Skip to main content

GatewayCreateMigration

akeyless_api::models::gateway_create_migration

Struct GatewayCreateMigration 

Source 
pub struct GatewayCreateMigration {
Show 72 fields
    pub service_account_key_decoded: Option<String>,
    pub ad_auto_rotate: Option<String>,
    pub ad_cert_expiration_event_in: Option<Vec<String>>,
    pub ad_certificates_path_template: Option<String>,
    pub ad_computer_base_dn: Option<String>,
    pub ad_discover_iis_app: Option<String>,
    pub ad_discover_services: Option<String>,
    pub ad_discovery_types: Option<Vec<String>>,
    pub ad_domain_name: Option<String>,
    pub ad_domain_users_path_template: Option<String>,
    pub ad_local_users_ignore: Option<String>,
    pub ad_local_users_path_template: Option<String>,
    pub ad_os_filter: Option<String>,
    pub ad_rotation_hour: Option<i32>,
    pub ad_rotation_interval: Option<i32>,
    pub ad_sra_enable_rdp: Option<String>,
    pub ad_ssh_port: Option<String>,
    pub ad_target_format: Option<String>,
    pub ad_target_name: Option<String>,
    pub ad_targets_path_template: Option<String>,
    pub ad_targets_type: Option<String>,
    pub ad_user_base_dn: Option<String>,
    pub ad_user_groups: Option<String>,
    pub ad_winrm_over_http: Option<String>,
    pub ad_winrm_port: Option<String>,
    pub ad_discover_local_users: Option<String>,
    pub ai_certificate_discovery: Option<String>,
    pub aws_key: Option<String>,
    pub aws_key_id: Option<String>,
    pub aws_region: Option<String>,
    pub azure_client_id: Option<String>,
    pub azure_kv_name: Option<String>,
    pub azure_secret: Option<String>,
    pub azure_tenant_id: Option<String>,
    pub conjur_account: Option<String>,
    pub conjur_api_key: Option<String>,
    pub conjur_url: Option<String>,
    pub conjur_username: Option<String>,
    pub expiration_event_in: Option<Vec<String>>,
    pub gcp_key: Option<String>,
    pub gcp_project_id: Option<String>,
    pub hashi_json: Option<String>,
    pub hashi_ns: Option<Vec<String>>,
    pub hashi_token: Option<String>,
    pub hashi_url: Option<String>,
    pub hosts: String,
    pub json: Option<bool>,
    pub k8s_ca_certificate: Option<Vec<i32>>,
    pub k8s_client_certificate: Option<Vec<i32>>,
    pub k8s_client_key: Option<Vec<i32>>,
    pub k8s_namespace: Option<String>,
    pub k8s_password: Option<String>,
    pub k8s_skip_system: Option<bool>,
    pub k8s_token: Option<String>,
    pub k8s_url: Option<String>,
    pub k8s_username: Option<String>,
    pub name: String,
    pub port_ranges: Option<String>,
    pub protection_key: Option<String>,
    pub si_auto_rotate: Option<String>,
    pub si_rotation_hour: Option<i32>,
    pub si_rotation_interval: Option<i32>,
    pub si_sra_enable_rdp: Option<String>,
    pub si_target_name: String,
    pub si_user_groups: Option<String>,
    pub si_users_ignore: Option<String>,
    pub si_users_path_template: String,
    pub target_location: String,
    pub token: Option<String>,
    pub type: Option<String>,
    pub uid_token: Option<String>,
    pub use_gw_cloud_identity: Option<bool>,

}
Expand description

GatewayCreateMigration : gatewayCreateMigration is a command that create migration

Fields§

§service_account_key_decoded: Option<String>§ad_auto_rotate: Option<String>

Enable/Disable automatic/recurrent rotation for migrated secrets. Default is false: only manual rotation is allowed for migrated secrets. If set to true, this command should be combined with –ad-rotation-interval and –ad-rotation-hour parameters (Relevant only for Active Directory migration)

§ad_cert_expiration_event_in: Option<Vec<String>>

How many days before the expiration of discovered certificates would you like to be notified (Relevant only for Active Directory migration with certificate discovery enabled)

§ad_certificates_path_template: Option<String>

Path location template for migrating certificates e.g.: /Certificates/{{COMMON_NAME}} (Relevant only for Active Directory migration with certificate discovery enabled)

§ad_computer_base_dn: Option<String>

Distinguished Name of Computer objects (servers) to search in Active Directory e.g.: CN=Computers,DC=example,DC=com (Relevant only for Active Directory migration)

§ad_discover_iis_app: Option<String>

Enable/Disable discovery of IIS application from each domain server as part of the SSH/Windows Rotated Secrets. Default is false. (Relevant only for Active Directory migration)

§ad_discover_services: Option<String>

Enable/Disable discovery of Windows services from each domain server as part of the SSH/Windows Rotated Secrets. Default is false. (Relevant only for Active Directory migration)

§ad_discovery_types: Option<Vec<String>>

Set migration discovery types (domain-users, computers, local-users). (Relevant only for Active Directory migration)

§ad_domain_name: Option<String>

Active Directory Domain Name (Relevant only for Active Directory migration)

§ad_domain_users_path_template: Option<String>

Path location template for migrating domain users as Rotated Secrets e.g.: …/DomainUsers/{{USERNAME}} (Relevant only for Active Directory migration)

§ad_local_users_ignore: Option<String>

Comma-separated list of Local Users which should not be migrated (Relevant only for Active Directory migration)

§ad_local_users_path_template: Option<String>

Path location template for migrating domain users as Rotated Secrets e.g.: …/LocalUsers/{{COMPUTER_NAME}}/{{USERNAME}} (Relevant only for Active Directory migration)

§ad_os_filter: Option<String>

Filter by Operating System to run the migration, can be used with wildcards, e.g. SRV20* (Relevant only for Active Directory migration)

§ad_rotation_hour: Option<i32>

The hour of the scheduled rotation in UTC (Relevant only for Active Directory migration)

§ad_rotation_interval: Option<i32>

The number of days to wait between every automatic rotation [1-365] (Relevant only for Active Directory migration)

§ad_sra_enable_rdp: Option<String>

Enable/Disable RDP Secure Remote Access for the migrated local users rotated secrets. Default is false: rotated secrets will not be created with SRA (Relevant only for Active Directory migration)

§ad_ssh_port: Option<String>

Set the SSH Port for further connection to the domain servers. Default is port 22 (Relevant only for Active Directory migration)

§ad_target_format: Option<String>

Relevant only for ad-discovery-types=computers. For linked, all computers will be migrated into a linked target(s). if set with regular, the migration will create a target for each computer.

§ad_target_name: Option<String>

Active Directory LDAP Target Name. Server type should be Active Directory (Relevant only for Active Directory migration)

§ad_targets_path_template: Option<String>

Path location template for migrating domain servers as SSH/Windows Targets e.g.: …/Servers/{{COMPUTER_NAME}} (Relevant only for Active Directory migration)

§ad_targets_type: Option<String>

Set the target type of the domain servers [ssh/windows](Relevant only for Active Directory migration)

§ad_user_base_dn: Option<String>

Distinguished Name of User objects to search in Active Directory, e.g.: CN=Users,DC=example,DC=com (Relevant only for Active Directory migration)

§ad_user_groups: Option<String>

Comma-separated list of domain groups from which privileged domain users will be migrated. If empty, migrate all users based on the –ad-user-base-dn (Relevant only for Active Directory migration)

§ad_winrm_over_http: Option<String>

Use WinRM over HTTP, by default runs over HTTPS

§ad_winrm_port: Option<String>

Set the WinRM Port for further connection to the domain servers. Default is 5986 (Relevant only for Active Directory migration)

§ad_discover_local_users: Option<String>

Enable/Disable discovery of local users from each domain server and migrate them as SSH/Windows Rotated Secrets. Default is false: only domain users will be migrated. Discovery of local users might require further installation of SSH on the servers, based on the supplied computer base DN. This will be implemented automatically as part of the migration process (Relevant only for Active Directory migration) Deprecated: use AdDiscoverTypes

§ai_certificate_discovery: Option<String>

Enable AI-assisted certificate discovery (only when AI Insight is enabled on the Gateway)

§aws_key: Option<String>

AWS Secret Access Key (relevant only for AWS migration)

§aws_key_id: Option<String>

AWS Access Key ID with sufficient permissions to get all secrets, e.g. ‘arn:aws:secretsmanager:[Region]:[AccountId]:secret:[/path/to/secrets/_*]’ (relevant only for AWS migration)

§aws_region: Option<String>

AWS region of the required Secrets Manager (relevant only for AWS migration)

§azure_client_id: Option<String>

Azure Key Vault Access client ID, should be Azure AD App with a service principal (relevant only for Azure Key Vault migration)

§azure_kv_name: Option<String>

Azure Key Vault Name (relevant only for Azure Key Vault migration)

§azure_secret: Option<String>

Azure Key Vault secret (relevant only for Azure Key Vault migration)

§azure_tenant_id: Option<String>

Azure Key Vault Access tenant ID (relevant only for Azure Key Vault migration)

§conjur_account: Option<String>

Conjur account name set on your Conjur server (relevant only for Conjur migration).

§conjur_api_key: Option<String>

Conjur API Key for the specified user (relevant only for Conjur migration).

§conjur_url: Option<String>

Conjur server base URL (relevant only for Conjur migration). If conjur-url is HTTPS and Conjur uses a private CA/self-signed certificate, make the CA bundle available on the Gateway and set CONJUR_SSL_CERT_PATH to its path.

§conjur_username: Option<String>

Conjur username used to authenticate (relevant only for Conjur migration).

§expiration_event_in: Option<Vec<String>>

How many days before the expiration of the certificate would you like to be notified.

§gcp_key: Option<String>

Base64-encoded GCP Service Account private key text with sufficient permissions to Secrets Manager, Minimum required permission is Secret Manager Secret Accessor, e.g. ‘roles/secretmanager.secretAccessor’ (relevant only for GCP migration)

§gcp_project_id: Option<String>

GCP Project ID (cross-project override)

§hashi_json: Option<String>

Import secret key as json value or independent secrets (relevant only for HasiCorp Vault migration) [true/false]

§hashi_ns: Option<Vec<String>>

HashiCorp Vault Namespaces is a comma-separated list of namespaces which need to be imported into Akeyless Vault. For every provided namespace, all its child namespaces are imported as well, e.g. nmsp/subnmsp1/subnmsp2,nmsp/anothernmsp. By default, import all namespaces (relevant only for HasiCorp Vault migration)

§hashi_token: Option<String>

HashiCorp Vault access token with sufficient permissions to preform list & read operations on secrets objects (relevant only for HasiCorp Vault migration)

§hashi_url: Option<String>

HashiCorp Vault API URL, e.g. https://vault-mgr01:8200 (relevant only for HasiCorp Vault migration)

§hosts: String

A comma separated list of IPs, CIDR ranges, or DNS names to scan

§json: Option<bool>

Set output format to JSON

§k8s_ca_certificate: Option<Vec<i32>>

For Certificate Authentication method K8s Cluster CA certificate (relevant only for K8s migration with Certificate Authentication method)

§k8s_client_certificate: Option<Vec<i32>>

K8s Client certificate with sufficient permission to list and get secrets in the namespace(s) you selected (relevant only for K8s migration with Certificate Authentication method)

§k8s_client_key: Option<Vec<i32>>

K8s Client key (relevant only for K8s migration with Certificate Authentication method)

§k8s_namespace: Option<String>

K8s Namespace, Use this field to import secrets from a particular namespace only. By default, the secrets are imported from all namespaces (relevant only for K8s migration)

§k8s_password: Option<String>

K8s Client password (relevant only for K8s migration with Password Authentication method)

§k8s_skip_system: Option<bool>

K8s Skip Control Plane Secrets, This option allows to avoid importing secrets from system namespaces (relevant only for K8s migration)

§k8s_token: Option<String>

For Token Authentication method K8s Bearer Token with sufficient permission to list and get secrets in the namespace(s) you selected (relevant only for K8s migration with Token Authentication method)

§k8s_url: Option<String>

K8s API Server URL, e.g. https://k8s-api.mycompany.com:6443 (relevant only for K8s migration)

§k8s_username: Option<String>

For Password Authentication method K8s Client username with sufficient permission to list and get secrets in the namespace(s) you selected (relevant only for K8s migration with Password Authentication method)

§name: String

Migration name

§port_ranges: Option<String>

A comma separated list of port ranges Examples: "80,443" or "80,443,8080-8090" or "443"

§protection_key: Option<String>

The name of the key that protects the classic key value (if empty, the account default key will be used)

§si_auto_rotate: Option<String>

Enable/Disable automatic/recurrent rotation for migrated secrets. Default is false: only manual rotation is allowed for migrated secrets. If set to true, this command should be combined with –si-rotation-interval and –si-rotation-hour parameters (Relevant only for Server Inventory migration)

§si_rotation_hour: Option<i32>

The hour of the scheduled rotation in UTC (Relevant only for Server Inventory migration)

§si_rotation_interval: Option<i32>

The number of days to wait between every automatic rotation [1-365] (Relevant only for Server Inventory migration)

§si_sra_enable_rdp: Option<String>

Enable/Disable RDP Secure Remote Access for the migrated local users rotated secrets. Default is false: rotated secrets will not be created with SRA (Relevant only for Server Inventory migration)

§si_target_name: String

SSH, Windows or Linked Target Name. (Relevant only for Server Inventory migration)

§si_user_groups: Option<String>

Comma-separated list of groups to migrate users from. If empty, all users from all groups will be migrated (Relevant only for Server Inventory migration)

§si_users_ignore: Option<String>

Comma-separated list of Local Users which should not be migrated (Relevant only for Server Inventory migration)

§si_users_path_template: String

Path location template for migrating users as Rotated Secrets e.g.: …/Users/{{COMPUTER_NAME}}/{{USERNAME}} (Relevant only for Server Inventory migration)

§target_location: String

Target location in Akeyless for imported secrets

§token: Option<String>

Authentication token (see /auth and /configure)

§type: Option<String>

Migration type (hashi/aws/gcp/k8s/azure_kv/conjur/active_directory/server_inventory/certificate)

§uid_token: Option<String>

The universal identity token, Required only for universal_identity authentication

§use_gw_cloud_identity: Option<bool>

Use the GW’s Cloud IAM

Implementations§

Source§

impl GatewayCreateMigration

Source

pub fn new( hosts: String, name: String, si_target_name: String, si_users_path_template: String, target_location: String, ) -> GatewayCreateMigration

gatewayCreateMigration is a command that create migration

Trait Implementations§

Source§

impl Clone for GatewayCreateMigration

Source§

fn clone(&self) -> GatewayCreateMigration

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for GatewayCreateMigration

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for GatewayCreateMigration

Source§

fn default() -> GatewayCreateMigration

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for GatewayCreateMigration

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for GatewayCreateMigration

Source§

fn eq(&self, other: &GatewayCreateMigration) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for GatewayCreateMigration

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl StructuralPartialEq for GatewayCreateMigration

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more