akeyless_api/models/gateway_create_migration.rs
1/*
2 * Akeyless API
3 *
4 * The purpose of this application is to provide access to Akeyless API.
5 *
6 * The version of the OpenAPI document: 3.0
7 * Contact: support@akeyless.io
8 * Generated by: https://openapi-generator.tech
9 */
10
11use crate::models;
12use serde::{Deserialize, Serialize};
13
14/// GatewayCreateMigration : gatewayCreateMigration is a command that create migration
15#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
16pub struct GatewayCreateMigration {
17 #[serde(rename = "ServiceAccountKeyDecoded", skip_serializing_if = "Option::is_none")]
18 pub service_account_key_decoded: Option<String>,
19 /// Enable/Disable automatic/recurrent rotation for migrated secrets. Default is false: only manual rotation is allowed for migrated secrets. If set to true, this command should be combined with --ad-rotation-interval and --ad-rotation-hour parameters (Relevant only for Active Directory migration)
20 #[serde(rename = "ad-auto-rotate", skip_serializing_if = "Option::is_none")]
21 pub ad_auto_rotate: Option<String>,
22 /// How many days before the expiration of discovered certificates would you like to be notified (Relevant only for Active Directory migration with certificate discovery enabled)
23 #[serde(rename = "ad-cert-expiration-event-in", skip_serializing_if = "Option::is_none")]
24 pub ad_cert_expiration_event_in: Option<Vec<String>>,
25 /// Path location template for migrating certificates e.g.: /Certificates/{{COMMON_NAME}} (Relevant only for Active Directory migration with certificate discovery enabled)
26 #[serde(rename = "ad-certificates-path-template", skip_serializing_if = "Option::is_none")]
27 pub ad_certificates_path_template: Option<String>,
28 /// Distinguished Name of Computer objects (servers) to search in Active Directory e.g.: CN=Computers,DC=example,DC=com (Relevant only for Active Directory migration)
29 #[serde(rename = "ad-computer-base-dn", skip_serializing_if = "Option::is_none")]
30 pub ad_computer_base_dn: Option<String>,
31 /// Enable/Disable discovery of IIS application from each domain server as part of the SSH/Windows Rotated Secrets. Default is false. (Relevant only for Active Directory migration)
32 #[serde(rename = "ad-discover-iis-app", skip_serializing_if = "Option::is_none")]
33 pub ad_discover_iis_app: Option<String>,
34 /// Enable/Disable discovery of Windows services from each domain server as part of the SSH/Windows Rotated Secrets. Default is false. (Relevant only for Active Directory migration)
35 #[serde(rename = "ad-discover-services", skip_serializing_if = "Option::is_none")]
36 pub ad_discover_services: Option<String>,
37 /// Set migration discovery types (domain-users, computers, local-users). (Relevant only for Active Directory migration)
38 #[serde(rename = "ad-discovery-types", skip_serializing_if = "Option::is_none")]
39 pub ad_discovery_types: Option<Vec<String>>,
40 /// Active Directory Domain Name (Relevant only for Active Directory migration)
41 #[serde(rename = "ad-domain-name", skip_serializing_if = "Option::is_none")]
42 pub ad_domain_name: Option<String>,
43 /// Path location template for migrating domain users as Rotated Secrets e.g.: .../DomainUsers/{{USERNAME}} (Relevant only for Active Directory migration)
44 #[serde(rename = "ad-domain-users-path-template", skip_serializing_if = "Option::is_none")]
45 pub ad_domain_users_path_template: Option<String>,
46 /// Comma-separated list of Local Users which should not be migrated (Relevant only for Active Directory migration)
47 #[serde(rename = "ad-local-users-ignore", skip_serializing_if = "Option::is_none")]
48 pub ad_local_users_ignore: Option<String>,
49 /// Path location template for migrating domain users as Rotated Secrets e.g.: .../LocalUsers/{{COMPUTER_NAME}}/{{USERNAME}} (Relevant only for Active Directory migration)
50 #[serde(rename = "ad-local-users-path-template", skip_serializing_if = "Option::is_none")]
51 pub ad_local_users_path_template: Option<String>,
52 /// Filter by Operating System to run the migration, can be used with wildcards, e.g. SRV20* (Relevant only for Active Directory migration)
53 #[serde(rename = "ad-os-filter", skip_serializing_if = "Option::is_none")]
54 pub ad_os_filter: Option<String>,
55 /// The hour of the scheduled rotation in UTC (Relevant only for Active Directory migration)
56 #[serde(rename = "ad-rotation-hour", skip_serializing_if = "Option::is_none")]
57 pub ad_rotation_hour: Option<i32>,
58 /// The number of days to wait between every automatic rotation [1-365] (Relevant only for Active Directory migration)
59 #[serde(rename = "ad-rotation-interval", skip_serializing_if = "Option::is_none")]
60 pub ad_rotation_interval: Option<i32>,
61 /// Enable/Disable RDP Secure Remote Access for the migrated local users rotated secrets. Default is false: rotated secrets will not be created with SRA (Relevant only for Active Directory migration)
62 #[serde(rename = "ad-sra-enable-rdp", skip_serializing_if = "Option::is_none")]
63 pub ad_sra_enable_rdp: Option<String>,
64 /// Set the SSH Port for further connection to the domain servers. Default is port 22 (Relevant only for Active Directory migration)
65 #[serde(rename = "ad-ssh-port", skip_serializing_if = "Option::is_none")]
66 pub ad_ssh_port: Option<String>,
67 /// Relevant only for ad-discovery-types=computers. For linked, all computers will be migrated into a linked target(s). if set with regular, the migration will create a target for each computer.
68 #[serde(rename = "ad-target-format", skip_serializing_if = "Option::is_none")]
69 pub ad_target_format: Option<String>,
70 /// Active Directory LDAP Target Name. Server type should be Active Directory (Relevant only for Active Directory migration)
71 #[serde(rename = "ad-target-name", skip_serializing_if = "Option::is_none")]
72 pub ad_target_name: Option<String>,
73 /// Path location template for migrating domain servers as SSH/Windows Targets e.g.: .../Servers/{{COMPUTER_NAME}} (Relevant only for Active Directory migration)
74 #[serde(rename = "ad-targets-path-template", skip_serializing_if = "Option::is_none")]
75 pub ad_targets_path_template: Option<String>,
76 /// Set the target type of the domain servers [ssh/windows](Relevant only for Active Directory migration)
77 #[serde(rename = "ad-targets-type", skip_serializing_if = "Option::is_none")]
78 pub ad_targets_type: Option<String>,
79 /// Distinguished Name of User objects to search in Active Directory, e.g.: CN=Users,DC=example,DC=com (Relevant only for Active Directory migration)
80 #[serde(rename = "ad-user-base-dn", skip_serializing_if = "Option::is_none")]
81 pub ad_user_base_dn: Option<String>,
82 /// Comma-separated list of domain groups from which privileged domain users will be migrated. If empty, migrate all users based on the --ad-user-base-dn (Relevant only for Active Directory migration)
83 #[serde(rename = "ad-user-groups", skip_serializing_if = "Option::is_none")]
84 pub ad_user_groups: Option<String>,
85 /// Use WinRM over HTTP, by default runs over HTTPS
86 #[serde(rename = "ad-winrm-over-http", skip_serializing_if = "Option::is_none")]
87 pub ad_winrm_over_http: Option<String>,
88 /// Set the WinRM Port for further connection to the domain servers. Default is 5986 (Relevant only for Active Directory migration)
89 #[serde(rename = "ad-winrm-port", skip_serializing_if = "Option::is_none")]
90 pub ad_winrm_port: Option<String>,
91 /// Enable/Disable discovery of local users from each domain server and migrate them as SSH/Windows Rotated Secrets. Default is false: only domain users will be migrated. Discovery of local users might require further installation of SSH on the servers, based on the supplied computer base DN. This will be implemented automatically as part of the migration process (Relevant only for Active Directory migration) Deprecated: use AdDiscoverTypes
92 #[serde(rename = "ad_discover_local_users", skip_serializing_if = "Option::is_none")]
93 pub ad_discover_local_users: Option<String>,
94 /// Enable AI-assisted certificate discovery (only when AI Insight is enabled on the Gateway)
95 #[serde(rename = "ai-certificate-discovery", skip_serializing_if = "Option::is_none")]
96 pub ai_certificate_discovery: Option<String>,
97 /// AWS Secret Access Key (relevant only for AWS migration)
98 #[serde(rename = "aws-key", skip_serializing_if = "Option::is_none")]
99 pub aws_key: Option<String>,
100 /// AWS Access Key ID with sufficient permissions to get all secrets, e.g. 'arn:aws:secretsmanager:[Region]:[AccountId]:secret:[/path/to/secrets/_*]' (relevant only for AWS migration)
101 #[serde(rename = "aws-key-id", skip_serializing_if = "Option::is_none")]
102 pub aws_key_id: Option<String>,
103 /// AWS region of the required Secrets Manager (relevant only for AWS migration)
104 #[serde(rename = "aws-region", skip_serializing_if = "Option::is_none")]
105 pub aws_region: Option<String>,
106 /// Azure Key Vault Access client ID, should be Azure AD App with a service principal (relevant only for Azure Key Vault migration)
107 #[serde(rename = "azure-client-id", skip_serializing_if = "Option::is_none")]
108 pub azure_client_id: Option<String>,
109 /// Azure Key Vault Name (relevant only for Azure Key Vault migration)
110 #[serde(rename = "azure-kv-name", skip_serializing_if = "Option::is_none")]
111 pub azure_kv_name: Option<String>,
112 /// Azure Key Vault secret (relevant only for Azure Key Vault migration)
113 #[serde(rename = "azure-secret", skip_serializing_if = "Option::is_none")]
114 pub azure_secret: Option<String>,
115 /// Azure Key Vault Access tenant ID (relevant only for Azure Key Vault migration)
116 #[serde(rename = "azure-tenant-id", skip_serializing_if = "Option::is_none")]
117 pub azure_tenant_id: Option<String>,
118 /// Conjur account name set on your Conjur server (relevant only for Conjur migration).
119 #[serde(rename = "conjur-account", skip_serializing_if = "Option::is_none")]
120 pub conjur_account: Option<String>,
121 /// Conjur API Key for the specified user (relevant only for Conjur migration).
122 #[serde(rename = "conjur-api-key", skip_serializing_if = "Option::is_none")]
123 pub conjur_api_key: Option<String>,
124 /// Conjur server base URL (relevant only for Conjur migration). If conjur-url is HTTPS and Conjur uses a private CA/self-signed certificate, make the CA bundle available on the Gateway and set CONJUR_SSL_CERT_PATH to its path.
125 #[serde(rename = "conjur-url", skip_serializing_if = "Option::is_none")]
126 pub conjur_url: Option<String>,
127 /// Conjur username used to authenticate (relevant only for Conjur migration).
128 #[serde(rename = "conjur-username", skip_serializing_if = "Option::is_none")]
129 pub conjur_username: Option<String>,
130 /// How many days before the expiration of the certificate would you like to be notified.
131 #[serde(rename = "expiration-event-in", skip_serializing_if = "Option::is_none")]
132 pub expiration_event_in: Option<Vec<String>>,
133 /// Base64-encoded GCP Service Account private key text with sufficient permissions to Secrets Manager, Minimum required permission is Secret Manager Secret Accessor, e.g. 'roles/secretmanager.secretAccessor' (relevant only for GCP migration)
134 #[serde(rename = "gcp-key", skip_serializing_if = "Option::is_none")]
135 pub gcp_key: Option<String>,
136 /// GCP Project ID (cross-project override)
137 #[serde(rename = "gcp-project-id", skip_serializing_if = "Option::is_none")]
138 pub gcp_project_id: Option<String>,
139 /// Import secret key as json value or independent secrets (relevant only for HasiCorp Vault migration) [true/false]
140 #[serde(rename = "hashi-json", skip_serializing_if = "Option::is_none")]
141 pub hashi_json: Option<String>,
142 /// HashiCorp Vault Namespaces is a comma-separated list of namespaces which need to be imported into Akeyless Vault. For every provided namespace, all its child namespaces are imported as well, e.g. nmsp/subnmsp1/subnmsp2,nmsp/anothernmsp. By default, import all namespaces (relevant only for HasiCorp Vault migration)
143 #[serde(rename = "hashi-ns", skip_serializing_if = "Option::is_none")]
144 pub hashi_ns: Option<Vec<String>>,
145 /// HashiCorp Vault access token with sufficient permissions to preform list & read operations on secrets objects (relevant only for HasiCorp Vault migration)
146 #[serde(rename = "hashi-token", skip_serializing_if = "Option::is_none")]
147 pub hashi_token: Option<String>,
148 /// HashiCorp Vault API URL, e.g. https://vault-mgr01:8200 (relevant only for HasiCorp Vault migration)
149 #[serde(rename = "hashi-url", skip_serializing_if = "Option::is_none")]
150 pub hashi_url: Option<String>,
151 /// A comma separated list of IPs, CIDR ranges, or DNS names to scan
152 #[serde(rename = "hosts")]
153 pub hosts: String,
154 /// Set output format to JSON
155 #[serde(rename = "json", skip_serializing_if = "Option::is_none")]
156 pub json: Option<bool>,
157 /// For Certificate Authentication method K8s Cluster CA certificate (relevant only for K8s migration with Certificate Authentication method)
158 #[serde(rename = "k8s-ca-certificate", skip_serializing_if = "Option::is_none")]
159 pub k8s_ca_certificate: Option<Vec<i32>>,
160 /// K8s Client certificate with sufficient permission to list and get secrets in the namespace(s) you selected (relevant only for K8s migration with Certificate Authentication method)
161 #[serde(rename = "k8s-client-certificate", skip_serializing_if = "Option::is_none")]
162 pub k8s_client_certificate: Option<Vec<i32>>,
163 /// K8s Client key (relevant only for K8s migration with Certificate Authentication method)
164 #[serde(rename = "k8s-client-key", skip_serializing_if = "Option::is_none")]
165 pub k8s_client_key: Option<Vec<i32>>,
166 /// K8s Namespace, Use this field to import secrets from a particular namespace only. By default, the secrets are imported from all namespaces (relevant only for K8s migration)
167 #[serde(rename = "k8s-namespace", skip_serializing_if = "Option::is_none")]
168 pub k8s_namespace: Option<String>,
169 /// K8s Client password (relevant only for K8s migration with Password Authentication method)
170 #[serde(rename = "k8s-password", skip_serializing_if = "Option::is_none")]
171 pub k8s_password: Option<String>,
172 /// K8s Skip Control Plane Secrets, This option allows to avoid importing secrets from system namespaces (relevant only for K8s migration)
173 #[serde(rename = "k8s-skip-system", skip_serializing_if = "Option::is_none")]
174 pub k8s_skip_system: Option<bool>,
175 /// For Token Authentication method K8s Bearer Token with sufficient permission to list and get secrets in the namespace(s) you selected (relevant only for K8s migration with Token Authentication method)
176 #[serde(rename = "k8s-token", skip_serializing_if = "Option::is_none")]
177 pub k8s_token: Option<String>,
178 /// K8s API Server URL, e.g. https://k8s-api.mycompany.com:6443 (relevant only for K8s migration)
179 #[serde(rename = "k8s-url", skip_serializing_if = "Option::is_none")]
180 pub k8s_url: Option<String>,
181 /// For Password Authentication method K8s Client username with sufficient permission to list and get secrets in the namespace(s) you selected (relevant only for K8s migration with Password Authentication method)
182 #[serde(rename = "k8s-username", skip_serializing_if = "Option::is_none")]
183 pub k8s_username: Option<String>,
184 /// Migration name
185 #[serde(rename = "name")]
186 pub name: String,
187 /// A comma separated list of port ranges Examples: \"80,443\" or \"80,443,8080-8090\" or \"443\"
188 #[serde(rename = "port-ranges", skip_serializing_if = "Option::is_none")]
189 pub port_ranges: Option<String>,
190 /// The name of the key that protects the classic key value (if empty, the account default key will be used)
191 #[serde(rename = "protection-key", skip_serializing_if = "Option::is_none")]
192 pub protection_key: Option<String>,
193 /// Enable/Disable automatic/recurrent rotation for migrated secrets. Default is false: only manual rotation is allowed for migrated secrets. If set to true, this command should be combined with --si-rotation-interval and --si-rotation-hour parameters (Relevant only for Server Inventory migration)
194 #[serde(rename = "si-auto-rotate", skip_serializing_if = "Option::is_none")]
195 pub si_auto_rotate: Option<String>,
196 /// The hour of the scheduled rotation in UTC (Relevant only for Server Inventory migration)
197 #[serde(rename = "si-rotation-hour", skip_serializing_if = "Option::is_none")]
198 pub si_rotation_hour: Option<i32>,
199 /// The number of days to wait between every automatic rotation [1-365] (Relevant only for Server Inventory migration)
200 #[serde(rename = "si-rotation-interval", skip_serializing_if = "Option::is_none")]
201 pub si_rotation_interval: Option<i32>,
202 /// Enable/Disable RDP Secure Remote Access for the migrated local users rotated secrets. Default is false: rotated secrets will not be created with SRA (Relevant only for Server Inventory migration)
203 #[serde(rename = "si-sra-enable-rdp", skip_serializing_if = "Option::is_none")]
204 pub si_sra_enable_rdp: Option<String>,
205 /// SSH, Windows or Linked Target Name. (Relevant only for Server Inventory migration)
206 #[serde(rename = "si-target-name")]
207 pub si_target_name: String,
208 /// Comma-separated list of groups to migrate users from. If empty, all users from all groups will be migrated (Relevant only for Server Inventory migration)
209 #[serde(rename = "si-user-groups", skip_serializing_if = "Option::is_none")]
210 pub si_user_groups: Option<String>,
211 /// Comma-separated list of Local Users which should not be migrated (Relevant only for Server Inventory migration)
212 #[serde(rename = "si-users-ignore", skip_serializing_if = "Option::is_none")]
213 pub si_users_ignore: Option<String>,
214 /// Path location template for migrating users as Rotated Secrets e.g.: .../Users/{{COMPUTER_NAME}}/{{USERNAME}} (Relevant only for Server Inventory migration)
215 #[serde(rename = "si-users-path-template")]
216 pub si_users_path_template: String,
217 /// Target location in Akeyless for imported secrets
218 #[serde(rename = "target-location")]
219 pub target_location: String,
220 /// Authentication token (see `/auth` and `/configure`)
221 #[serde(rename = "token", skip_serializing_if = "Option::is_none")]
222 pub token: Option<String>,
223 /// Migration type (hashi/aws/gcp/k8s/azure_kv/conjur/active_directory/server_inventory/certificate)
224 #[serde(rename = "type", skip_serializing_if = "Option::is_none")]
225 pub r#type: Option<String>,
226 /// The universal identity token, Required only for universal_identity authentication
227 #[serde(rename = "uid-token", skip_serializing_if = "Option::is_none")]
228 pub uid_token: Option<String>,
229 /// Use the GW's Cloud IAM
230 #[serde(rename = "use-gw-cloud-identity", skip_serializing_if = "Option::is_none")]
231 pub use_gw_cloud_identity: Option<bool>,
232}
233
234impl GatewayCreateMigration {
235 /// gatewayCreateMigration is a command that create migration
236 pub fn new(hosts: String, name: String, si_target_name: String, si_users_path_template: String, target_location: String) -> GatewayCreateMigration {
237 GatewayCreateMigration {
238 service_account_key_decoded: None,
239 ad_auto_rotate: None,
240 ad_cert_expiration_event_in: None,
241 ad_certificates_path_template: None,
242 ad_computer_base_dn: None,
243 ad_discover_iis_app: None,
244 ad_discover_services: None,
245 ad_discovery_types: None,
246 ad_domain_name: None,
247 ad_domain_users_path_template: None,
248 ad_local_users_ignore: None,
249 ad_local_users_path_template: None,
250 ad_os_filter: None,
251 ad_rotation_hour: None,
252 ad_rotation_interval: None,
253 ad_sra_enable_rdp: None,
254 ad_ssh_port: None,
255 ad_target_format: None,
256 ad_target_name: None,
257 ad_targets_path_template: None,
258 ad_targets_type: None,
259 ad_user_base_dn: None,
260 ad_user_groups: None,
261 ad_winrm_over_http: None,
262 ad_winrm_port: None,
263 ad_discover_local_users: None,
264 ai_certificate_discovery: None,
265 aws_key: None,
266 aws_key_id: None,
267 aws_region: None,
268 azure_client_id: None,
269 azure_kv_name: None,
270 azure_secret: None,
271 azure_tenant_id: None,
272 conjur_account: None,
273 conjur_api_key: None,
274 conjur_url: None,
275 conjur_username: None,
276 expiration_event_in: None,
277 gcp_key: None,
278 gcp_project_id: None,
279 hashi_json: None,
280 hashi_ns: None,
281 hashi_token: None,
282 hashi_url: None,
283 hosts,
284 json: None,
285 k8s_ca_certificate: None,
286 k8s_client_certificate: None,
287 k8s_client_key: None,
288 k8s_namespace: None,
289 k8s_password: None,
290 k8s_skip_system: None,
291 k8s_token: None,
292 k8s_url: None,
293 k8s_username: None,
294 name,
295 port_ranges: None,
296 protection_key: None,
297 si_auto_rotate: None,
298 si_rotation_hour: None,
299 si_rotation_interval: None,
300 si_sra_enable_rdp: None,
301 si_target_name,
302 si_user_groups: None,
303 si_users_ignore: None,
304 si_users_path_template,
305 target_location,
306 token: None,
307 r#type: None,
308 uid_token: None,
309 use_gw_cloud_identity: None,
310 }
311 }
312}
313