate. */ name: pulumi.Input; /** * The Public Key Data associated with the Certificate. */ publicCertData: pulumi.Input; } interface VpnServerConfigurationIpsecPolicy { /** * The DH Group, used in IKE Phase 1. Possible values include `DHGroup1`, `DHGroup2`, `DHGroup14`, `DHGroup24`, `DHGroup2048`, `ECP256`, `ECP384` and `None`. */ dhGroup: pulumi.Input; /** * The IKE encryption algorithm, used for IKE Phase 2. Possible values include `AES128`, `AES192`, `AES256`, `DES`, `DES3`, `GCMAES128` and `GCMAES256`. */ ikeEncryption: pulumi.Input; /** * The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values include `GCMAES128`, `GCMAES256`, `MD5`, `SHA1`, `SHA256` and `SHA384`. */ ikeIntegrity: pulumi.Input; /** * The IPSec encryption algorithm, used for IKE phase 1. Possible values include `AES128`, `AES192`, `AES256`, `DES`, `DES3`, `GCMAES128`, `GCMAES192`, `GCMAES256` and `None`. */ ipsecEncryption: pulumi.Input; /** * The IPSec integrity algorithm, used for IKE phase 1. Possible values include `GCMAES128`, `GCMAES192`, `GCMAES256`, `MD5`, `SHA1` and `SHA256`. */ ipsecIntegrity: pulumi.Input; /** * The Pfs Group, used in IKE Phase 2. Possible values include `ECP256`, `ECP384`, `PFS1`, `PFS2`, `PFS14`, `PFS24`, `PFS2048`, `PFSMM` and `None`. */ pfsGroup: pulumi.Input; /** * The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. */ saDataSizeKilobytes: pulumi.Input; /** * The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. */ saLifetimeSeconds: pulumi.Input; } interface VpnServerConfigurationPolicyGroupPolicy { /** * The name of the VPN Server Configuration Policy member. */ name: pulumi.Input; /** * The attribute type of the VPN Server Configuration Policy member. Possible values are `AADGroupId`, `CertificateGroupId` and `RadiusAzureGroupId`. */ type: pulumi.Input; /** * The value of the attribute that is used for the VPN Server Configuration Policy member. */ value: pulumi.Input; } interface VpnServerConfigurationRadius { /** * One or more `clientRootCertificate` blocks as defined below. */ clientRootCertificates?: pulumi.Input[]>; /** * One or more `serverRootCertificate` blocks as defined below. */ serverRootCertificates?: pulumi.Input[]>; /** * One or more `server` blocks as defined below. */ servers?: pulumi.Input[]>; } interface VpnServerConfigurationRadiusClientRootCertificate { /** * A name used to uniquely identify this certificate. */ name: pulumi.Input; /** * The Thumbprint of the Certificate. */ thumbprint: pulumi.Input; } interface VpnServerConfigurationRadiusServer { /** * The Address of the Radius Server. */ address: pulumi.Input; /** * The Score of the Radius Server determines the priority of the server. Ranges from 1 to 30. */ score: pulumi.Input; /** * The Secret used to communicate with the Radius Server. */ secret: pulumi.Input; } interface VpnServerConfigurationRadiusServerRootCertificate { /** * A name used to uniquely identify this certificate. */ name: pulumi.Input; /** * The Public Key Data associated with the Certificate. */ publicCertData: pulumi.Input; } interface VpnSiteLink { /** * A `bgp` block as defined above. * * > **Note:** The `link.bgp` has to be set when the `addressCidrs` isn't specified. */ bgp?: pulumi.Input; /** * The FQDN of this VPN Site Link. */ fqdn?: pulumi.Input; /** * The ID of the VPN Site Link. */ id?: pulumi.Input; /** * The IP address of this VPN Site Link. * * > **Note:** Either `fqdn` or `ipAddress` should be specified. */ ipAddress?: pulumi.Input; /** * The name which should be used for this VPN Site Link. */ name: pulumi.Input; /** * The name of the physical link at the VPN Site. Example: `ATT`, `Verizon`. */ providerName?: pulumi.Input; /** * The speed of the VPN device at the branch location in unit of mbps. Defaults to `0`. */ speedInMbps?: pulumi.Input; } interface VpnSiteLinkBgp { /** * The BGP speaker's ASN. */ asn: pulumi.Input; /** * The BGP peering IP address. */ peeringAddress: pulumi.Input; } interface VpnSiteO365Policy { /** * A `trafficCategory` block as defined above. */ trafficCategory?: pulumi.Input; } interface VpnSiteO365PolicyTrafficCategory { /** * Is allow endpoint enabled? The `Allow` endpoint is required for connectivity to specific O365 services and features, but are not as sensitive to network performance and latency as other endpoint types. Defaults to `false`. */ allowEndpointEnabled?: pulumi.Input; /** * Is default endpoint enabled? The `Default` endpoint represents O365 services and dependencies that do not require any optimization, and can be treated by customer networks as normal Internet bound traffic. Defaults to `false`. */ defaultEndpointEnabled?: pulumi.Input; /** * Is optimize endpoint enabled? The `Optimize` endpoint is required for connectivity to every O365 service and represents the O365 scenario that is the most sensitive to network performance, latency, and availability. Defaults to `false`. */ optimizeEndpointEnabled?: pulumi.Input; } } export declare namespace networkfunction { interface CollectorPolicyIpfxEmission { /** * A list of emission destination types. The only possible value is `AzureMonitor`. Changing this forces a new Network Function Collector Policy to be created. * * > **Note:** Please use the `azure.monitoring.DiagnosticSetting` resource to forward logs to a Log Analytics Workspace. */ destinationTypes: pulumi.Input; } interface CollectorPolicyIpfxIngestion { /** * A list of ingestion source resource IDs. Changing this forces a new Network Function Collector Policy to be created. */ sourceResourceIds: pulumi.Input[]>; } } export declare namespace newrelic { interface MonitorIdentity { /** * The Principal ID for the Service Principal associated with the Identity of this Azure Native New Relic Monitor. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Identity of this Azure Native New Relic Monitor. */ tenantId?: pulumi.Input; /** * Specifies the identity type of the Azure Native New Relic Monitor. The only possible value is `SystemAssigned`. Changing this forces a new Azure Native New Relic Monitor to be created. */ type: pulumi.Input; } interface MonitorPlan { /** * Specifies the billing cycles. Possible values are `MONTHLY`, `WEEKLY` and `YEARLY`. Defaults to `MONTHLY`. Changing this forces a new Azure Native New Relic Monitor to be created. */ billingCycle?: pulumi.Input; /** * Specifies the date when plan was applied. Changing this forces a new Azure Native New Relic Monitor to be created. */ effectiveDate: pulumi.Input; /** * Specifies the plan id published by NewRelic. The only possible value is `newrelic-pay-as-you-go-free-live`. Defaults to `newrelic-pay-as-you-go-free-live`. Changing this forces a new Azure Native New Relic Monitor to be created. */ planId?: pulumi.Input; /** * Specifies the usage type. Possible values are `COMMITTED` and `PAYG`. Defaults to `PAYG`. Changing this forces a new Azure Native New Relic Monitor to be created. */ usageType?: pulumi.Input; } interface MonitorUser { /** * Specifies the user Email. Changing this forces a new Azure Native New Relic Monitor to be created. */ email: pulumi.Input; /** * Specifies the first name. Changing this forces a new Azure Native New Relic Monitor to be created. */ firstName: pulumi.Input; /** * Specifies the last name. Changing this forces a new Azure Native New Relic Monitor to be created. */ lastName: pulumi.Input; /** * Specifies the contact phone number. Changing this forces a new Azure Native New Relic Monitor to be created. */ phoneNumber: pulumi.Input; } interface TagRuleLogTagFilter { /** * Valid actions for a filtering tag. Possible values are `Exclude` and `Include`. Exclusion takes priority over inclusion. */ action: pulumi.Input; /** * Specifies the name (also known as the key) of the tag. */ name: pulumi.Input; /** * Specifies the value of the tag. */ value: pulumi.Input; } interface TagRuleMetricTagFilter { /** * Valid actions for a filtering tag. Possible values are `Exclude` and `Include`. Exclusion takes priority over inclusion. */ action: pulumi.Input; /** * Specifies the name (also known as the key) of the tag. */ name: pulumi.Input; /** * Specifies the value of the tag. */ value: pulumi.Input; } } export declare namespace nginx { interface ConfigurationConfigFile { /** * Specifies the base-64 encoded contents of this config file. */ content: pulumi.Input; /** * Specifies the path of this config file. */ virtualPath: pulumi.Input; } interface ConfigurationProtectedFile { /** * Specifies the base-64 encoded contents of this config file (Sensitive). */ content: pulumi.Input; /** * The hash of the contents of this configuration file prefixed by the algorithm used. */ contentHash?: pulumi.Input; /** * Specifies the path of this config file. */ virtualPath: pulumi.Input; } interface DeploymentAutoScaleProfile { /** * Specify the maximum number of NGINX capacity units for this NGINX Deployment. * * > **Note:** If you're using autoscaling with deployments created before v4.0, you may need to use Terraform's `ignoreChanges` functionality to ignore changes to the `capacity` field. */ maxCapacity: pulumi.Input; /** * Specify the minimum number of NGINX capacity units for this NGINX Deployment. */ minCapacity: pulumi.Input; /** * Specify the name of the autoscaling profile. */ name: pulumi.Input; } interface DeploymentFrontendPrivate { /** * Specify the method for allocating the private IP. Possible values are `Static` and `Dynamic`. */ allocationMethod: pulumi.Input; /** * Specify the private IP Address. */ ipAddress: pulumi.Input; /** * Specify the Subnet Resource ID for this NGINX Deployment. */ subnetId: pulumi.Input; } interface DeploymentFrontendPublic { /** * Specifies a list of Public IP Resource ID to this NGINX Deployment. */ ipAddresses?: pulumi.Input[]>; } interface DeploymentIdentity { /** * Specifies a list of user managed identity ids to be assigned. * * > **Note:** This is required when `type` is set to `UserAssigned`. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the identity type of the NGINX Deployment. Possible values are `SystemAssigned`, `UserAssigned` or `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface DeploymentLoggingStorageAccount { containerName?: pulumi.Input; /** * The name which should be used for this NGINX Deployment. Changing this forces a new NGINX Deployment to be created. */ name?: pulumi.Input; } interface DeploymentNetworkInterface { /** * Specify The Subnet Resource ID for this NGINX Deployment. */ subnetId: pulumi.Input; } interface DeploymentWebApplicationFirewall { /** * Whether WAF is enabled/disabled for this NGINX Deployment. */ activationStateEnabled: pulumi.Input; /** * A `status` block as defined below. */ statuses?: pulumi.Input[]>; } interface DeploymentWebApplicationFirewallStatus { /** * One or more `attackSignaturesPackage` blocks as defined below. */ attackSignaturesPackages?: pulumi.Input[]>; /** * One or more `botSignaturesPackage` blocks as defined below. */ botSignaturesPackages?: pulumi.Input[]>; /** * One or more `componentVersions` blocks as defined below. */ componentVersions?: pulumi.Input[]>; /** * One or more `threatCampaignsPackage` blocks as defined below. */ threatCampaignsPackages?: pulumi.Input[]>; } interface DeploymentWebApplicationFirewallStatusAttackSignaturesPackage { /** * The revision date and time of the threat campaigns package. */ revisionDatetime?: pulumi.Input; /** * The version of the threat campaigns package. */ version?: pulumi.Input; } interface DeploymentWebApplicationFirewallStatusBotSignaturesPackage { /** * The revision date and time of the threat campaigns package. */ revisionDatetime?: pulumi.Input; /** * The version of the threat campaigns package. */ version?: pulumi.Input; } interface DeploymentWebApplicationFirewallStatusComponentVersion { /** * The version of the WAF Engine. */ wafEngineVersion?: pulumi.Input; /** * The version of the WAF Nginx module. */ wafNginxVersion?: pulumi.Input; } interface DeploymentWebApplicationFirewallStatusThreatCampaignsPackage { /** * The revision date and time of the threat campaigns package. */ revisionDatetime?: pulumi.Input; /** * The version of the threat campaigns package. */ version?: pulumi.Input; } } export declare namespace notificationhub { interface HubApnsCredential { /** * The Application Mode which defines which server the APNS Messages should be sent to. Possible values are `Production` and `Sandbox`. */ applicationMode: pulumi.Input; /** * The Bundle ID of the iOS/macOS application to send push notifications for, such as `com.org.example`. */ bundleId: pulumi.Input; /** * The Apple Push Notifications Service (APNS) Key. */ keyId: pulumi.Input; /** * The ID of the team the Token. */ teamId: pulumi.Input; /** * The Push Token associated with the Apple Developer Account. This is the contents of the `key` downloaded from [the Apple Developer Portal](https://developer.apple.com/account/ios/authkey/) between the `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` blocks. */ token: pulumi.Input; } interface HubBrowserCredential { /** * The subject name of web push. */ subject: pulumi.Input; /** * The Voluntary Application Server Identification (VAPID) private key. */ vapidPrivateKey: pulumi.Input; /** * The Voluntary Application Server Identification (VAPID) public key. */ vapidPublicKey: pulumi.Input; } interface HubGcmCredential { /** * The API Key associated with the Google Cloud Messaging service. */ apiKey: pulumi.Input; } } export declare namespace operationalinsights { interface AnalyticsSolutionPlan { name?: pulumi.Input; /** * The product name of the solution. For example `OMSGallery/Containers`. Changing this forces a new resource to be created. */ product: pulumi.Input; /** * A promotion code to be used with the solution. Changing this forces a new resource to be created. */ promotionCode?: pulumi.Input; /** * The publisher of the solution. For example `Microsoft`. Changing this forces a new resource to be created. */ publisher: pulumi.Input; } interface AnalyticsWorkspaceIdentity { /** * Specifies a list of user managed identity ids to be assigned. Required if `type` is `UserAssigned`. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the identity type of the Log Analytics Workspace. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you) and `UserAssigned` where you can specify the Service Principal IDs in the `identityIds` field. * * > **Note:** When `type` is set to `SystemAssigned`, The assigned `principalId` and `tenantId` can be retrieved after the Log Analytics Workspace has been created. */ type: pulumi.Input; } } export declare namespace oracle { interface AutonomousDatabaseLongTermBackupSchedule { enabled: pulumi.Input; repeatCadence: pulumi.Input; retentionPeriodInDays: pulumi.Input; timeOfBackup: pulumi.Input; } interface CloudVmClusterDataCollectionOptions { /** * Indicates whether diagnostic collection is enabled for the VM Cluster/Cloud VM Cluster/VMBM DBCS. Enabling diagnostic collection allows you to receive Events service notifications for guest VM issues. Diagnostic collection also allows Oracle to provide enhanced service and proactive support for your Exadata system. You can enable diagnostic collection during VM Cluster/Cloud VM Cluster provisioning. You can also disable or enable it at any time using the `UpdateVmCluster` or `updateCloudVmCluster` API. Changing this forces a new Cloud VM Cluster to be created. */ diagnosticsEventsEnabled?: pulumi.Input; /** * Indicates whether health monitoring is enabled for the VM Cluster / Cloud VM Cluster / VMBM DBCS. Enabling health monitoring allows Oracle to collect diagnostic data and share it with its operations and support personnel. You may also receive notifications for some events. Collecting health diagnostics enables Oracle to provide proactive support and enhanced service for your system. Optionally enable health monitoring while provisioning a system. You can also disable or enable health monitoring anytime using the `UpdateVmCluster`, `UpdateCloudVmCluster` or `updateDbsystem` API. Changing this forces a new Cloud VM Cluster to be created. */ healthMonitoringEnabled?: pulumi.Input; /** * Indicates whether incident logs and trace collection are enabled for the VM Cluster / Cloud VM Cluster / VMBM DBCS. Enabling incident logs collection allows Oracle to receive Events service notifications for guest VM issues, collect incident logs and traces, and use them to diagnose issues and resolve them. Optionally enable incident logs collection while provisioning a system. You can also disable or enable incident logs collection anytime using the `UpdateVmCluster`, `updateCloudVmCluster` or `updateDbsystem` API. Changing this forces a new Cloud VM Cluster to be created. */ incidentLogsEnabled?: pulumi.Input; } interface CloudVmClusterFileSystemConfiguration { /** * The mount path of the file system. */ mountPoint?: pulumi.Input; /** * The size of the virtual machine's file system. */ sizeInGb?: pulumi.Input; } interface ExadataInfrastructureMaintenanceWindow { /** * Days during the week when maintenance should be performed. Valid values are: `0` - represents time slot `0:00 - 3:59 UTC - 4` - represents time slot `4:00 - 7:59 UTC - 8` - represents time slot 8:00 - 11:59 UTC - 12 - represents time slot 12:00 - 15:59 UTC - 16 - represents time slot 16:00 - 19:59 UTC - 20 - represents time slot `20:00 - 23:59 UTC`. Changing this forces a new Cloud Exadata Infrastructure to be created. */ daysOfWeeks?: pulumi.Input[]>; /** * The window of hours during the day when maintenance should be performed. The window is a 4 hour slot. Changing this forces a new Cloud Exadata Infrastructure to be created. */ hoursOfDays?: pulumi.Input[]>; /** * Lead time window allows user to set a lead time to prepare for a down time. The lead time is in weeks and valid value is between `1` to `4`. Changing this forces a new Cloud Exadata Infrastructure to be created. */ leadTimeInWeeks?: pulumi.Input; /** * Months during the year when maintenance should be performed. Changing this forces a new Cloud Exadata Infrastructure to be created. */ months?: pulumi.Input[]>; /** * Cloud Exadata Infrastructure node patching method, either `ROLLING` or `NONROLLING`. Default value is `ROLLING`. IMPORTANT: Non-rolling infrastructure patching involves system down time. See [Oracle-Managed Infrastructure Maintenance Updates](https://docs.cloud.oracle.com/iaas/Content/Database/Concepts/examaintenance.htm#Oracle) for more information. Changing this forces a new Cloud Exadata Infrastructure to be created. */ patchingMode?: pulumi.Input; /** * The maintenance window scheduling preference. Changing this forces a new Cloud Exadata Infrastructure to be created. */ preference?: pulumi.Input; /** * Weeks during the month when maintenance should be performed. Weeks start on the 1st, 8th, 15th, and 22nd days of the month, and have a duration of 7 days. Weeks start and end based on calendar dates, not days of the week. For example, to allow maintenance during the 2nd week of the month (from the 8th day to the 14th day of the month), use the value 2. Maintenance cannot be scheduled for the fifth week of months that contain more than 28 days. Note that this parameter works in conjunction with the daysOfWeek and hoursOfDay parameters to allow you to specify specific days of the week and hours that maintenance will be performed. Changing this forces a new Cloud Exadata Infrastructure to be created. */ weeksOfMonths?: pulumi.Input[]>; } interface ExascaleDatabaseStorageVaultHighCapacityDatabaseStorage { /** * Available size in gigabytes. */ availableSizeInGb?: pulumi.Input; /** * Total capacity in gigabytes. Changing this forces a new Exadata Database Storage Vault to be created. */ totalSizeInGb: pulumi.Input; } } export declare namespace orbital { interface ContactProfileLink { /** * A list of contact profile link channels. A `channels` block as defined below. */ channels: pulumi.Input[]>; /** * Direction of the link. Possible values are `Uplink` and `Downlink`. */ direction: pulumi.Input; /** * Name of the link. */ name: pulumi.Input; /** * Polarization of the link. Possible values are `LHCP`, `RHCP`, `linearVertical` and `linearHorizontal`. */ polarization: pulumi.Input; } interface ContactProfileLinkChannel { /** * Bandwidth in MHz. */ bandwidthMhz: pulumi.Input; /** * Center frequency in MHz. */ centerFrequencyMhz: pulumi.Input; /** * Copy of the modem configuration file such as Kratos QRadio or Kratos QuantumRx. Only valid for downlink directions. If provided, the modem connects to the customer endpoint and sends demodulated data instead of a VITA.49 stream. */ demodulationConfiguration?: pulumi.Input; /** * Customer End point to store/retrieve data during a contact. An `endPoint` block as defined below. */ endPoints: pulumi.Input[]>; /** * Copy of the modem configuration file such as Kratos QRadio. Only valid for uplink directions. If provided, the modem connects to the customer endpoint and accepts commands from the customer instead of a VITA.49 stream. */ modulationConfiguration?: pulumi.Input; /** * Name of the channel. */ name: pulumi.Input; } interface ContactProfileLinkChannelEndPoint { /** * Name of an end point. */ endPointName: pulumi.Input; /** * IP address of an end point. */ ipAddress?: pulumi.Input; /** * TCP port to listen on to receive data. */ port: pulumi.Input; /** * Protocol of an end point. Possible values are `TCP` and `UDP`. */ protocol: pulumi.Input; } interface SpacecraftLink { /** * Bandwidth in Mhz. */ bandwidthMhz: pulumi.Input; /** * Center frequency in Mhz. * * > **Note:** The value of `centerFrequencyMhz +/- bandwidthMhz / 2` should fall in one of these ranges: `Uplink/LHCP`: [2025, 2120]; `Uplink/Linear`: [399, 403],[435, 438],[449, 451]; `Uplink/RHCP`: [399, 403],[435, 438],[449, 451],[2025, 2120]; `Downlink/LHCP`: [2200, 2300], [7500, 8400]; `Downlink/Linear`: [399, 403], [435, 438], [449, 451]; Downlink/Linear`: [399, 403], [435, 438], [449, 451], [2200, 2300], [7500, 8400] */ centerFrequencyMhz: pulumi.Input; /** * Direction if the communication. Possible values are `Uplink` and `Downlink`. */ direction: pulumi.Input; /** * Name of the link. */ name: pulumi.Input; /** * Polarization. Possible values are `RHCP`, `LHCP`, `linearVertical` and `linearHorizontal`. */ polarization: pulumi.Input; } } export declare namespace paloalto { interface LocalRulestackRuleCategory { /** * Specifies a list of URL categories to match. Possible values include `abortion`, `abused-drugs`, `adult`, `alcohol-and-tobacco`, `auctions`, `business-and-economy`, `command-and-control`, `computer-and-internet-info`, `content-delivery-networks`, `copyright-infringement`, `cryptocurrency`, `dating`, `dynamic-dns`, `educational-institutions`, `entertainment-and-arts`, `extremism`, `financial-services`, `gambling`, `games`, `government`, `grayware`, `hacking`, `health-and-medicine`, `high-risk`, `home-and-garden`, `hunting-and-fishing`, `insufficient-content`, `internet-communications-and-telephony`, `internet-portals`, `job-search`, `legal`, `low-risk`, `malware`, `medium-risk`, `military`, `motor-vehicles`, `music`, `newly-registered-domain`, `news`, `not-resolved`, `nudity`, `online-storage-and-backup`, `parked`, `peer-to-peer`, `personal-sites-and-blogs`, `philosophy-and-political-advocacy`, `phishing`, `private-ip-addresses`, `proxy-avoidance-and-anonymizers`, `questionable`, `real-estate`, `real-time-detection`, `recreation-and-hobbies`, `reference-and-research`, `religion`, `search-engines`, `sex-education`, `shareware-and-freeware`, `shopping`, `social-networking`, `society`, `sports`, `stock-advice-and-tools`, `streaming-media`, `swimsuits-and-intimate-apparel`, `training-and-tools`, `translation`, `travel`, `unknown`, `weapons`, `web-advertisements`, `web-based-email`, and `web-hosting`. */ customUrls: pulumi.Input[]>; /** * Specifies a list of feeds to match. */ feeds?: pulumi.Input[]>; } interface LocalRulestackRuleDestination { /** * Specifies a list of CIDR's. */ cidrs?: pulumi.Input[]>; /** * Specifies a list of ISO3361-1 Alpha-2 Country codes. Possible values include `AF`, `AX`, `AL`, `DZ`, `AS`, `AD`, `AO`, `AI`, `AQ`, `AG`, `AR`, `AM`, `AW`, `AU`, `AT`, `AZ`, `BS`, `BH`, `BD`, `BB`, `BY`, `BE`, `BZ`, `BJ`, `BM`, `BT`, `BO`, `BQ`, `BA`, `BW`, `BV`, `BR`, `IO`, `BN`, `BG`, `BF`, `BI`, `KH`, `CM`, `CA`, `CV`, `KY`, `CF`, `TD`, `CL`, `CN`, `CX`, `CC`, `CO`, `KM`, `CG`, `CD`, `CK`, `CR`, `CI`, `HR`, `CU`, `CW`, `CY`, `CZ`, `DK`, `DJ`, `DM`, `DO`, `EC`, `EG`, `SV`, `GQ`, `ER`, `EE`, `ET`, `FK`, `FO`, `FJ`, `FI`, `FR`, `GF`, `PF`, `TF`, `GA`, `GM`, `GE`, `DE`, `GH`, `GI`, `GR`, `GL`, `GD`, `GP`, `GU`, `GT`, `GG`, `GN`, `GW`, `GY`, `HT`, `HM`, `VA`, `HN`, `HK`, `HU`, `IS`, `IN`, `ID`, `IR`, `IQ`, `IE`, `IM`, `IL`, `IT`, `JM`, `JP`, `JE`, `JO`, `KZ`, `KE`, `KI`, `KP`, `KR`, `KW`, `KG`, `LA`, `LV`, `LB`, `LS`, `LR`, `LY`, `LI`, `LT`, `LU`, `MO`, `MK`, `MG`, `MW`, `MY`, `MV`, `ML`, `MT`, `MH`, `MQ`, `MR`, `MU`, `YT`, `MX`, `FM`, `MD`, `MC`, `MN`, `ME`, `MS`, `MA`, `MZ`, `MM`, `NA`, `NR`, `NP`, `NL`, `NC`, `NZ`, `NI`, `NE`, `NG`, `NU`, `NF`, `MP`, `NO`, `OM`, `PK`, `PW`, `PS`, `PA`, `PG`, `PY`, `PE`, `PH`, `PN`, `PL`, `PT`, `PR`, `QA`, `RE`, `RO`, `RU`, `RW`, `BL`, `SH`, `KN`, `LC`, `MF`, `PM`, `VC`, `WS`, `SM`, `ST`, `SA`, `SN`, `RS`, `SC`, `SL`, `SG`, `SX`, `SK`, `SI`, `SB`, `SO`, `ZA`, `GS`, `SS`, `ES`, `LK`, `SD`, `SR`, `SJ`, `SZ`, `SE`, `CH`, `SY`, `TW`, `TJ`, `TZ`, `TH`, `TL`, `TG`, `TK`, `TO`, `TT`, `TN`, `TR`, `TM`, `TC`, `TV`, `UG`, `UA`, `AE`, `GB`, `US`, `UM`, `UY`, `UZ`, `VU`, `VE`, `VN`, `VG`, `VI`, `WF`, `EH`, `YE`, `ZM`, `ZW` */ countries?: pulumi.Input[]>; /** * Specifies a list of Feeds. */ feeds?: pulumi.Input[]>; /** * Specifies a list of FQDN lists. * * > **Note:** This is a list of names of FQDN Lists configured on the same Local Rulestack as this Rule is being created. */ localRulestackFqdnListIds?: pulumi.Input[]>; /** * Specifies a list of Prefix Lists. * * > **Note:** This is a list of names of Prefix Lists configured on the same Local Rulestack as this Rule is being created. */ localRulestackPrefixListIds?: pulumi.Input[]>; } interface LocalRulestackRuleSource { /** * Specifies a list of CIDRs. */ cidrs?: pulumi.Input[]>; /** * Specifies a list of ISO3361-1 Alpha-2 Country codes. Possible values include `AF`, `AX`, `AL`, `DZ`, `AS`, `AD`, `AO`, `AI`, `AQ`, `AG`, `AR`, `AM`, `AW`, `AU`, `AT`, `AZ`, `BS`, `BH`, `BD`, `BB`, `BY`, `BE`, `BZ`, `BJ`, `BM`, `BT`, `BO`, `BQ`, `BA`, `BW`, `BV`, `BR`, `IO`, `BN`, `BG`, `BF`, `BI`, `KH`, `CM`, `CA`, `CV`, `KY`, `CF`, `TD`, `CL`, `CN`, `CX`, `CC`, `CO`, `KM`, `CG`, `CD`, `CK`, `CR`, `CI`, `HR`, `CU`, `CW`, `CY`, `CZ`, `DK`, `DJ`, `DM`, `DO`, `EC`, `EG`, `SV`, `GQ`, `ER`, `EE`, `ET`, `FK`, `FO`, `FJ`, `FI`, `FR`, `GF`, `PF`, `TF`, `GA`, `GM`, `GE`, `DE`, `GH`, `GI`, `GR`, `GL`, `GD`, `GP`, `GU`, `GT`, `GG`, `GN`, `GW`, `GY`, `HT`, `HM`, `VA`, `HN`, `HK`, `HU`, `IS`, `IN`, `ID`, `IR`, `IQ`, `IE`, `IM`, `IL`, `IT`, `JM`, `JP`, `JE`, `JO`, `KZ`, `KE`, `KI`, `KP`, `KR`, `KW`, `KG`, `LA`, `LV`, `LB`, `LS`, `LR`, `LY`, `LI`, `LT`, `LU`, `MO`, `MK`, `MG`, `MW`, `MY`, `MV`, `ML`, `MT`, `MH`, `MQ`, `MR`, `MU`, `YT`, `MX`, `FM`, `MD`, `MC`, `MN`, `ME`, `MS`, `MA`, `MZ`, `MM`, `NA`, `NR`, `NP`, `NL`, `NC`, `NZ`, `NI`, `NE`, `NG`, `NU`, `NF`, `MP`, `NO`, `OM`, `PK`, `PW`, `PS`, `PA`, `PG`, `PY`, `PE`, `PH`, `PN`, `PL`, `PT`, `PR`, `QA`, `RE`, `RO`, `RU`, `RW`, `BL`, `SH`, `KN`, `LC`, `MF`, `PM`, `VC`, `WS`, `SM`, `ST`, `SA`, `SN`, `RS`, `SC`, `SL`, `SG`, `SX`, `SK`, `SI`, `SB`, `SO`, `ZA`, `GS`, `SS`, `ES`, `LK`, `SD`, `SR`, `SJ`, `SZ`, `SE`, `CH`, `SY`, `TW`, `TJ`, `TZ`, `TH`, `TL`, `TG`, `TK`, `TO`, `TT`, `TN`, `TR`, `TM`, `TC`, `TV`, `UG`, `UA`, `AE`, `GB`, `US`, `UM`, `UY`, `UZ`, `VU`, `VE`, `VN`, `VG`, `VI`, `WF`, `EH`, `YE`, `ZM`, `ZW` */ countries?: pulumi.Input[]>; /** * Specifies a list of Feeds. */ feeds?: pulumi.Input[]>; /** * Specifies a list of Prefix Lists. * * > **Note:** This is a list of names of Prefix Lists configured on the same Local Rulestack as this Rule is being created. */ localRulestackPrefixListIds?: pulumi.Input[]>; } interface NextGenerationFirewallVirtualHubLocalRulestackDestinationNat { /** * A `backendConfig` block as defined above. */ backendConfig?: pulumi.Input; /** * A `frontendConfig` block as defined below. */ frontendConfig?: pulumi.Input; /** * The name which should be used for this NAT. */ name: pulumi.Input; /** * The protocol used for this Destination NAT. Possible values include `TCP` and `UDP`. */ protocol: pulumi.Input; } interface NextGenerationFirewallVirtualHubLocalRulestackDestinationNatBackendConfig { /** * The port number to send traffic to. */ port: pulumi.Input; /** * The Public IP Address to send the traffic to. */ publicIpAddress: pulumi.Input; } interface NextGenerationFirewallVirtualHubLocalRulestackDestinationNatFrontendConfig { /** * The port on which traffic will be receiveed. */ port: pulumi.Input; /** * The ID of the Public IP Address resource the traffic will be received on. */ publicIpAddressId: pulumi.Input; } interface NextGenerationFirewallVirtualHubLocalRulestackDnsSettings { azureDnsServers?: pulumi.Input[]>; /** * Specifies a list of DNS servers to proxy. Conflicts with `dns_settings[0].use_azure_dns`. */ dnsServers?: pulumi.Input[]>; /** * Should Azure DNS servers be used? Conflicts with `dns_settings[0].dns_servers`. Defaults to `false`. */ useAzureDns?: pulumi.Input; } interface NextGenerationFirewallVirtualHubLocalRulestackNetworkProfile { /** * Specifies a list of Public IP IDs to use for Egress NAT. */ egressNatIpAddressIds?: pulumi.Input[]>; egressNatIpAddresses?: pulumi.Input[]>; ipOfTrustForUserDefinedRoutes?: pulumi.Input; /** * The ID of the Palo Alto Network Virtual Appliance in the VHub. Changing this forces a new Palo Alto Next Generation Firewall VHub Local Rulestack to be created. */ networkVirtualApplianceId: pulumi.Input; /** * Specifies a list of Public IP IDs to use for this Next Generation Firewall. */ publicIpAddressIds: pulumi.Input[]>; publicIpAddresses?: pulumi.Input[]>; /** * Specifies a list of trusted ranges to use for the Network. */ trustedAddressRanges?: pulumi.Input[]>; trustedSubnetId?: pulumi.Input; untrustedSubnetId?: pulumi.Input; /** * The ID of the Virtual Hub this Next generation Fireall will be deployed in. Changing this forces a new Palo Alto Next Generation Firewall VHub Local Rulestack to be created. */ virtualHubId: pulumi.Input; } interface NextGenerationFirewallVirtualHubPanoramaDestinationNat { /** * A `backendConfig` block as defined above. */ backendConfig?: pulumi.Input; /** * A `frontendConfig` block as defined below. */ frontendConfig?: pulumi.Input; /** * The name which should be used for this NAT. */ name: pulumi.Input; /** * The protocol used for this Destination NAT. Possible values include `TCP` and `UDP`. */ protocol: pulumi.Input; } interface NextGenerationFirewallVirtualHubPanoramaDestinationNatBackendConfig { /** * The port number to send traffic to. */ port: pulumi.Input; /** * The Public IP Address to send the traffic to. */ publicIpAddress: pulumi.Input; } interface NextGenerationFirewallVirtualHubPanoramaDestinationNatFrontendConfig { /** * The port on which traffic will be receiveed. */ port: pulumi.Input; /** * The ID of the Public IP Address resource the traffic will be received on. */ publicIpAddressId: pulumi.Input; } interface NextGenerationFirewallVirtualHubPanoramaDnsSettings { azureDnsServers?: pulumi.Input[]>; /** * Specifies a list of DNS servers to proxy. Conflicts with `dns_settings[0].use_azure_dns`. */ dnsServers?: pulumi.Input[]>; /** * Should Azure DNS servers be used? Conflicts with `dns_settings[0].dns_servers`. Defaults to `false`. */ useAzureDns?: pulumi.Input; } interface NextGenerationFirewallVirtualHubPanoramaNetworkProfile { /** * Specifies a list of Public IP IDs to use for Egress NAT. */ egressNatIpAddressIds?: pulumi.Input[]>; egressNatIpAddresses?: pulumi.Input[]>; ipOfTrustForUserDefinedRoutes?: pulumi.Input; /** * The ID of the Palo Alto Network Virtual Appliance in the VHub. Changing this forces a new Palo Alto Next Generation Firewall VHub Panorama to be created. */ networkVirtualApplianceId: pulumi.Input; /** * Specifies a list of Public IP IDs to use for this Next Generation Firewall. */ publicIpAddressIds: pulumi.Input[]>; publicIpAddresses?: pulumi.Input[]>; /** * Specifies a list of trusted ranges to use for the Network. */ trustedAddressRanges?: pulumi.Input[]>; trustedSubnetId?: pulumi.Input; untrustedSubnetId?: pulumi.Input; /** * The ID of the Virtual Hub this Next generation Fireall will be deployed in. Changing this forces a new Palo Alto Next Generation Firewall VHub Local Rulestack to be created. */ virtualHubId: pulumi.Input; } interface NextGenerationFirewallVirtualHubPanoramaPanorama { deviceGroupName?: pulumi.Input; hostName?: pulumi.Input; /** * The name which should be used for this Palo Alto Next Generation Firewall VHub Panorama. Changing this forces a new Palo Alto Next Generation Firewall VHub Panorama to be created. */ name?: pulumi.Input; panoramaServer1?: pulumi.Input; panoramaServer2?: pulumi.Input; templateName?: pulumi.Input; virtualMachineSshKey?: pulumi.Input; } interface NextGenerationFirewallVirtualHubStrataCloudManagerDestinationNat { /** * One or more `backendConfig` block as defined below. */ backendConfig?: pulumi.Input; /** * One or more `frontendConfig` block as defined below. */ frontendConfig?: pulumi.Input; /** * The name which should be used for this Destination NAT rule. */ name: pulumi.Input; /** * The protocol used for this Destination NAT. Possible values include `TCP` and `UDP`. */ protocol: pulumi.Input; } interface NextGenerationFirewallVirtualHubStrataCloudManagerDestinationNatBackendConfig { /** * The port number to send traffic to. */ port: pulumi.Input; /** * The public IP Address to send the traffic to. */ publicIpAddress: pulumi.Input; } interface NextGenerationFirewallVirtualHubStrataCloudManagerDestinationNatFrontendConfig { /** * The port on which traffic will be received. */ port: pulumi.Input; /** * The ID of the Public IP Address resource the traffic will be received on. */ publicIpAddressId: pulumi.Input; } interface NextGenerationFirewallVirtualHubStrataCloudManagerDnsSettings { azureDnsServers?: pulumi.Input[]>; /** * A list of DNS servers to use. Conflicts with `dns_settings[0].use_azure_dns`. */ dnsServers?: pulumi.Input[]>; /** * Should Azure DNS servers be used? Conflicts with `dns_settings[0].dns_servers`. Defaults to `false`. */ useAzureDns?: pulumi.Input; } interface NextGenerationFirewallVirtualHubStrataCloudManagerIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this App Configuration. */ identityIds: pulumi.Input[]>; /** * The type of Managed Service Identity that should be configured on this App Configuration. The only possible value is `UserAssigned`. */ type: pulumi.Input; } interface NextGenerationFirewallVirtualHubStrataCloudManagerNetworkProfile { /** * A list of Public IP IDs to use for Egress NAT. */ egressNatIpAddressIds?: pulumi.Input[]>; /** * A list of Egress NAT IP addresses. */ egressNatIpAddresses?: pulumi.Input[]>; /** * The IP of trusted subnet for UDR. */ ipOfTrustForUserDefinedRoutes?: pulumi.Input; /** * The ID of the Palo Alto Network Virtual Appliance in the VHub. Changing this forces a new Palo Alto Next Generation Firewall Virtual Hub Strata Cloud Manager to be created. */ networkVirtualApplianceId: pulumi.Input; /** * A list of Public IP IDs to use for this Next Generation Firewall. */ publicIpAddressIds: pulumi.Input[]>; /** * A list of public IPs associated with this Next Generation Firewall. */ publicIpAddresses?: pulumi.Input[]>; /** * A list of trusted ranges to use for the Network. */ trustedAddressRanges?: pulumi.Input[]>; /** * The ID of trusted subnet. */ trustedSubnetId?: pulumi.Input; /** * The ID of untrusted subnet. */ untrustedSubnetId?: pulumi.Input; /** * The ID of the Virtual Hub this Next Generation Firewall will be deployed in. Changing this forces a new Palo Alto Next Generation Firewall Virtual Hub Strata Cloud Manager to be created. */ virtualHubId: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNat { /** * A `backendConfig` block as defined above. */ backendConfig?: pulumi.Input; /** * A `frontendConfig` block as defined below. */ frontendConfig?: pulumi.Input; /** * The name which should be used for this Destination NAT. */ name: pulumi.Input; /** * The Protocol for this Destination NAT configuration. Possible values include `TCP` and `UDP`. */ protocol: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatBackendConfig { /** * The port number to send traffic to. */ port: pulumi.Input; /** * The IP Address to send the traffic to. */ publicIpAddress: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkLocalRulestackDestinationNatFrontendConfig { /** * The port on which to receive traffic. */ port: pulumi.Input; /** * The ID of the Public IP Address on which to receive traffic. * * > **Note:** This must be an Azure Public IP address ID also specified in the `publicIpAddressIds` list. */ publicIpAddressId: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkLocalRulestackDnsSettings { azureDnsServers?: pulumi.Input[]>; /** * Specifies a list of DNS servers to use. Conflicts with `dns_settings[0].use_azure_dns`. */ dnsServers?: pulumi.Input[]>; /** * Should the Firewall use Azure Supplied DNS servers. Conflicts with `dns_settings[0].dns_servers`. Defaults to `false`. */ useAzureDns?: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfile { /** * Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation. */ egressNatIpAddressIds?: pulumi.Input[]>; egressNatIpAddresses?: pulumi.Input[]>; /** * Specifies a list of Azure Public IP Address IDs. */ publicIpAddressIds: pulumi.Input[]>; publicIpAddresses?: pulumi.Input[]>; /** * Specifies a list of trusted ranges to use for the Network. */ trustedAddressRanges?: pulumi.Input[]>; /** * A `vnetConfiguration` block as defined below. */ vnetConfiguration: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkLocalRulestackNetworkProfileVnetConfiguration { ipOfTrustForUserDefinedRoutes?: pulumi.Input; /** * The ID of the Trust subnet. */ trustedSubnetId?: pulumi.Input; /** * The ID of the UnTrust subnet. */ untrustedSubnetId?: pulumi.Input; /** * The ID of the Virtual Network. */ virtualNetworkId: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkPanoramaDestinationNat { /** * A `backendConfig` block as defined above. */ backendConfig?: pulumi.Input; /** * A `frontendConfig` block as defined below. */ frontendConfig?: pulumi.Input; /** * The name which should be used for this Destination NAT. */ name: pulumi.Input; /** * The Protocol for this Destination NAT configuration. Possible values include `TCP` and `UDP`. */ protocol: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkPanoramaDestinationNatBackendConfig { /** * The port number to send traffic to. */ port: pulumi.Input; /** * The IP Address to send the traffic to. */ publicIpAddress: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkPanoramaDestinationNatFrontendConfig { /** * The port on which to receive traffic. */ port: pulumi.Input; /** * The ID of the Public IP Address on which to receive traffic. * * > **Note:** This must be an Azure Public IP address ID also specified in the `publicIpAddressIds` list. */ publicIpAddressId: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkPanoramaDnsSettings { azureDnsServers?: pulumi.Input[]>; /** * Specifies a list of DNS servers to use. Conflicts with `dns_settings[0].use_azure_dns`. */ dnsServers?: pulumi.Input[]>; /** * Should the Firewall use Azure Supplied DNS servers. Conflicts with `dns_settings[0].dns_servers`. Defaults to `false`. */ useAzureDns?: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkPanoramaNetworkProfile { /** * Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation. */ egressNatIpAddressIds?: pulumi.Input[]>; egressNatIpAddresses?: pulumi.Input[]>; /** * Specifies a list of Azure Public IP Address IDs. */ publicIpAddressIds: pulumi.Input[]>; publicIpAddresses?: pulumi.Input[]>; /** * Specifies a list of trusted ranges to use for the Network. */ trustedAddressRanges?: pulumi.Input[]>; /** * A `vnetConfiguration` block as defined below. */ vnetConfiguration: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkPanoramaNetworkProfileVnetConfiguration { ipOfTrustForUserDefinedRoutes?: pulumi.Input; /** * The ID of the Trust subnet. */ trustedSubnetId?: pulumi.Input; /** * The ID of the UnTrust subnet. */ untrustedSubnetId?: pulumi.Input; /** * The ID of the Virtual Network. */ virtualNetworkId: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkPanoramaPanorama { /** * The Device Group Name to which this Firewall Resource is registered. */ deviceGroupName?: pulumi.Input; /** * The Host Name of this Firewall Resource. */ hostName?: pulumi.Input; /** * The name which should be used for this Palo Alto Next Generation Firewall Virtual Network Panorama. Changing this forces a new Palo Alto Next Generation Firewall Virtual Network Panorama to be created. */ name?: pulumi.Input; /** * The name of the First Panorana server. */ panoramaServer1?: pulumi.Input; /** * The name of the Second Panorana server. */ panoramaServer2?: pulumi.Input; /** * The name of the Panorama Template applied to this Firewall Resource. */ templateName?: pulumi.Input; /** * The SSH Key to connect to the Firewall Resource. */ virtualMachineSshKey?: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkStrataCloudManagerDestinationNat { /** * One or more `backendConfig` block as defined below. */ backendConfig?: pulumi.Input; /** * One or more `frontendConfig` block as defined below. */ frontendConfig?: pulumi.Input; /** * The name which should be used for this NAT. */ name: pulumi.Input; /** * The protocol used for this Destination NAT. Possible values include `TCP` and `UDP`. */ protocol: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkStrataCloudManagerDestinationNatBackendConfig { /** * The port number to send traffic to. */ port: pulumi.Input; /** * The public IP Address to send the traffic to. */ publicIpAddress: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkStrataCloudManagerDestinationNatFrontendConfig { /** * The port on which traffic will be received. */ port: pulumi.Input; /** * The ID of the Public IP Address resource the traffic will be received on. */ publicIpAddressId: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkStrataCloudManagerDnsSettings { azureDnsServers?: pulumi.Input[]>; /** * A list of DNS servers to use. Conflicts with `dns_settings[0].use_azure_dns`. */ dnsServers?: pulumi.Input[]>; /** * Should the Firewall use Azure Supplied DNS servers. Conflicts with `dns_settings[0].dns_servers`. Defaults to `false`. */ useAzureDns?: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkStrataCloudManagerIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this App Configuration. */ identityIds: pulumi.Input[]>; /** * The type of Managed Service Identity that should be configured on this App Configuration. The only possible value is `UserAssigned`. */ type: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkStrataCloudManagerNetworkProfile { /** * A list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation. */ egressNatIpAddressIds?: pulumi.Input[]>; /** * A list of Egress NAT IP addresses. */ egressNatIpAddresses?: pulumi.Input[]>; /** * A list of Azure Public IP Address IDs. */ publicIpAddressIds: pulumi.Input[]>; /** * A list of public IPs associated with this Next Generation Firewall. */ publicIpAddresses?: pulumi.Input[]>; /** * A list of trusted ranges to use for the Network. */ trustedAddressRanges?: pulumi.Input[]>; /** * A `vnetConfiguration` block as defined below. */ vnetConfiguration: pulumi.Input; } interface NextGenerationFirewallVirtualNetworkStrataCloudManagerNetworkProfileVnetConfiguration { /** * The IP of trusted subnet for UDR. */ ipOfTrustForUserDefinedRoutes?: pulumi.Input; /** * The ID of the Trust subnet. */ trustedSubnetId?: pulumi.Input; /** * The ID of the UnTrust subnet. */ untrustedSubnetId?: pulumi.Input; /** * The ID of the Virtual Network. */ virtualNetworkId: pulumi.Input; } } export declare namespace pim { interface ActiveRoleAssignmentSchedule { /** * An `expiration` block as defined above. */ expiration?: pulumi.Input; /** * The start date/time of the role assignment. Changing this forces a new resource to be created. */ startDateTime?: pulumi.Input; } interface ActiveRoleAssignmentScheduleExpiration { /** * The duration of the role assignment in days. Changing this forces a new resource to be created. */ durationDays?: pulumi.Input; /** * The duration of the role assignment in hours. Changing this forces a new resource to be created. */ durationHours?: pulumi.Input; /** * The end date/time of the role assignment. Changing this forces a new resource to be created. * * > **Note:** Only one of `durationDays`, `durationHours` or `endDateTime` should be specified. */ endDateTime?: pulumi.Input; } interface ActiveRoleAssignmentTicket { /** * User-supplied ticket number to be included with the request. Changing this forces a new resource to be created. */ number?: pulumi.Input; /** * User-supplied ticket system name to be included with the request. Changing this forces a new resource to be created. */ system?: pulumi.Input; } interface EligibleRoleAssignmentSchedule { /** * An `expiration` block as defined above. */ expiration?: pulumi.Input; /** * The start date/time of the role assignment. Changing this forces a new resource to be created. */ startDateTime?: pulumi.Input; } interface EligibleRoleAssignmentScheduleExpiration { /** * The duration of the role assignment in days. Changing this forces a new resource to be created. */ durationDays?: pulumi.Input; /** * The duration of the role assignment in hours. Changing this forces a new resource to be created. */ durationHours?: pulumi.Input; /** * The end date/time of the role assignment. Changing this forces a new resource to be created. * * > **Note:** Only one of `durationDays`, `durationHours` or `endDateTime` should be specified. */ endDateTime?: pulumi.Input; } interface EligibleRoleAssignmentTicket { /** * User-supplied ticket number to be included with the request. Changing this forces a new resource to be created. */ number?: pulumi.Input; /** * User-supplied ticket system name to be included with the request. Changing this forces a new resource to be created. */ system?: pulumi.Input; } interface RoleManagementPolicyActivationRules { /** * An `approvalStage` block as defined below. */ approvalStage?: pulumi.Input; /** * The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. Possible values are `PT30M`, `PT1H`, `PT1H30M`, `PT2H`, `PT2H30M`, `PT3H`, `PT3H30M`, `PT4H`, `PT4H30M`, `PT5H`, `PT5H30M`, `PT6H`, `PT6H30M`, `PT7H`, `PT7H30M`, `PT8H`, `PT8H30M`, `PT9H`, `PT9H30M`, `PT10H`, `PT10H30M`, `PT11H`, `PT11H30M`, `PT12H`, `PT12H30M`, `PT13H`, `PT13H30M`, `PT14H`, `PT14H30M`, `PT15H`, `PT15H30M`, `PT16H`, `PT16H30M`, `PT17H`, `PT17H30M`, `PT18H`, `PT18H30M`, `PT19H`, `PT19H30M`, `PT20H`, `PT20H30M`, `PT21H`, `PT21H30M`, `PT22H`, `PT22H30M`, `PT23H`, `PT23H30M` and `P1D`. */ maximumDuration?: pulumi.Input; /** * Is approval required for activation. If `true` an `approvalStage` block must be provided. */ requireApproval?: pulumi.Input; /** * Is a justification required during activation of the role. */ requireJustification?: pulumi.Input; /** * Is multi-factor authentication required to activate the role. Conflicts with `requiredConditionalAccessAuthenticationContext`. */ requireMultifactorAuthentication?: pulumi.Input; /** * Is ticket information requrired during activation of the role. */ requireTicketInfo?: pulumi.Input; /** * The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. */ requiredConditionalAccessAuthenticationContext?: pulumi.Input; } interface RoleManagementPolicyActivationRulesApprovalStage { /** * One or more `primaryApprover` blocks as defined below. */ primaryApprovers: pulumi.Input[]>; } interface RoleManagementPolicyActivationRulesApprovalStagePrimaryApprover { /** * The ID of the object which will act as an approver. */ objectId: pulumi.Input; /** * The type of object acting as an approver. Possible options are `User` and `Group`. */ type: pulumi.Input; } interface RoleManagementPolicyActiveAssignmentRules { /** * Must an assignment have an expiry date. `false` allows permanent assignment. */ expirationRequired?: pulumi.Input; /** * The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. */ expireAfter?: pulumi.Input; /** * Is a justification required to create new assignments. */ requireJustification?: pulumi.Input; /** * Is multi-factor authentication required to create new assignments. */ requireMultifactorAuthentication?: pulumi.Input; /** * Is ticket information required to create new assignments. * * One of `expirationRequired` or `expireAfter` must be provided. */ requireTicketInfo?: pulumi.Input; } interface RoleManagementPolicyEligibleAssignmentRules { /** * Must an assignment have an expiry date. `false` allows permanent assignment. */ expirationRequired?: pulumi.Input; /** * The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. * * One of `expirationRequired` or `expireAfter` must be provided. */ expireAfter?: pulumi.Input; } interface RoleManagementPolicyNotificationRules { /** * A `notificationTarget` block as defined below to configure notfications on active role assignments. */ activeAssignments?: pulumi.Input; /** * A `notificationTarget` block as defined below for configuring notifications on activation of eligible role. */ eligibleActivations?: pulumi.Input; /** * A `notificationTarget` block as defined below to configure notification on eligible role assignments. */ eligibleAssignments?: pulumi.Input; } interface RoleManagementPolicyNotificationRulesActiveAssignments { /** * Admin notification settings */ adminNotifications?: pulumi.Input; /** * Approver notification settings */ approverNotifications?: pulumi.Input; /** * Assignee notification settings */ assigneeNotifications?: pulumi.Input; } interface RoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications { /** * The additional recipients to notify */ additionalRecipients?: pulumi.Input[]>; /** * Whether the default recipients are notified */ defaultRecipients: pulumi.Input; /** * What level of notifications are sent */ notificationLevel: pulumi.Input; } interface RoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications { /** * The additional recipients to notify */ additionalRecipients?: pulumi.Input[]>; /** * Whether the default recipients are notified */ defaultRecipients: pulumi.Input; /** * What level of notifications are sent */ notificationLevel: pulumi.Input; } interface RoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications { /** * The additional recipients to notify */ additionalRecipients?: pulumi.Input[]>; /** * Whether the default recipients are notified */ defaultRecipients: pulumi.Input; /** * What level of notifications are sent */ notificationLevel: pulumi.Input; } interface RoleManagementPolicyNotificationRulesEligibleActivations { /** * Admin notification settings */ adminNotifications?: pulumi.Input; /** * Approver notification settings */ approverNotifications?: pulumi.Input; /** * Assignee notification settings */ assigneeNotifications?: pulumi.Input; } interface RoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications { /** * The additional recipients to notify */ additionalRecipients?: pulumi.Input[]>; /** * Whether the default recipients are notified */ defaultRecipients: pulumi.Input; /** * What level of notifications are sent */ notificationLevel: pulumi.Input; } interface RoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications { /** * The additional recipients to notify */ additionalRecipients?: pulumi.Input[]>; /** * Whether the default recipients are notified */ defaultRecipients: pulumi.Input; /** * What level of notifications are sent */ notificationLevel: pulumi.Input; } interface RoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications { /** * The additional recipients to notify */ additionalRecipients?: pulumi.Input[]>; /** * Whether the default recipients are notified */ defaultRecipients: pulumi.Input; /** * What level of notifications are sent */ notificationLevel: pulumi.Input; } interface RoleManagementPolicyNotificationRulesEligibleAssignments { /** * Admin notification settings */ adminNotifications?: pulumi.Input; /** * Approver notification settings */ approverNotifications?: pulumi.Input; /** * Assignee notification settings */ assigneeNotifications?: pulumi.Input; } interface RoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications { /** * The additional recipients to notify */ additionalRecipients?: pulumi.Input[]>; /** * Whether the default recipients are notified */ defaultRecipients: pulumi.Input; /** * What level of notifications are sent */ notificationLevel: pulumi.Input; } interface RoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications { /** * The additional recipients to notify */ additionalRecipients?: pulumi.Input[]>; /** * Whether the default recipients are notified */ defaultRecipients: pulumi.Input; /** * What level of notifications are sent */ notificationLevel: pulumi.Input; } interface RoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications { /** * The additional recipients to notify */ additionalRecipients?: pulumi.Input[]>; /** * Whether the default recipients are notified */ defaultRecipients: pulumi.Input; /** * What level of notifications are sent */ notificationLevel: pulumi.Input; } } export declare namespace policy { interface PolicySetDefinitionPolicyDefinitionGroup { /** * The ID of a resource that contains additional metadata for this Policy Definition Group. */ additionalMetadataResourceId?: pulumi.Input; /** * The category of this Policy Definition Group. */ category?: pulumi.Input; /** * The description of this Policy Definition Group. */ description?: pulumi.Input; /** * The display name of this Policy Definition Group. */ displayName?: pulumi.Input; /** * The name which should be used for this Policy Definition Group. */ name: pulumi.Input; } interface PolicySetDefinitionPolicyDefinitionReference { /** * Parameter values for the references Policy Definition in JSON format. */ parameterValues?: pulumi.Input; /** * The ID of the Policy Definition to include in this Policy Set Definition. */ policyDefinitionId: pulumi.Input; /** * Specifies a list of Policy Definition Groups names that this Policy Definition Reference belongs to. */ policyGroupNames?: pulumi.Input[]>; /** * A unique ID within this Policy Set Definition for this Policy Definition Reference. */ referenceId?: pulumi.Input; /** * The version of the Policy Definition to use. */ version?: pulumi.Input; } interface VirtualMachineConfigurationAssignmentConfiguration { /** * The assignment type for the Guest Configuration Assignment. Possible values are `Audit`, `ApplyAndAutoCorrect`, `ApplyAndMonitor` and `DeployAndAutoCorrect`. */ assignmentType?: pulumi.Input; /** * The content hash for the Guest Configuration package. * * > **Note:** The value for `contentHash` should be the SH256SUM for the zip file in the `contentUri` and must be in upper case. */ contentHash?: pulumi.Input; /** * The content URI where the Guest Configuration package is stored. * * > **Note:** When deploying a Custom Guest Configuration package the `contentHash` and `contentUri` fields must be defined. For Built-in Guest Configuration packages, such as the `AzureWindowsBaseline` package, the `contentHash` and `contentUri` should not be defined, rather these fields will be returned after the Built-in Guest Configuration package has been provisioned. For more information on guest configuration assignments please see the [product documentation](https://docs.microsoft.com/azure/governance/policy/concepts/guest-configuration-assignments). */ contentUri?: pulumi.Input; /** * One or more `parameter` blocks as defined below which define what configuration parameters and values against. */ parameters?: pulumi.Input[]>; /** * The version of the Guest Configuration that will be assigned in this Guest Configuration Assignment. */ version?: pulumi.Input; } interface VirtualMachineConfigurationAssignmentConfigurationParameter { /** * The name of the configuration parameter to check. */ name: pulumi.Input; /** * The value to check the configuration parameter with. */ value: pulumi.Input; } } export declare namespace postgresql { interface FlexibleServerAuthentication { /** * Whether Active Directory authentication is allowed to access the PostgreSQL Flexible Server. Defaults to `false`. */ activeDirectoryAuthEnabled?: pulumi.Input; /** * Whether password authentication is allowed to access the PostgreSQL Flexible Server. Defaults to `true`. */ passwordAuthEnabled?: pulumi.Input; /** * The Tenant ID of the Azure Active Directory which is used by the Active Directory authentication. `activeDirectoryAuthEnabled` must be set to `true`. * * > **Note:** Setting `activeDirectoryAuthEnabled` to `true` requires a Service Principal for the Postgres Flexible Server. For more details see [this document](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-configure-sign-in-azure-ad-authentication). * * > **Note:** `tenantId` is required when `activeDirectoryAuthEnabled` is set to `true`. And it should not be specified when `activeDirectoryAuthEnabled` is set to `false` */ tenantId?: pulumi.Input; } interface FlexibleServerCluster { /** * The default database name to be created. Changing this forces a new PostgreSQL Flexible Server to be created. */ defaultDatabaseName?: pulumi.Input; /** * The number of nodes in the cluster. Must be at least `1` and no greater than `32`. * * > **Note:** The maximum supported cluster size is currently 20 nodes. Support for up to 32 nodes will be available in the near future. * * > **Note:** Cluster support is only available for PostgreSQL version 17 and above, and is not supported when `createMode` is set to anything other than `Default`. * * > **Note:** The cluster `size` can only be increased, not decreased. Attempting to reduce the cluster size will result in an error. */ size: pulumi.Input; } interface FlexibleServerCustomerManagedKey { /** * The versioned/versionless ID of the geo backup Key Vault Key. * * > **Note:** The key vault in which this key exists must be in the same region as the geo-redundant backup. */ geoBackupKeyVaultKeyId?: pulumi.Input; /** * The geo backup user managed identity id for a Customer Managed Key. Must be added to `identity.identity_ids`. * * > **Note:** This managed identity cannot be the same as `primaryUserAssignedIdentityId`, additionally this identity must be created in the same region as the geo-redundant backup. * * > **Note:** `primaryUserAssignedIdentityId` or `geoBackupUserAssignedIdentityId` is required when `type` is set to `UserAssigned`. */ geoBackupUserAssignedIdentityId?: pulumi.Input; /** * The versioned/versionless ID of the Key Vault Key. */ keyVaultKeyId: pulumi.Input; /** * Specifies the primary user managed identity id for a Customer Managed Key. Must be added to `identity.identity_ids`. */ primaryUserAssignedIdentityId?: pulumi.Input; } interface FlexibleServerHighAvailability { /** * The high availability mode for the PostgreSQL Flexible Server. Possible value are `SameZone` or `ZoneRedundant`. */ mode: pulumi.Input; /** * Specifies the Availability Zone in which the standby Flexible Server should be located. * * > **Note:** Azure will automatically assign an Availability Zone if one is not specified. If the PostgreSQL Flexible Server fails-over to the Standby Availability Zone, the `zone` will be updated to reflect the current Primary Availability Zone. You can use Terraform's `ignoreChanges` functionality to ignore changes to the `zone` and `high_availability[0].standby_availability_zone` fields should you wish for Terraform to not migrate the PostgreSQL Flexible Server back to it's primary Availability Zone after a fail-over. * * > **Note:** The Availability Zones available depend on the Azure Region that the PostgreSQL Flexible Server is being deployed into - see [the Azure Availability Zones documentation](https://azure.microsoft.com/global-infrastructure/geographies/#geographies) for more information on which Availability Zones are available in each Azure Region. */ standbyAvailabilityZone?: pulumi.Input; } interface FlexibleServerIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this PostgreSQL Flexible Server. Required if used together with `customerManagedKey` block. * * > **Note:** `identityIds` is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this PostgreSQL Flexible Server. Possible values are `UserAssigned`, `SystemAssigned` and `SystemAssigned, UserAssigned`. * * > **Note:** Once `UserAssigned` has been added, removing it forces a new resource to be created. */ type: pulumi.Input; } interface FlexibleServerMaintenanceWindow { /** * The day of week for maintenance window, where the week starts on a Sunday, i.e. Sunday = `0`, Monday = `1`. Defaults to `0`. */ dayOfWeek?: pulumi.Input; /** * The start hour for maintenance window. Defaults to `0`. */ startHour?: pulumi.Input; /** * The start minute for maintenance window. Defaults to `0`. * * > **Note:** The specified `maintenanceWindow` is always defined in UTC time. When unspecified, the maintenance window falls back to the default [system-managed](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-maintenance-portal#specify-maintenance-schedule-options). */ startMinute?: pulumi.Input; } interface ServerIdentity { /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this PostgreSQL Server. The only possible value is `SystemAssigned`. */ type: pulumi.Input; } interface ServerThreatDetectionPolicy { /** * Specifies a list of alerts which should be disabled. Possible values are `Sql_Injection`, `Sql_Injection_Vulnerability`, `Access_Anomaly`, `Data_Exfiltration` and `Unsafe_Action`. */ disabledAlerts?: pulumi.Input[]>; /** * Should the account administrators be emailed when this alert is triggered? */ emailAccountAdmins?: pulumi.Input; /** * A list of email addresses which alerts should be sent to. */ emailAddresses?: pulumi.Input[]>; /** * Is the policy enabled? */ enabled?: pulumi.Input; /** * Specifies the number of days to keep in the Threat Detection audit logs. */ retentionDays?: pulumi.Input; /** * Specifies the identifier key of the Threat Detection audit storage account. */ storageAccountAccessKey?: pulumi.Input; /** * Specifies the blob storage endpoint (e.g. ). This blob storage will hold all Threat Detection audit logs. */ storageEndpoint?: pulumi.Input; } } export declare namespace privatedns { interface LinkServiceNatIpConfiguration { /** * Specifies the name which should be used for the NAT IP Configuration. */ name: pulumi.Input; /** * Is this is the Primary IP Configuration? */ primary: pulumi.Input; /** * Specifies a Private Static IP Address for this IP Configuration. */ privateIpAddress?: pulumi.Input; /** * The version of the IP Protocol which should be used. At this time the only supported value is `IPv4`. Defaults to `IPv4`. */ privateIpAddressVersion?: pulumi.Input; /** * Specifies the ID of the Subnet which should be used for the Private Link Service. * * > **Note:** Verify that the Subnet's `enforcePrivateLinkServiceNetworkPolicies` attribute is set to `true`. */ subnetId: pulumi.Input; } interface MxRecordRecord { /** * The FQDN of the exchange to MX record points to. */ exchange: pulumi.Input; /** * The preference of the MX record. */ preference: pulumi.Input; } interface ResolverForwardingRuleTargetDnsServer { /** * DNS server IP address. */ ipAddress: pulumi.Input; /** * DNS server port. */ port?: pulumi.Input; } interface ResolverInboundEndpointIpConfigurations { /** * Private IP address of the IP configuration. Changing this forces a new resource to be created. */ privateIpAddress?: pulumi.Input; /** * Private IP address allocation method. Possible values are `Dynamic` and `Static`. Defaults to `Dynamic`. Changing this forces a new resource to be created. */ privateIpAllocationMethod?: pulumi.Input; /** * The subnet ID of the IP configuration. Changing this forces a new resource to be created. */ subnetId: pulumi.Input; } interface SRVRecordRecord { /** * The Port the service is listening on. */ port: pulumi.Input; /** * The priority of the SRV record. */ priority: pulumi.Input; /** * The FQDN of the service. */ target: pulumi.Input; /** * The Weight of the SRV record. */ weight: pulumi.Input; } interface TxtRecordRecord { /** * The value of the TXT record. Max length: 1024 characters */ value: pulumi.Input; } interface ZoneSoaRecord { /** * The email contact for the SOA record. */ email: pulumi.Input; /** * The expire time for the SOA record. Defaults to `2419200`. */ expireTime?: pulumi.Input; /** * The fully qualified domain name of the Record Set. */ fqdn?: pulumi.Input; /** * The domain name of the authoritative name server for the SOA record. */ hostName?: pulumi.Input; /** * The minimum Time To Live for the SOA record. By convention, it is used to determine the negative caching duration. Defaults to `10`. */ minimumTtl?: pulumi.Input; /** * The refresh time for the SOA record. Defaults to `3600`. */ refreshTime?: pulumi.Input; /** * The retry time for the SOA record. Defaults to `300`. */ retryTime?: pulumi.Input; /** * The serial number for the SOA record. */ serialNumber?: pulumi.Input; /** * A mapping of tags to assign to the Record Set. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Time To Live of the SOA Record in seconds. Defaults to `3600`. */ ttl?: pulumi.Input; } } export declare namespace privatelink { interface EndpointCustomDnsConfig { /** * The fully qualified domain name to the `privateDnsZone`. */ fqdn?: pulumi.Input; /** * A list of all IP Addresses that map to the `privateDnsZone` fqdn. */ ipAddresses?: pulumi.Input[]>; } interface EndpointIpConfiguration { /** * Specifies the member name this IP address applies to. If it is not specified, it will use the value of `subresourceName`. Changing this forces a new resource to be created. * * > **Note:** `memberName` will be required and will not take the value of `subresourceName` in the next major version. */ memberName?: pulumi.Input; /** * Specifies the Name of the IP Configuration. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Specifies the static IP address within the private endpoint's subnet to be used. Changing this forces a new resource to be created. */ privateIpAddress: pulumi.Input; /** * Specifies the subresource this IP address applies to. `subresourceNames` corresponds to `groupId`. Changing this forces a new resource to be created. */ subresourceName?: pulumi.Input; } interface EndpointNetworkInterface { /** * The ID of the Private DNS Zone Config. */ id?: pulumi.Input; /** * Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created. */ name?: pulumi.Input; } interface EndpointPrivateDnsZoneConfig { /** * The ID of the Private DNS Zone Config. */ id?: pulumi.Input; /** * Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * The ID of the Private DNS Zone that the config belongs to. */ privateDnsZoneId?: pulumi.Input; /** * A `recordSets` block as defined below. */ recordSets?: pulumi.Input[]>; } interface EndpointPrivateDnsZoneConfigRecordSet { /** * The fully qualified domain name to the `privateDnsZone`. */ fqdn?: pulumi.Input; /** * A list of all IP Addresses that map to the `privateDnsZone` fqdn. */ ipAddresses?: pulumi.Input[]>; /** * Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * The time to live for each connection to the `privateDnsZone`. */ ttl?: pulumi.Input; /** * The type of DNS record. */ type?: pulumi.Input; } interface EndpointPrivateDnsZoneGroup { /** * The ID of the Private DNS Zone Config. */ id?: pulumi.Input; /** * Specifies the Name of the Private DNS Zone Group. */ name: pulumi.Input; /** * Specifies the list of Private DNS Zones to include within the `privateDnsZoneGroup`. */ privateDnsZoneIds: pulumi.Input[]>; } interface EndpointPrivateServiceConnection { /** * Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource to be created. * * > **Note:** If you are trying to connect the Private Endpoint to a remote resource without having the correct RBAC permissions on the remote resource set this value to `true`. */ isManualConnection: pulumi.Input; /** * Specifies the Name of the Private Service Connection. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * The Service Alias of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of `privateConnectionResourceId` or `privateConnectionResourceAlias` must be specified. Changing this forces a new resource to be created. */ privateConnectionResourceAlias?: pulumi.Input; /** * The ID of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of `privateConnectionResourceId` or `privateConnectionResourceAlias` must be specified. Changing this forces a new resource to be created. For a web app or function app slot, the parent web app should be used in this field instead of a reference to the slot itself. */ privateConnectionResourceId?: pulumi.Input; /** * (Required) The static IP address set by this configuration. It is recommended to use the private IP address exported in the `privateServiceConnection` block to obtain the address associated with the private endpoint. */ privateIpAddress?: pulumi.Input; /** * A message passed to the owner of the remote resource when the private endpoint attempts to establish the connection to the remote resource. The provider allows a maximum request message length of `140` characters, however the request message maximum length is dependent on the service the private endpoint is connected to. Only valid if `isManualConnection` is set to `true`. * * > **Note:** When connected to an SQL resource the `requestMessage` maximum length is `128`. */ requestMessage?: pulumi.Input; /** * A list of subresource names which the Private Endpoint is able to connect to. `subresourceNames` corresponds to `groupId`. Possible values are detailed in the product [documentation](https://docs.microsoft.com/azure/private-link/private-endpoint-overview#private-link-resource) in the `Subresources` column. Changing this forces a new resource to be created. * * > **Note:** Some resource types (such as Storage Account) only support 1 subresource per private endpoint. * * > **Note:** For most Private Links one or more `subresourceNames` will need to be specified, please see the linked documentation for details. */ subresourceNames?: pulumi.Input[]>; } } export declare namespace purview { interface AccountIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Purview Account. * * > **Note:** This is required when `type` is set to `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Purview Account. Possible values are `SystemAssigned` and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface AccountManagedResource { /** * The ID of the managed event hub namespace. */ eventHubNamespaceId?: pulumi.Input; /** * The ID of the managed resource group. */ resourceGroupId?: pulumi.Input; /** * The ID of the managed storage account. */ storageAccountId?: pulumi.Input; } } export declare namespace recoveryservices { interface VaultEncryption { /** * Enabling/Disabling the Double Encryption state. */ infrastructureEncryptionEnabled: pulumi.Input; /** * The Key Vault key id used to encrypt this vault. Key managed by Vault Managed Hardware Security Module is also supported. */ keyId: pulumi.Input; /** * Indicate that system assigned identity should be used or not. Defaults to `true`. Must be set to `false` when `userAssignedIdentityId` is set. * * !> **Note:** `useSystemAssignedIdentity` only be able to set to `false` for **new** vaults. Any vaults containing existing items registered or attempted to be registered to it are not supported. Details can be found in [the document](https://learn.microsoft.com/en-us/azure/backup/encryption-at-rest-with-cmk?tabs=portal#before-you-start) * * !> **Note:** Once `infrastructureEncryptionEnabled` has been set it's not possible to change it. */ useSystemAssignedIdentity?: pulumi.Input; /** * Specifies the user assigned identity ID to be used. */ userAssignedIdentityId?: pulumi.Input; } interface VaultIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this App Configuration. * * > **Note:** `identityIds` is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Recovery Services Vault. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface VaultMonitoring { /** * Enabling/Disabling built-in Azure Monitor alerts for security scenarios and job failure scenarios. Defaults to `true`. */ alertsForAllJobFailuresEnabled?: pulumi.Input; /** * Enabling/Disabling alerts from the older (classic alerts) solution. Defaults to `true`. More details could be found [here](https://learn.microsoft.com/en-us/azure/backup/monitoring-and-alerts-overview). */ alertsForCriticalOperationFailuresEnabled?: pulumi.Input; } } export declare namespace redhatopenshift { interface ClusterApiServerProfile { /** * The IP Address the Ingress Profile is associated with. */ ipAddress?: pulumi.Input; /** * The URL the API Server Profile is associated with. */ url?: pulumi.Input; /** * Cluster API server visibility. Supported values are `Public` and `Private`. Changing this forces a new resource to be created. */ visibility: pulumi.Input; } interface ClusterClusterProfile { /** * The custom domain for the cluster. For more info, see [Prepare a custom domain for your cluster](https://docs.microsoft.com/azure/openshift/tutorial-create-cluster#prepare-a-custom-domain-for-your-cluster-optional). Changing this forces a new resource to be created. */ domain: pulumi.Input; /** * Whether Federal Information Processing Standard (FIPS) validated cryptographic modules are used. Defaults to `false`. Changing this forces a new resource to be created. */ fipsEnabled?: pulumi.Input; /** * The name of a Resource Group which will be created to host VMs of Azure Red Hat OpenShift Cluster. The value cannot contain uppercase characters. Changing this forces a new resource to be created. */ managedResourceGroupName?: pulumi.Input; /** * The Red Hat pull secret for the cluster. For more info, see [Get a Red Hat pull secret](https://learn.microsoft.com/azure/openshift/tutorial-create-cluster#get-a-red-hat-pull-secret-optional). Changing this forces a new resource to be created. */ pullSecret?: pulumi.Input; /** * The resource group that the cluster profile is attached to. */ resourceGroupId?: pulumi.Input; /** * The version of the OpenShift cluster. Available versions can be found with the Azure CLI command `az aro get-versions --location `. Changing this forces a new resource to be created. */ version: pulumi.Input; } interface ClusterIngressProfile { /** * The IP Address the Ingress Profile is associated with. */ ipAddress?: pulumi.Input; /** * The name of the Azure Red Hat OpenShift Cluster to create. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * Cluster Ingress visibility. Supported values are `Public` and `Private`. Changing this forces a new resource to be created. */ visibility: pulumi.Input; } interface ClusterMainProfile { /** * The resource ID of an associated disk encryption set. Changing this forces a new resource to be created. */ diskEncryptionSetId?: pulumi.Input; /** * Whether main virtual machines are encrypted at host. Defaults to `false`. Changing this forces a new resource to be created. * * > **Note:** `encryptionAtHostEnabled` is only available for certain VM sizes and the `EncryptionAtHost` feature must be enabled for your subscription. Please see the [Azure documentation](https://learn.microsoft.com/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-powershell) for more information. */ encryptionAtHostEnabled?: pulumi.Input; /** * The ID of the subnet where main nodes will be hosted. Changing this forces a new resource to be created. */ subnetId: pulumi.Input; /** * The size of the Virtual Machines for the main nodes. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } interface ClusterNetworkProfile { /** * The outbound (egress) routing method. Possible values are `Loadbalancer` and `UserDefinedRouting`. Defaults to `Loadbalancer`. Changing this forces a new resource to be created. */ outboundType?: pulumi.Input; /** * The CIDR to use for pod IP addresses. Changing this forces a new resource to be created. */ podCidr: pulumi.Input; /** * Whether a preconfigured network security group is being used on the subnets. Defaults to `false`. Changing this forces a new resource to be created. */ preconfiguredNetworkSecurityGroupEnabled?: pulumi.Input; /** * The network range used by the OpenShift service. Changing this forces a new resource to be created. */ serviceCidr: pulumi.Input; } interface ClusterServicePrincipal { /** * The Client ID for the Service Principal. */ clientId: pulumi.Input; /** * The Client Secret for the Service Principal. * * > **Note:** Currently a service principal cannot be associated with more than one ARO clusters on the Azure subscription. */ clientSecret: pulumi.Input; } interface ClusterWorkerProfile { /** * The resource ID of an associated disk encryption set. Changing this forces a new resource to be created. */ diskEncryptionSetId?: pulumi.Input; /** * The internal OS disk size of the worker Virtual Machines in GB. Changing this forces a new resource to be created. */ diskSizeGb: pulumi.Input; /** * Whether worker virtual machines are encrypted at host. Defaults to `false`. Changing this forces a new resource to be created. * * > **Note:** `encryptionAtHostEnabled` is only available for certain VM sizes and the `EncryptionAtHost` feature must be enabled for your subscription. Please see the [Azure documentation](https://learn.microsoft.com/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-powershell) for more information. */ encryptionAtHostEnabled?: pulumi.Input; /** * The initial number of worker nodes which should exist in the cluster. Changing this forces a new resource to be created. */ nodeCount: pulumi.Input; /** * The ID of the subnet where worker nodes will be hosted. Changing this forces a new resource to be created. */ subnetId: pulumi.Input; /** * The size of the Virtual Machines for the worker nodes. Changing this forces a new resource to be created. */ vmSize: pulumi.Input; } } export declare namespace redis { interface CacheIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this Redis Cluster. * * > **NOTE:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Redis Cluster. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface CachePatchSchedule { /** * the Weekday name - possible values include `Monday`, `Tuesday`, `Wednesday` etc. */ dayOfWeek: pulumi.Input; /** * The ISO 8601 timespan which specifies the amount of time the Redis Cache can be updated. Defaults to `PT5H`. */ maintenanceWindow?: pulumi.Input; /** * the Start Hour for maintenance in UTC - possible values range from `0 - 23`. * * > **Note:** The Patch Window lasts for `5` hours from the `startHourUtc`. */ startHourUtc?: pulumi.Input; } interface CacheRedisConfiguration { /** * Enable Microsoft Entra (AAD) authentication. Defaults to `false`. */ activeDirectoryAuthenticationEnabled?: pulumi.Input; /** * Enable or disable AOF persistence for this Redis Cache. Defaults to `false`. * * > **NOTE:** `aofBackupEnabled` can only be set when SKU is `Premium`. */ aofBackupEnabled?: pulumi.Input; /** * First Storage Account connection string for AOF persistence. */ aofStorageConnectionString0?: pulumi.Input; /** * Second Storage Account connection string for AOF persistence. * * Example usage: */ aofStorageConnectionString1?: pulumi.Input; /** * If set to `false`, the Redis instance will be accessible without authentication. Defaults to `true`. * * > **NOTE:** `authenticationEnabled` can only be set to `false` if a `subnetId` is specified; and only works if there aren't existing instances within the subnet with `authenticationEnabled` set to `true`. */ authenticationEnabled?: pulumi.Input; /** * Preferred auth method to communicate to storage account used for data persistence. Possible values are `SAS` and `ManagedIdentity`. */ dataPersistenceAuthenticationMethod?: pulumi.Input; /** * Returns the max number of connected clients at the same time. */ maxclients?: pulumi.Input; /** * Value in megabytes reserved to accommodate for memory fragmentation. Defaults are shown below. */ maxfragmentationmemoryReserved?: pulumi.Input; /** * The max-memory delta for this Redis instance. Defaults are shown below. */ maxmemoryDelta?: pulumi.Input; /** * How Redis will select what to remove when `maxmemory` is reached. Defaults to `volatile-lru`. */ maxmemoryPolicy?: pulumi.Input; /** * Value in megabytes reserved for non-cache usage e.g. failover. Defaults are shown below. */ maxmemoryReserved?: pulumi.Input; /** * Keyspace notifications allows clients to subscribe to Pub/Sub channels in order to receive events affecting the Redis data set in some way. [Reference](https://redis.io/topics/notifications#configuration) */ notifyKeyspaceEvents?: pulumi.Input; /** * Is Backup Enabled? Only supported on Premium SKUs. Defaults to `false`. * * > **NOTE:** If `rdbBackupEnabled` set to `true`, `rdbStorageConnectionString` must also be set. */ rdbBackupEnabled?: pulumi.Input; /** * The Backup Frequency in Minutes. Only supported on Premium SKUs. Possible values are: `15`, `30`, `60`, `360`, `720` and `1440`. */ rdbBackupFrequency?: pulumi.Input; /** * The maximum number of snapshots to create as a backup. Only supported for Premium SKUs. */ rdbBackupMaxSnapshotCount?: pulumi.Input; /** * The Connection String to the Storage Account. Only supported for Premium SKUs. In the format: `DefaultEndpointsProtocol=https;BlobEndpoint=${azurerm_storage_account.example.primary_blob_endpoint};AccountName=${azurerm_storage_account.example.name};AccountKey=${azurerm_storage_account.example.primary_access_key}`. * * > **NOTE:** There's a bug in the Redis API where the original storage connection string isn't being returned, which [is being tracked in this issue](https://github.com/Azure/azure-rest-api-specs/issues/3037). In the interim you can use [the `ignoreChanges` attribute to ignore changes to this field](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) e.g.: */ rdbStorageConnectionString?: pulumi.Input; /** * The ID of the Subscription containing the Storage Account. */ storageAccountSubscriptionId?: pulumi.Input; } interface EnterpriseDatabaseModule { /** * Configuration options for the module (e.g. `ERROR_RATE 0.00 INITIAL_SIZE 400`). Changing this forces a new resource to be created. Defaults to `""`. */ args?: pulumi.Input; /** * The name which should be used for this module. Possible values are `RedisBloom`, `RedisTimeSeries`, `RediSearch` and `RedisJSON`. Changing this forces a new Redis Enterprise Database to be created. */ name: pulumi.Input; version?: pulumi.Input; } } export declare namespace role { interface DefinitionPermission { /** * One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. */ actions?: pulumi.Input[]>; /** * One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. */ dataActions?: pulumi.Input[]>; /** * One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. */ notActions?: pulumi.Input[]>; /** * One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. */ notDataActions?: pulumi.Input[]>; } } export declare namespace search { interface ServiceIdentity { /** * Specifies the list of User Assigned Managed Service Identity IDs which should be assigned to this Search Service. */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Search Service. Possible values are `SystemAssigned`, `UserAssigned`, and `SystemAssigned, UserAssigned`. */ type: pulumi.Input; } interface ServiceQueryKey { /** * The value of this Query Key. */ key?: pulumi.Input; /** * The Name which should be used for this Search Service. Changing this forces a new Search Service to be created. */ name?: pulumi.Input; } } export declare namespace securitycenter { interface AssessmentStatus { /** * Specifies the cause of the assessment status. */ cause?: pulumi.Input; /** * Specifies the programmatic code of the assessment status. Possible values are `Healthy`, `Unhealthy` and `NotApplicable`. */ code: pulumi.Input; /** * Specifies the human readable description of the assessment status. */ description?: pulumi.Input; } interface AutomationAction { /** * A connection string to send data to the target Event Hub namespace, this should include a key with send permissions. * * > **Note:** `connectionString` is required when `type` is `EventHub`. */ connectionString?: pulumi.Input; /** * The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace. */ resourceId: pulumi.Input; /** * The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history" * * > **Note:** `triggerUrl` is required when `type` is `LogicApp`. */ triggerUrl?: pulumi.Input; /** * Type of Azure resource to send data to. Possible values are `EventHub`, `LogicApp` and `Workspace`. */ type?: pulumi.Input; } interface AutomationSource { /** * Type of data that will trigger this automation. Must be one of `Alerts`, `Assessments`, `AssessmentsSnapshot`, `RegulatoryComplianceAssessment`, `RegulatoryComplianceAssessmentSnapshot`, `SecureScoreControls`, `SecureScoreControlsSnapshot`, `SecureScores`, `SecureScoresSnapshot`, `SubAssessments` or `SubAssessmentsSnapshot`. Note. assessments are also referred to as recommendations */ eventSource: pulumi.Input; /** * A set of rules which evaluate upon event and data interception. This is defined in one or more `ruleSet` blocks as defined below. * * > **Note:** When multiple `ruleSet` block are provided, a logical 'OR' is applied to the evaluation of them. */ ruleSets?: pulumi.Input[]>; } interface AutomationSourceRuleSet { /** * One or more `rule` blocks as defined below. * * > **Note:** This automation will trigger when all of the `rule`s in this `ruleSet` are evaluated as 'true'. This is equivalent to a logical 'AND'. */ rules: pulumi.Input[]>; } interface AutomationSourceRuleSetRule { /** * A value that will be compared with the value in `propertyPath`. */ expectedValue: pulumi.Input; /** * The comparison operator to use, must be one of: `Contains`, `EndsWith`, `Equals`, `GreaterThan`, `GreaterThanOrEqualTo`, `LesserThan`, `LesserThanOrEqualTo`, `NotEquals`, `StartsWith` */ operator: pulumi.Input; /** * The JPath of the entity model property that should be checked. */ propertyPath: pulumi.Input; /** * The data type of the compared operands, must be one of: `Integer`, `String`, `Boolean` or `Number`. * * > **Note:** The schema for Security Center alerts (when `eventSource` is "Alerts") [can be found here](https://docs.microsoft.com/azure/security-center/alerts-schemas?tabs=schema-continuousexport) */ propertyType: pulumi.Input; } interface SubscriptionPricingExtension { /** * Key/Value pairs that are required for some extensions. * * > **Note:** If an extension is not defined, it will not be enabled. * * > **Note:** Changing the pricing tier to `Standard` affects all resources of the given type in the subscription and could be quite costly. */ additionalExtensionProperties?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The name of extension. */ name: pulumi.Input; } } export declare namespace sentinel { interface AlertRuleAnomalyBuiltInMultiSelectObservation { /** * The description of the threshold observation. */ description?: pulumi.Input; /** * The Name of the built-in Anomaly Alert Rule. */ name?: pulumi.Input; /** * A list of supported values of the single select observation. */ supportedValues?: pulumi.Input[]>; /** * A list of values of the single select observation. */ values?: pulumi.Input[]>; } interface AlertRuleAnomalyBuiltInPrioritizedExcludeObservation { /** * The description of the threshold observation. */ description?: pulumi.Input; /** * The excluded value per `description`. */ exclude?: pulumi.Input; /** * The Name of the built-in Anomaly Alert Rule. */ name?: pulumi.Input; /** * The prioritized value per `description`. */ prioritize?: pulumi.Input; } interface AlertRuleAnomalyBuiltInRequiredDataConnector { /** * The ID of the required Data Connector. */ connectorId?: pulumi.Input; /** * A list of data types of the required Data Connector. */ dataTypes?: pulumi.Input[]>; } interface AlertRuleAnomalyBuiltInSingleSelectObservation { /** * The description of the threshold observation. */ description?: pulumi.Input; /** * The Name of the built-in Anomaly Alert Rule. */ name?: pulumi.Input; /** * A list of supported values of the single select observation. */ supportedValues?: pulumi.Input[]>; /** * The value of the threshold observation. */ value?: pulumi.Input; } interface AlertRuleAnomalyBuiltInThresholdObservation { /** * The description of the threshold observation. */ description?: pulumi.Input; /** * The max value of the threshold observation. */ max?: pulumi.Input; /** * The min value of the threshold observation. */ min?: pulumi.Input; /** * The Name of the built-in Anomaly Alert Rule. */ name?: pulumi.Input; /** * The value of the threshold observation. */ value?: pulumi.Input; } interface AlertRuleAnomalyDuplicateMultiSelectObservation { /** * The description of the multi select observation. */ description?: pulumi.Input; /** * The name of the multi select observation. */ name: pulumi.Input; /** * A list of supported values of the multi select observation. */ supportedValues?: pulumi.Input[]>; /** * A list of values of the multi select observation. */ values: pulumi.Input[]>; } interface AlertRuleAnomalyDuplicatePrioritizedExcludeObservation { /** * The description of the prioritized exclude observation. */ description?: pulumi.Input; /** * The excluded value per `description`. */ exclude?: pulumi.Input; /** * The name of the prioritized exclude observation. */ name: pulumi.Input; /** * The prioritized value per `description`. */ prioritize?: pulumi.Input; } interface AlertRuleAnomalyDuplicateRequiredDataConnector { /** * The ID of the required Data Connector. */ connectorId?: pulumi.Input; /** * A list of data types of the required Data Connector. */ dataTypes?: pulumi.Input[]>; } interface AlertRuleAnomalyDuplicateSingleSelectObservation { /** * The description of the single select observation. */ description?: pulumi.Input; /** * The name of the single select observation. */ name: pulumi.Input; /** * A list of supported values of the single select observation. */ supportedValues?: pulumi.Input[]>; /** * The value of the multi select observation. */ value: pulumi.Input; } interface AlertRuleAnomalyDuplicateThresholdObservation { /** * The description of the threshold observation. */ description?: pulumi.Input; /** * The max value of the threshold observation. */ max?: pulumi.Input; /** * The min value of the threshold observation. */ min?: pulumi.Input; /** * The name of the threshold observation. */ name: pulumi.Input; /** * The value of the threshold observation. */ value: pulumi.Input; } interface AlertRuleFusionSource { /** * Whether this source signal is enabled or disabled in Fusion detection? Defaults to `true`. */ enabled?: pulumi.Input; /** * The name of the Fusion source signal. Refer to Fusion alert rule template for supported values. */ name: pulumi.Input; /** * One or more `subType` blocks as defined below. */ subTypes?: pulumi.Input[]>; } interface AlertRuleFusionSourceSubType { /** * Whether this source subtype under source signal is enabled or disabled in Fusion detection. Defaults to `true`. */ enabled?: pulumi.Input; /** * The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values. */ name: pulumi.Input; /** * A list of severities that are enabled for this source subtype consumed in Fusion detection. Possible values for each element are `High`, `Medium`, `Low`, `Informational`. */ severitiesAlloweds: pulumi.Input[]>; } interface AlertRuleNrtAlertDetailsOverride { /** * The format containing columns name(s) to override the description of this Sentinel Alert Rule. */ descriptionFormat?: pulumi.Input; /** * The format containing columns name(s) to override the name of this Sentinel Alert Rule. */ displayNameFormat?: pulumi.Input; /** * A list of `dynamicProperty` blocks as defined below. */ dynamicProperties?: pulumi.Input[]>; /** * The column name to take the alert severity from. */ severityColumnName?: pulumi.Input; /** * The column name to take the alert tactics from. */ tacticsColumnName?: pulumi.Input; } interface AlertRuleNrtAlertDetailsOverrideDynamicProperty { /** * The name of the dynamic property. Possible values are `AlertLink`, `ConfidenceLevel`, `ConfidenceScore`, `ExtendedLinks`, `ProductComponentName`, `ProductName`, `ProviderName`, `RemediationSteps`, `SubTechniques` and `Techniques`. */ name: pulumi.Input; /** * The value of the dynamic property. Pssible Values are `Caller`, `dcount_ResourceId` and `EventSubmissionTimestamp`. */ value: pulumi.Input; } interface AlertRuleNrtEntityMapping { /** * The type of the entity. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`. */ entityType: pulumi.Input; /** * A list of `fieldMapping` blocks as defined below. */ fieldMappings: pulumi.Input[]>; } interface AlertRuleNrtEntityMappingFieldMapping { /** * The column name to be mapped to the identifier. */ columnName: pulumi.Input; /** * The identifier of the entity. */ identifier: pulumi.Input; } interface AlertRuleNrtEventGrouping { /** * The aggregation type of grouping the events. Possible values are `AlertPerResult` and `SingleAlert`. */ aggregationMethod: pulumi.Input; } interface AlertRuleNrtIncident { /** * Whether to create an incident from alerts triggered by this Sentinel NRT Alert Rule? */ createIncidentEnabled: pulumi.Input; /** * A `grouping` block as defined below. */ grouping: pulumi.Input; } interface AlertRuleNrtIncidentGrouping { /** * A list of alert details to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `DisplayName` and `Severity`. */ byAlertDetails?: pulumi.Input[]>; /** * A list of custom details keys to group by, only when the `entityMatchingMethod` is `Selected`. Only keys defined in the `customDetails` may be used. */ byCustomDetails?: pulumi.Input[]>; /** * A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`. */ byEntities?: pulumi.Input[]>; /** * Enable grouping incidents created from alerts triggered by this Sentinel NRT Alert Rule. Defaults to `true`. */ enabled?: pulumi.Input; /** * The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`. */ entityMatchingMethod?: pulumi.Input; /** * Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`. */ lookbackDuration?: pulumi.Input; /** * Whether to re-open closed matching incidents? Defaults to `false`. */ reopenClosedIncidents?: pulumi.Input; } interface AlertRuleNrtSentinelEntityMapping { /** * The column name to be mapped to the identifier. */ columnName: pulumi.Input; } interface AlertRuleScheduledAlertDetailsOverride { /** * The format containing columns name(s) to override the description of this Sentinel Alert Rule. */ descriptionFormat?: pulumi.Input; /** * The format containing columns name(s) to override the name of this Sentinel Alert Rule. */ displayNameFormat?: pulumi.Input; /** * A list of `dynamicProperty` blocks as defined below. */ dynamicProperties?: pulumi.Input[]>; /** * The column name to take the alert severity from. */ severityColumnName?: pulumi.Input; /** * The column name to take the alert tactics from. */ tacticsColumnName?: pulumi.Input; } interface AlertRuleScheduledAlertDetailsOverrideDynamicProperty { /** * The name of the dynamic property. Possible values are `AlertLink`, `ConfidenceLevel`, `ConfidenceScore`, `ExtendedLinks`, `ProductComponentName`, `ProductName`, `ProviderName`, `RemediationSteps`, `SubTechniques` and `Techniques`. */ name: pulumi.Input; /** * The value of the dynamic property. Pssible Values are `Caller`, `dcount_ResourceId` and `EventSubmissionTimestamp`. */ value: pulumi.Input; } interface AlertRuleScheduledEntityMapping { /** * The type of the entity. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`. */ entityType: pulumi.Input; /** * A list of `fieldMapping` blocks as defined below. */ fieldMappings: pulumi.Input[]>; } interface AlertRuleScheduledEntityMappingFieldMapping { /** * The column name to be mapped to the identifier. */ columnName: pulumi.Input; /** * The identifier of the entity. */ identifier: pulumi.Input; } interface AlertRuleScheduledEventGrouping { /** * The aggregation type of grouping the events. Possible values are `AlertPerResult` and `SingleAlert`. */ aggregationMethod: pulumi.Input; } interface AlertRuleScheduledIncident { /** * Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule? */ createIncidentEnabled: pulumi.Input; /** * A `grouping` block as defined below. */ grouping: pulumi.Input; } interface AlertRuleScheduledIncidentGrouping { /** * A list of alert details to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `DisplayName` and `Severity`. */ byAlertDetails?: pulumi.Input[]>; /** * A list of custom details keys to group by, only when the `entityMatchingMethod` is `Selected`. Only keys defined in the `customDetails` may be used. */ byCustomDetails?: pulumi.Input[]>; /** * A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`. */ byEntities?: pulumi.Input[]>; /** * Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`. */ enabled?: pulumi.Input; /** * The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`. */ entityMatchingMethod?: pulumi.Input; /** * Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`. */ lookbackDuration?: pulumi.Input; /** * Whether to re-open closed matching incidents? Defaults to `false`. */ reopenClosedIncidents?: pulumi.Input; } interface AlertRuleScheduledSentinelEntityMapping { /** * The column name to be mapped to the identifier. */ columnName: pulumi.Input; } interface AuthomationRuleActionIncident { /** * The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`. * * > **Note:** The `classification` is required when `status` is `Closed`. */ classification?: pulumi.Input; /** * The comment why the incident is to be closed. * * > **Note:** The `classificationComment` is allowed to set only when `status` is `Closed`. */ classificationComment?: pulumi.Input; /** * Specifies a list of labels to add to the incident. */ labels?: pulumi.Input[]>; /** * The execution order of this action. */ order: pulumi.Input; /** * The object ID of the entity this incident is assigned to. */ ownerId?: pulumi.Input; /** * The severity to add to the incident. Possible values are `High`, `Informational`, `Low` and `Medium`. * * > **Note:** At least one of `status`, `labels`, `ownerId` and `severity` has to be set. */ severity?: pulumi.Input; /** * The status to set to the incident. Possible values are: `Active`, `Closed`, `New`. */ status?: pulumi.Input; } interface AuthomationRuleActionIncidentTask { /** * The description of the incident task. */ description?: pulumi.Input; /** * The execution order of this action. */ order: pulumi.Input; /** * The title of the incident task. */ title: pulumi.Input; } interface AuthomationRuleActionPlaybook { /** * The ID of the Logic App that defines the playbook's logic. */ logicAppId: pulumi.Input; /** * The execution order of this action. */ order: pulumi.Input; /** * The ID of the Tenant that owns the playbook. */ tenantId?: pulumi.Input; } interface AutomationRuleActionIncident { /** * The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`. * * > **Note:** The `classification` is required when `status` is `Closed`. */ classification?: pulumi.Input; /** * The comment why the incident is to be closed. * * > **Note:** The `classificationComment` is allowed to set only when `status` is `Closed`. */ classificationComment?: pulumi.Input; /** * Specifies a list of labels to add to the incident. */ labels?: pulumi.Input[]>; /** * The execution order of this action. */ order: pulumi.Input; /** * The object ID of the entity this incident is assigned to. */ ownerId?: pulumi.Input; /** * The severity to add to the incident. Possible values are `High`, `Informational`, `Low` and `Medium`. * * > **Note:** At least one of `status`, `labels`, `ownerId` and `severity` has to be set. */ severity?: pulumi.Input; /** * The status to set to the incident. Possible values are: `Active`, `Closed`, `New`. */ status?: pulumi.Input; } interface AutomationRuleActionIncidentTask { /** * The description of the incident task. */ description?: pulumi.Input; /** * The execution order of this action. */ order: pulumi.Input; /** * The title of the incident task. */ title: pulumi.Input; } interface AutomationRuleActionPlaybook { /** * The ID of the Logic App that defines the playbook's logic. */ logicAppId: pulumi.Input; /** * The execution order of this action. */ order: pulumi.Input; /** * The ID of the Tenant that owns the playbook. */ tenantId?: pulumi.Input; } interface MetadataAuthor { /** * The email address of the author contact. */ email?: pulumi.Input; /** * The link for author/vendor page. */ link?: pulumi.Input; /** * The name of the author, company or person. */ name?: pulumi.Input; } interface MetadataCategory { /** * Specifies a list of domains for the solution content item. */ domains?: pulumi.Input[]>; /** * Specifies a list of industry verticals for the solution content item. */ verticals?: pulumi.Input[]>; } interface MetadataSource { /** * The id of the content source, the solution ID, Log Analytics Workspace name etc. */ id?: pulumi.Input; /** * The kind of the content source. Possible values are `Community`, `LocalWorkspace`, `Solution` and `SourceRepository`. */ kind: pulumi.Input; /** * The name of the content source, repo name, solution name, Log Analytics Workspace name, etc. */ name?: pulumi.Input; } interface MetadataSupport { /** * The email address of the support contact. */ email?: pulumi.Input; /** * The link for support help. */ link?: pulumi.Input; /** * The name of the support contact. */ name?: pulumi.Input; /** * The type of support for content item. Possible values are `Microsoft`, `Partner` and `Community`. */ tier: pulumi.Input; } interface ThreatIntelligenceIndicatorExternalReference { /** * The description of the external reference of the Threat Intelligence Indicator. */ description?: pulumi.Input; /** * The list of hashes of the external reference of the Threat Intelligence Indicator. */ hashes?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The ID of the Sentinel Threat Intelligence Indicator. */ id?: pulumi.Input; /** * The source name of the external reference of the Threat Intelligence Indicator. */ sourceName?: pulumi.Input; /** * The url of the external reference of the Threat Intelligence Indicator. */ url?: pulumi.Input; } interface ThreatIntelligenceIndicatorGranularMarking { /** * The language of granular marking of the Threat Intelligence Indicator. */ language?: pulumi.Input; /** * The reference of the granular marking of the Threat Intelligence Indicator. */ markingRef?: pulumi.Input; /** * A list of selectors of the granular marking of the Threat Intelligence Indicator. */ selectors?: pulumi.Input[]>; } interface ThreatIntelligenceIndicatorKillChainPhase { /** * The name which should be used for the Lockheed Martin cyber kill chain phase. */ name?: pulumi.Input; } interface ThreatIntelligenceIndicatorParsedPattern { /** * The type key of parsed pattern. */ patternTypeKey?: pulumi.Input; /** * A `patternTypeValues` block as defined below. */ patternTypeValues?: pulumi.Input[]>; } interface ThreatIntelligenceIndicatorParsedPatternPatternTypeValue { /** * The value of the parsed pattern type. */ value?: pulumi.Input; /** * The type of the value of the parsed pattern type value. */ valueType?: pulumi.Input; } } export declare namespace servicebus { interface NamespaceCustomerManagedKey { /** * The ID of the User Assigned Identity that has access to the key. */ identityId: pulumi.Input; /** * Used to specify whether enable Infrastructure Encryption (Double Encryption). Changing this forces a new resource to be created. */ infrastructureEncryptionEnabled?: pulumi.Input; /** * The ID of the Key Vault Key which should be used to Encrypt the data in this Service Bus Namespace. */ keyVaultKeyId: pulumi.Input; } interface NamespaceIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Service Bus namespace. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this Service Bus Namespace. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this Service Bus Namespace. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Service Bus Namespace. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface NamespaceNetworkRuleSet { /** * Specifies the default action for the Network Rule Set. Possible values are `Allow` and `Deny`. Defaults to `Allow`. */ defaultAction?: pulumi.Input; /** * One or more IP Addresses, or CIDR Blocks which should be able to access the Service Bus Namespace. */ ipRules?: pulumi.Input[]>; /** * One or more `networkRules` blocks as defined below. */ networkRules?: pulumi.Input[]>; /** * Whether to allow traffic over public network. Possible values are `true` and `false`. Defaults to `true`. * * > **Note:** To disable public network access, you must also configure the property `publicNetworkAccessEnabled`. */ publicNetworkAccessEnabled?: pulumi.Input; /** * Are Azure Services that are known and trusted for this resource type are allowed to bypass firewall configuration? See [Trusted Microsoft Services](https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/service-bus-messaging/includes/service-bus-trusted-services.md) */ trustedServicesAllowed?: pulumi.Input; } interface NamespaceNetworkRuleSetNetworkRule { /** * Should the Service Bus Namespace Network Rule Set ignore missing Virtual Network Service Endpoint option in the Subnet? Defaults to `false`. */ ignoreMissingVnetServiceEndpoint?: pulumi.Input; /** * The Subnet ID which should be able to access this Service Bus Namespace. */ subnetId: pulumi.Input; } interface SubscriptionClientScopedSubscription { /** * Specifies the Client ID of the application that created the client-scoped subscription. Changing this forces a new resource to be created. * * > **Note:** Client ID can be null or empty, but it must match the client ID set on the JMS client application. From the Azure Service Bus perspective, a null client ID and an empty client id have the same behavior. If the client ID is set to null or empty, it is only accessible to client applications whose client ID is also set to null or empty. */ clientId?: pulumi.Input; /** * Whether the client scoped subscription is durable. This property can only be controlled from the application side. */ isClientScopedSubscriptionDurable?: pulumi.Input; /** * Whether the client scoped subscription is shareable. Defaults to `true` Changing this forces a new resource to be created. */ isClientScopedSubscriptionShareable?: pulumi.Input; } interface SubscriptionRuleCorrelationFilter { /** * Content type of the message. */ contentType?: pulumi.Input; /** * Identifier of the correlation. */ correlationId?: pulumi.Input; /** * Application specific label. */ label?: pulumi.Input; /** * Identifier of the message. */ messageId?: pulumi.Input; /** * A list of user defined properties to be included in the filter. Specified as a map of name/value pairs. * * > **Note:** When creating a subscription rule of type `CorrelationFilter` at least one property must be set in the `correlationFilter` block. */ properties?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Address of the queue to reply to. */ replyTo?: pulumi.Input; /** * Session identifier to reply to. */ replyToSessionId?: pulumi.Input; /** * Session identifier. */ sessionId?: pulumi.Input; /** * Address to send to. */ to?: pulumi.Input; } } export declare namespace servicefabric { interface ClusterAzureActiveDirectory { /** * The Azure Active Directory Client ID which should be used for the Client Application. */ clientApplicationId: pulumi.Input; /** * The Azure Active Directory Cluster Application ID. */ clusterApplicationId: pulumi.Input; /** * The Azure Active Directory Tenant ID. */ tenantId: pulumi.Input; } interface ClusterCertificate { /** * The Thumbprint of the Certificate. */ thumbprint: pulumi.Input; /** * The Secondary Thumbprint of the Certificate. */ thumbprintSecondary?: pulumi.Input; /** * The X509 Store where the Certificate Exists, such as `My`. */ x509StoreName: pulumi.Input; } interface ClusterCertificateCommonNames { /** * A `commonNames` block as defined below. */ commonNames: pulumi.Input[]>; /** * The X509 Store where the Certificate Exists, such as `My`. */ x509StoreName: pulumi.Input; } interface ClusterCertificateCommonNamesCommonName { /** * The common or subject name of the certificate. */ certificateCommonName: pulumi.Input; /** * The Issuer Thumbprint of the Certificate. * * > **Note:** Certificate Issuer Thumbprint may become required in the future, `https://docs.microsoft.com/azure/service-fabric/service-fabric-create-cluster-using-cert-cn#download-and-update-a-sample-template`. */ certificateIssuerThumbprint?: pulumi.Input; } interface ClusterClientCertificateCommonName { /** * The common or subject name of the certificate. */ commonName: pulumi.Input; /** * Does the Client Certificate have Admin Access to the cluster? Non-admin clients can only perform read only operations on the cluster. */ isAdmin: pulumi.Input; /** * The Issuer Thumbprint of the Certificate. * * > **Note:** Certificate Issuer Thumbprint may become required in the future, `https://docs.microsoft.com/azure/service-fabric/service-fabric-create-cluster-using-cert-cn#download-and-update-a-sample-template`. */ issuerThumbprint?: pulumi.Input; } interface ClusterClientCertificateThumbprint { /** * Does the Client Certificate have Admin Access to the cluster? Non-admin clients can only perform read only operations on the cluster. */ isAdmin: pulumi.Input; /** * The Thumbprint associated with the Client Certificate. */ thumbprint: pulumi.Input; } interface ClusterDiagnosticsConfig { /** * The Blob Endpoint of the Storage Account. */ blobEndpoint: pulumi.Input; /** * The protected diagnostics storage key name, such as `StorageAccountKey1`. */ protectedAccountKeyName: pulumi.Input; /** * The Queue Endpoint of the Storage Account. */ queueEndpoint: pulumi.Input; /** * The name of the Storage Account where the Diagnostics should be sent to. */ storageAccountName: pulumi.Input; /** * The Table Endpoint of the Storage Account. */ tableEndpoint: pulumi.Input; } interface ClusterFabricSetting { /** * The name of the Fabric Setting, such as `Security` or `Federation`. */ name: pulumi.Input; /** * A map containing settings for the specified Fabric Setting. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface ClusterNodeType { /** * A `applicationPorts` block as defined below. */ applicationPorts?: pulumi.Input; /** * The capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has. */ capacities?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Port used for the Client Endpoint for this Node Type. */ clientEndpointPort: pulumi.Input; /** * The Durability Level for this Node Type. Possible values include `Bronze`, `Gold` and `Silver`. Defaults to `Bronze`. */ durabilityLevel?: pulumi.Input; /** * A `ephemeralPorts` block as defined below. */ ephemeralPorts?: pulumi.Input; /** * The Port used for the HTTP Endpoint for this Node Type. */ httpEndpointPort: pulumi.Input; /** * The number of nodes for this Node Type. */ instanceCount: pulumi.Input; /** * Is this the Primary Node Type? */ isPrimary: pulumi.Input; /** * Should this node type run only stateless services? */ isStateless?: pulumi.Input; /** * Does this node type span availability zones? */ multipleAvailabilityZones?: pulumi.Input; /** * The name of the Node Type. */ name: pulumi.Input; /** * The placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run. */ placementProperties?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Port used for the Reverse Proxy Endpoint for this Node Type. Changing this will upgrade the cluster. */ reverseProxyEndpointPort?: pulumi.Input; } interface ClusterNodeTypeApplicationPorts { /** * The end of the Application Port Range on this Node Type. */ endPort: pulumi.Input; /** * The start of the Application Port Range on this Node Type. */ startPort: pulumi.Input; } interface ClusterNodeTypeEphemeralPorts { /** * The end of the Ephemeral Port Range on this Node Type. */ endPort: pulumi.Input; /** * The start of the Ephemeral Port Range on this Node Type. */ startPort: pulumi.Input; } interface ClusterReverseProxyCertificate { /** * The Thumbprint of the Certificate. */ thumbprint: pulumi.Input; /** * The Secondary Thumbprint of the Certificate. */ thumbprintSecondary?: pulumi.Input; /** * The X509 Store where the Certificate Exists, such as `My`. */ x509StoreName: pulumi.Input; } interface ClusterReverseProxyCertificateCommonNames { /** * A `commonNames` block as defined below. */ commonNames: pulumi.Input[]>; /** * The X509 Store where the Certificate Exists, such as `My`. */ x509StoreName: pulumi.Input; } interface ClusterReverseProxyCertificateCommonNamesCommonName { /** * The common or subject name of the certificate. */ certificateCommonName: pulumi.Input; /** * The Issuer Thumbprint of the Certificate. * * > **Note:** Certificate Issuer Thumbprint may become required in the future, `https://docs.microsoft.com/azure/service-fabric/service-fabric-create-cluster-using-cert-cn#download-and-update-a-sample-template`. */ certificateIssuerThumbprint?: pulumi.Input; } interface ClusterUpgradePolicy { /** * A `deltaHealthPolicy` block as defined below */ deltaHealthPolicy?: pulumi.Input; /** * Indicates whether to restart the Service Fabric node even if only dynamic configurations have changed. */ forceRestartEnabled?: pulumi.Input; /** * Specifies the duration, in "hh:mm:ss" string format, after which Service Fabric retries the health check if the previous health check fails. Defaults to `00:45:00`. */ healthCheckRetryTimeout?: pulumi.Input; /** * Specifies the duration, in "hh:mm:ss" string format, that Service Fabric waits in order to verify that the cluster is stable before it continues to the next upgrade domain or completes the upgrade. This wait duration prevents undetected changes of health right after the health check is performed. Defaults to `00:01:00`. */ healthCheckStableDuration?: pulumi.Input; /** * Specifies the duration, in "hh:mm:ss" string format, that Service Fabric waits before it performs the initial health check after it finishes the upgrade on the upgrade domain. Defaults to `00:00:30`. */ healthCheckWaitDuration?: pulumi.Input; /** * A `healthPolicy` block as defined below */ healthPolicy?: pulumi.Input; /** * Specifies the duration, in "hh:mm:ss" string format, that Service Fabric takes to upgrade a single upgrade domain. After this period, the upgrade fails. Defaults to `02:00:00`. */ upgradeDomainTimeout?: pulumi.Input; /** * Specifies the duration, in "hh:mm:ss" string format, that Service Fabric waits for a replica set to reconfigure into a safe state, if it is not already in a safe state, before Service Fabric proceeds with the upgrade. Defaults to `10675199.02:48:05.4775807`. */ upgradeReplicaSetCheckTimeout?: pulumi.Input; /** * Specifies the duration, in "hh:mm:ss" string format, that Service Fabric takes for the entire upgrade. After this period, the upgrade fails. Defaults to `12:00:00`. */ upgradeTimeout?: pulumi.Input; } interface ClusterUpgradePolicyDeltaHealthPolicy { /** * Specifies the maximum tolerated percentage of delta unhealthy applications that can have aggregated health states of error. If the current unhealthy applications do not respect the percentage relative to the state at the beginning of the upgrade, the cluster is unhealthy. Defaults to `0`. */ maxDeltaUnhealthyApplicationsPercent?: pulumi.Input; /** * Specifies the maximum tolerated percentage of delta unhealthy nodes that can have aggregated health states of error. If the current unhealthy nodes do not respect the percentage relative to the state at the beginning of the upgrade, the cluster is unhealthy. Defaults to `0`. */ maxDeltaUnhealthyNodesPercent?: pulumi.Input; /** * Specifies the maximum tolerated percentage of upgrade domain delta unhealthy nodes that can have aggregated health state of error. If there is any upgrade domain where the current unhealthy nodes do not respect the percentage relative to the state at the beginning of the upgrade, the cluster is unhealthy. Defaults to `0`. */ maxUpgradeDomainDeltaUnhealthyNodesPercent?: pulumi.Input; } interface ClusterUpgradePolicyHealthPolicy { /** * Specifies the maximum tolerated percentage of applications that can have aggregated health state of error. If the upgrade exceeds this percentage, the cluster is unhealthy. Defaults to `0`. */ maxUnhealthyApplicationsPercent?: pulumi.Input; /** * Specifies the maximum tolerated percentage of nodes that can have aggregated health states of error. If an upgrade exceeds this percentage, the cluster is unhealthy. Defaults to `0`. */ maxUnhealthyNodesPercent?: pulumi.Input; } interface ManagedClusterAuthentication { /** * A `activeDirectory` block as defined above. */ activeDirectory?: pulumi.Input; /** * One or more `certificate` blocks as defined below. */ certificates?: pulumi.Input[]>; } interface ManagedClusterAuthenticationActiveDirectory { /** * The ID of the Client Application. */ clientApplicationId: pulumi.Input; /** * The ID of the Cluster Application. */ clusterApplicationId: pulumi.Input; /** * The ID of the Tenant. */ tenantId: pulumi.Input; } interface ManagedClusterAuthenticationCertificate { /** * The certificate's CN. */ commonName?: pulumi.Input; /** * The thumbprint of the certificate. */ thumbprint: pulumi.Input; /** * The type of the certificate. Can be `AdminClient` or `ReadOnlyClient`. */ type: pulumi.Input; } interface ManagedClusterCustomFabricSetting { /** * Parameter name. */ parameter: pulumi.Input; /** * Section name. */ section: pulumi.Input; /** * Parameter value. */ value: pulumi.Input; } interface ManagedClusterLbRule { /** * LB Backend port. */ backendPort: pulumi.Input; /** * LB Frontend port. */ frontendPort: pulumi.Input; /** * Protocol for the probe. Can be one of `tcp`, `udp`, `http`, or `https`. */ probeProtocol: pulumi.Input; /** * Path for the probe to check, when probe protocol is set to `http`. */ probeRequestPath?: pulumi.Input; /** * The transport protocol used in this rule. Can be one of `tcp` or `udp`. */ protocol: pulumi.Input; } interface ManagedClusterNodeType { /** * Sets the port range available for applications. Format is `-`, for example `10000-20000`. */ applicationPortRange: pulumi.Input; /** * Specifies a list of key/value pairs used to set capacity tags for this node type. */ capacities?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The size of the data disk in gigabytes.. */ dataDiskSizeGb: pulumi.Input; /** * The type of the disk to use for storing data. It can be one of `Premium_LRS`, `Standard_LRS`, or `StandardSSD_LRS`. Defaults to `Standard_LRS`. */ dataDiskType?: pulumi.Input; /** * Sets the port range available for the OS. Format is `-`, for example `10000-20000`. There has to be at least 255 ports available and cannot overlap with `applicationPortRange`.. */ ephemeralPortRange: pulumi.Input; /** * The ID of the Resource Group. */ id?: pulumi.Input; /** * If set the node type can be composed of multiple placement groups. */ multiplePlacementGroupsEnabled?: pulumi.Input; /** * The name which should be used for this node type. */ name: pulumi.Input; /** * Specifies a list of placement tags that can be used to indicate where services should run.. */ placementProperties?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * If set to true, system services will run on this node type. Only one node type should be marked as primary. Primary node type cannot be deleted or changed once they're created. */ primary?: pulumi.Input; /** * If set to true, only stateless workloads can run on this node type. */ stateless?: pulumi.Input; /** * The offer type of the marketplace image cluster VMs will use. */ vmImageOffer: pulumi.Input; /** * The publisher of the marketplace image cluster VMs will use. */ vmImagePublisher: pulumi.Input; /** * The SKU of the marketplace image cluster VMs will use. */ vmImageSku: pulumi.Input; /** * The version of the marketplace image cluster VMs will use. */ vmImageVersion: pulumi.Input; /** * The number of instances this node type will launch. */ vmInstanceCount: pulumi.Input; /** * One or more `vmSecrets` blocks as defined below. */ vmSecrets?: pulumi.Input[]>; /** * The size of the instances in this node type. */ vmSize: pulumi.Input; } interface ManagedClusterNodeTypeVmSecret { /** * One or more `certificates` blocks as defined above. */ certificates: pulumi.Input[]>; /** * The ID of the Vault that contain the certificates. */ vaultId: pulumi.Input; } interface ManagedClusterNodeTypeVmSecretCertificate { /** * The certificate store on the Virtual Machine to which the certificate should be added. */ store: pulumi.Input; /** * The URL of a certificate that has been uploaded to Key Vault as a secret */ url: pulumi.Input; } } export declare namespace signalr { interface ServiceCor { /** * A list of origins which should be able to make cross-origin calls. `*` can be used to allow all calls. */ allowedOrigins: pulumi.Input[]>; } interface ServiceIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this signalR. * * > **Note:** This is required when `type` is set to `UserAssigned` */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this signalR. Possible values are `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; } interface ServiceLiveTrace { /** * Whether the log category `ConnectivityLogs` is enabled? Defaults to `true` */ connectivityLogsEnabled?: pulumi.Input; /** * Whether the live trace is enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * Whether the log category `HttpRequestLogs` is enabled? Defaults to `true` */ httpRequestLogsEnabled?: pulumi.Input; /** * Whether the log category `MessagingLogs` is enabled? Defaults to `true` */ messagingLogsEnabled?: pulumi.Input; } interface ServiceNetworkAclPrivateEndpoint { /** * The allowed request types for the Private Endpoint Connection. Possible values are `ClientConnection`, `ServerConnection`, `RESTAPI` and `Trace`. * * > **Note:** When `defaultAction` is `Allow`, `allowedRequestTypes`cannot be set. */ allowedRequestTypes?: pulumi.Input[]>; /** * The denied request types for the Private Endpoint Connection. Possible values are `ClientConnection`, `ServerConnection`, `RESTAPI` and `Trace`. * * > **Note:** When `defaultAction` is `Deny`, `deniedRequestTypes`cannot be set. * * > **Note:** `allowedRequestTypes` - (Optional) and `deniedRequestTypes` cannot be set together. */ deniedRequestTypes?: pulumi.Input[]>; /** * The ID of the Private Endpoint which is based on the SignalR service. */ id: pulumi.Input; } interface ServiceNetworkAclPublicNetwork { /** * The allowed request types for the public network. Possible values are `ClientConnection`, `ServerConnection`, `RESTAPI` and `Trace`. * * > **Note:** When `defaultAction` is `Allow`, `allowedRequestTypes`cannot be set. */ allowedRequestTypes?: pulumi.Input[]>; /** * The denied request types for the public network. Possible values are `ClientConnection`, `ServerConnection`, `RESTAPI` and `Trace`. * * > **Note:** When `defaultAction` is `Deny`, `deniedRequestTypes`cannot be set. * * > **Note:** `allowedRequestTypes` - (Optional) and `deniedRequestTypes` cannot be set together. */ deniedRequestTypes?: pulumi.Input[]>; } interface ServiceSku { /** * Specifies the number of units associated with this SignalR service. Valid values are `1`, `2`, `3`, `4`, `5`, `6`, `7`, `8`, `9`, `10`, `20`, `30`, `40`, `50`, `60`, `70`, `80`, `90`, `100`, `200`, `300`, `400`, `500`, `600`, `700`, `800`, `900` and `1000`. * * > **Note:** The valid capacity range for sku `Free_F1` is `1`, for sku `Premium_P2` is from `100` to `1000`, and from `1` to `100` for sku `Standard_S1` and `Premium_P1`. */ capacity: pulumi.Input; /** * Specifies which tier to use. Valid values are `Free_F1`, `Standard_S1`, `Premium_P1` and `Premium_P2`. */ name: pulumi.Input; } interface ServiceUpstreamEndpoint { /** * The categories to match on, or `*` for all. */ categoryPatterns: pulumi.Input[]>; /** * The events to match on, or `*` for all. */ eventPatterns: pulumi.Input[]>; /** * The hubs to match on, or `*` for all. */ hubPatterns: pulumi.Input[]>; /** * The upstream URL Template. This can be a url or a template such as `http://host.com/{hub}/api/{category}/{event}`. */ urlTemplate: pulumi.Input; /** * Specifies the Managed Identity IDs to be assigned to this signalR upstream setting by using resource uuid as both system assigned and user assigned identity is supported. */ userAssignedIdentityId?: pulumi.Input; } } export declare namespace siterecovery { interface ProtectionContainerMappingAutomaticUpdate { /** * The authentication type used for automation account. Possible values are `RunAsAccount` and `SystemAssignedIdentity`. Defaults to `SystemAssignedIdentity`. * * > **Note:** `RunAsAccount` of `authenticationType` is deprecated and will retire on September 30, 2023. Details could be found [here](https://learn.microsoft.com/en-us/azure/automation/whats-new#support-for-run-as-accounts). */ authenticationType?: pulumi.Input; /** * The automation account ID which holds the automatic update runbook and authenticates to Azure resources. * * > **Note:** `automationAccountId` is required when `enabled` is specified. */ automationAccountId?: pulumi.Input; /** * Should the Mobility service installed on Azure virtual machines be automatically updated. Defaults to `false`. * * > **Note:** The setting applies to all Azure VMs protected in the same container. For more details see [this document](https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-autoupdate#enable-automatic-updates) */ enabled?: pulumi.Input; } interface ReplicatedVMManagedDisk { /** * Id of disk that should be replicated. Changing this forces a new resource to be created. */ diskId: pulumi.Input; /** * Storage account that should be used for caching. Changing this forces a new resource to be created. */ stagingStorageAccountId: pulumi.Input; /** * A `targetDiskEncryption` block as defined below. */ targetDiskEncryption?: pulumi.Input; /** * The Disk Encryption Set that the Managed Disk will be associated with. Changing this forces a new resource to be created. * * > **Note:** Creating replicated vm with `targetDiskEncryptionSetId` wil take more time (up to 5 hours), please extend the `timeout` for `create`. */ targetDiskEncryptionSetId?: pulumi.Input; /** * What type should the disk be when a failover is done. Possible values are `Standard_LRS`, `Premium_LRS`, `PremiumV2_LRS`, `StandardSSD_LRS`, `UltraSSD_LRS`, `StandardSSD_ZRS` and `Premium_ZRS`. Changing this forces a new resource to be created. */ targetDiskType: pulumi.Input; /** * What type should the disk be that holds the replication data. Possible values are `Standard_LRS`, `Premium_LRS`, `PremiumV2_LRS`, `StandardSSD_LRS`, `UltraSSD_LRS`, `StandardSSD_ZRS` and `Premium_ZRS`. Changing this forces a new resource to be created. */ targetReplicaDiskType: pulumi.Input; /** * Resource group disk should belong to when a failover is done. Changing this forces a new resource to be created. */ targetResourceGroupId: pulumi.Input; } interface ReplicatedVMManagedDiskTargetDiskEncryption { /** * A `diskEncryptionKey` block as defined below. */ diskEncryptionKey: pulumi.Input; /** * A `keyEncryptionKey` block as defined below. */ keyEncryptionKey?: pulumi.Input; } interface ReplicatedVMManagedDiskTargetDiskEncryptionDiskEncryptionKey { /** * The URL to the Key Vault Secret used as the Disk Encryption Key that the Managed Disk will be associated with. This can be found as `id` on the `azure.keyvault.Secret` resource. Changing this forces a new resource to be created. */ secretUrl: pulumi.Input; /** * The ID of the Key Vault. This can be found as `id` on the `azure.keyvault.KeyVault` resource. Changing this forces a new resource to be created. */ vaultId: pulumi.Input; } interface ReplicatedVMManagedDiskTargetDiskEncryptionKeyEncryptionKey { /** * The URL to the Key Vault Key used as the Key Encryption Key that the Managed Disk will be associated with. This can be found as `id` on the `azure.keyvault.Key` resource. Changing this forces a new resource to be created. */ keyUrl: pulumi.Input; /** * The ID of the Key Vault. This can be found as `id` on the `azure.keyvault.KeyVault` resource. Changing this forces a new resource to be created. */ vaultId: pulumi.Input; } interface ReplicatedVMNetworkInterface { /** * Id of the public IP object to use when a test failover is done. */ failoverTestPublicIpAddressId?: pulumi.Input; /** * Static IP to assign when a test failover is done. */ failoverTestStaticIp?: pulumi.Input; /** * Name of the subnet to use when a test failover is done. */ failoverTestSubnetName?: pulumi.Input; /** * A list of IDs of Load Balancer Backend Address Pools to use when a failover is done. */ recoveryLoadBalancerBackendAddressPoolIds?: pulumi.Input[]>; /** * Id of the public IP object to use when a failover is done. */ recoveryPublicIpAddressId?: pulumi.Input; /** * (Required if the networkInterface block is specified) Id source network interface. */ sourceNetworkInterfaceId?: pulumi.Input; /** * Static IP to assign when a failover is done. */ targetStaticIp?: pulumi.Input; /** * Name of the subnet to use when a failover is done. */ targetSubnetName?: pulumi.Input; } interface ReplicatedVMUnmanagedDisk { /** * Id of disk that should be replicated. Changing this forces a new resource to be created. */ diskUri: pulumi.Input; /** * Storage account that should be used for caching. Changing this forces a new resource to be created. */ stagingStorageAccountId: pulumi.Input; /** * Storage account disk should belong to when a failover is done. Changing this forces a new resource to be created. */ targetStorageAccountId: pulumi.Input; } interface ReplicationRecoveryPlanAzureToAzureSettings { /** * The Edge Zone within the Azure Region where the VM exists. Changing this forces a new Site Recovery Replication Recovery Plan to be created. */ primaryEdgeZone?: pulumi.Input; /** * The Availability Zone in which the VM is located. Changing this forces a new Site Recovery Replication Recovery Plan to be created. */ primaryZone?: pulumi.Input; /** * The Edge Zone within the Azure Region where the VM is recovered. Changing this forces a new Site Recovery Replication Recovery Plan to be created. * * > **Note:** `primaryEdgeZone` and `recoveryEdgeZone` must be specified together. */ recoveryEdgeZone?: pulumi.Input; /** * The Availability Zone in which the VM is recovered. Changing this forces a new Site Recovery Replication Recovery Plan to be created. * * > **Note:** `primaryZone` and `recoveryZone` must be specified together. */ recoveryZone?: pulumi.Input; } interface ReplicationRecoveryPlanBootRecoveryGroup { /** * one or more `action` block as defined below. which will be executed after the group recovery. */ postActions?: pulumi.Input[]>; /** * one or more `action` block as defined below. which will be executed before the group recovery. */ preActions?: pulumi.Input[]>; /** * One or more protected VM IDs. */ replicatedProtectedItems?: pulumi.Input[]>; } interface ReplicationRecoveryPlanBootRecoveryGroupPostAction { /** * The fabric location of runbook or script. Possible values are `Primary` and `Recovery`. It must not be specified when `type` is `ManualActionDetails`. * * > **Note:** This is required when `type` is set to `AutomationRunbookActionDetails` or `ScriptActionDetails`. */ fabricLocation?: pulumi.Input; /** * Directions of fail over. Possible values are `PrimaryToRecovery` and `RecoveryToPrimary` */ failOverDirections: pulumi.Input[]>; /** * Types of fail over. Possible values are `TestFailover`, `PlannedFailover` and `UnplannedFailover` */ failOverTypes: pulumi.Input[]>; /** * Instructions of manual action. * * > **Note:** This property is required when `type` is set to `ManualActionDetails`. */ manualActionInstruction?: pulumi.Input; /** * The name of the Replication Plan. The name can contain only letters, numbers, and hyphens. It should start with a letter and end with a letter or a number. Can be a maximum of 63 characters. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Id of runbook. * * > **Note:** This property is required when `type` is set to `AutomationRunbookActionDetails`. */ runbookId?: pulumi.Input; /** * Path of action script. * * > **Note:** This property is required when `type` is set to `ScriptActionDetails`. */ scriptPath?: pulumi.Input; /** * Type of the action detail. Possible values are `AutomationRunbookActionDetails`, `ManualActionDetails` and `ScriptActionDetails`. */ type: pulumi.Input; } interface ReplicationRecoveryPlanBootRecoveryGroupPreAction { /** * The fabric location of runbook or script. Possible values are `Primary` and `Recovery`. It must not be specified when `type` is `ManualActionDetails`. * * > **Note:** This is required when `type` is set to `AutomationRunbookActionDetails` or `ScriptActionDetails`. */ fabricLocation?: pulumi.Input; /** * Directions of fail over. Possible values are `PrimaryToRecovery` and `RecoveryToPrimary` */ failOverDirections: pulumi.Input[]>; /** * Types of fail over. Possible values are `TestFailover`, `PlannedFailover` and `UnplannedFailover` */ failOverTypes: pulumi.Input[]>; /** * Instructions of manual action. * * > **Note:** This property is required when `type` is set to `ManualActionDetails`. */ manualActionInstruction?: pulumi.Input; /** * The name of the Replication Plan. The name can contain only letters, numbers, and hyphens. It should start with a letter and end with a letter or a number. Can be a maximum of 63 characters. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Id of runbook. * * > **Note:** This property is required when `type` is set to `AutomationRunbookActionDetails`. */ runbookId?: pulumi.Input; /** * Path of action script. * * > **Note:** This property is required when `type` is set to `ScriptActionDetails`. */ scriptPath?: pulumi.Input; /** * Type of the action detail. Possible values are `AutomationRunbookActionDetails`, `ManualActionDetails` and `ScriptActionDetails`. */ type: pulumi.Input; } interface ReplicationRecoveryPlanFailoverRecoveryGroup { /** * one or more `action` block as defined below. which will be executed after the group recovery. */ postActions?: pulumi.Input[]>; /** * one or more `action` block as defined below. which will be executed before the group recovery. */ preActions?: pulumi.Input[]>; } interface ReplicationRecoveryPlanFailoverRecoveryGroupPostAction { /** * The fabric location of runbook or script. Possible values are `Primary` and `Recovery`. It must not be specified when `type` is `ManualActionDetails`. * * > **Note:** This is required when `type` is set to `AutomationRunbookActionDetails` or `ScriptActionDetails`. */ fabricLocation?: pulumi.Input; /** * Directions of fail over. Possible values are `PrimaryToRecovery` and `RecoveryToPrimary` */ failOverDirections: pulumi.Input[]>; /** * Types of fail over. Possible values are `TestFailover`, `PlannedFailover` and `UnplannedFailover` */ failOverTypes: pulumi.Input[]>; /** * Instructions of manual action. * * > **Note:** This property is required when `type` is set to `ManualActionDetails`. */ manualActionInstruction?: pulumi.Input; /** * The name of the Replication Plan. The name can contain only letters, numbers, and hyphens. It should start with a letter and end with a letter or a number. Can be a maximum of 63 characters. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Id of runbook. * * > **Note:** This property is required when `type` is set to `AutomationRunbookActionDetails`. */ runbookId?: pulumi.Input; /** * Path of action script. * * > **Note:** This property is required when `type` is set to `ScriptActionDetails`. */ scriptPath?: pulumi.Input; /** * Type of the action detail. Possible values are `AutomationRunbookActionDetails`, `ManualActionDetails` and `ScriptActionDetails`. */ type: pulumi.Input; } interface ReplicationRecoveryPlanFailoverRecoveryGroupPreAction { /** * The fabric location of runbook or script. Possible values are `Primary` and `Recovery`. It must not be specified when `type` is `ManualActionDetails`. * * > **Note:** This is required when `type` is set to `AutomationRunbookActionDetails` or `ScriptActionDetails`. */ fabricLocation?: pulumi.Input; /** * Directions of fail over. Possible values are `PrimaryToRecovery` and `RecoveryToPrimary` */ failOverDirections: pulumi.Input[]>; /** * Types of fail over. Possible values are `TestFailover`, `PlannedFailover` and `UnplannedFailover` */ failOverTypes: pulumi.Input[]>; /** * Instructions of manual action. * * > **Note:** This property is required when `type` is set to `ManualActionDetails`. */ manualActionInstruction?: pulumi.Input; /** * The name of the Replication Plan. The name can contain only letters, numbers, and hyphens. It should start with a letter and end with a letter or a number. Can be a maximum of 63 characters. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Id of runbook. * * > **Note:** This property is required when `type` is set to `AutomationRunbookActionDetails`. */ runbookId?: pulumi.Input; /** * Path of action script. * * > **Note:** This property is required when `type` is set to `ScriptActionDetails`. */ scriptPath?: pulumi.Input; /** * Type of the action detail. Possible values are `AutomationRunbookActionDetails`, `ManualActionDetails` and `ScriptActionDetails`. */ type: pulumi.Input; } interface ReplicationRecoveryPlanShutdownRecoveryGroup { /** * one or more `action` block as defined below. which will be executed after the group recovery. */ postActions?: pulumi.Input[]>; /** * one or more `action` block as defined below. which will be executed before the group recovery. */ preActions?: pulumi.Input[]>; } interface ReplicationRecoveryPlanShutdownRecoveryGroupPostAction { /** * The fabric location of runbook or script. Possible values are `Primary` and `Recovery`. It must not be specified when `type` is `ManualActionDetails`. * * > **Note:** This is required when `type` is set to `AutomationRunbookActionDetails` or `ScriptActionDetails`. */ fabricLocation?: pulumi.Input; /** * Directions of fail over. Possible values are `PrimaryToRecovery` and `RecoveryToPrimary` */ failOverDirections: pulumi.Input[]>; /** * Types of fail over. Possible values are `TestFailover`, `PlannedFailover` and `UnplannedFailover` */ failOverTypes: pulumi.Input[]>; /** * Instructions of manual action. * * > **Note:** This property is required when `type` is set to `ManualActionDetails`. */ manualActionInstruction?: pulumi.Input; /** * The name of the Replication Plan. The name can contain only letters, numbers, and hyphens. It should start with a letter and end with a letter or a number. Can be a maximum of 63 characters. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Id of runbook. * * > **Note:** This property is required when `type` is set to `AutomationRunbookActionDetails`. */ runbookId?: pulumi.Input; /** * Path of action script. * * > **Note:** This property is required when `type` is set to `ScriptActionDetails`. */ scriptPath?: pulumi.Input; /** * Type of the action detail. Possible values are `AutomationRunbookActionDetails`, `ManualActionDetails` and `ScriptActionDetails`. */ type: pulumi.Input; } interface ReplicationRecoveryPlanShutdownRecoveryGroupPreAction { /** * The fabric location of runbook or script. Possible values are `Primary` and `Recovery`. It must not be specified when `type` is `ManualActionDetails`. * * > **Note:** This is required when `type` is set to `AutomationRunbookActionDetails` or `ScriptActionDetails`. */ fabricLocation?: pulumi.Input; /** * Directions of fail over. Possible values are `PrimaryToRecovery` and `RecoveryToPrimary` */ failOverDirections: pulumi.Input[]>; /** * Types of fail over. Possible values are `TestFailover`, `PlannedFailover` and `UnplannedFailover` */ failOverTypes: pulumi.Input[]>; /** * Instructions of manual action. * * > **Note:** This property is required when `type` is set to `ManualActionDetails`. */ manualActionInstruction?: pulumi.Input; /** * The name of the Replication Plan. The name can contain only letters, numbers, and hyphens. It should start with a letter and end with a letter or a number. Can be a maximum of 63 characters. Changing this forces a new resource to be created. */ name: pulumi.Input; /** * Id of runbook. * * > **Note:** This property is required when `type` is set to `AutomationRunbookActionDetails`. */ runbookId?: pulumi.Input; /** * Path of action script. * * > **Note:** This property is required when `type` is set to `ScriptActionDetails`. */ scriptPath?: pulumi.Input; /** * Type of the action detail. Possible values are `AutomationRunbookActionDetails`, `ManualActionDetails` and `ScriptActionDetails`. */ type: pulumi.Input; } interface VmwareReplicatedVmManagedDisk { /** * The ID of the disk to be replicated. */ diskId: pulumi.Input; /** * The ID of the storage account that should be used for logging during replication. */ logStorageAccountId?: pulumi.Input; /** * The ID of the Disk Encryption Set that should be used for the disks when a failover is done. */ targetDiskEncryptionSetId?: pulumi.Input; /** * The disk type of the disk to be created when a failover is done. Possible values are `Premium_LRS`, `PremiumV2_LRS`, `Premium_ZRS`, `Standard_LRS`, `StandardSSD_LRS`, `StandardSSD_ZRS` and `UltraSSD_LRS`. */ targetDiskType: pulumi.Input; } interface VmwareReplicatedVmNetworkInterface { /** * Whether this `networkInterface` is primary for the replicated VM. */ isPrimary: pulumi.Input; /** * Mac address of the network interface of source VM. */ sourceMacAddress: pulumi.Input; /** * Static IP to assign when a failover is done. */ targetStaticIp?: pulumi.Input; /** * Name of the subnet to use when a failover is done. */ targetSubnetName?: pulumi.Input; /** * Name of the subnet to use when a test failover is done. */ testSubnetName?: pulumi.Input; } } export declare namespace stack { interface HciClusterIdentity { /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID of the Azure Active Directory which is used by the Azure Stack HCI Cluster. Changing this forces a new resource to be created. * * > **Note:** If unspecified the Tenant ID of the Provider will be used. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on the Azure Stack HCI Cluster. Possible value is `SystemAssigned`. */ type: pulumi.Input; } interface HciDeploymentSettingScaleUnit { /** * Specify the full name of the Active Directory Organizational Unit container object prepared for the deployment, including the domain components. For example:`OU=HCI01,DC=contoso,DC=com`. Changing this forces a new Stack HCI Deployment Setting to be created. */ activeDirectoryOrganizationalUnitPath: pulumi.Input; /** * Whether to enable BitLocker for boot volume. Possible values are `true` and `false`. When set to `true`, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent. Defaults to `true`. Changing this forces a new Stack HCI Deployment Setting to be created. */ bitlockerBootVolumeEnabled?: pulumi.Input; /** * Whether to enable BitLocker for data volume. Possible values are `true` and `false`. When set to `true`, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes. Defaults to `true`. Changing this forces a new Stack HCI Deployment Setting to be created. */ bitlockerDataVolumeEnabled?: pulumi.Input; /** * A `cluster` block as defined above. Changing this forces a new Stack HCI Deployment Setting to be created. */ cluster: pulumi.Input; /** * Whether to enable credential guard. Possible values are `true` and `false`. Defaults to `false`. Changing this forces a new Stack HCI Deployment Setting to be created. */ credentialGuardEnabled?: pulumi.Input; /** * Specifies the FQDN for deploying cluster. Changing this forces a new Stack HCI Deployment Setting to be created. */ domainFqdn: pulumi.Input; /** * Whether to enable drift control. Possible values are `true` and `false`. When set to `true`, the security baseline is re-applied regularly. Defaults to `true`. Changing this forces a new Stack HCI Deployment Setting to be created. */ driftControlEnabled?: pulumi.Input; /** * Whether to enable DRTM protection. Possible values are `true` and `false`. When set to `true`, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent. Defaults to `true`. Changing this forces a new Stack HCI Deployment Setting to be created. */ drtmProtectionEnabled?: pulumi.Input; /** * Whether to collect log data to facilitate quicker issue resolution. Possible values are `true` and `false`. Defaults to `true`. Changing this forces a new Stack HCI Deployment Setting to be created. */ episodicDataUploadEnabled?: pulumi.Input; /** * Whether to store data sent to Microsoft in EU. The log and diagnostic data is sent to the appropriate diagnostics servers depending upon where your cluster resides. Setting this to `false` results in all data sent to Microsoft to be stored outside of the EU. Possible values are `true` and `false`. Defaults to `false`. Changing this forces a new Stack HCI Deployment Setting to be created. */ euLocationEnabled?: pulumi.Input; /** * A `hostNetwork` block as defined above. Changing this forces a new Stack HCI Deployment Setting to be created. */ hostNetwork: pulumi.Input; /** * Whether to enable HVCI protection. Possible values are `true` and `false`. When set to `true`, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster. Defaults to `true`. Changing this forces a new Stack HCI Deployment Setting to be created. */ hvciProtectionEnabled?: pulumi.Input; /** * One or more `infrastructureNetwork` blocks as defined above. Changing this forces a new Stack HCI Deployment Setting to be created. */ infrastructureNetworks: pulumi.Input[]>; /** * Specifies the name prefix to deploy cluster. It must be 1-8 characters long and contain only letters, numbers and hyphens Changing this forces a new Stack HCI Deployment Setting to be created. */ namePrefix: pulumi.Input; /** * A `optionalService` block as defined above. Changing this forces a new Stack HCI Deployment Setting to be created. */ optionalService: pulumi.Input; /** * One or more `physicalNode` blocks as defined above. Changing this forces a new Stack HCI Deployment Setting to be created. */ physicalNodes: pulumi.Input[]>; /** * The URI to the Key Vault or secret store. Changing this forces a new Stack HCI Deployment Setting to be created. */ secretsLocation: pulumi.Input; /** * Whether to enable side channel mitigation. Possible values are `true` and `false`. When set to `true`, all side channel mitigations are enabled on your Azure HCI cluster. Defaults to `true`. Changing this forces a new Stack HCI Deployment Setting to be created. */ sideChannelMitigationEnabled?: pulumi.Input; /** * Whether to enable SMB cluster encryption. Possible values are `true` and `false`. When set to `true`, cluster east-west traffic is encrypted. Defaults to `false`. Changing this forces a new Stack HCI Deployment Setting to be created. */ smbClusterEncryptionEnabled?: pulumi.Input; /** * Whether to enable SMB signing. Possible values are `true` and `false`. When set to `true`, the SMB default instance requires sign in for the client and server services. Defaults to `true`. Changing this forces a new Stack HCI Deployment Setting to be created. */ smbSigningEnabled?: pulumi.Input; /** * A `storage` block as defined below. Changing this forces a new Stack HCI Deployment Setting to be created. */ storage: pulumi.Input; /** * Whether the telemetry data will be sent to Microsoft. Possible values are `true` and `false`. Defaults to `true`. Changing this forces a new Stack HCI Deployment Setting to be created. */ streamingDataClientEnabled?: pulumi.Input; /** * Whether to enable WDAC. Possible values are `true` and `false`. When set to `true`, applications and the code that you can run on your Azure Stack HCI cluster are limited. Defaults to `true`. Changing this forces a new Stack HCI Deployment Setting to be created. */ wdacEnabled?: pulumi.Input; } interface HciDeploymentSettingScaleUnitCluster { /** * Specifies the Azure blob service endpoint, for example, `core.windows.net`. Changing this forces a new Stack HCI Deployment Setting to be created. */ azureServiceEndpoint: pulumi.Input; /** * Specifies the Azure Storage account name of the cloud witness for the Azure Stack HCI cluster. Changing this forces a new Stack HCI Deployment Setting to be created. */ cloudAccountName: pulumi.Input; /** * Specifies the name of the cluster. It must be 3-15 characters long and contain only letters, numbers and hyphens. Changing this forces a new Stack HCI Deployment Setting to be created. */ name: pulumi.Input; /** * Specifies the fileshare path of the local witness for the Azure Stack HCI cluster. Changing this forces a new Stack HCI Deployment Setting to be created. */ witnessPath: pulumi.Input; /** * Specifies the type of the witness. Possible values are `Cloud`, `FileShare`. Changing this forces a new Stack HCI Deployment Setting to be created. */ witnessType: pulumi.Input; } interface HciDeploymentSettingScaleUnitHostNetwork { /** * One or more `intent` blocks as defined below. Changing this forces a new Stack HCI Deployment Setting to be created. */ intents: pulumi.Input[]>; /** * Whether allows users to specify IPs and Mask for Storage NICs when Network ATC is not assigning the IPs for storage automatically. Optional parameter required only for [3 nodes switchless deployments](https://learn.microsoft.com/azure-stack/hci/concepts/physical-network-requirements?tabs=overview%2C23H2reqs#using-switchless). Possible values are `true` and `false`. Defaults to `true`. Changing this forces a new Stack HCI Deployment Setting to be created. */ storageAutoIpEnabled?: pulumi.Input; /** * Defines how the storage adapters between nodes are connected either switch or switch less. Possible values are `true` and `false`. Defaults to `false`. Changing this forces a new Stack HCI Deployment Setting to be created. */ storageConnectivitySwitchlessEnabled?: pulumi.Input; /** * One or more `storageNetwork` blocks as defined below. Changing this forces a new Stack HCI Deployment Setting to be created. */ storageNetworks: pulumi.Input[]>; } interface HciDeploymentSettingScaleUnitHostNetworkIntent { /** * A `adapterPropertyOverride` block as defined above. Changing this forces a new Stack HCI Deployment Setting to be created. */ adapterPropertyOverride?: pulumi.Input; /** * Whether to override adapter properties. Possible values are `true` and `false`. defaults to `false`. Changing this forces a new Stack HCI Deployment Setting to be created. */ adapterPropertyOverrideEnabled?: pulumi.Input; /** * Specifies a list of ID of network interfaces used for the network intent. Changing this forces a new Stack HCI Deployment Setting to be created. */ adapters: pulumi.Input[]>; /** * Specifies the name of the intent. Changing this forces a new Stack HCI Deployment Setting to be created. */ name: pulumi.Input; /** * A `qosPolicyOverride` block as defined below. Changing this forces a new Stack HCI Deployment Setting to be created. */ qosPolicyOverride?: pulumi.Input; /** * Whether to override QoS policy. Possible values are `true` and `false`. defaults to `false`. Changing this forces a new Stack HCI Deployment Setting to be created. */ qosPolicyOverrideEnabled?: pulumi.Input; /** * Specifies a list of network traffic types. Possible values are `Compute`, `Storage`, `Management`. Changing this forces a new Stack HCI Deployment Setting to be created. */ trafficTypes: pulumi.Input[]>; /** * A `virtualSwitchConfigurationOverride` block as defined below. Changing this forces a new Stack HCI Deployment Setting to be created. */ virtualSwitchConfigurationOverride?: pulumi.Input; /** * Whether to override virtual switch configuration. Possible values are `true` and `false`. defaults to `false`. Changing this forces a new Stack HCI Deployment Setting to be created. */ virtualSwitchConfigurationOverrideEnabled?: pulumi.Input; } interface HciDeploymentSettingScaleUnitHostNetworkIntentAdapterPropertyOverride { /** * The jumbo frame size of the adapter. This parameter should only be modified based on your OEM guidance. Changing this forces a new Stack HCI Deployment Setting to be created. */ jumboPacket?: pulumi.Input; /** * The network direct of the adapter. This parameter should only be modified based on your OEM guidance. Changing this forces a new Stack HCI Deployment Setting to be created. */ networkDirect?: pulumi.Input; /** * The network direct technology of the adapter. This parameter should only be modified based on your OEM guidance. Changing this forces a new Stack HCI Deployment Setting to be created. */ networkDirectTechnology?: pulumi.Input; } interface HciDeploymentSettingScaleUnitHostNetworkIntentQosPolicyOverride { /** * Specifies the percentage of the allocated storage traffic bandwidth. This parameter should only be modified based on your OEM guidance. Changing this forces a new Stack HCI Deployment Setting to be created. */ bandwidthPercentageSmb?: pulumi.Input; /** * Specifies the Cluster traffic priority. This parameter should only be modified based on your OEM guidance. Changing this forces a new Stack HCI Deployment Setting to be created. */ priorityValue8021ActionCluster?: pulumi.Input; /** * Specifies the Priority Flow Control where Data Center Bridging (DCB) is used. This parameter should only be modified based on your OEM guidance. Changing this forces a new Stack HCI Deployment Setting to be created. */ priorityValue8021ActionSmb?: pulumi.Input; } interface HciDeploymentSettingScaleUnitHostNetworkIntentVirtualSwitchConfigurationOverride { /** * Specifies the IoV enable status for Virtual Switch. Changing this forces a new Stack HCI Deployment Setting to be created. */ enableIov?: pulumi.Input; /** * Specifies the load balancing algorithm for Virtual Switch. Changing this forces a new Stack HCI Deployment Setting to be created. */ loadBalancingAlgorithm?: pulumi.Input; } interface HciDeploymentSettingScaleUnitHostNetworkStorageNetwork { /** * The name of the storage network. Changing this forces a new Stack HCI Deployment Setting to be created. */ name: pulumi.Input; /** * The name of the network adapter. Changing this forces a new Stack HCI Deployment Setting to be created. */ networkAdapterName: pulumi.Input; /** * Specifies the ID for the VLAN storage network. This setting is applied to the network interfaces that route the storage and VM migration traffic. Changing this forces a new Stack HCI Deployment Setting to be created. */ vlanId: pulumi.Input; } interface HciDeploymentSettingScaleUnitInfrastructureNetwork { /** * Whether DHCP is enabled for hosts and cluster IPs. Possible values are `true` and `false`. defaults to `false`. Changing this forces a new Stack HCI Deployment Setting to be created. * * > **Note:** If `dhcpEnabled` is set to `false`, the deployment will use static IPs. If set to `true`, the gateway and DNS servers are not required. */ dhcpEnabled?: pulumi.Input; /** * Specifies a list of IPv4 addresses of the DNS servers in your environment. Changing this forces a new Stack HCI Deployment Setting to be created. */ dnsServers: pulumi.Input[]>; /** * Specifies the default gateway that should be used for the provided IP address space. It should be in the format of an IPv4 IP address. Changing this forces a new Stack HCI Deployment Setting to be created. */ gateway: pulumi.Input; /** * One or more `ipPool` blocks as defined below. Changing this forces a new Stack HCI Deployment Setting to be created. */ ipPools: pulumi.Input[]>; /** * Specifies the subnet mask that matches the provided IP address space. Changing this forces a new Stack HCI Deployment Setting to be created. */ subnetMask: pulumi.Input; } interface HciDeploymentSettingScaleUnitInfrastructureNetworkIpPool { /** * Specifies starting IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. Changing this forces a new Stack HCI Deployment Setting to be created. */ endingAddress: pulumi.Input; /** * Specifies ending IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. Changing this forces a new Stack HCI Deployment Setting to be created. */ startingAddress: pulumi.Input; } interface HciDeploymentSettingScaleUnitOptionalService { /** * Specifies the name of custom location. A custom location will be created after the deployment is completed. Changing this forces a new Stack HCI Deployment Setting to be created. */ customLocation: pulumi.Input; } interface HciDeploymentSettingScaleUnitPhysicalNode { /** * Specifies the IPv4 address assigned to each physical server on your Azure Stack HCI cluster. Changing this forces a new Stack HCI Deployment Setting to be created. */ ipv4Address: pulumi.Input; /** * The NETBIOS name of each physical server on your Azure Stack HCI cluster. Changing this forces a new Stack HCI Deployment Setting to be created. */ name: pulumi.Input; } interface HciDeploymentSettingScaleUnitStorage { /** * The configuration mode of storage. If set to `Express` and your storage is configured as per best practices based on the number of nodes in the cluster. Possible values are `Express`, `InfraOnly` and `KeepStorage`. Changing this forces a new Stack HCI Deployment Setting to be created. */ configurationMode: pulumi.Input; } interface HciLogicalNetworkSubnet { /** * The address prefix in CIDR notation. Changing this forces a new resource to be created. */ addressPrefix?: pulumi.Input; /** * The IP address allocation method for the subnet. Possible values are `Dynamic` and `Static`. Changing this forces a new resource to be created. */ ipAllocationMethod: pulumi.Input; /** * One or more `ipPool` block as defined above. Changing this forces a new resource to be created. * * > **Note:** If `ipPool` is not specified, it will be assigned by the server. If you experience a diff you may need to add this to `ignoreChanges`. */ ipPools?: pulumi.Input[]>; /** * A `route` block as defined above. Changing this forces a new resource to be created. */ routes?: pulumi.Input[]>; /** * The VLAN ID for the Logical Network. Changing this forces a new resource to be created. */ vlanId?: pulumi.Input; } interface HciLogicalNetworkSubnetIpPool { /** * The IPv4 address of the end of the IP address pool. Changing this forces a new resource to be created. */ end: pulumi.Input; /** * The IPv4 address of the start of the IP address pool. Changing this forces a new resource to be created. */ start: pulumi.Input; } interface HciLogicalNetworkSubnetRoute { /** * The Address in CIDR notation. Changing this forces a new resource to be created. */ addressPrefix: pulumi.Input; /** * The name of the route. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * The IPv4 address of the next hop. Changing this forces a new resource to be created. */ nextHopIpAddress: pulumi.Input; } interface HciMarketplaceGalleryImageIdentifier { /** * The offer of the Azure Stack HCI Marketplace Gallery Image. Changing this forces a new Azure Stack HCI Marketplace Gallery Image to be created. */ offer: pulumi.Input; /** * The publisher of the Azure Stack HCI Marketplace Gallery Image. Changing this forces a new Azure Stack HCI Marketplace Gallery Image to be created. */ publisher: pulumi.Input; /** * The sku of the Azure Stack HCI Marketplace Gallery Image. Changing this forces a new Azure Stack HCI Marketplace Gallery Image to be created. */ sku: pulumi.Input; } interface HciNetworkInterfaceIpConfiguration { /** * The IPv4 address of the gateway for the Network Interface. */ gateway?: pulumi.Input; /** * The prefix length for the address of the Network Interface. */ prefixLength?: pulumi.Input; /** * The IPv4 address of the IP configuration. Changing this forces a new resource to be created. */ privateIpAddress?: pulumi.Input; /** * The resource ID of the Stack HCI Logical Network bound to the IP configuration. Changing this forces a new resource to be created. */ subnetId: pulumi.Input; } } export declare namespace storage { interface AccountAzureFilesAuthentication { /** * A `activeDirectory` block as defined below. Required when `directoryType` is `AD`. */ activeDirectory?: pulumi.Input; /** * Specifies the default share level permissions applied to all users. Possible values are `StorageFileDataSmbShareReader`, `StorageFileDataSmbShareContributor`, `StorageFileDataSmbShareElevatedContributor`, or `None`. Defaults to `None`. */ defaultShareLevelPermission?: pulumi.Input; /** * Specifies the directory service used. Possible values are `AADDS`, `AD` and `AADKERB`. */ directoryType: pulumi.Input; } interface AccountAzureFilesAuthenticationActiveDirectory { /** * Specifies the domain GUID. */ domainGuid: pulumi.Input; /** * Specifies the primary domain that the AD DNS server is authoritative for. */ domainName: pulumi.Input; /** * Specifies the security identifier (SID). This is required when `directoryType` is set to `AD`. */ domainSid?: pulumi.Input; /** * Specifies the Active Directory forest. This is required when `directoryType` is set to `AD`. */ forestName?: pulumi.Input; /** * Specifies the NetBIOS domain name. This is required when `directoryType` is set to `AD`. */ netbiosDomainName?: pulumi.Input; /** * Specifies the security identifier (SID) for Azure Storage. This is required when `directoryType` is set to `AD`. */ storageSid?: pulumi.Input; } interface AccountBlobProperties { /** * Is the blob service properties for change feed events enabled? Default to `false`. * * > **Note:** This field cannot be configured when `kind` is set to `Storage` (V1). */ changeFeedEnabled?: pulumi.Input; /** * The duration of change feed events retention in days. The possible values are between 1 and 146000 days (400 years). Setting this to null (or omit this in the configuration file) indicates an infinite retention of the change feed. * * > **Note:** This field cannot be configured when `kind` is set to `Storage` (V1). */ changeFeedRetentionInDays?: pulumi.Input; /** * A `containerDeleteRetentionPolicy` block as defined below. */ containerDeleteRetentionPolicy?: pulumi.Input; /** * A `corsRule` block as defined below. */ corsRules?: pulumi.Input[]>; /** * The API Version which should be used by default for requests to the Data Plane API if an incoming request doesn't specify an API Version. */ defaultServiceVersion?: pulumi.Input; /** * A `deleteRetentionPolicy` block as defined below. */ deleteRetentionPolicy?: pulumi.Input; /** * Is the last access time based tracking enabled? Default to `false`. * * > **Note:** This field cannot be configured when `kind` is set to `Storage` (V1). */ lastAccessTimeEnabled?: pulumi.Input; /** * A `restorePolicy` block as defined below. This must be used together with `deleteRetentionPolicy` set, `versioningEnabled` and `changeFeedEnabled` set to `true`. * * > **Note:** This field cannot be configured when `kind` is set to `Storage` (V1). * * > **Note:** `restorePolicy` can not be configured when `dnsEndpointType` is `AzureDnsZone`. */ restorePolicy?: pulumi.Input; /** * Is versioning enabled? Default to `false`. * * > **Note:** This field cannot be configured when `kind` is set to `Storage` (V1). */ versioningEnabled?: pulumi.Input; } interface AccountBlobPropertiesContainerDeleteRetentionPolicy { /** * Specifies the number of days that the container should be retained, between `1` and `365` days. Defaults to `7`. */ days?: pulumi.Input; } interface AccountBlobPropertiesCorsRule { /** * A list of headers that are allowed to be a part of the cross-origin request. */ allowedHeaders: pulumi.Input[]>; /** * A list of HTTP methods that are allowed to be executed by the origin. Valid options are * `DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS`, `PUT` or `PATCH`. */ allowedMethods: pulumi.Input[]>; /** * A list of origin domains that will be allowed by CORS. */ allowedOrigins: pulumi.Input[]>; /** * A list of response headers that are exposed to CORS clients. */ exposedHeaders: pulumi.Input[]>; /** * The number of seconds the client should cache a preflight response. */ maxAgeInSeconds: pulumi.Input; } interface AccountBlobPropertiesDeleteRetentionPolicy { /** * Specifies the number of days that the blob should be retained, between `1` and `365` days. Defaults to `7`. */ days?: pulumi.Input; /** * Indicates whether permanent deletion of the soft deleted blob versions and snapshots is allowed. Defaults to `false`. * * > **Note:** `permanentDeleteEnabled` cannot be set to true if a `restorePolicy` block is defined. */ permanentDeleteEnabled?: pulumi.Input; } interface AccountBlobPropertiesRestorePolicy { /** * Specifies the number of days that the blob can be restored, between `1` and `365` days. This must be less than the `days` specified for `deleteRetentionPolicy`. */ days: pulumi.Input; } interface AccountCustomDomain { /** * The Custom Domain Name to use for the Storage Account, which will be validated by Azure. */ name: pulumi.Input; /** * Should the Custom Domain Name be validated by using indirect CNAME validation? * * > **Note:** [More information on Validation is available here](https://docs.microsoft.com/en-gb/azure/storage/blobs/storage-custom-domain-name) */ useSubdomain?: pulumi.Input; } interface AccountCustomerManagedKey { /** * The ID of the Key Vault Key, supplying a version-less key ID will enable auto-rotation of this key. */ keyVaultKeyId?: pulumi.Input; /** * @deprecated `managedHsmKeyId` has been deprecated in favour of `keyVaultKeyId` and will be removed in v5.0 of the AzureRM provider */ managedHsmKeyId?: pulumi.Input; /** * The ID of a user assigned identity. * * > **Note:** `customerManagedKey` can only be set when the `accountKind` is set to `StorageV2` or `accountTier` set to `Premium`, and the identity type is `UserAssigned`. */ userAssignedIdentityId: pulumi.Input; } interface AccountIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Storage Account. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. * * > **Note:** The assigned `principalId` and `tenantId` can be retrieved after the identity `type` has been set to `SystemAssigned` and Storage Account has been created. More details are available below. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Identity of this Storage Account. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Identity of this Storage Account. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Storage Account. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface AccountImmutabilityPolicy { /** * When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. */ allowProtectedAppendWrites: pulumi.Input; /** * The immutability period for the blobs in the container since the policy creation, in days. */ periodSinceCreationInDays: pulumi.Input; /** * Defines the mode of the policy. `Disabled` state disables the policy, `Unlocked` state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, `Locked` state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted. */ state: pulumi.Input; } interface AccountNetworkRules { /** * Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are any combination of `Logging`, `Metrics`, `AzureServices`, or `None`. */ bypasses?: pulumi.Input[]>; /** * Specifies the default action of allow or deny when no other rules match. Valid options are `Deny` or `Allow`. */ defaultAction: pulumi.Input; /** * List of public IP or IP ranges in CIDR Format. Only IPv4 addresses are allowed. /31 CIDRs, /32 CIDRs, and Private IP address ranges (as defined in [RFC 1918](https://tools.ietf.org/html/rfc1918#section-3)), are not allowed. */ ipRules?: pulumi.Input[]>; /** * One or more `privateLinkAccess` block as defined below. * * > **Note:** If specifying `networkRules`, one of either `ipRules` or `virtualNetworkSubnetIds` must be specified and `defaultAction` must be set to `Deny`. * * > **Note:** Network Rules can be defined either directly on the `azure.storage.Account` resource, or using the `azure.storage.AccountNetworkRules` resource - but the two cannot be used together. If both are used against the same Storage Account, spurious changes will occur. When managing Network Rules using this resource, to change from a `defaultAction` of `Deny` to `Allow` requires defining, rather than removing, the block. * * > **Note:** The prefix of `ipRules` must be between 0 and 30 and only supports public IP addresses. */ privateLinkAccesses?: pulumi.Input[]>; /** * A list of resource ids for subnets. */ virtualNetworkSubnetIds?: pulumi.Input[]>; } interface AccountNetworkRulesPrivateLinkAccess { /** * The ID of the Azure resource that should be allowed access to the target storage account. */ endpointResourceId: pulumi.Input; /** * The tenant id of the resource of the resource access rule to be granted access. Defaults to the current tenant id. */ endpointTenantId?: pulumi.Input; } interface AccountNetworkRulesPrivateLinkAccessRule { /** * The resource id of the resource access rule to be granted access. */ endpointResourceId: pulumi.Input; /** * The tenant id of the resource of the resource access rule to be granted access. Defaults to the current tenant id. */ endpointTenantId?: pulumi.Input; } interface AccountQueueProperties { /** * A `corsRule` block as defined above. */ corsRules?: pulumi.Input[]>; /** * A `hourMetrics` block as defined below. */ hourMetrics?: pulumi.Input; /** * A `logging` block as defined below. */ logging?: pulumi.Input; /** * A `minuteMetrics` block as defined below. */ minuteMetrics?: pulumi.Input; } interface AccountQueuePropertiesCorsRule { /** * A list of headers that are allowed to be a part of the cross-origin request. */ allowedHeaders: pulumi.Input[]>; /** * A list of HTTP methods that are allowed to be executed by the origin. Valid options are `DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS`, `PUT` or `PATCH`. */ allowedMethods: pulumi.Input[]>; /** * A list of origin domains that will be allowed by CORS. */ allowedOrigins: pulumi.Input[]>; /** * A list of response headers that are exposed to CORS clients. */ exposedHeaders: pulumi.Input[]>; /** * The number of seconds the client should cache a preflight response. */ maxAgeInSeconds: pulumi.Input; } interface AccountQueuePropertiesHourMetrics { /** * Indicates whether metrics should generate summary statistics for called API operations. */ includeApis?: pulumi.Input; /** * Specifies the number of days that logs will be retained. */ retentionPolicyDays?: pulumi.Input; /** * The version of storage analytics to configure. */ version: pulumi.Input; } interface AccountQueuePropertiesLogging { /** * Indicates whether all delete requests should be logged. */ delete: pulumi.Input; /** * Indicates whether all read requests should be logged. */ read: pulumi.Input; /** * Specifies the number of days that logs will be retained. */ retentionPolicyDays?: pulumi.Input; /** * The version of storage analytics to configure. */ version: pulumi.Input; /** * Indicates whether all write requests should be logged. */ write: pulumi.Input; } interface AccountQueuePropertiesMinuteMetrics { /** * Indicates whether metrics should generate summary statistics for called API operations. */ includeApis?: pulumi.Input; /** * Specifies the number of days that logs will be retained. */ retentionPolicyDays?: pulumi.Input; /** * The version of storage analytics to configure. */ version: pulumi.Input; } interface AccountRouting { /** * Specifies the kind of network routing opted by the user. Possible values are `InternetRouting` and `MicrosoftRouting`. Defaults to `MicrosoftRouting`. */ choice?: pulumi.Input; /** * Should internet routing storage endpoints be published? Defaults to `false`. */ publishInternetEndpoints?: pulumi.Input; /** * Should Microsoft routing storage endpoints be published? Defaults to `false`. */ publishMicrosoftEndpoints?: pulumi.Input; } interface AccountSasPolicy { /** * The SAS expiration action. Possible values are `Log` and `Block`. Defaults to `Log`. */ expirationAction?: pulumi.Input; /** * The SAS expiration period in format of `DD.HH:MM:SS`. */ expirationPeriod: pulumi.Input; } interface AccountShareProperties { /** * A `corsRule` block as defined below. */ corsRules?: pulumi.Input[]>; /** * A `retentionPolicy` block as defined below. */ retentionPolicy?: pulumi.Input; /** * A `smb` block as defined below. */ smb?: pulumi.Input; } interface AccountSharePropertiesCorsRule { /** * A list of headers that are allowed to be a part of the cross-origin request. */ allowedHeaders: pulumi.Input[]>; /** * A list of HTTP methods that are allowed to be executed by the origin. Valid options are * `DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS`, `PUT` or `PATCH`. */ allowedMethods: pulumi.Input[]>; /** * A list of origin domains that will be allowed by CORS. */ allowedOrigins: pulumi.Input[]>; /** * A list of response headers that are exposed to CORS clients. */ exposedHeaders: pulumi.Input[]>; /** * The number of seconds the client should cache a preflight response. */ maxAgeInSeconds: pulumi.Input; } interface AccountSharePropertiesRetentionPolicy { /** * Specifies the number of days that the `azure.storage.Share` should be retained, between `1` and `365` days. Defaults to `7`. */ days?: pulumi.Input; } interface AccountSharePropertiesSmb { /** * A set of SMB authentication methods. Possible values are `NTLMv2`, and `Kerberos`. */ authenticationTypes?: pulumi.Input[]>; /** * A set of SMB channel encryption. Possible values are `AES-128-CCM`, `AES-128-GCM`, and `AES-256-GCM`. */ channelEncryptionTypes?: pulumi.Input[]>; /** * A set of Kerberos ticket encryption. Possible values are `RC4-HMAC`, and `AES-256`. */ kerberosTicketEncryptionTypes?: pulumi.Input[]>; /** * Indicates whether multichannel is enabled. Defaults to `false`. This is only supported on Premium storage accounts. */ multichannelEnabled?: pulumi.Input; /** * A set of SMB protocol versions. Possible values are `SMB2.1`, `SMB3.0`, and `SMB3.1.1`. */ versions?: pulumi.Input[]>; } interface AccountStaticWebsite { /** * The absolute path to a custom webpage that should be used when a request is made which does not correspond to an existing file. */ error404Document?: pulumi.Input; /** * The webpage that Azure Storage serves for requests to the root of a website or any subfolder. For example, index.html. The value is case-sensitive. */ indexDocument?: pulumi.Input; } interface BlobInventoryPolicyRule { /** * A `filter` block as defined above. */ filter?: pulumi.Input; /** * The format of the inventory files. Possible values are `Csv` and `Parquet`. */ format: pulumi.Input; /** * The name which should be used for this Blob Inventory Policy Rule. */ name: pulumi.Input; /** * The inventory schedule applied by this rule. Possible values are `Daily` and `Weekly`. */ schedule: pulumi.Input; /** * A list of fields to be included in the inventory. See the [Azure API reference](https://docs.microsoft.com/rest/api/storagerp/blob-inventory-policies/create-or-update#blobinventorypolicydefinition) for all the supported fields. */ schemaFields: pulumi.Input[]>; /** * The scope of the inventory for this rule. Possible values are `Blob` and `Container`. */ scope: pulumi.Input; /** * The storage container name to store the blob inventory files for this rule. */ storageContainerName: pulumi.Input; } interface BlobInventoryPolicyRuleFilter { /** * A set of blob types. Possible values are `blockBlob`, `appendBlob`, and `pageBlob`. The storage account with `isHnsEnabled` is `true` doesn't support `pageBlob`. * * > **Note:** The `rules.*.schema_fields` for this rule has to include `BlobType` so that you can specify the `blobTypes`. */ blobTypes: pulumi.Input[]>; /** * A set of strings for blob prefixes to be excluded. Maximum of 10 blob prefixes. */ excludePrefixes?: pulumi.Input[]>; /** * Includes blob versions in blob inventory or not? Defaults to `false`. * * > **Note:** The `rules.*.schema_fields` for this rule has to include `IsCurrentVersion` and `VersionId` so that you can specify the `includeBlobVersions`. */ includeBlobVersions?: pulumi.Input; /** * Includes deleted blobs in blob inventory or not? Defaults to `false`. * * > **Note:** If `rules.*.scope` is `Container`, the `rules.*.schema_fields` for this rule must include `Deleted`, `Version`, `DeletedTime`, and `RemainingRetentionDays` so that you can specify the `includeDeleted`. If `rules.*.scope` is `Blob`, the `rules.*.schema_fields` must include `Deleted` and `RemainingRetentionDays` so that you can specify the `includeDeleted`. If `rules.*.scope` is `Blob` and the storage account specified by `storageAccountId` has hierarchical namespaces enabled (`isHnsEnabled` is `true` on the storage account), the `rules.*.schema_fields` for this rule must include `Deleted`, `Version`, `DeletedTime`, and `RemainingRetentionDays` so that you can specify the `includeDeleted`. */ includeDeleted?: pulumi.Input; /** * Includes blob snapshots in blob inventory or not? Defaults to `false`. * * > **Note:** The `rules.*.schema_fields` for this rule has to include `Snapshot` so that you can specify the `includeSnapshots`. */ includeSnapshots?: pulumi.Input; /** * A set of strings for blob prefixes to be matched. Maximum of 10 blob prefixes. */ prefixMatches?: pulumi.Input[]>; } interface DataLakeGen2FilesystemAce { /** * Specifies the Object ID of the Azure Active Directory User or Group that the entry relates to. Only valid for `user` or `group` entries. */ id?: pulumi.Input; /** * Specifies the permissions for the entry in `rwx` form. For example, `rwx` gives full permissions but `r--` only gives read permissions. * * More details on ACLs can be found here: */ permissions: pulumi.Input; /** * Specifies whether the ACE represents an `access` entry or a `default` entry. Default value is `access`. */ scope?: pulumi.Input; /** * Specifies the type of entry. Can be `user`, `group`, `mask` or `other`. */ type: pulumi.Input; } interface DataLakeGen2PathAce { /** * Specifies the Object ID of the Azure Active Directory User or Group that the entry relates to. Only valid for `user` or `group` entries. */ id?: pulumi.Input; /** * Specifies the permissions for the entry in `rwx` form. For example, `rwx` gives full permissions but `r--` only gives read permissions. * * More details on ACLs can be found here: * * > **Note:** Using the service's ACE inheritance features will not work well with terraform since we cannot handle changes that are taking place out-of-band. Setting the path to inherit its permissions from its parent will result in terraform trying to revert them in the next apply operation. * * > **Note:** The Storage Account requires `accountKind` to be either `StorageV2` or `BlobStorage`. In addition, `isHnsEnabled` has to be set to `true`. */ permissions: pulumi.Input; /** * Specifies whether the ACE represents an `access` entry or a `default` entry. Default value is `access`. */ scope?: pulumi.Input; /** * Specifies the type of entry. Can be `user`, `group`, `mask` or `other`. */ type: pulumi.Input; } interface GetAccountBlobContainerSASPermissions { /** * Should Add permissions be enabled for this SAS? */ add?: boolean; /** * Should Create permissions be enabled for this SAS? */ create?: boolean; /** * Should Delete permissions be enabled for this SAS? */ delete?: boolean; /** * Should Delete version permissions be enabled for this SAS? */ deleteVersion?: boolean; /** * Should Execute permissions be enabled for this SAS? */ execute?: boolean; /** * Should Find permissions be enabled for this SAS? */ find?: boolean; /** * Should List permissions be enabled for this SAS? */ list?: boolean; /** * Should Move permissions be enabled for this SAS? */ move?: boolean; /** * Should Ownership permissions be enabled for this SAS? */ ownership?: boolean; /** * Should Permissions permissions be enabled for this SAS? */ permissions?: boolean; /** * Should Read permissions be enabled for this SAS? */ read?: boolean; /** * Should Set Immutability Policy permissions be enabled for this SAS? */ setImmutabilityPolicy?: boolean; /** * Should Tags permissions be enabled for this SAS? */ tags?: boolean; /** * Should Write permissions be enabled for this SAS? * * > **Note:** Refer to the [SAS creation reference from Azure](https://docs.microsoft.com/rest/api/storageservices/create-service-sas) for additional details on the fields above. */ write?: boolean; } interface GetAccountBlobContainerSASPermissionsArgs { /** * Should Add permissions be enabled for this SAS? */ add?: pulumi.Input; /** * Should Create permissions be enabled for this SAS? */ create?: pulumi.Input; /** * Should Delete permissions be enabled for this SAS? */ delete?: pulumi.Input; /** * Should Delete version permissions be enabled for this SAS? */ deleteVersion?: pulumi.Input; /** * Should Execute permissions be enabled for this SAS? */ execute?: pulumi.Input; /** * Should Find permissions be enabled for this SAS? */ find?: pulumi.Input; /** * Should List permissions be enabled for this SAS? */ list?: pulumi.Input; /** * Should Move permissions be enabled for this SAS? */ move?: pulumi.Input; /** * Should Ownership permissions be enabled for this SAS? */ ownership?: pulumi.Input; /** * Should Permissions permissions be enabled for this SAS? */ permissions?: pulumi.Input; /** * Should Read permissions be enabled for this SAS? */ read?: pulumi.Input; /** * Should Set Immutability Policy permissions be enabled for this SAS? */ setImmutabilityPolicy?: pulumi.Input; /** * Should Tags permissions be enabled for this SAS? */ tags?: pulumi.Input; /** * Should Write permissions be enabled for this SAS? * * > **Note:** Refer to the [SAS creation reference from Azure](https://docs.microsoft.com/rest/api/storageservices/create-service-sas) for additional details on the fields above. */ write?: pulumi.Input; } interface GetAccountSASPermissions { /** * Should Add permissions be enabled for this SAS? */ add?: boolean; /** * Should Create permissions be enabled for this SAS? */ create?: boolean; /** * Should Delete permissions be enabled for this SAS? */ delete?: boolean; /** * Should Filter by Index Tags permissions be enabled for this SAS? */ filter?: boolean; /** * Should List permissions be enabled for this SAS? */ list?: boolean; /** * Should Process permissions be enabled for this SAS? */ process?: boolean; /** * Should Read permissions be enabled for this SAS? */ read?: boolean; /** * Should Get / Set Index Tags permissions be enabled for this SAS? */ tag?: boolean; /** * Should Update permissions be enabled for this SAS? */ update?: boolean; /** * Should Write permissions be enabled for this SAS? * * > **Note:** Refer to the [SAS creation reference from Azure](https://docs.microsoft.com/rest/api/storageservices/constructing-an-account-sas) for additional details on the fields above. */ write?: boolean; } interface GetAccountSASPermissionsArgs { /** * Should Add permissions be enabled for this SAS? */ add?: pulumi.Input; /** * Should Create permissions be enabled for this SAS? */ create?: pulumi.Input; /** * Should Delete permissions be enabled for this SAS? */ delete?: pulumi.Input; /** * Should Filter by Index Tags permissions be enabled for this SAS? */ filter?: pulumi.Input; /** * Should List permissions be enabled for this SAS? */ list?: pulumi.Input; /** * Should Process permissions be enabled for this SAS? */ process?: pulumi.Input; /** * Should Read permissions be enabled for this SAS? */ read?: pulumi.Input; /** * Should Get / Set Index Tags permissions be enabled for this SAS? */ tag?: pulumi.Input; /** * Should Update permissions be enabled for this SAS? */ update?: pulumi.Input; /** * Should Write permissions be enabled for this SAS? * * > **Note:** Refer to the [SAS creation reference from Azure](https://docs.microsoft.com/rest/api/storageservices/constructing-an-account-sas) for additional details on the fields above. */ write?: pulumi.Input; } interface GetAccountSASResourceTypes { /** * Should permission be granted to the container? */ container: boolean; /** * Should permission be granted only to a specific object? */ object: boolean; /** * Should permission be granted to the entire service? */ service: boolean; } interface GetAccountSASResourceTypesArgs { /** * Should permission be granted to the container? */ container: pulumi.Input; /** * Should permission be granted only to a specific object? */ object: pulumi.Input; /** * Should permission be granted to the entire service? */ service: pulumi.Input; } interface GetAccountSASServices { /** * Should permission be granted to `blob` services within this storage account? */ blob: boolean; /** * Should permission be granted to `file` services within this storage account? */ file: boolean; /** * Should permission be granted to `queue` services within this storage account? */ queue: boolean; /** * Should permission be granted to `table` services within this storage account? */ table: boolean; } interface GetAccountSASServicesArgs { /** * Should permission be granted to `blob` services within this storage account? */ blob: pulumi.Input; /** * Should permission be granted to `file` services within this storage account? */ file: pulumi.Input; /** * Should permission be granted to `queue` services within this storage account? */ queue: pulumi.Input; /** * Should permission be granted to `table` services within this storage account? */ table: pulumi.Input; } interface GetShareAcl { /** * An `accessPolicy` block as defined below. */ accessPolicies?: inputs.storage.GetShareAclAccessPolicy[]; /** * The ID which should be used for this Shared Identifier. */ id?: string; } interface GetShareAclArgs { /** * An `accessPolicy` block as defined below. */ accessPolicies?: pulumi.Input[]>; /** * The ID which should be used for this Shared Identifier. */ id?: pulumi.Input; } interface GetShareAclAccessPolicy { /** * The time at which this Access Policy is valid until. */ expiry?: string; /** * The permissions which should be associated with this Shared Identifier. Possible value is combination of `r` (read), `w` (write), `d` (delete), and `l` (list). */ permissions?: string; /** * The time at which this Access Policy is valid from. */ start?: string; } interface GetShareAclAccessPolicyArgs { /** * The time at which this Access Policy is valid until. */ expiry?: pulumi.Input; /** * The permissions which should be associated with this Shared Identifier. Possible value is combination of `r` (read), `w` (write), `d` (delete), and `l` (list). */ permissions?: pulumi.Input; /** * The time at which this Access Policy is valid from. */ start?: pulumi.Input; } interface LocalUserPermissionScope { /** * A `permissions` block as defined below. */ permissions: pulumi.Input; /** * The container name (when `service` is set to `blob`) or the file share name (when `service` is set to `file`), used by the Storage Account Local User. */ resourceName: pulumi.Input; /** * The storage service used by this Storage Account Local User. Possible values are `blob` and `file`. */ service: pulumi.Input; } interface LocalUserPermissionScopePermissions { /** * Specifies if the Local User has the create permission for this scope. Defaults to `false`. */ create?: pulumi.Input; /** * Specifies if the Local User has the delete permission for this scope. Defaults to `false`. */ delete?: pulumi.Input; /** * Specifies if the Local User has the list permission for this scope. Defaults to `false`. */ list?: pulumi.Input; /** * Specifies if the Local User has the read permission for this scope. Defaults to `false`. */ read?: pulumi.Input; /** * Specifies if the Local User has the write permission for this scope. Defaults to `false`. */ write?: pulumi.Input; } interface LocalUserSshAuthorizedKey { /** * The description of this SSH authorized key. */ description?: pulumi.Input; /** * The public key value of this SSH authorized key. */ key: pulumi.Input; } interface ManagementPolicyRule { /** * An `actions` block as documented below. */ actions: pulumi.Input; /** * Boolean to specify whether the rule is enabled. */ enabled: pulumi.Input; /** * A `filters` block as documented below. */ filters: pulumi.Input; /** * The name of the rule. Rule name is case-sensitive. It must be unique within a policy. */ name: pulumi.Input; } interface ManagementPolicyRuleActions { /** * A `baseBlob` block as documented below. */ baseBlob?: pulumi.Input; /** * A `snapshot` block as documented below. */ snapshot?: pulumi.Input; /** * A `version` block as documented below. */ version?: pulumi.Input; } interface ManagementPolicyRuleActionsBaseBlob { /** * Whether a blob should automatically be tiered from cool back to hot if it's accessed again after being tiered to cool. Defaults to `false`. * * > **Note:** The `autoTierToHotFromCoolEnabled` must be used together with `tierToCoolAfterDaysSinceLastAccessTimeGreaterThan`. */ autoTierToHotFromCoolEnabled?: pulumi.Input; /** * The age in days after creation to delete the blob. Must be between `0` and `99999`. Defaults to `-1`. * * > **Note:** The `deleteAfterDaysSinceModificationGreaterThan`, `deleteAfterDaysSinceLastAccessTimeGreaterThan` and `deleteAfterDaysSinceCreationGreaterThan` can not be set at the same time. * * > **Note:** The `lastAccessTimeEnabled` must be set to `true` in the `azure.storage.Account` in order to use `tierToCoolAfterDaysSinceLastAccessTimeGreaterThan`, `tierToArchiveAfterDaysSinceLastAccessTimeGreaterThan` and `deleteAfterDaysSinceLastAccessTimeGreaterThan`. */ deleteAfterDaysSinceCreationGreaterThan?: pulumi.Input; /** * The age in days after last access time to delete the blob. Must be between `0` and `99999`. Defaults to `-1`. */ deleteAfterDaysSinceLastAccessTimeGreaterThan?: pulumi.Input; /** * The age in days after last modification to delete the blob. Must be between `0` and `99999`. Defaults to `-1`. */ deleteAfterDaysSinceModificationGreaterThan?: pulumi.Input; /** * The age in days after creation to archive storage. Supports blob currently at Hot or Cool tier. Must be between `0` and `99999`. Defaults to `-1`. * * > **Note:** The `tierToArchiveAfterDaysSinceModificationGreaterThan`, `tierToArchiveAfterDaysSinceLastAccessTimeGreaterThan` and `tierToArchiveAfterDaysSinceCreationGreaterThan` can not be set at the same time. */ tierToArchiveAfterDaysSinceCreationGreaterThan?: pulumi.Input; /** * The age in days after last access time to tier blobs to archive storage. Supports blob currently at Hot or Cool tier. Must be between `0` and `99999`. Defaults to `-1`. */ tierToArchiveAfterDaysSinceLastAccessTimeGreaterThan?: pulumi.Input; /** * The age in days after last tier change to the blobs to skip to be archived. Must be between `0` and `99999`. Defaults to `-1`. */ tierToArchiveAfterDaysSinceLastTierChangeGreaterThan?: pulumi.Input; /** * The age in days after last modification to tier blobs to archive storage. Supports blob currently at Hot or Cool tier. Must be between `0` and `99999`. Defaults to `-1`. */ tierToArchiveAfterDaysSinceModificationGreaterThan?: pulumi.Input; /** * The age in days after creation to cold storage. Supports blob currently at Hot tier. Must be between `0` and `99999`. Defaults to `-1`. * * > **Note:** The `tierToCoolAfterDaysSinceModificationGreaterThan`, `tierToCoolAfterDaysSinceLastAccessTimeGreaterThan` and `tierToCoolAfterDaysSinceCreationGreaterThan` can not be set at the same time. */ tierToColdAfterDaysSinceCreationGreaterThan?: pulumi.Input; /** * The age in days after last access time to tier blobs to cold storage. Supports blob currently at Hot tier. Must be between `0` and `99999`. Defaults to `-1`. */ tierToColdAfterDaysSinceLastAccessTimeGreaterThan?: pulumi.Input; /** * The age in days after last modification to tier blobs to cold storage. Supports blob currently at Hot tier. Must be between `0` and `99999`. Defaults to `-1`. */ tierToColdAfterDaysSinceModificationGreaterThan?: pulumi.Input; /** * The age in days after creation to cool storage. Supports blob currently at Hot tier. Must be between `0` and `99999`. Defaults to `-1`. * * > **Note:** The `tierToCoolAfterDaysSinceModificationGreaterThan`, `tierToCoolAfterDaysSinceLastAccessTimeGreaterThan` and `tierToCoolAfterDaysSinceCreationGreaterThan` can not be set at the same time. */ tierToCoolAfterDaysSinceCreationGreaterThan?: pulumi.Input; /** * The age in days after last access time to tier blobs to cool storage. Supports blob currently at Hot tier. Must be between `0` and `99999`. Defaults to `-1`. */ tierToCoolAfterDaysSinceLastAccessTimeGreaterThan?: pulumi.Input; /** * The age in days after last modification to tier blobs to cool storage. Supports blob currently at Hot tier. Must be between `0` and `99999`. Defaults to `-1`. */ tierToCoolAfterDaysSinceModificationGreaterThan?: pulumi.Input; } interface ManagementPolicyRuleActionsSnapshot { /** * The age in days after creation to tier blob snapshot to archive storage. Must be between `0` and `99999`. Defaults to `-1`. */ changeTierToArchiveAfterDaysSinceCreation?: pulumi.Input; /** * The age in days after creation to tier blob snapshot to cool storage. Must be between `0` and `99999`. Defaults to `-1`. */ changeTierToCoolAfterDaysSinceCreation?: pulumi.Input; /** * The age in days after creation to delete the blob snapshot. Must be between `0` and `99999`. Defaults to `-1`. */ deleteAfterDaysSinceCreationGreaterThan?: pulumi.Input; /** * The age in days after last tier change to the blobs to skip to be archived. Must be between `0` and `99999`. Defaults to `-1`. */ tierToArchiveAfterDaysSinceLastTierChangeGreaterThan?: pulumi.Input; /** * The age in days after creation to cold storage. Supports blob currently at Hot tier. Must be between `0` and `99999`. Defaults to `-1`. */ tierToColdAfterDaysSinceCreationGreaterThan?: pulumi.Input; } interface ManagementPolicyRuleActionsVersion { /** * The age in days after creation to tier blob version to archive storage. Must be between `0` and `99999`. Defaults to `-1`. */ changeTierToArchiveAfterDaysSinceCreation?: pulumi.Input; /** * The age in days creation create to tier blob version to cool storage. Must be between `0` and `99999`. Defaults to `-1`. */ changeTierToCoolAfterDaysSinceCreation?: pulumi.Input; /** * The age in days after creation to delete the blob version. Must be between `0` and `99999`. Defaults to `-1`. */ deleteAfterDaysSinceCreation?: pulumi.Input; /** * The age in days after last tier change to the blobs to skip to be archived. Must be between `0` and `99999`. Defaults to `-1`. */ tierToArchiveAfterDaysSinceLastTierChangeGreaterThan?: pulumi.Input; /** * The age in days after creation to cold storage. Supports blob currently at Hot tier. Must be between `0` and `99999`. Defaults to `-1`. */ tierToColdAfterDaysSinceCreationGreaterThan?: pulumi.Input; } interface ManagementPolicyRuleFilters { /** * An array of predefined values. Valid options are `blockBlob` and `appendBlob`. */ blobTypes: pulumi.Input[]>; /** * A `matchBlobIndexTag` block as defined below. The block defines the blob index tag based filtering for blob objects. * * > **Note:** The `matchBlobIndexTag` property requires enabling the `blobIndex` feature with [PSH or CLI commands](https://azure.microsoft.com/en-us/blog/manage-and-find-data-with-blob-index-for-azure-storage-now-in-preview/). */ matchBlobIndexTags?: pulumi.Input[]>; /** * An array of strings for prefixes to be matched. */ prefixMatches?: pulumi.Input[]>; } interface ManagementPolicyRuleFiltersMatchBlobIndexTag { /** * The filter tag name used for tag based filtering for blob objects. */ name: pulumi.Input; /** * The comparison operator which is used for object comparison and filtering. Possible value is `==`. Defaults to `==`. */ operation?: pulumi.Input; /** * The filter tag value used for tag based filtering for blob objects. */ value: pulumi.Input; } interface ObjectReplicationRule { /** * The time after which the Block Blobs created will be copies to the destination. Possible values are `OnlyNewObjects`, `Everything` and time in RFC3339 format: `2006-01-02T15:04:00Z`. Defaults to `OnlyNewObjects`. */ copyBlobsCreatedAfter?: pulumi.Input; /** * The destination storage container name. */ destinationContainerName: pulumi.Input; /** * Specifies a list of filters prefixes, the blobs whose names begin with which will be replicated. */ filterOutBlobsWithPrefixes?: pulumi.Input[]>; name?: pulumi.Input; /** * The source storage container name. */ sourceContainerName: pulumi.Input; } interface ShareAcl { /** * An `accessPolicy` block as defined below. */ accessPolicies?: pulumi.Input[]>; /** * The ID which should be used for this Shared Identifier. */ id: pulumi.Input; } interface ShareAclAccessPolicy { /** * The time at which this Access Policy should be valid untilWhen using `storageAccountId` this should be in RFC3339 format. If using the deprecated `storageAccountName` property, this uses the [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) format. */ expiry?: pulumi.Input; /** * The permissions which should be associated with this Shared Identifier. Possible value is combination of `r` (read), `w` (write), `d` (delete), and `l` (list). * * > **Note:** Permission order is strict at the service side, and permissions need to be listed in the order above. */ permissions: pulumi.Input; /** * The time at which this Access Policy should be valid from. When using `storageAccountId` this should be in RFC3339 format. If using the deprecated `storageAccountName` property, this uses the [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) format. */ start?: pulumi.Input; } interface TableAcl { /** * An `accessPolicy` block as defined below. */ accessPolicies?: pulumi.Input[]>; /** * The ID which should be used for this Shared Identifier. */ id: pulumi.Input; } interface TableAclAccessPolicy { /** * The ISO8061 UTC time at which this Access Policy should be valid until. */ expiry: pulumi.Input; /** * The permissions which should associated with this Shared Identifier. */ permissions: pulumi.Input; /** * The ISO8061 UTC time at which this Access Policy should be valid from. */ start: pulumi.Input; } } export declare namespace streamanalytics { interface FunctionJavaScriptUDFInput { /** * Is this input parameter a configuration parameter? Defaults to `false`. */ configurationParameter?: pulumi.Input; /** * The Data Type for the Input Argument of this JavaScript Function. Possible values include `array`, `any`, `bigint`, `datetime`, `float`, `nvarchar(max)` and `record`. */ type: pulumi.Input; } interface FunctionJavaScriptUDFOutput { /** * The Data Type output from this JavaScript Function. Possible values include `array`, `any`, `bigint`, `datetime`, `float`, `nvarchar(max)` and `record`. */ type: pulumi.Input; } interface FunctionJavascriptUdaInput { /** * Is this input parameter a configuration parameter? Defaults to `false`. */ configurationParameter?: pulumi.Input; /** * The input data type of this JavaScript Function. Possible values include `any`, `array`, `bigint`, `datetime`, `float`, `nvarchar(max)` and `record`. */ type: pulumi.Input; } interface FunctionJavascriptUdaOutput { /** * The output data type from this JavaScript Function. Possible values include `any`, `array`, `bigint`, `datetime`, `float`, `nvarchar(max)` and `record`. */ type: pulumi.Input; } interface JobIdentity { /** * The identity id of the user assigned identity to use when type is `UserAssigned` */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Stream Analytics Job. Possible values are `SystemAssigned` and `UserAssigned`. */ type: pulumi.Input; } interface JobJobStorageAccount { /** * The account key for the Azure storage account. */ accountKey?: pulumi.Input; /** * The name of the Azure storage account. */ accountName: pulumi.Input; /** * The authentication mode of the storage account. Possible values are `ConnectionString` and `Msi`. Defaults to `ConnectionString`. */ authenticationMode?: pulumi.Input; } interface OutputBlobSerialization { /** * The encoding of the incoming data in the case of input and the encoding of outgoing data in the case of output. It currently can only be set to `UTF8`. * * > **Note:** This is required when `type` is set to `Csv` or `Json`. */ encoding?: pulumi.Input; /** * The delimiter that will be used to separate comma-separated value (CSV) records. Possible values are ` ` (space), `,` (comma), ` ` (tab), `|` (pipe) and `;`. * * > **Note:** This is required when `type` is set to `Csv`. */ fieldDelimiter?: pulumi.Input; /** * Specifies the format of the JSON the output will be written in. Possible values are `Array` and `LineSeparated`. * * > **Note:** This is Required and can only be specified when `type` is set to `Json`. */ format?: pulumi.Input; /** * The serialization format used for outgoing data streams. Possible values are `Avro`, `Csv`, `Json` and `Parquet`. * * > **Note:** `batchMaxWaitTime` and `batchMinRows` are required when `type` is set to `Parquet` */ type: pulumi.Input; } interface OutputEventHubSerialization { /** * The encoding of the incoming data in the case of input and the encoding of outgoing data in the case of output. It currently can only be set to `UTF8`. * * > **Note:** This is required when `type` is set to `Csv` or `Json`. */ encoding?: pulumi.Input; /** * The delimiter that will be used to separate comma-separated value (CSV) records. Possible values are ` ` (space), `,` (comma), ` ` (tab), `|` (pipe) and `;`. * * > **Note:** This is required when `type` is set to `Csv`. */ fieldDelimiter?: pulumi.Input; /** * Specifies the format of the JSON the output will be written in. Possible values are `Array` and `LineSeparated`. * * > **Note:** This is Required and can only be specified when `type` is set to `Json`. */ format?: pulumi.Input; /** * The serialization format used for outgoing data streams. Possible values are `Avro`, `Csv`, `Json` and `Parquet`. */ type: pulumi.Input; } interface OutputServiceBusQueueSerialization { /** * The encoding of the incoming data in the case of input and the encoding of outgoing data in the case of output. It currently can only be set to `UTF8`. * * > **Note:** This is required when `type` is set to `Csv` or `Json`. */ encoding?: pulumi.Input; /** * The delimiter that will be used to separate comma-separated value (CSV) records. Possible values are ` ` (space), `,` (comma), ` ` (tab), `|` (pipe) and `;`. * * > **Note:** This is required when `type` is set to `Csv`. */ fieldDelimiter?: pulumi.Input; /** * Specifies the format of the JSON the output will be written in. Possible values are `Array` and `LineSeparated`. * * > **Note:** This is Required and can only be specified when `type` is set to `Json`. */ format?: pulumi.Input; /** * The serialization format used for outgoing data streams. Possible values are `Avro`, `Csv`, `Json` and `Parquet`. */ type: pulumi.Input; } interface OutputServicebusTopicSerialization { /** * The encoding of the incoming data in the case of input and the encoding of outgoing data in the case of output. It currently can only be set to `UTF8`. * * > **Note:** This is required when `type` is set to `Csv` or `Json`. */ encoding?: pulumi.Input; /** * The delimiter that will be used to separate comma-separated value (CSV) records. Possible values are ` ` (space), `,` (comma), ` ` (tab), `|` (pipe) and `;`. * * > **Note:** This is required when `type` is set to `Csv`. */ fieldDelimiter?: pulumi.Input; /** * Specifies the format of the JSON the output will be written in. Possible values are `Array` and `LineSeparated`. * * > **Note:** This is Required and can only be specified when `type` is set to `Json`. */ format?: pulumi.Input; /** * The serialization format used for outgoing data streams. Possible values are `Avro`, `Csv`, `Json` and `Parquet`. */ type: pulumi.Input; } interface ReferenceInputBlobSerialization { /** * The encoding of the incoming data in the case of input and the encoding of outgoing data in the case of output. It currently can only be set to `UTF8`. * * > **Note:** This is required when `type` is set to `Csv` or `Json`. */ encoding?: pulumi.Input; /** * The delimiter that will be used to separate comma-separated value (CSV) records. Possible values are ` ` (space), `,` (comma), ` ` (tab), `|` (pipe) and `;`. * * > **Note:** This is required when `type` is set to `Csv`. */ fieldDelimiter?: pulumi.Input; /** * The serialization format used for the reference data. Possible values are `Avro`, `Csv` and `Json`. */ type: pulumi.Input; } interface StreamInputBlobSerialization { /** * The encoding of the incoming data in the case of input and the encoding of outgoing data in the case of output. It currently can only be set to `UTF8`. * * > **Note:** This is required when `type` is set to `Csv` or `Json`. */ encoding?: pulumi.Input; /** * The delimiter that will be used to separate comma-separated value (CSV) records. Possible values are ` ` (space), `,` (comma), ` ` (tab), `|` (pipe) and `;`. * * > **Note:** This is required when `type` is set to `Csv`. */ fieldDelimiter?: pulumi.Input; /** * The serialization format used for incoming data streams. Possible values are `Avro`, `Csv` and `Json`. */ type: pulumi.Input; } interface StreamInputEventHubSerialization { /** * The encoding of the incoming data in the case of input and the encoding of outgoing data in the case of output. It currently can only be set to `UTF8`. * * > **Note:** This is required when `type` is set to `Csv` or `Json`. */ encoding?: pulumi.Input; /** * The delimiter that will be used to separate comma-separated value (CSV) records. Possible values are ` ` (space), `,` (comma), ` ` (tab), `|` (pipe) and `;`. * * > **Note:** This is required when `type` is set to `Csv`. */ fieldDelimiter?: pulumi.Input; /** * The serialization format used for incoming data streams. Possible values are `Avro`, `Csv` and `Json`. */ type: pulumi.Input; } interface StreamInputEventHubV2Serialization { /** * The encoding of the incoming data in the case of input and the encoding of outgoing data in the case of output. It currently can only be set to `UTF8`. * * > **Note:** This is required when `type` is set to `Csv` or `Json`. */ encoding?: pulumi.Input; /** * The delimiter that will be used to separate comma-separated value (CSV) records. Possible values are ` ` (space), `,` (comma), ` ` (tab), `|` (pipe) and `;`. * * > **Note:** This is required when `type` is set to `Csv`. */ fieldDelimiter?: pulumi.Input; /** * The serialization format used for incoming data streams. Possible values are `Avro`, `Csv` and `Json`. */ type: pulumi.Input; } interface StreamInputIotHubSerialization { /** * The encoding of the incoming data in the case of input and the encoding of outgoing data in the case of output. It currently can only be set to `UTF8`. * * > **Note:** This is required when `type` is set to `Csv` or `Json`. */ encoding?: pulumi.Input; /** * The delimiter that will be used to separate comma-separated value (CSV) records. Possible values are ` ` (space), `,` (comma), ` ` (tab), `|` (pipe) and `;`. * * > **Note:** This is required when `type` is set to `Csv`. */ fieldDelimiter?: pulumi.Input; /** * The serialization format used for incoming data streams. Possible values are `Avro`, `Csv` and `Json`. */ type: pulumi.Input; } } export declare namespace synapse { interface LinkedServiceIntegrationRuntime { /** * The integration runtime reference to associate with the Synapse Linked Service. */ name: pulumi.Input; /** * A map of parameters to associate with the integration runtime. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface SparkPoolAutoPause { /** * Number of minutes of idle time before the Spark Pool is automatically paused. Must be between `5` and `10080`. */ delayInMinutes: pulumi.Input; } interface SparkPoolAutoScale { /** * The maximum number of nodes the Spark Pool can support. Must be between `3` and `200`. */ maxNodeCount: pulumi.Input; /** * The minimum number of nodes the Spark Pool can support. Must be between `3` and `200`. */ minNodeCount: pulumi.Input; } interface SparkPoolLibraryRequirement { /** * The content of library requirements. */ content: pulumi.Input; /** * The name of the library requirements file. */ filename: pulumi.Input; } interface SparkPoolSparkConfig { /** * The contents of a spark configuration. */ content: pulumi.Input; /** * The name of the file where the spark configuration `content` will be stored. */ filename: pulumi.Input; } interface SqlPoolRestore { /** * Specifies the Snapshot time to restore formatted as an RFC3339 date string. Changing this forces a new Synapse SQL Pool to be created. */ pointInTime: pulumi.Input; /** * The ID of the Synapse SQL Pool or SQL Database which is to restore. Changing this forces a new Synapse SQL Pool to be created. */ sourceDatabaseId: pulumi.Input; } interface SqlPoolVulnerabilityAssessmentBaselineBaseline { /** * Specifies a list of rule baseline result. */ results: pulumi.Input[]>; } interface SqlPoolVulnerabilityAssessmentRecurringScans { /** * Boolean flag which specifies if the schedule scan notification will be sent to the subscription administrators. Defaults to `true`. */ emailSubscriptionAdminsEnabled?: pulumi.Input; /** * Specifies an array of email addresses to which the scan notification is sent. */ emails?: pulumi.Input[]>; /** * Boolean flag which specifies if recurring scans is enabled or disabled. Defaults to `false`. */ enabled?: pulumi.Input; } interface WorkspaceAzureDevopsRepo { /** * Specifies the Azure DevOps account name. */ accountName: pulumi.Input; /** * Specifies the collaboration branch of the repository to get code from. */ branchName: pulumi.Input; /** * The last commit ID. */ lastCommitId?: pulumi.Input; /** * Specifies the name of the Azure DevOps project. */ projectName: pulumi.Input; /** * Specifies the name of the git repository. */ repositoryName: pulumi.Input; /** * Specifies the root folder within the repository. Set to `/` for the top level. */ rootFolder: pulumi.Input; /** * the ID of the tenant for the Azure DevOps account. */ tenantId?: pulumi.Input; } interface WorkspaceCustomerManagedKey { /** * An identifier for the key. Name needs to match the name of the key used with the `azure.synapse.WorkspaceKey` resource. Defaults to "cmk" if not specified. */ keyName?: pulumi.Input; /** * The Azure Key Vault Key Versionless ID to be used as the Customer Managed Key (CMK) for double encryption (e.g. `https://example-keyvault.vault.azure.net/type/cmk/`). */ keyVersionlessId: pulumi.Input; /** * The User Assigned Identity ID to be used for accessing the Customer Managed Key for encryption. */ userAssignedIdentityId?: pulumi.Input; } interface WorkspaceGithubRepo { /** * Specifies the GitHub account name. */ accountName: pulumi.Input; /** * Specifies the collaboration branch of the repository to get code from. */ branchName: pulumi.Input; /** * Specifies the GitHub Enterprise host name. For example: . * * > **Note:** You must log in to the Synapse UI to complete the authentication to the GitHub repository. */ gitUrl?: pulumi.Input; /** * The last commit ID. */ lastCommitId?: pulumi.Input; /** * Specifies the name of the git repository. */ repositoryName: pulumi.Input; /** * Specifies the root folder within the repository. Set to `/` for the top level. */ rootFolder: pulumi.Input; } interface WorkspaceIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Synapse Workspace. * * > **Note:** This is required when `type` is set to `UserAssigned` or `SystemAssigned, UserAssigned`. */ identityIds?: pulumi.Input[]>; /** * The Principal ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace. */ principalId?: pulumi.Input; /** * The Tenant ID for the Service Principal associated with the Managed Service Identity of this Synapse Workspace. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be associated with this Synapse Workspace. Possible values are `SystemAssigned`, `UserAssigned` and `SystemAssigned, UserAssigned` (to enable both). */ type: pulumi.Input; } interface WorkspaceVulnerabilityAssessmentRecurringScans { /** * Boolean flag which specifies if the schedule scan notification will be sent to the subscription administrators. Defaults to `true`. */ emailSubscriptionAdminsEnabled?: pulumi.Input; /** * Specifies an array of email addresses to which the scan notification is sent. */ emails?: pulumi.Input[]>; /** * Boolean flag which specifies if recurring scans is enabled or disabled. Defaults to `false`. */ enabled?: pulumi.Input; } } export declare namespace systemcenter { interface VirtualMachineManagerVirtualMachineInstanceHardware { /** * The number of vCPUs for the Virtual Machine. Possible values are between `1` and `64`. */ cpuCount?: pulumi.Input; /** * The max dynamic memory for the Virtual Machine. Possible values are between `32` and `1048576`. */ dynamicMemoryMaxInMb?: pulumi.Input; /** * The min dynamic memory for the Virtual Machine. Possible values are between `32` and `1048576`. */ dynamicMemoryMinInMb?: pulumi.Input; /** * Whether processor compatibility mode for live migration of Virtual Machines is enabled. */ limitCpuForMigrationEnabled?: pulumi.Input; /** * The size of a Virtual Machine's memory. Possible values are between `32` and `1048576`. */ memoryInMb?: pulumi.Input; } interface VirtualMachineManagerVirtualMachineInstanceInfrastructure { /** * The type of checkpoint supported for the Virtual Machine. Possible values are `Disabled`, `Production`, `ProductionOnly` and `Standard`. */ checkpointType?: pulumi.Input; /** * The ID of the System Center Virtual Machine Manager Cloud resource to use for deploying the Virtual Machine. Changing this forces a new resource to be created. */ systemCenterVirtualMachineManagerCloudId?: pulumi.Input; /** * The ID of the System Center Virtual Machine Manager Inventory Item for System Center Virtual Machine Manager Virtual Machine Instance. Changing this forces a new resource to be created. */ systemCenterVirtualMachineManagerInventoryItemId?: pulumi.Input; /** * The ID of the System Center Virtual Machine Manager Virtual Machine Template to use for deploying the Virtual Machine. Changing this forces a new resource to be created. */ systemCenterVirtualMachineManagerTemplateId?: pulumi.Input; /** * The ID of the System Center Virtual Machine Manager Virtual Machine. Changing this forces a new resource to be created. */ systemCenterVirtualMachineManagerVirtualMachineServerId?: pulumi.Input; } interface VirtualMachineManagerVirtualMachineInstanceNetworkInterface { /** * The IPv4 address type. Possible values are `Dynamic` and `Static`. */ ipv4AddressType?: pulumi.Input; /** * The IPv6 address type. Possible values are `Dynamic` and `Static`. */ ipv6AddressType?: pulumi.Input; /** * The MAC address type. Possible values are `Dynamic` and `Static`. */ macAddressType?: pulumi.Input; /** * The name of the Virtual Network in System Center Virtual Machine Manager Server that the Network Interface is connected to. */ name: pulumi.Input; /** * The ID of the System Center Virtual Machine Manager Virtual Network to connect the Network Interface. */ virtualNetworkId?: pulumi.Input; } interface VirtualMachineManagerVirtualMachineInstanceOperatingSystem { /** * The admin password of the Virtual Machine. Changing this forces a new resource to be created. */ adminPassword?: pulumi.Input; /** * The computer name of the Virtual Machine. Changing this forces a new resource to be created. */ computerName?: pulumi.Input; } interface VirtualMachineManagerVirtualMachineInstanceStorageDisk { /** * The disk bus. Possible values are between `0` and `3`. */ bus?: pulumi.Input; /** * The disk bus type. Possible values are `IDE` and `SCSI`. */ busType?: pulumi.Input; /** * The disk total size. */ diskSizeGb?: pulumi.Input; /** * The disk lun. Possible values are between `0` and `63`. */ lun?: pulumi.Input; /** * The name of the disk. */ name?: pulumi.Input; /** * The name of the Storage QoS policy. */ storageQosPolicyName?: pulumi.Input; /** * The disk ID in the System Center Virtual Machine Manager Virtual Machine Template. Changing this forces a new resource to be created. */ templateDiskId?: pulumi.Input; /** * The disk vhd type. Possible values are `Dynamic` and `Fixed`. */ vhdType?: pulumi.Input; } } export declare namespace trafficmanager { interface ProfileDnsConfig { /** * The relative domain name, this is combined with the domain name used by Traffic Manager to form the FQDN which is exported as documented below. Changing this forces a new resource to be created. */ relativeName: pulumi.Input; /** * The TTL value of the Profile used by Local DNS resolvers and clients. */ ttl: pulumi.Input; } interface ProfileMonitorConfig { /** * One or more `customHeader` blocks as defined below. */ customHeaders?: pulumi.Input[]>; /** * A list of status code ranges in the format of `100-101`. */ expectedStatusCodeRanges?: pulumi.Input[]>; /** * The interval used to check the endpoint health from a Traffic Manager probing agent. You can specify two values here: `30` (normal probing) and `10` (fast probing). The default value is `30`. */ intervalInSeconds?: pulumi.Input; /** * The path used by the monitoring checks. Required when `protocol` is set to `HTTP` or `HTTPS` - cannot be set when `protocol` is set to `TCP`. */ path?: pulumi.Input; /** * The port number used by the monitoring checks. */ port: pulumi.Input; /** * The protocol used by the monitoring checks, supported values are `HTTP`, `HTTPS` and `TCP`. */ protocol: pulumi.Input; /** * The amount of time the Traffic Manager probing agent should wait before considering that check a failure when a health check probe is sent to the endpoint. If `intervalInSeconds` is set to `30`, then `timeoutInSeconds` can be between `5` and `10`. The default value is `10`. If `intervalInSeconds` is set to `10`, then valid values are between `5` and `9` and `timeoutInSeconds` is required. */ timeoutInSeconds?: pulumi.Input; /** * The number of failures a Traffic Manager probing agent tolerates before marking that endpoint as unhealthy. Valid values are between `0` and `9`. The default value is `3` */ toleratedNumberOfFailures?: pulumi.Input; } interface ProfileMonitorConfigCustomHeader { /** * The name of the custom header. */ name: pulumi.Input; /** * The value of custom header. Applicable for HTTP and HTTPS protocol. */ value: pulumi.Input; } } export declare namespace videoindexer { interface AccountIdentity { /** * Specifies a list of user managed identity ids to be assigned. Required if `type` is `UserAssigned`. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * Specifies the identity type of the Video Indexer Account. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you), `UserAssigned` where you can specify the Service Principal IDs in the `identityIds` field, and `SystemAssigned, UserAssigned` which assigns both a system managed identity as well as the specified user assigned identities. */ type: pulumi.Input; } interface AccountStorage { /** * The ID of the storage account to be associated with the Video Indexer Account. Changing this forces a new Video Indexer Account to be created. */ storageAccountId: pulumi.Input; /** * The reference to the user assigned identity to use to access the Storage Account. */ userAssignedIdentityId?: pulumi.Input; } } export declare namespace voice { interface ServicesCommunicationsGatewayServiceLocation { /** * Specifies the allowed source IP address or CIDR ranges for media. */ allowedMediaSourceAddressPrefixes?: pulumi.Input[]>; /** * Specifies the allowed source IP address or CIDR ranges for signaling. */ allowedSignalingSourceAddressPrefixes?: pulumi.Input[]>; /** * IP address to use to contact the ESRP from this region. * * !> **Note:** The `esrpAddresses` must be specified for each `serviceLocation` when the`e911Type` is set to `DirectToEsrp`. The `esrpAddresses` must not be specified for each `serviceLocation` when the`e911Type` is set to `Standard`. */ esrpAddresses?: pulumi.Input[]>; /** * Specifies the region in which the resources needed for Teams Calling will be deployed. */ location: pulumi.Input; /** * IP address to use to contact the operator network from this region. */ operatorAddresses: pulumi.Input[]>; } } export declare namespace waf { interface PolicyCustomRule { /** * Type of action. Possible values are `Allow`, `Block`, `JSChallenge` and `Log`. * * > **Note:** If the `ruleType` is specified as `RateLimitRule`, the `Allow` is not supported. */ action: pulumi.Input; /** * Describes if the policy is in enabled state or disabled state. Defaults to `true`. */ enabled?: pulumi.Input; /** * Specifies what grouping the rate limit will count requests by. Possible values are `ClientAddr`, `ClientAddrXFFHeader`, `GeoLocation`, `GeoLocationXFFHeader` and `None`. */ groupRateLimitBy?: pulumi.Input; /** * One or more `matchConditions` blocks as defined below. */ matchConditions: pulumi.Input[]>; /** * Gets name of the resource that is unique within a policy. This name can be used to access the resource. */ name?: pulumi.Input; /** * Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value. */ priority: pulumi.Input; /** * Specifies the duration at which the rate limit policy will be applied. Should be used with `RateLimitRule` rule type. Possible values are `FiveMins` and `OneMin`. */ rateLimitDuration?: pulumi.Input; /** * Specifies the threshold value for the rate limit policy. Must be greater than or equal to 1 if provided. */ rateLimitThreshold?: pulumi.Input; /** * Describes the type of rule. Possible values are `MatchRule`, `RateLimitRule` and `Invalid`. */ ruleType: pulumi.Input; } interface PolicyCustomRuleMatchCondition { /** * A list of match values. This is **Required** when the `operator` is not `Any`. */ matchValues?: pulumi.Input[]>; /** * One or more `matchVariables` blocks as defined below. */ matchVariables: pulumi.Input[]>; /** * Describes if this is negate condition or not */ negationCondition?: pulumi.Input; /** * Describes operator to be matched. Possible values are `Any`, `IPMatch`, `GeoMatch`, `Equal`, `Contains`, `LessThan`, `GreaterThan`, `LessThanOrEqual`, `GreaterThanOrEqual`, `BeginsWith`, `EndsWith` and `Regex`. */ operator: pulumi.Input; /** * A list of transformations to do before the match is attempted. Possible values are `HtmlEntityDecode`, `Lowercase`, `RemoveNulls`, `Trim`, `Uppercase`, `UrlDecode` and `UrlEncode`. */ transforms?: pulumi.Input[]>; } interface PolicyCustomRuleMatchConditionMatchVariable { /** * Describes field of the matchVariable collection */ selector?: pulumi.Input; /** * The name of the Match Variable. Possible values are `RemoteAddr`, `RequestMethod`, `QueryString`, `PostArgs`, `RequestUri`, `RequestHeaders`, `RequestBody` and `RequestCookies`. */ variableName: pulumi.Input; } interface PolicyManagedRules { /** * One or more `exclusion` block defined below. */ exclusions?: pulumi.Input[]>; /** * One or more `managedRuleSet` block defined below. */ managedRuleSets: pulumi.Input[]>; } interface PolicyManagedRulesExclusion { /** * One or more `excludedRuleSet` block defined below. */ excludedRuleSet?: pulumi.Input; /** * The name of the Match Variable. Possible values: `RequestArgKeys`, `RequestArgNames`, `RequestArgValues`, `RequestCookieKeys`, `RequestCookieNames`, `RequestCookieValues`, `RequestHeaderKeys`, `RequestHeaderNames`, `RequestHeaderValues`. */ matchVariable: pulumi.Input; /** * Describes field of the matchVariable collection. */ selector: pulumi.Input; /** * Describes operator to be matched. Possible values: `Contains`, `EndsWith`, `Equals`, `EqualsAny`, `StartsWith`. */ selectorMatchOperator: pulumi.Input; } interface PolicyManagedRulesExclusionExcludedRuleSet { /** * One or more `ruleGroup` block defined below. */ ruleGroups?: pulumi.Input[]>; /** * The rule set type. Possible values are `Microsoft_DefaultRuleSet`, `Microsoft_BotManagerRuleSet` and `OWASP`. Defaults to `OWASP`. */ type?: pulumi.Input; /** * The rule set version. Possible values are `1.0`, `1.1` (for rule set type `Microsoft_BotManagerRuleSet`), `2.1`, `2.2` (for rule set type `Microsoft_DefaultRuleSet`) and `3.2` (for rule set type `OWASP`). Defaults to `3.2`. */ version?: pulumi.Input; } interface PolicyManagedRulesExclusionExcludedRuleSetRuleGroup { /** * One or more Rule IDs for exclusion. */ excludedRules?: pulumi.Input[]>; /** * The name of rule group for exclusion. Possible values are `BadBots`, `crs20ProtocolViolations`, `crs21ProtocolAnomalies`, `crs23RequestLimits`, `crs30HttpPolicy`, `crs35BadRobots`, `crs40GenericAttacks`, `crs41SqlInjectionAttacks`, `crs41XssAttacks`, `crs42TightSecurity`, `crs45Trojans`, `crs49InboundBlocking`, `General`, `GoodBots`, `KnownBadBots`, `Known-CVEs`, `REQUEST-911-METHOD-ENFORCEMENT`, `REQUEST-913-SCANNER-DETECTION`, `REQUEST-920-PROTOCOL-ENFORCEMENT`, `REQUEST-921-PROTOCOL-ATTACK`, `REQUEST-930-APPLICATION-ATTACK-LFI`, `REQUEST-931-APPLICATION-ATTACK-RFI`, `REQUEST-932-APPLICATION-ATTACK-RCE`, `REQUEST-933-APPLICATION-ATTACK-PHP`, `REQUEST-941-APPLICATION-ATTACK-XSS`, `REQUEST-942-APPLICATION-ATTACK-SQLI`, `REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION`, `REQUEST-944-APPLICATION-ATTACK-JAVA`, `UnknownBots`, `METHOD-ENFORCEMENT`, `PROTOCOL-ENFORCEMENT`, `PROTOCOL-ATTACK`, `LFI`, `RFI`, `RCE`, `PHP`, `NODEJS`, `XSS`, `SQLI`, `FIX`, `JAVA`, `MS-ThreatIntel-WebShells`, `MS-ThreatIntel-AppSec`, `MS-ThreatIntel-SQLI`, `MS-ThreatIntel-CVEs` and `MS-ThreatIntel-XSS`. */ ruleGroupName: pulumi.Input; } interface PolicyManagedRulesManagedRuleSet { /** * One or more `ruleGroupOverride` block defined below. */ ruleGroupOverrides?: pulumi.Input[]>; /** * The rule set type. Possible values: `Microsoft_BotManagerRuleSet`, `Microsoft_DefaultRuleSet` and `OWASP`. Defaults to `OWASP`. */ type?: pulumi.Input; /** * The rule set version. Possible values: `0.1`, `1.0`, `1.1`, `2.1`, `2.2`, `2.2.9`, `3.0`, `3.1` and `3.2`. */ version: pulumi.Input; } interface PolicyManagedRulesManagedRuleSetRuleGroupOverride { /** * The name of the Rule Group. Possible values are `BadBots`, `crs20ProtocolViolations`, `crs21ProtocolAnomalies`, `crs23RequestLimits`, `crs30HttpPolicy`, `crs35BadRobots`, `crs40GenericAttacks`, `crs41SqlInjectionAttacks`, `crs41XssAttacks`, `crs42TightSecurity`, `crs45Trojans`, `crs49InboundBlocking`, `General`, `GoodBots`, `KnownBadBots`, `Known-CVEs`, `REQUEST-911-METHOD-ENFORCEMENT`, `REQUEST-913-SCANNER-DETECTION`, `REQUEST-920-PROTOCOL-ENFORCEMENT`, `REQUEST-921-PROTOCOL-ATTACK`, `REQUEST-930-APPLICATION-ATTACK-LFI`, `REQUEST-931-APPLICATION-ATTACK-RFI`, `REQUEST-932-APPLICATION-ATTACK-RCE`, `REQUEST-933-APPLICATION-ATTACK-PHP`, `REQUEST-941-APPLICATION-ATTACK-XSS`, `REQUEST-942-APPLICATION-ATTACK-SQLI`, `REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION`, `REQUEST-944-APPLICATION-ATTACK-JAVA`, `UnknownBots`, `METHOD-ENFORCEMENT`, `PROTOCOL-ENFORCEMENT`, `PROTOCOL-ATTACK`, `LFI`, `RFI`, `RCE`, `PHP`, `NODEJS`, `XSS`, `SQLI`, `FIX`, `JAVA`, `MS-ThreatIntel-WebShells`, `MS-ThreatIntel-AppSec`, `MS-ThreatIntel-SQLI`, `MS-ThreatIntel-CVEs` and `MS-ThreatIntel-XSS`. */ ruleGroupName: pulumi.Input; /** * One or more `rule` block defined below. */ rules?: pulumi.Input[]>; } interface PolicyManagedRulesManagedRuleSetRuleGroupOverrideRule { /** * Describes the override action to be applied when rule matches. Possible values are `Allow`, `AnomalyScoring`, `Block`, `JSChallenge` and `Log`. `JSChallenge` is only valid for rulesets of type `Microsoft_BotManagerRuleSet`. */ action?: pulumi.Input; /** * Describes if the managed rule is in enabled state or disabled state. Defaults to `false`. */ enabled?: pulumi.Input; /** * Identifier for the managed rule. */ id: pulumi.Input; } interface PolicyPolicySettings { /** * Describes if the policy is in enabled state or disabled state. Defaults to `true`. */ enabled?: pulumi.Input; /** * Whether the firewall should block a request with upload size greater then `fileUploadLimitInMb`. */ fileUploadEnforcement?: pulumi.Input; /** * The File Upload Limit in MB. Accepted values are in the range `1` to `4000`. Defaults to `100`. */ fileUploadLimitInMb?: pulumi.Input; /** * Specifies the JavaScript challenge cookie validity lifetime in minutes. The user is challenged after the lifetime expires. Accepted values are in the range `5` to `1440`. Defaults to `30`. */ jsChallengeCookieExpirationInMinutes?: pulumi.Input; /** * One `logScrubbing` block as defined below. */ logScrubbing?: pulumi.Input; /** * The Maximum Request Body Size in KB. Accepted values are in the range `8` to `2000`. Defaults to `128`. */ maxRequestBodySizeInKb?: pulumi.Input; /** * Describes if it is in detection mode or prevention mode at the policy level. Valid values are `Detection` and `Prevention`. Defaults to `Prevention`. */ mode?: pulumi.Input; /** * Is Request Body Inspection enabled? Defaults to `true`. */ requestBodyCheck?: pulumi.Input; /** * Whether the firewall should block a request with body size greater then `maxRequestBodySizeInKb`. Defaults to `true`. */ requestBodyEnforcement?: pulumi.Input; /** * Specifies the maximum request body inspection limit in KB for the Web Application Firewall. Defaults to `128`. */ requestBodyInspectLimitInKb?: pulumi.Input; } interface PolicyPolicySettingsLogScrubbing { /** * Whether the log scrubbing is enabled or disabled. Defaults to `true`. */ enabled?: pulumi.Input; /** * One or more `scrubbingRule` blocks as define below. */ rules?: pulumi.Input[]>; } interface PolicyPolicySettingsLogScrubbingRule { /** * Describes if the managed rule is in enabled state or disabled state. Defaults to `false`. */ enabled?: pulumi.Input; matchVariable: pulumi.Input; /** * When matchVariable is a collection, operator used to specify which elements in the collection this rule applies to. */ selector?: pulumi.Input; selectorMatchOperator?: pulumi.Input; } } export declare namespace webpubsub { interface HubEventHandler { /** * An `auth` block as defined below. */ auth?: pulumi.Input; /** * Specifies the list of system events. Supported values are `connect`, `connected` and `disconnected`. */ systemEvents?: pulumi.Input[]>; /** * The Event Handler URL Template. Two predefined parameters `{hub}` and `{event}` are available to use in the template. The value of the EventHandler URL is dynamically calculated when the client request comes in. Example: `http://example.com/api/{hub}/{event}`. */ urlTemplate: pulumi.Input; /** * Specifies the matching event names. There are 3 kind of patterns supported: * `*` matches any event name * `,` Combine multiple events with `,` for example `event1,event2`, it matches event `event1` and `event2` * The single event name, for example `event1`, it matches `event1`. */ userEventPattern?: pulumi.Input; } interface HubEventHandlerAuth { /** * Specify the identity ID of the target resource. * * > **Note:** `managedIdentityId` is required if the auth block is defined */ managedIdentityId: pulumi.Input; } interface HubEventListener { /** * Specifies the event hub name to receive the events. */ eventhubName: pulumi.Input; /** * Specifies the event hub namespace name to receive the events. */ eventhubNamespaceName: pulumi.Input; /** * Specifies the list of system events. Supported values are `connected` and `disconnected`. */ systemEventNameFilters?: pulumi.Input[]>; /** * Specifies the list of matching user event names. `["*"]` can be used to match all events. */ userEventNameFilters?: pulumi.Input[]>; } interface NetworkAclPrivateEndpoint { /** * The allowed request types for the Private Endpoint Connection. Possible values are `ClientConnection`, `ServerConnection`, `RESTAPI` and `Trace`. */ allowedRequestTypes?: pulumi.Input[]>; /** * The denied request types for the Private Endpoint Connection. Possible values are `ClientConnection`, `ServerConnection`, `RESTAPI` and `Trace`. * * > **Note:** When `defaultAction` is `Allow`, `allowedRequestTypes`cannot be set. When `defaultAction` is `Deny`, `deniedRequestTypes`cannot be set. */ deniedRequestTypes?: pulumi.Input[]>; /** * The ID of the Private Endpoint which is based on the Web Pubsub service. */ id: pulumi.Input; } interface NetworkAclPublicNetwork { /** * The allowed request types for the public network. Possible values are `ClientConnection`, `ServerConnection`, `RESTAPI` and `Trace`. */ allowedRequestTypes?: pulumi.Input[]>; /** * The denied request types for the public network. Possible values are `ClientConnection`, `ServerConnection`, `RESTAPI` and `Trace`. * * > **Note:** When `defaultAction` is `Allow`, `allowedRequestTypes`cannot be set. When `defaultAction` is `Deny`, `deniedRequestTypes`cannot be set. */ deniedRequestTypes?: pulumi.Input[]>; } interface ServiceIdentity { /** * Specifies a list of User Assigned Managed Identity IDs to be assigned to this Web PubSub. * * > **Note:** This is required when `type` is set to `UserAssigned` */ identityIds?: pulumi.Input[]>; /** * The Principal ID associated with this Managed Service Identity. */ principalId?: pulumi.Input; /** * The Tenant ID associated with this Managed Service Identity. */ tenantId?: pulumi.Input; /** * Specifies the type of Managed Service Identity that should be configured on this Web PubSub. Possible values are `SystemAssigned`, `UserAssigned`. */ type: pulumi.Input; } interface ServiceLiveTrace { /** * Whether the log category `ConnectivityLogs` is enabled? Defaults to `true` */ connectivityLogsEnabled?: pulumi.Input; /** * Whether the live trace is enabled? Defaults to `true`. */ enabled?: pulumi.Input; /** * Whether the log category `HttpRequestLogs` is enabled? Defaults to `true` */ httpRequestLogsEnabled?: pulumi.Input; /** * Whether the log category `MessagingLogs` is enabled? Defaults to `true` */ messagingLogsEnabled?: pulumi.Input; } interface SocketioIdentity { /** * Specifies a list of User Assigned Managed Identity IDs for this Web PubSub Service. * * > **Note:** `identityIds` is required when `type` is `UserAssigned`. */ identityIds?: pulumi.Input[]>; principalId?: pulumi.Input; tenantId?: pulumi.Input; /** * The type of Managed Identity for this Web PubSub Service. Possible Values are `SystemAssigned` and `UserAssigned`. */ type: pulumi.Input; } interface SocketioSku { /** * The number of units associated with this Web PubSub Service. Defaults to `1`. Possible values are `1`, `2`, `3`, `4`, `5`, `6`, `7`, `8`, `9`, `10`, `20`, `30`, `40`, `50`, `60`, `70`, `80`, `90`, `100`, `200`, `300`, `400`, `500`, `600`, `700`, `800`, `900` and `1000`. * * > **Note:** The valid range depends on which `sku` is used. For `Free_F1` only `1` is supported, for `Standard_S1` and `Premium_P1` `1` through `100` are supported, and for `Premium_P2` the minimum capacity is `100`. */ capacity?: pulumi.Input; /** * The SKU to use for this Web PubSub Service. Possible values are `Free_F1`, `Standard_S1`, `Premium_P1`, and `Premium_P2`. */ name: pulumi.Input; } } export declare namespace workloadssap { interface DiscoveryVirtualInstanceIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this SAP Discovery Virtual Instance. */ identityIds: pulumi.Input[]>; /** * The type of Managed Service Identity that should be configured on this SAP Discovery Virtual Instance. The only possible value is `UserAssigned`. */ type: pulumi.Input; } interface SingleNodeVirtualInstanceIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this SAP Single Node Virtual Instance. */ identityIds: pulumi.Input[]>; /** * The type of Managed Service Identity that should be configured on this SAP Single Node Virtual Instance. The only possible value is `UserAssigned`. */ type: pulumi.Input; } interface SingleNodeVirtualInstanceSingleServerConfiguration { /** * The name of the application Resource Group where SAP system resources will be deployed. Changing this forces a new resource to be created. * * > **Note:** While creating an SAP Single Node Virtual Instance, the service will provision the extra SAP systems/components in the `appResourceGroupName` that are not defined in the HCL Configuration. At this time, if the `appResourceGroupName` is different from the Resource Group where SAP Single Node Virtual Instance exists, you can set `preventDeletionIfContainsResources` to `false` to delete all resources defined in the HCL Configuration and the resources created in the `appResourceGroupName` with `terraform destroy`. However, if the `appResourceGroupName` is the same with the Resource Group where SAP Single Node Virtual Instance exists, some resources, such as the subnet defined in the HCL Configuration, cannot be deleted with `terraform destroy` since the resources defined in the HCL Configuration are being referenced by the SAP system/component. In this case, you have to manually delete the SAP system/component before deleting the resources in the HCL Configuration. */ appResourceGroupName: pulumi.Input; /** * The supported SAP database type. Possible values are `DB2` and `HANA`. Changing this forces a new resource to be created. */ databaseType?: pulumi.Input; /** * One or more `diskVolumeConfiguration` blocks as defined below. Changing this forces a new resource to be created. */ diskVolumeConfigurations?: pulumi.Input[]>; /** * Specifies whether a secondary IP address should be added to the network interface on all VMs of the SAP system being deployed. Defaults to `false`. Changing this forces a new resource to be created. */ secondaryIpEnabled?: pulumi.Input; /** * The resource ID of the Subnet for the SAP Single Node Virtual Instance. Changing this forces a new resource to be created. */ subnetId: pulumi.Input; /** * A `virtualMachineConfiguration` block as defined below. Changing this forces a new resource to be created. */ virtualMachineConfiguration: pulumi.Input; /** * A `virtualMachineResourceNames` block as defined below. Changing this forces a new resource to be created. */ virtualMachineResourceNames?: pulumi.Input; } interface SingleNodeVirtualInstanceSingleServerConfigurationDiskVolumeConfiguration { /** * The total number of disks required for the concerned volume. Possible values are at least `1`. Changing this forces a new resource to be created. */ numberOfDisks: pulumi.Input; /** * The size of the Disk in GB. Changing this forces a new resource to be created. */ sizeInGb: pulumi.Input; /** * The name of the Disk SKU. Possible values are `Premium_LRS`, `PremiumV2_LRS`, `Premium_ZRS`, `Standard_LRS`, `StandardSSD_LRS`, `StandardSSD_ZRS` and `UltraSSD_LRS`. Changing this forces a new resource to be created. */ skuName: pulumi.Input; /** * Specifies the volumn name of the database disk. Possible values are `backup`, `hana/data`, `hana/log`, `hana/shared`, `os` and `usr/sap`. Changing this forces a new resource to be created. */ volumeName: pulumi.Input; } interface SingleNodeVirtualInstanceSingleServerConfigurationVirtualMachineConfiguration { /** * An `image` block as defined below. Changing this forces a new resource to be created. */ image: pulumi.Input; /** * An `osProfile` block as defined below. Changing this forces a new resource to be created. */ osProfile: pulumi.Input; /** * The size of the Virtual Machine. Changing this forces a new resource to be created. */ virtualMachineSize: pulumi.Input; } interface SingleNodeVirtualInstanceSingleServerConfigurationVirtualMachineConfigurationImage { /** * Specifies the offer of the platform image or marketplace image used to create the virtual machine. Changing this forces a new resource to be created. */ offer: pulumi.Input; /** * The publisher of the Image. Possible values are `RedHat` and `SUSE`. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * The SKU of the Image. Changing this forces a new resource to be created. */ sku: pulumi.Input; /** * Specifies the version of the platform image or marketplace image used to create the virtual machine. Changing this forces a new resource to be created. */ version: pulumi.Input; } interface SingleNodeVirtualInstanceSingleServerConfigurationVirtualMachineConfigurationOsProfile { /** * The name of the administrator account. Changing this forces a new resource to be created. */ adminUsername: pulumi.Input; /** * The SSH public key that is used to authenticate with the Virtual Machine. Changing this forces a new resource to be created. */ sshPrivateKey: pulumi.Input; /** * The SSH private key that is used to authenticate with the Virtual Machine. Changing this forces a new resource to be created. */ sshPublicKey: pulumi.Input; } interface SingleNodeVirtualInstanceSingleServerConfigurationVirtualMachineResourceNames { /** * (Optional) One or more `dataDisk` blocks as defined below. Changing this forces a new resource to be created. */ dataDisks?: pulumi.Input[]>; /** * The full name of the host of the Virtual Machine. Changing this forces a new resource to be created. */ hostName?: pulumi.Input; /** * A list of full names for the Network Interface of the Virtual Machine. Changing this forces a new resource to be created. */ networkInterfaceNames?: pulumi.Input[]>; /** * The full name of the OS Disk attached to the Virtual Machine. Changing this forces a new resource to be created. */ osDiskName?: pulumi.Input; /** * The full name of the Virtual Machine in a single server SAP system. Changing this forces a new resource to be created. */ virtualMachineName?: pulumi.Input; } interface SingleNodeVirtualInstanceSingleServerConfigurationVirtualMachineResourceNamesDataDisk { /** * A list of full names of Data Disks per Volume. Changing this forces a new resource to be created. */ names: pulumi.Input[]>; /** * The name of the Volume. The only possible value is `default`. Changing this forces a new resource to be created. */ volumeName: pulumi.Input; } interface ThreeTierVirtualInstanceIdentity { /** * A list of User Assigned Managed Identity IDs to be assigned to this SAP Three Tier Virtual Instance. */ identityIds: pulumi.Input[]>; /** * The type of Managed Service Identity that should be configured on this SAP Three Tier Virtual Instance. Only possible value is `UserAssigned`. */ type: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfiguration { /** * The name of the application Resource Group where SAP system resources will be deployed. Changing this forces a new resource to be created. * * > **Note:** While creating an SAP Three Tier Virtual Instance, the service will provision the extra SAP systems/components in the `appResourceGroupName` that are not defined in the HCL Configuration. At this time, if the `appResourceGroupName` is different from the Resource Group where SAP Three Tier Virtual Instance exists, you can set `preventDeletionIfContainsResources` to `false` to delete all resources defined in the HCL Configurations and the resources created in the `appResourceGroupName` with `terraform destroy`. However, if the `appResourceGroupName` is the same with the Resource Group where SAP Three Tier Virtual Instance exists, some resources, such as the subnet defined in the HCL Configuration, cannot be deleted with `terraform destroy` since the resources defined in the HCL Configuration are being referenced by the SAP system/component. In this case, you have to manually delete the SAP system/component before deleting the resources in the HCL Configuration. */ appResourceGroupName: pulumi.Input; /** * An `applicationServerConfiguration` block as defined below. Changing this forces a new resource to be created. */ applicationServerConfiguration: pulumi.Input; /** * A `centralServerConfiguration` block as defined below. Changing this forces a new resource to be created. */ centralServerConfiguration: pulumi.Input; /** * A `databaseServerConfiguration` block as defined below. Changing this forces a new resource to be created. */ databaseServerConfiguration: pulumi.Input; /** * The high availability type for the three tier configuration. Possible values are `AvailabilitySet` and `AvailabilityZone`. Changing this forces a new resource to be created. */ highAvailabilityType?: pulumi.Input; /** * A `resourceNames` block as defined below. Changing this forces a new resource to be created. */ resourceNames?: pulumi.Input; /** * Specifies whether a secondary IP address should be added to the network interface on all VMs of the SAP system being deployed. Defaults to `false`. Changing this forces a new resource to be created. */ secondaryIpEnabled?: pulumi.Input; /** * A `transportCreateAndMount` block as defined below. Changing this forces a new resource to be created. * * > **Note:** The file share configuration uses `skip` by default when `transportCreateAndMount` isn't set. * * > **Note:** Due to [a bug in the Azure API](https://github.com/Azure/azure-rest-api-specs/issues/25209) where the Storage File Share Id is not defined correctly, it is not currently possible to support using Transport Mount. */ transportCreateAndMount?: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationApplicationServerConfiguration { /** * The number of instances for the Application Server. Possible values are at least `1`. Changing this forces a new resource to be created. */ instanceCount: pulumi.Input; /** * The resource ID of the Subnet for the Application Server. Changing this forces a new resource to be created. */ subnetId: pulumi.Input; /** * A `virtualMachineConfiguration` block as defined below. Changing this forces a new resource to be created. */ virtualMachineConfiguration: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationApplicationServerConfigurationVirtualMachineConfiguration { /** * An `image` block as defined below. Changing this forces a new resource to be created. */ image: pulumi.Input; /** * An `osProfile` block as defined below. Changing this forces a new resource to be created. */ osProfile: pulumi.Input; /** * The size of the Virtual Machine. Changing this forces a new resource to be created. */ virtualMachineSize: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationApplicationServerConfigurationVirtualMachineConfigurationImage { /** * Specifies the offer of the platform image or marketplace image used to create the virtual machine. Changing this forces a new resource to be created. */ offer: pulumi.Input; /** * The publisher of the Image. Possible values are `RedHat` and `SUSE`. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * The SKU of the Image. Changing this forces a new resource to be created. */ sku: pulumi.Input; /** * Specifies the version of the platform image or marketplace image used to create the virtual machine. Changing this forces a new resource to be created. */ version: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationApplicationServerConfigurationVirtualMachineConfigurationOsProfile { /** * The name of the administrator account. Changing this forces a new resource to be created. */ adminUsername: pulumi.Input; /** * The SSH public key that is used to authenticate with the Virtual Machine. Changing this forces a new resource to be created. */ sshPrivateKey: pulumi.Input; /** * The SSH private key that is used to authenticate with the Virtual Machine. Changing this forces a new resource to be created. */ sshPublicKey: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationCentralServerConfiguration { /** * The number of instances for the Central Server. Possible values are at least `1`. Changing this forces a new resource to be created. */ instanceCount: pulumi.Input; /** * The resource ID of the Subnet for the Central Server. Changing this forces a new resource to be created. */ subnetId: pulumi.Input; /** * A `virtualMachineConfiguration` block as defined below. Changing this forces a new resource to be created. */ virtualMachineConfiguration: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationCentralServerConfigurationVirtualMachineConfiguration { /** * An `image` block as defined below. Changing this forces a new resource to be created. */ image: pulumi.Input; /** * An `osProfile` block as defined below. Changing this forces a new resource to be created. */ osProfile: pulumi.Input; /** * The size of the Virtual Machine. Changing this forces a new resource to be created. */ virtualMachineSize: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationCentralServerConfigurationVirtualMachineConfigurationImage { /** * Specifies the offer of the platform image or marketplace image used to create the virtual machine. Changing this forces a new resource to be created. */ offer: pulumi.Input; /** * The publisher of the Image. Possible values are `RedHat` and `SUSE`. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * The SKU of the Image. Changing this forces a new resource to be created. */ sku: pulumi.Input; /** * Specifies the version of the platform image or marketplace image used to create the virtual machine. Changing this forces a new resource to be created. */ version: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationCentralServerConfigurationVirtualMachineConfigurationOsProfile { /** * The name of the administrator account. Changing this forces a new resource to be created. */ adminUsername: pulumi.Input; /** * The SSH public key that is used to authenticate with the Virtual Machine. Changing this forces a new resource to be created. */ sshPrivateKey: pulumi.Input; /** * The SSH private key that is used to authenticate with the Virtual Machine. Changing this forces a new resource to be created. */ sshPublicKey: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationDatabaseServerConfiguration { /** * The database type for the Database Server. Possible values are `DB2` and `HANA`. Changing this forces a new resource to be created. */ databaseType?: pulumi.Input; /** * One or more `diskVolumeConfiguration` blocks as defined below. Changing this forces a new resource to be created. */ diskVolumeConfigurations?: pulumi.Input[]>; /** * The number of instances for the Database Server. Possible values are at least `1`. Changing this forces a new resource to be created. */ instanceCount: pulumi.Input; /** * The resource ID of the Subnet for the Database Server. Changing this forces a new resource to be created. */ subnetId: pulumi.Input; /** * A `virtualMachineConfiguration` block as defined below. Changing this forces a new resource to be created. */ virtualMachineConfiguration: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationDatabaseServerConfigurationDiskVolumeConfiguration { /** * The total number of disks required for the concerned volume. Possible values are at least `1`. Changing this forces a new resource to be created. */ numberOfDisks: pulumi.Input; /** * The size of the Disk in GB. Changing this forces a new resource to be created. */ sizeInGb: pulumi.Input; /** * The name of the Disk SKU. Possible values are `Premium_LRS`, `PremiumV2_LRS`, `Premium_ZRS`, `Standard_LRS`, `StandardSSD_LRS`, `StandardSSD_ZRS` and `UltraSSD_LRS`. Changing this forces a new resource to be created. */ skuName: pulumi.Input; /** * Specifies the volumn name of the database disk. Possible values are `backup`, `hana/data`, `hana/log`, `hana/shared`, `os` and `usr/sap`. Changing this forces a new resource to be created. */ volumeName: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationDatabaseServerConfigurationVirtualMachineConfiguration { /** * An `image` block as defined below. Changing this forces a new resource to be created. */ image: pulumi.Input; /** * An `osProfile` block as defined below. Changing this forces a new resource to be created. */ osProfile: pulumi.Input; /** * The size of the Virtual Machine. Changing this forces a new resource to be created. */ virtualMachineSize: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationDatabaseServerConfigurationVirtualMachineConfigurationImage { /** * Specifies the offer of the platform image or marketplace image used to create the virtual machine. Changing this forces a new resource to be created. */ offer: pulumi.Input; /** * The publisher of the Image. Possible values are `RedHat` and `SUSE`. Changing this forces a new resource to be created. */ publisher: pulumi.Input; /** * The SKU of the Image. Changing this forces a new resource to be created. */ sku: pulumi.Input; /** * Specifies the version of the platform image or marketplace image used to create the virtual machine. Changing this forces a new resource to be created. */ version: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationDatabaseServerConfigurationVirtualMachineConfigurationOsProfile { /** * The name of the administrator account. Changing this forces a new resource to be created. */ adminUsername: pulumi.Input; /** * The SSH public key that is used to authenticate with the Virtual Machine. Changing this forces a new resource to be created. */ sshPrivateKey: pulumi.Input; /** * The SSH private key that is used to authenticate with the Virtual Machine. Changing this forces a new resource to be created. */ sshPublicKey: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNames { /** * An `applicationServer` block as defined below. Changing this forces a new resource to be created. */ applicationServer?: pulumi.Input; /** * A `centralServer` block as defined below. Changing this forces a new resource to be created. */ centralServer?: pulumi.Input; /** * A `databaseServer` block as defined below. Changing this forces a new resource to be created. */ databaseServer?: pulumi.Input; /** * A `sharedStorage` block as defined below. Changing this forces a new resource to be created. */ sharedStorage?: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNamesApplicationServer { /** * The full name for the availability set. Changing this forces a new resource to be created. */ availabilitySetName?: pulumi.Input; /** * One or more `virtualMachine` blocks as defined below. Changing this forces a new resource to be created. */ virtualMachines?: pulumi.Input[]>; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNamesApplicationServerVirtualMachine { /** * One or more `dataDisk` blocks as defined below. Changing this forces a new resource to be created. */ dataDisks?: pulumi.Input[]>; /** * The full name of the host of the Virtual Machine. Changing this forces a new resource to be created. */ hostName?: pulumi.Input; /** * A list of full names for the Network Interface of the Virtual Machine. Changing this forces a new resource to be created. */ networkInterfaceNames?: pulumi.Input[]>; /** * The full name of the OS Disk attached to the Virtual Machine. Changing this forces a new resource to be created. */ osDiskName?: pulumi.Input; /** * The full name of the Virtual Machine in a single server SAP system. Changing this forces a new resource to be created. */ virtualMachineName?: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNamesApplicationServerVirtualMachineDataDisk { /** * A list of full names of Data Disks per Volume. Changing this forces a new resource to be created. */ names: pulumi.Input[]>; /** * The name of the Volume. Possible values are `default`, `hanaData`, `hanaLog`, `hanaShared` and `usrSap`. Changing this forces a new resource to be created. * * > **Note:** Possible value for Application Server and Central Server is `default`. * * > **Note:** Possible values for Database Server are `hanaData`, `hanaLog`, `hanaShared` and `usrSap`. */ volumeName: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNamesCentralServer { /** * The full name for the availability set. Changing this forces a new resource to be created. */ availabilitySetName?: pulumi.Input; /** * A `loadBalancer` block as defined below. Changing this forces a new resource to be created. */ loadBalancer?: pulumi.Input; /** * One or more `virtualMachine` blocks as defined below. Changing this forces a new resource to be created. */ virtualMachines?: pulumi.Input[]>; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNamesCentralServerLoadBalancer { /** * A list of Backend Pool names for the Load Balancer. Changing this forces a new resource to be created. */ backendPoolNames?: pulumi.Input[]>; /** * A list of Frontend IP Configuration names. Changing this forces a new resource to be created. */ frontendIpConfigurationNames?: pulumi.Input[]>; /** * A list of Health Probe names. Changing this forces a new resource to be created. */ healthProbeNames?: pulumi.Input[]>; /** * The full resource name of the Load Balancer. Changing this forces a new resource to be created. */ name?: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNamesCentralServerVirtualMachine { /** * One or more `dataDisk` blocks as defined below. Changing this forces a new resource to be created. */ dataDisks?: pulumi.Input[]>; /** * The full name of the host of the Virtual Machine. Changing this forces a new resource to be created. */ hostName?: pulumi.Input; /** * A list of full names for the Network Interface of the Virtual Machine. Changing this forces a new resource to be created. */ networkInterfaceNames?: pulumi.Input[]>; /** * The full name of the OS Disk attached to the Virtual Machine. Changing this forces a new resource to be created. */ osDiskName?: pulumi.Input; /** * The full name of the Virtual Machine in a single server SAP system. Changing this forces a new resource to be created. */ virtualMachineName?: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNamesCentralServerVirtualMachineDataDisk { /** * A list of full names of Data Disks per Volume. Changing this forces a new resource to be created. */ names: pulumi.Input[]>; /** * The name of the Volume. Possible values are `default`, `hanaData`, `hanaLog`, `hanaShared` and `usrSap`. Changing this forces a new resource to be created. * * > **Note:** Possible value for Application Server and Central Server is `default`. * * > **Note:** Possible values for Database Server are `hanaData`, `hanaLog`, `hanaShared` and `usrSap`. */ volumeName: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNamesDatabaseServer { /** * The full name for the availability set. Changing this forces a new resource to be created. */ availabilitySetName?: pulumi.Input; /** * A `loadBalancer` block as defined below. Changing this forces a new resource to be created. */ loadBalancer?: pulumi.Input; /** * One or more `virtualMachine` blocks as defined below. Changing this forces a new resource to be created. */ virtualMachines?: pulumi.Input[]>; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNamesDatabaseServerLoadBalancer { /** * A list of Backend Pool names for the Load Balancer. Changing this forces a new resource to be created. */ backendPoolNames?: pulumi.Input[]>; /** * A list of Frontend IP Configuration names. Changing this forces a new resource to be created. */ frontendIpConfigurationNames?: pulumi.Input[]>; /** * A list of Health Probe names. Changing this forces a new resource to be created. */ healthProbeNames?: pulumi.Input[]>; /** * The full resource name of the Load Balancer. Changing this forces a new resource to be created. */ name?: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNamesDatabaseServerVirtualMachine { /** * One or more `dataDisk` blocks as defined below. Changing this forces a new resource to be created. */ dataDisks?: pulumi.Input[]>; /** * The full name of the host of the Virtual Machine. Changing this forces a new resource to be created. */ hostName?: pulumi.Input; /** * A list of full names for the Network Interface of the Virtual Machine. Changing this forces a new resource to be created. */ networkInterfaceNames?: pulumi.Input[]>; /** * The full name of the OS Disk attached to the Virtual Machine. Changing this forces a new resource to be created. */ osDiskName?: pulumi.Input; /** * The full name of the Virtual Machine in a single server SAP system. Changing this forces a new resource to be created. */ virtualMachineName?: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNamesDatabaseServerVirtualMachineDataDisk { /** * A list of full names of Data Disks per Volume. Changing this forces a new resource to be created. */ names: pulumi.Input[]>; /** * The name of the Volume. Possible values are `default`, `hanaData`, `hanaLog`, `hanaShared` and `usrSap`. Changing this forces a new resource to be created. * * > **Note:** Possible value for Application Server and Central Server is `default`. * * > **Note:** Possible values for Database Server are `hanaData`, `hanaLog`, `hanaShared` and `usrSap`. */ volumeName: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationResourceNamesSharedStorage { /** * The full name of the Shared Storage Account. Changing this forces a new resource to be created. */ accountName?: pulumi.Input; /** * The full name of Private Endpoint for the Shared Storage Account. Changing this forces a new resource to be created. */ privateEndpointName?: pulumi.Input; } interface ThreeTierVirtualInstanceThreeTierConfigurationTransportCreateAndMount { /** * The ID of the Resource Group of the transport File Share. Changing this forces a new resource to be created. */ resourceGroupId?: pulumi.Input; /** * The name of the Storage Account of the File Share. Changing this forces a new resource to be created. */ storageAccountName?: pulumi.Input; } }