ad

package
v4.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GetAccessCredentialsArgs 

type GetAccessCredentialsArgs struct {
	// The path to the AD secret backend to
	// read credentials from, with no leading or trailing `/`s.
	Backend string `pulumi:"backend"`
	// The name of the AD secret backend role to read
	// credentials from, with no leading or trailing `/`s.
	Role string `pulumi:"role"`
}

A collection of arguments for invoking getAccessCredentials.

type GetAccessCredentialsOutputArgs added in v4.6.0 

type GetAccessCredentialsOutputArgs struct {
	// The path to the AD secret backend to
	// read credentials from, with no leading or trailing `/`s.
	Backend pulumi.StringInput `pulumi:"backend"`
	// The name of the AD secret backend role to read
	// credentials from, with no leading or trailing `/`s.
	Role pulumi.StringInput `pulumi:"role"`
}

A collection of arguments for invoking getAccessCredentials.

func (GetAccessCredentialsOutputArgs) ElementType added in v4.6.0 

func (GetAccessCredentialsOutputArgs) ElementType() reflect.Type

type GetAccessCredentialsResult 

type GetAccessCredentialsResult struct {
	Backend string `pulumi:"backend"`
	// The current set password on the Active Directory service account.
	CurrentPassword string `pulumi:"currentPassword"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The current set password on the Active Directory service account, provided because AD is eventually consistent.
	LastPassword string `pulumi:"lastPassword"`
	Role         string `pulumi:"role"`
	// The Active Directory service account username.
	Username string `pulumi:"username"`
}

A collection of values returned by getAccessCredentials.

func GetAccessCredentials 

func GetAccessCredentials(ctx *pulumi.Context, args *GetAccessCredentialsArgs, opts ...pulumi.InvokeOption) (*GetAccessCredentialsResult, error)

type GetAccessCredentialsResultOutput added in v4.6.0 

type GetAccessCredentialsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAccessCredentials.

func GetAccessCredentialsOutput added in v4.6.0 

func GetAccessCredentialsOutput(ctx *pulumi.Context, args GetAccessCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) Backend added in v4.6.0 

func (o GetAccessCredentialsResultOutput) Backend() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) CurrentPassword added in v4.6.0 

func (o GetAccessCredentialsResultOutput) CurrentPassword() pulumi.StringOutput

The current set password on the Active Directory service account.

func (GetAccessCredentialsResultOutput) ElementType added in v4.6.0 

func (GetAccessCredentialsResultOutput) ElementType() reflect.Type

func (GetAccessCredentialsResultOutput) Id added in v4.6.0 

func (o GetAccessCredentialsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAccessCredentialsResultOutput) LastPassword added in v4.6.0 

func (o GetAccessCredentialsResultOutput) LastPassword() pulumi.StringOutput

The current set password on the Active Directory service account, provided because AD is eventually consistent.

func (GetAccessCredentialsResultOutput) Role added in v4.6.0 

func (o GetAccessCredentialsResultOutput) Role() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutput added in v4.6.0 

func (o GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutput() GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutputWithContext added in v4.6.0 

func (o GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutputWithContext(ctx context.Context) GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) Username added in v4.6.0 

func (o GetAccessCredentialsResultOutput) Username() pulumi.StringOutput

The Active Directory service account username.

type SecretBackend 

type SecretBackend struct {
	pulumi.CustomResourceState

	// Use anonymous binds when performing LDAP group searches
	// (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch pulumi.BoolPtrOutput `pulumi:"anonymousGroupSearch"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ad`.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// Distinguished name of object to bind when performing user and group search.
	Binddn pulumi.StringOutput `pulumi:"binddn"`
	// Password to use along with binddn when performing user search.
	Bindpass pulumi.StringOutput `pulumi:"bindpass"`
	// If set, user and group names assigned to policies within the
	// backend will be case sensitive. Otherwise, names will be normalized to lower case.
	CaseSensitiveNames pulumi.BoolPtrOutput `pulumi:"caseSensitiveNames"`
	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	Certificate pulumi.StringPtrOutput `pulumi:"certificate"`
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsCert pulumi.StringPtrOutput `pulumi:"clientTlsCert"`
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsKey pulumi.StringPtrOutput `pulumi:"clientTlsKey"`
	// Default lease duration for secrets in seconds.
	DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"`
	// Denies an unauthenticated LDAP bind request if the user's password is empty;
	// defaults to true.
	DenyNullBind pulumi.BoolPtrOutput `pulumi:"denyNullBind"`
	// Human-friendly description of the mount for the Active Directory backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Use anonymous bind to discover the bind Distinguished Name of a user.
	Discoverdn pulumi.BoolPtrOutput `pulumi:"discoverdn"`
	// Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". This
	// setting is deprecated and should instead use `passwordPolicy`.
	//
	// Deprecated: Formatter is deprecated and password_policy should be used with Vault >= 1.5.
	Formatter pulumi.StringOutput `pulumi:"formatter"`
	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
	// user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
	Groupattr pulumi.StringPtrOutput `pulumi:"groupattr"`
	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
	Groupdn pulumi.StringPtrOutput `pulumi:"groupdn"`
	// Go template for querying group membership of user (optional) The template can access
	// the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
	Groupfilter pulumi.StringPtrOutput `pulumi:"groupfilter"`
	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to `false`.
	InsecureTls pulumi.BoolPtrOutput `pulumi:"insecureTls"`
	// The number of seconds after a Vault rotation where, if Active Directory
	// shows a later rotation, it should be considered out-of-band
	LastRotationTolerance pulumi.IntOutput `pulumi:"lastRotationTolerance"`
	// The desired length of passwords that Vault generates. This
	// setting is deprecated and should instead use `passwordPolicy`.
	//
	// Deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.
	Length pulumi.IntOutput `pulumi:"length"`
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTtlSeconds pulumi.IntOutput `pulumi:"maxLeaseTtlSeconds"`
	// In seconds, the maximum password time-to-live.
	MaxTtl pulumi.IntOutput `pulumi:"maxTtl"`
	// Name of the password policy to use to generate passwords.
	PasswordPolicy pulumi.StringPtrOutput `pulumi:"passwordPolicy"`
	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	RequestTimeout pulumi.IntPtrOutput `pulumi:"requestTimeout"`
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls pulumi.BoolOutput `pulumi:"starttls"`
	// Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
	// `tls12` or `tls13`. Defaults to `tls12`.
	TlsMaxVersion pulumi.StringOutput `pulumi:"tlsMaxVersion"`
	// Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
	// `tls12` or `tls13`. Defaults to `tls12`.
	TlsMinVersion pulumi.StringOutput `pulumi:"tlsMinVersion"`
	// In seconds, the default password time-to-live.
	Ttl pulumi.IntOutput `pulumi:"ttl"`
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain pulumi.StringOutput `pulumi:"upndomain"`
	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
	Url pulumi.StringPtrOutput `pulumi:"url"`
	// In Vault 1.1.1 a fix for handling group CN values of
	// different cases unfortunately introduced a regression that could cause previously defined groups
	// to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
	// matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
	// compatibility. It is enabled by default if the config is upgraded but disabled by default on
	// new configurations.
	UsePre111GroupCnBehavior pulumi.BoolOutput `pulumi:"usePre111GroupCnBehavior"`
	// If true, use the Active Directory tokenGroups constructed attribute of the
	// user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups pulumi.BoolPtrOutput `pulumi:"useTokenGroups"`
	// Attribute used when searching users. Defaults to `cn`.
	Userattr pulumi.StringPtrOutput `pulumi:"userattr"`
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	Userdn pulumi.StringPtrOutput `pulumi:"userdn"`
}

## Import

AD secret backend can be imported using the `backend`, e.g.

```sh 

$ pulumi import vault:ad/secretBackend:SecretBackend ad ad

```

func GetSecretBackend 

func GetSecretBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendState, opts ...pulumi.ResourceOption) (*SecretBackend, error)

GetSecretBackend gets an existing SecretBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackend 

func NewSecretBackend(ctx *pulumi.Context,
	name string, args *SecretBackendArgs, opts ...pulumi.ResourceOption) (*SecretBackend, error)

NewSecretBackend registers a new resource with the given unique name, arguments, and options.

func (*SecretBackend) ElementType 

func (*SecretBackend) ElementType() reflect.Type

func (*SecretBackend) ToSecretBackendOutput 

func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput

func (*SecretBackend) ToSecretBackendOutputWithContext 

func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

func (*SecretBackend) ToSecretBackendPtrOutput 

func (i *SecretBackend) ToSecretBackendPtrOutput() SecretBackendPtrOutput

func (*SecretBackend) ToSecretBackendPtrOutputWithContext 

func (i *SecretBackend) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput

type SecretBackendArgs 

type SecretBackendArgs struct {
	// Use anonymous binds when performing LDAP group searches
	// (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch pulumi.BoolPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ad`.
	Backend pulumi.StringPtrInput
	// Distinguished name of object to bind when performing user and group search.
	Binddn pulumi.StringInput
	// Password to use along with binddn when performing user search.
	Bindpass pulumi.StringInput
	// If set, user and group names assigned to policies within the
	// backend will be case sensitive. Otherwise, names will be normalized to lower case.
	CaseSensitiveNames pulumi.BoolPtrInput
	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	Certificate pulumi.StringPtrInput
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsCert pulumi.StringPtrInput
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsKey pulumi.StringPtrInput
	// Default lease duration for secrets in seconds.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// Denies an unauthenticated LDAP bind request if the user's password is empty;
	// defaults to true.
	DenyNullBind pulumi.BoolPtrInput
	// Human-friendly description of the mount for the Active Directory backend.
	Description pulumi.StringPtrInput
	// Use anonymous bind to discover the bind Distinguished Name of a user.
	Discoverdn pulumi.BoolPtrInput
	// Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". This
	// setting is deprecated and should instead use `passwordPolicy`.
	//
	// Deprecated: Formatter is deprecated and password_policy should be used with Vault >= 1.5.
	Formatter pulumi.StringPtrInput
	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
	// user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
	Groupattr pulumi.StringPtrInput
	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
	Groupdn pulumi.StringPtrInput
	// Go template for querying group membership of user (optional) The template can access
	// the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
	Groupfilter pulumi.StringPtrInput
	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to `false`.
	InsecureTls pulumi.BoolPtrInput
	// The number of seconds after a Vault rotation where, if Active Directory
	// shows a later rotation, it should be considered out-of-band
	LastRotationTolerance pulumi.IntPtrInput
	// The desired length of passwords that Vault generates. This
	// setting is deprecated and should instead use `passwordPolicy`.
	//
	// Deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.
	Length pulumi.IntPtrInput
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	Local pulumi.BoolPtrInput
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// In seconds, the maximum password time-to-live.
	MaxTtl pulumi.IntPtrInput
	// Name of the password policy to use to generate passwords.
	PasswordPolicy pulumi.StringPtrInput
	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	RequestTimeout pulumi.IntPtrInput
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls pulumi.BoolPtrInput
	// Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
	// `tls12` or `tls13`. Defaults to `tls12`.
	TlsMaxVersion pulumi.StringPtrInput
	// Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
	// `tls12` or `tls13`. Defaults to `tls12`.
	TlsMinVersion pulumi.StringPtrInput
	// In seconds, the default password time-to-live.
	Ttl pulumi.IntPtrInput
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain pulumi.StringPtrInput
	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
	Url pulumi.StringPtrInput
	// In Vault 1.1.1 a fix for handling group CN values of
	// different cases unfortunately introduced a regression that could cause previously defined groups
	// to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
	// matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
	// compatibility. It is enabled by default if the config is upgraded but disabled by default on
	// new configurations.
	UsePre111GroupCnBehavior pulumi.BoolPtrInput
	// If true, use the Active Directory tokenGroups constructed attribute of the
	// user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups pulumi.BoolPtrInput
	// Attribute used when searching users. Defaults to `cn`.
	Userattr pulumi.StringPtrInput
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	Userdn pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackend resource.

func (SecretBackendArgs) ElementType 

func (SecretBackendArgs) ElementType() reflect.Type

type SecretBackendArray 

type SecretBackendArray []SecretBackendInput

func (SecretBackendArray) ElementType 

func (SecretBackendArray) ElementType() reflect.Type

func (SecretBackendArray) ToSecretBackendArrayOutput 

func (i SecretBackendArray) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArray) ToSecretBackendArrayOutputWithContext 

func (i SecretBackendArray) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendArrayInput 

type SecretBackendArrayInput interface {
	pulumi.Input

	ToSecretBackendArrayOutput() SecretBackendArrayOutput
	ToSecretBackendArrayOutputWithContext(context.Context) SecretBackendArrayOutput
}

SecretBackendArrayInput is an input type that accepts SecretBackendArray and SecretBackendArrayOutput values. You can construct a concrete instance of `SecretBackendArrayInput` via: 

SecretBackendArray{ SecretBackendArgs{...} }

type SecretBackendArrayOutput 

type SecretBackendArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendArrayOutput) ElementType 

func (SecretBackendArrayOutput) ElementType() reflect.Type

func (SecretBackendArrayOutput) Index 

func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutput 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendInput 

type SecretBackendInput interface {
	pulumi.Input

	ToSecretBackendOutput() SecretBackendOutput
	ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
}

type SecretBackendMap 

type SecretBackendMap map[string]SecretBackendInput

func (SecretBackendMap) ElementType 

func (SecretBackendMap) ElementType() reflect.Type

func (SecretBackendMap) ToSecretBackendMapOutput 

func (i SecretBackendMap) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMap) ToSecretBackendMapOutputWithContext 

func (i SecretBackendMap) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendMapInput 

type SecretBackendMapInput interface {
	pulumi.Input

	ToSecretBackendMapOutput() SecretBackendMapOutput
	ToSecretBackendMapOutputWithContext(context.Context) SecretBackendMapOutput
}

SecretBackendMapInput is an input type that accepts SecretBackendMap and SecretBackendMapOutput values. You can construct a concrete instance of `SecretBackendMapInput` via: 

SecretBackendMap{ "key": SecretBackendArgs{...} }

type SecretBackendMapOutput 

type SecretBackendMapOutput struct{ *pulumi.OutputState }

func (SecretBackendMapOutput) ElementType 

func (SecretBackendMapOutput) ElementType() reflect.Type

func (SecretBackendMapOutput) MapIndex 

func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutput 

func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutputWithContext 

func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendOutput 

type SecretBackendOutput struct{ *pulumi.OutputState }

func (SecretBackendOutput) ElementType 

func (SecretBackendOutput) ElementType() reflect.Type

func (SecretBackendOutput) ToSecretBackendOutput 

func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendOutputWithContext 

func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendPtrOutput 

func (o SecretBackendOutput) ToSecretBackendPtrOutput() SecretBackendPtrOutput

func (SecretBackendOutput) ToSecretBackendPtrOutputWithContext 

func (o SecretBackendOutput) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput

type SecretBackendPtrInput 

type SecretBackendPtrInput interface {
	pulumi.Input

	ToSecretBackendPtrOutput() SecretBackendPtrOutput
	ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput
}

type SecretBackendPtrOutput 

type SecretBackendPtrOutput struct{ *pulumi.OutputState }

func (SecretBackendPtrOutput) Elem added in v4.6.0 

func (o SecretBackendPtrOutput) Elem() SecretBackendOutput

func (SecretBackendPtrOutput) ElementType 

func (SecretBackendPtrOutput) ElementType() reflect.Type

func (SecretBackendPtrOutput) ToSecretBackendPtrOutput 

func (o SecretBackendPtrOutput) ToSecretBackendPtrOutput() SecretBackendPtrOutput

func (SecretBackendPtrOutput) ToSecretBackendPtrOutputWithContext 

func (o SecretBackendPtrOutput) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput

type SecretBackendState 

type SecretBackendState struct {
	// Use anonymous binds when performing LDAP group searches
	// (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch pulumi.BoolPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ad`.
	Backend pulumi.StringPtrInput
	// Distinguished name of object to bind when performing user and group search.
	Binddn pulumi.StringPtrInput
	// Password to use along with binddn when performing user search.
	Bindpass pulumi.StringPtrInput
	// If set, user and group names assigned to policies within the
	// backend will be case sensitive. Otherwise, names will be normalized to lower case.
	CaseSensitiveNames pulumi.BoolPtrInput
	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	Certificate pulumi.StringPtrInput
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsCert pulumi.StringPtrInput
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsKey pulumi.StringPtrInput
	// Default lease duration for secrets in seconds.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// Denies an unauthenticated LDAP bind request if the user's password is empty;
	// defaults to true.
	DenyNullBind pulumi.BoolPtrInput
	// Human-friendly description of the mount for the Active Directory backend.
	Description pulumi.StringPtrInput
	// Use anonymous bind to discover the bind Distinguished Name of a user.
	Discoverdn pulumi.BoolPtrInput
	// Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". This
	// setting is deprecated and should instead use `passwordPolicy`.
	//
	// Deprecated: Formatter is deprecated and password_policy should be used with Vault >= 1.5.
	Formatter pulumi.StringPtrInput
	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
	// user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
	Groupattr pulumi.StringPtrInput
	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
	Groupdn pulumi.StringPtrInput
	// Go template for querying group membership of user (optional) The template can access
	// the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
	Groupfilter pulumi.StringPtrInput
	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to `false`.
	InsecureTls pulumi.BoolPtrInput
	// The number of seconds after a Vault rotation where, if Active Directory
	// shows a later rotation, it should be considered out-of-band
	LastRotationTolerance pulumi.IntPtrInput
	// The desired length of passwords that Vault generates. This
	// setting is deprecated and should instead use `passwordPolicy`.
	//
	// Deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.
	Length pulumi.IntPtrInput
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	Local pulumi.BoolPtrInput
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// In seconds, the maximum password time-to-live.
	MaxTtl pulumi.IntPtrInput
	// Name of the password policy to use to generate passwords.
	PasswordPolicy pulumi.StringPtrInput
	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	RequestTimeout pulumi.IntPtrInput
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls pulumi.BoolPtrInput
	// Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
	// `tls12` or `tls13`. Defaults to `tls12`.
	TlsMaxVersion pulumi.StringPtrInput
	// Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
	// `tls12` or `tls13`. Defaults to `tls12`.
	TlsMinVersion pulumi.StringPtrInput
	// In seconds, the default password time-to-live.
	Ttl pulumi.IntPtrInput
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain pulumi.StringPtrInput
	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
	Url pulumi.StringPtrInput
	// In Vault 1.1.1 a fix for handling group CN values of
	// different cases unfortunately introduced a regression that could cause previously defined groups
	// to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
	// matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
	// compatibility. It is enabled by default if the config is upgraded but disabled by default on
	// new configurations.
	UsePre111GroupCnBehavior pulumi.BoolPtrInput
	// If true, use the Active Directory tokenGroups constructed attribute of the
	// user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups pulumi.BoolPtrInput
	// Attribute used when searching users. Defaults to `cn`.
	Userattr pulumi.StringPtrInput
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	Userdn pulumi.StringPtrInput
}

func (SecretBackendState) ElementType 

func (SecretBackendState) ElementType() reflect.Type

type SecretLibrary 

type SecretLibrary struct {
	pulumi.CustomResourceState

	// The mount path for the AD backend.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// Disable enforcing that service accounts must be checked in by the entity or client token that checked them out.
	DisableCheckInEnforcement pulumi.BoolPtrOutput `pulumi:"disableCheckInEnforcement"`
	// The maximum amount of time, in seconds, a check-out last with renewal before Vault automatically checks it back in.
	MaxTtl pulumi.IntOutput `pulumi:"maxTtl"`
	// The name of the set of service accounts.
	Name pulumi.StringOutput `pulumi:"name"`
	// The names of all the service accounts that can be checked out from this set. These service accounts must already exist
	// in Active Directory.
	ServiceAccountNames pulumi.StringArrayOutput `pulumi:"serviceAccountNames"`
	// The amount of time, in seconds, a single check-out lasts before Vault automatically checks it back in.
	Ttl pulumi.IntOutput `pulumi:"ttl"`
}

func GetSecretLibrary 

func GetSecretLibrary(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretLibraryState, opts ...pulumi.ResourceOption) (*SecretLibrary, error)

GetSecretLibrary gets an existing SecretLibrary resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretLibrary 

func NewSecretLibrary(ctx *pulumi.Context,
	name string, args *SecretLibraryArgs, opts ...pulumi.ResourceOption) (*SecretLibrary, error)

NewSecretLibrary registers a new resource with the given unique name, arguments, and options.

func (*SecretLibrary) ElementType 

func (*SecretLibrary) ElementType() reflect.Type

func (*SecretLibrary) ToSecretLibraryOutput 

func (i *SecretLibrary) ToSecretLibraryOutput() SecretLibraryOutput

func (*SecretLibrary) ToSecretLibraryOutputWithContext 

func (i *SecretLibrary) ToSecretLibraryOutputWithContext(ctx context.Context) SecretLibraryOutput

func (*SecretLibrary) ToSecretLibraryPtrOutput 

func (i *SecretLibrary) ToSecretLibraryPtrOutput() SecretLibraryPtrOutput

func (*SecretLibrary) ToSecretLibraryPtrOutputWithContext 

func (i *SecretLibrary) ToSecretLibraryPtrOutputWithContext(ctx context.Context) SecretLibraryPtrOutput

type SecretLibraryArgs 

type SecretLibraryArgs struct {
	// The mount path for the AD backend.
	Backend pulumi.StringInput
	// Disable enforcing that service accounts must be checked in by the entity or client token that checked them out.
	DisableCheckInEnforcement pulumi.BoolPtrInput
	// The maximum amount of time, in seconds, a check-out last with renewal before Vault automatically checks it back in.
	MaxTtl pulumi.IntPtrInput
	// The name of the set of service accounts.
	Name pulumi.StringPtrInput
	// The names of all the service accounts that can be checked out from this set. These service accounts must already exist
	// in Active Directory.
	ServiceAccountNames pulumi.StringArrayInput
	// The amount of time, in seconds, a single check-out lasts before Vault automatically checks it back in.
	Ttl pulumi.IntPtrInput
}

The set of arguments for constructing a SecretLibrary resource.

func (SecretLibraryArgs) ElementType 

func (SecretLibraryArgs) ElementType() reflect.Type

type SecretLibraryArray 

type SecretLibraryArray []SecretLibraryInput

func (SecretLibraryArray) ElementType 

func (SecretLibraryArray) ElementType() reflect.Type

func (SecretLibraryArray) ToSecretLibraryArrayOutput 

func (i SecretLibraryArray) ToSecretLibraryArrayOutput() SecretLibraryArrayOutput

func (SecretLibraryArray) ToSecretLibraryArrayOutputWithContext 

func (i SecretLibraryArray) ToSecretLibraryArrayOutputWithContext(ctx context.Context) SecretLibraryArrayOutput

type SecretLibraryArrayInput 

type SecretLibraryArrayInput interface {
	pulumi.Input

	ToSecretLibraryArrayOutput() SecretLibraryArrayOutput
	ToSecretLibraryArrayOutputWithContext(context.Context) SecretLibraryArrayOutput
}

SecretLibraryArrayInput is an input type that accepts SecretLibraryArray and SecretLibraryArrayOutput values. You can construct a concrete instance of `SecretLibraryArrayInput` via: 

SecretLibraryArray{ SecretLibraryArgs{...} }

type SecretLibraryArrayOutput 

type SecretLibraryArrayOutput struct{ *pulumi.OutputState }

func (SecretLibraryArrayOutput) ElementType 

func (SecretLibraryArrayOutput) ElementType() reflect.Type

func (SecretLibraryArrayOutput) Index 

func (o SecretLibraryArrayOutput) Index(i pulumi.IntInput) SecretLibraryOutput

func (SecretLibraryArrayOutput) ToSecretLibraryArrayOutput 

func (o SecretLibraryArrayOutput) ToSecretLibraryArrayOutput() SecretLibraryArrayOutput

func (SecretLibraryArrayOutput) ToSecretLibraryArrayOutputWithContext 

func (o SecretLibraryArrayOutput) ToSecretLibraryArrayOutputWithContext(ctx context.Context) SecretLibraryArrayOutput

type SecretLibraryInput 

type SecretLibraryInput interface {
	pulumi.Input

	ToSecretLibraryOutput() SecretLibraryOutput
	ToSecretLibraryOutputWithContext(ctx context.Context) SecretLibraryOutput
}

type SecretLibraryMap 

type SecretLibraryMap map[string]SecretLibraryInput

func (SecretLibraryMap) ElementType 

func (SecretLibraryMap) ElementType() reflect.Type

func (SecretLibraryMap) ToSecretLibraryMapOutput 

func (i SecretLibraryMap) ToSecretLibraryMapOutput() SecretLibraryMapOutput

func (SecretLibraryMap) ToSecretLibraryMapOutputWithContext 

func (i SecretLibraryMap) ToSecretLibraryMapOutputWithContext(ctx context.Context) SecretLibraryMapOutput

type SecretLibraryMapInput 

type SecretLibraryMapInput interface {
	pulumi.Input

	ToSecretLibraryMapOutput() SecretLibraryMapOutput
	ToSecretLibraryMapOutputWithContext(context.Context) SecretLibraryMapOutput
}

SecretLibraryMapInput is an input type that accepts SecretLibraryMap and SecretLibraryMapOutput values. You can construct a concrete instance of `SecretLibraryMapInput` via: 

SecretLibraryMap{ "key": SecretLibraryArgs{...} }

type SecretLibraryMapOutput 

type SecretLibraryMapOutput struct{ *pulumi.OutputState }

func (SecretLibraryMapOutput) ElementType 

func (SecretLibraryMapOutput) ElementType() reflect.Type

func (SecretLibraryMapOutput) MapIndex 

func (o SecretLibraryMapOutput) MapIndex(k pulumi.StringInput) SecretLibraryOutput

func (SecretLibraryMapOutput) ToSecretLibraryMapOutput 

func (o SecretLibraryMapOutput) ToSecretLibraryMapOutput() SecretLibraryMapOutput

func (SecretLibraryMapOutput) ToSecretLibraryMapOutputWithContext 

func (o SecretLibraryMapOutput) ToSecretLibraryMapOutputWithContext(ctx context.Context) SecretLibraryMapOutput

type SecretLibraryOutput 

type SecretLibraryOutput struct{ *pulumi.OutputState }

func (SecretLibraryOutput) ElementType 

func (SecretLibraryOutput) ElementType() reflect.Type

func (SecretLibraryOutput) ToSecretLibraryOutput 

func (o SecretLibraryOutput) ToSecretLibraryOutput() SecretLibraryOutput

func (SecretLibraryOutput) ToSecretLibraryOutputWithContext 

func (o SecretLibraryOutput) ToSecretLibraryOutputWithContext(ctx context.Context) SecretLibraryOutput

func (SecretLibraryOutput) ToSecretLibraryPtrOutput 

func (o SecretLibraryOutput) ToSecretLibraryPtrOutput() SecretLibraryPtrOutput

func (SecretLibraryOutput) ToSecretLibraryPtrOutputWithContext 

func (o SecretLibraryOutput) ToSecretLibraryPtrOutputWithContext(ctx context.Context) SecretLibraryPtrOutput

type SecretLibraryPtrInput 

type SecretLibraryPtrInput interface {
	pulumi.Input

	ToSecretLibraryPtrOutput() SecretLibraryPtrOutput
	ToSecretLibraryPtrOutputWithContext(ctx context.Context) SecretLibraryPtrOutput
}

type SecretLibraryPtrOutput 

type SecretLibraryPtrOutput struct{ *pulumi.OutputState }

func (SecretLibraryPtrOutput) Elem added in v4.6.0 

func (o SecretLibraryPtrOutput) Elem() SecretLibraryOutput

func (SecretLibraryPtrOutput) ElementType 

func (SecretLibraryPtrOutput) ElementType() reflect.Type

func (SecretLibraryPtrOutput) ToSecretLibraryPtrOutput 

func (o SecretLibraryPtrOutput) ToSecretLibraryPtrOutput() SecretLibraryPtrOutput

func (SecretLibraryPtrOutput) ToSecretLibraryPtrOutputWithContext 

func (o SecretLibraryPtrOutput) ToSecretLibraryPtrOutputWithContext(ctx context.Context) SecretLibraryPtrOutput

type SecretLibraryState 

type SecretLibraryState struct {
	// The mount path for the AD backend.
	Backend pulumi.StringPtrInput
	// Disable enforcing that service accounts must be checked in by the entity or client token that checked them out.
	DisableCheckInEnforcement pulumi.BoolPtrInput
	// The maximum amount of time, in seconds, a check-out last with renewal before Vault automatically checks it back in.
	MaxTtl pulumi.IntPtrInput
	// The name of the set of service accounts.
	Name pulumi.StringPtrInput
	// The names of all the service accounts that can be checked out from this set. These service accounts must already exist
	// in Active Directory.
	ServiceAccountNames pulumi.StringArrayInput
	// The amount of time, in seconds, a single check-out lasts before Vault automatically checks it back in.
	Ttl pulumi.IntPtrInput
}

func (SecretLibraryState) ElementType 

func (SecretLibraryState) ElementType() reflect.Type

type SecretRole 

type SecretRole struct {
	pulumi.CustomResourceState

	// The mount path for the AD backend.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// Last time Vault rotated this service account's password.
	LastVaultRotation pulumi.StringOutput `pulumi:"lastVaultRotation"`
	// Last time Vault set this service account's password.
	PasswordLastSet pulumi.StringOutput `pulumi:"passwordLastSet"`
	// Name of the role.
	Role pulumi.StringOutput `pulumi:"role"`
	// The username/logon name for the service account with which this role will be associated.
	ServiceAccountName pulumi.StringOutput `pulumi:"serviceAccountName"`
	// In seconds, the default password time-to-live.
	Ttl pulumi.IntPtrOutput `pulumi:"ttl"`
}

func GetSecretRole 

func GetSecretRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretRoleState, opts ...pulumi.ResourceOption) (*SecretRole, error)

GetSecretRole gets an existing SecretRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretRole 

func NewSecretRole(ctx *pulumi.Context,
	name string, args *SecretRoleArgs, opts ...pulumi.ResourceOption) (*SecretRole, error)

NewSecretRole registers a new resource with the given unique name, arguments, and options.

func (*SecretRole) ElementType 

func (*SecretRole) ElementType() reflect.Type

func (*SecretRole) ToSecretRoleOutput 

func (i *SecretRole) ToSecretRoleOutput() SecretRoleOutput

func (*SecretRole) ToSecretRoleOutputWithContext 

func (i *SecretRole) ToSecretRoleOutputWithContext(ctx context.Context) SecretRoleOutput

func (*SecretRole) ToSecretRolePtrOutput 

func (i *SecretRole) ToSecretRolePtrOutput() SecretRolePtrOutput

func (*SecretRole) ToSecretRolePtrOutputWithContext 

func (i *SecretRole) ToSecretRolePtrOutputWithContext(ctx context.Context) SecretRolePtrOutput

type SecretRoleArgs 

type SecretRoleArgs struct {
	// The mount path for the AD backend.
	Backend pulumi.StringInput
	// Name of the role.
	Role pulumi.StringInput
	// The username/logon name for the service account with which this role will be associated.
	ServiceAccountName pulumi.StringInput
	// In seconds, the default password time-to-live.
	Ttl pulumi.IntPtrInput
}

The set of arguments for constructing a SecretRole resource.

func (SecretRoleArgs) ElementType 

func (SecretRoleArgs) ElementType() reflect.Type

type SecretRoleArray 

type SecretRoleArray []SecretRoleInput

func (SecretRoleArray) ElementType 

func (SecretRoleArray) ElementType() reflect.Type

func (SecretRoleArray) ToSecretRoleArrayOutput 

func (i SecretRoleArray) ToSecretRoleArrayOutput() SecretRoleArrayOutput

func (SecretRoleArray) ToSecretRoleArrayOutputWithContext 

func (i SecretRoleArray) ToSecretRoleArrayOutputWithContext(ctx context.Context) SecretRoleArrayOutput

type SecretRoleArrayInput 

type SecretRoleArrayInput interface {
	pulumi.Input

	ToSecretRoleArrayOutput() SecretRoleArrayOutput
	ToSecretRoleArrayOutputWithContext(context.Context) SecretRoleArrayOutput
}

SecretRoleArrayInput is an input type that accepts SecretRoleArray and SecretRoleArrayOutput values. You can construct a concrete instance of `SecretRoleArrayInput` via: 

SecretRoleArray{ SecretRoleArgs{...} }

type SecretRoleArrayOutput 

type SecretRoleArrayOutput struct{ *pulumi.OutputState }

func (SecretRoleArrayOutput) ElementType 

func (SecretRoleArrayOutput) ElementType() reflect.Type

func (SecretRoleArrayOutput) Index 

func (o SecretRoleArrayOutput) Index(i pulumi.IntInput) SecretRoleOutput

func (SecretRoleArrayOutput) ToSecretRoleArrayOutput 

func (o SecretRoleArrayOutput) ToSecretRoleArrayOutput() SecretRoleArrayOutput

func (SecretRoleArrayOutput) ToSecretRoleArrayOutputWithContext 

func (o SecretRoleArrayOutput) ToSecretRoleArrayOutputWithContext(ctx context.Context) SecretRoleArrayOutput

type SecretRoleInput 

type SecretRoleInput interface {
	pulumi.Input

	ToSecretRoleOutput() SecretRoleOutput
	ToSecretRoleOutputWithContext(ctx context.Context) SecretRoleOutput
}

type SecretRoleMap 

type SecretRoleMap map[string]SecretRoleInput

func (SecretRoleMap) ElementType 

func (SecretRoleMap) ElementType() reflect.Type

func (SecretRoleMap) ToSecretRoleMapOutput 

func (i SecretRoleMap) ToSecretRoleMapOutput() SecretRoleMapOutput

func (SecretRoleMap) ToSecretRoleMapOutputWithContext 

func (i SecretRoleMap) ToSecretRoleMapOutputWithContext(ctx context.Context) SecretRoleMapOutput

type SecretRoleMapInput 

type SecretRoleMapInput interface {
	pulumi.Input

	ToSecretRoleMapOutput() SecretRoleMapOutput
	ToSecretRoleMapOutputWithContext(context.Context) SecretRoleMapOutput
}

SecretRoleMapInput is an input type that accepts SecretRoleMap and SecretRoleMapOutput values. You can construct a concrete instance of `SecretRoleMapInput` via: 

SecretRoleMap{ "key": SecretRoleArgs{...} }

type SecretRoleMapOutput 

type SecretRoleMapOutput struct{ *pulumi.OutputState }

func (SecretRoleMapOutput) ElementType 

func (SecretRoleMapOutput) ElementType() reflect.Type

func (SecretRoleMapOutput) MapIndex 

func (o SecretRoleMapOutput) MapIndex(k pulumi.StringInput) SecretRoleOutput

func (SecretRoleMapOutput) ToSecretRoleMapOutput 

func (o SecretRoleMapOutput) ToSecretRoleMapOutput() SecretRoleMapOutput

func (SecretRoleMapOutput) ToSecretRoleMapOutputWithContext 

func (o SecretRoleMapOutput) ToSecretRoleMapOutputWithContext(ctx context.Context) SecretRoleMapOutput

type SecretRoleOutput 

type SecretRoleOutput struct{ *pulumi.OutputState }

func (SecretRoleOutput) ElementType 

func (SecretRoleOutput) ElementType() reflect.Type

func (SecretRoleOutput) ToSecretRoleOutput 

func (o SecretRoleOutput) ToSecretRoleOutput() SecretRoleOutput

func (SecretRoleOutput) ToSecretRoleOutputWithContext 

func (o SecretRoleOutput) ToSecretRoleOutputWithContext(ctx context.Context) SecretRoleOutput

func (SecretRoleOutput) ToSecretRolePtrOutput 

func (o SecretRoleOutput) ToSecretRolePtrOutput() SecretRolePtrOutput

func (SecretRoleOutput) ToSecretRolePtrOutputWithContext 

func (o SecretRoleOutput) ToSecretRolePtrOutputWithContext(ctx context.Context) SecretRolePtrOutput

type SecretRolePtrInput 

type SecretRolePtrInput interface {
	pulumi.Input

	ToSecretRolePtrOutput() SecretRolePtrOutput
	ToSecretRolePtrOutputWithContext(ctx context.Context) SecretRolePtrOutput
}

type SecretRolePtrOutput 

type SecretRolePtrOutput struct{ *pulumi.OutputState }

func (SecretRolePtrOutput) Elem added in v4.6.0 

func (o SecretRolePtrOutput) Elem() SecretRoleOutput

func (SecretRolePtrOutput) ElementType 

func (SecretRolePtrOutput) ElementType() reflect.Type

func (SecretRolePtrOutput) ToSecretRolePtrOutput 

func (o SecretRolePtrOutput) ToSecretRolePtrOutput() SecretRolePtrOutput

func (SecretRolePtrOutput) ToSecretRolePtrOutputWithContext 

func (o SecretRolePtrOutput) ToSecretRolePtrOutputWithContext(ctx context.Context) SecretRolePtrOutput

type SecretRoleState 

type SecretRoleState struct {
	// The mount path for the AD backend.
	Backend pulumi.StringPtrInput
	// Last time Vault rotated this service account's password.
	LastVaultRotation pulumi.StringPtrInput
	// Last time Vault set this service account's password.
	PasswordLastSet pulumi.StringPtrInput
	// Name of the role.
	Role pulumi.StringPtrInput
	// The username/logon name for the service account with which this role will be associated.
	ServiceAccountName pulumi.StringPtrInput
	// In seconds, the default password time-to-live.
	Ttl pulumi.IntPtrInput
}

func (SecretRoleState) ElementType 

func (SecretRoleState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.