ldap

package
v4.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackend 

type AuthBackend struct {
	pulumi.CustomResourceState

	// The accessor for this auth mount.
	Accessor pulumi.StringOutput `pulumi:"accessor"`
	// DN of object to bind when performing user search
	Binddn pulumi.StringOutput `pulumi:"binddn"`
	// Password to use with `binddn` when performing user search
	Bindpass pulumi.StringOutput `pulumi:"bindpass"`
	// Trusted CA to validate TLS certificate
	Certificate   pulumi.StringOutput `pulumi:"certificate"`
	ClientTlsCert pulumi.StringOutput `pulumi:"clientTlsCert"`
	ClientTlsKey  pulumi.StringOutput `pulumi:"clientTlsKey"`
	DenyNullBind  pulumi.BoolOutput   `pulumi:"denyNullBind"`
	// Description for the LDAP auth backend mount
	Description pulumi.StringOutput `pulumi:"description"`
	Discoverdn  pulumi.BoolOutput   `pulumi:"discoverdn"`
	// LDAP attribute to follow on objects returned by groupfilter
	Groupattr pulumi.StringOutput `pulumi:"groupattr"`
	// Base DN under which to perform group search
	Groupdn pulumi.StringOutput `pulumi:"groupdn"`
	// Go template used to construct group membership query
	Groupfilter pulumi.StringOutput `pulumi:"groupfilter"`
	// Control whether or TLS certificates must be validated
	InsecureTls pulumi.BoolOutput `pulumi:"insecureTls"`
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// Path to mount the LDAP auth backend under
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// Control use of TLS when conecting to LDAP
	Starttls pulumi.BoolOutput `pulumi:"starttls"`
	// Maximum acceptable version of TLS
	TlsMaxVersion pulumi.StringOutput `pulumi:"tlsMaxVersion"`
	// Minimum acceptable version of TLS
	TlsMinVersion pulumi.StringOutput `pulumi:"tlsMinVersion"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
	// The userPrincipalDomain used to construct UPN string
	Upndomain pulumi.StringOutput `pulumi:"upndomain"`
	// The URL of the LDAP server
	Url pulumi.StringOutput `pulumi:"url"`
	// Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
	UseTokenGroups pulumi.BoolOutput `pulumi:"useTokenGroups"`
	// Attribute on user object matching username passed in
	Userattr pulumi.StringOutput `pulumi:"userattr"`
	// Base DN under which to perform user search
	Userdn pulumi.StringOutput `pulumi:"userdn"`
}

Provides a resource for managing an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
			Discoverdn:  pulumi.Bool(false),
			Groupdn:     pulumi.String("OU=Groups,DC=example,DC=org"),
			Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
			Path:        pulumi.String("ldap"),
			Upndomain:   pulumi.String("EXAMPLE.ORG"),
			Url:         pulumi.String("ldaps://dc-01.example.org"),
			Userattr:    pulumi.String("sAMAccountName"),
			Userdn:      pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP authentication backends can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap

```

func GetAuthBackend 

func GetAuthBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendState, opts ...pulumi.ResourceOption) (*AuthBackend, error)

GetAuthBackend gets an existing AuthBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackend 

func NewAuthBackend(ctx *pulumi.Context,
	name string, args *AuthBackendArgs, opts ...pulumi.ResourceOption) (*AuthBackend, error)

NewAuthBackend registers a new resource with the given unique name, arguments, and options.

func (*AuthBackend) ElementType 

func (*AuthBackend) ElementType() reflect.Type

func (*AuthBackend) ToAuthBackendOutput 

func (i *AuthBackend) ToAuthBackendOutput() AuthBackendOutput

func (*AuthBackend) ToAuthBackendOutputWithContext 

func (i *AuthBackend) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

func (*AuthBackend) ToAuthBackendPtrOutput 

func (i *AuthBackend) ToAuthBackendPtrOutput() AuthBackendPtrOutput

func (*AuthBackend) ToAuthBackendPtrOutputWithContext 

func (i *AuthBackend) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput

type AuthBackendArgs 

type AuthBackendArgs struct {
	// DN of object to bind when performing user search
	Binddn pulumi.StringPtrInput
	// Password to use with `binddn` when performing user search
	Bindpass pulumi.StringPtrInput
	// Trusted CA to validate TLS certificate
	Certificate   pulumi.StringPtrInput
	ClientTlsCert pulumi.StringPtrInput
	ClientTlsKey  pulumi.StringPtrInput
	DenyNullBind  pulumi.BoolPtrInput
	// Description for the LDAP auth backend mount
	Description pulumi.StringPtrInput
	Discoverdn  pulumi.BoolPtrInput
	// LDAP attribute to follow on objects returned by groupfilter
	Groupattr pulumi.StringPtrInput
	// Base DN under which to perform group search
	Groupdn pulumi.StringPtrInput
	// Go template used to construct group membership query
	Groupfilter pulumi.StringPtrInput
	// Control whether or TLS certificates must be validated
	InsecureTls pulumi.BoolPtrInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// Path to mount the LDAP auth backend under
	Path pulumi.StringPtrInput
	// Control use of TLS when conecting to LDAP
	Starttls pulumi.BoolPtrInput
	// Maximum acceptable version of TLS
	TlsMaxVersion pulumi.StringPtrInput
	// Minimum acceptable version of TLS
	TlsMinVersion pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The userPrincipalDomain used to construct UPN string
	Upndomain pulumi.StringPtrInput
	// The URL of the LDAP server
	Url pulumi.StringInput
	// Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
	UseTokenGroups pulumi.BoolPtrInput
	// Attribute on user object matching username passed in
	Userattr pulumi.StringPtrInput
	// Base DN under which to perform user search
	Userdn pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackend resource.

func (AuthBackendArgs) ElementType 

func (AuthBackendArgs) ElementType() reflect.Type

type AuthBackendArray 

type AuthBackendArray []AuthBackendInput

func (AuthBackendArray) ElementType 

func (AuthBackendArray) ElementType() reflect.Type

func (AuthBackendArray) ToAuthBackendArrayOutput 

func (i AuthBackendArray) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArray) ToAuthBackendArrayOutputWithContext 

func (i AuthBackendArray) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendArrayInput 

type AuthBackendArrayInput interface {
	pulumi.Input

	ToAuthBackendArrayOutput() AuthBackendArrayOutput
	ToAuthBackendArrayOutputWithContext(context.Context) AuthBackendArrayOutput
}

AuthBackendArrayInput is an input type that accepts AuthBackendArray and AuthBackendArrayOutput values. You can construct a concrete instance of `AuthBackendArrayInput` via: 

AuthBackendArray{ AuthBackendArgs{...} }

type AuthBackendArrayOutput 

type AuthBackendArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendArrayOutput) ElementType 

func (AuthBackendArrayOutput) ElementType() reflect.Type

func (AuthBackendArrayOutput) Index 

func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutput 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendGroup 

type AuthBackendGroup struct {
	pulumi.CustomResourceState

	// Path to the authentication backend
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The LDAP groupname
	Groupname pulumi.StringOutput `pulumi:"groupname"`
	// Policies which should be granted to members of the group
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
}

Provides a resource to create a group in an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		ldap, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
			Path:        pulumi.String("ldap"),
			Url:         pulumi.String("ldaps://dc-01.example.org"),
			Userdn:      pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
			Userattr:    pulumi.String("sAMAccountName"),
			Upndomain:   pulumi.String("EXAMPLE.ORG"),
			Discoverdn:  pulumi.Bool(false),
			Groupdn:     pulumi.String("OU=Groups,DC=example,DC=org"),
			Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewAuthBackendGroup(ctx, "group", &ldap.AuthBackendGroupArgs{
			Groupname: pulumi.String("dba"),
			Policies: pulumi.StringArray{
				pulumi.String("dba"),
			},
			Backend: ldap.Path,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP authentication backend groups can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:ldap/authBackendGroup:AuthBackendGroup foo auth/ldap/groups/foo

```

func GetAuthBackendGroup 

func GetAuthBackendGroup(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendGroupState, opts ...pulumi.ResourceOption) (*AuthBackendGroup, error)

GetAuthBackendGroup gets an existing AuthBackendGroup resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendGroup 

func NewAuthBackendGroup(ctx *pulumi.Context,
	name string, args *AuthBackendGroupArgs, opts ...pulumi.ResourceOption) (*AuthBackendGroup, error)

NewAuthBackendGroup registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendGroup) ElementType 

func (*AuthBackendGroup) ElementType() reflect.Type

func (*AuthBackendGroup) ToAuthBackendGroupOutput 

func (i *AuthBackendGroup) ToAuthBackendGroupOutput() AuthBackendGroupOutput

func (*AuthBackendGroup) ToAuthBackendGroupOutputWithContext 

func (i *AuthBackendGroup) ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput

func (*AuthBackendGroup) ToAuthBackendGroupPtrOutput 

func (i *AuthBackendGroup) ToAuthBackendGroupPtrOutput() AuthBackendGroupPtrOutput

func (*AuthBackendGroup) ToAuthBackendGroupPtrOutputWithContext 

func (i *AuthBackendGroup) ToAuthBackendGroupPtrOutputWithContext(ctx context.Context) AuthBackendGroupPtrOutput

type AuthBackendGroupArgs 

type AuthBackendGroupArgs struct {
	// Path to the authentication backend
	Backend pulumi.StringPtrInput
	// The LDAP groupname
	Groupname pulumi.StringInput
	// Policies which should be granted to members of the group
	Policies pulumi.StringArrayInput
}

The set of arguments for constructing a AuthBackendGroup resource.

func (AuthBackendGroupArgs) ElementType 

func (AuthBackendGroupArgs) ElementType() reflect.Type

type AuthBackendGroupArray 

type AuthBackendGroupArray []AuthBackendGroupInput

func (AuthBackendGroupArray) ElementType 

func (AuthBackendGroupArray) ElementType() reflect.Type

func (AuthBackendGroupArray) ToAuthBackendGroupArrayOutput 

func (i AuthBackendGroupArray) ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput

func (AuthBackendGroupArray) ToAuthBackendGroupArrayOutputWithContext 

func (i AuthBackendGroupArray) ToAuthBackendGroupArrayOutputWithContext(ctx context.Context) AuthBackendGroupArrayOutput

type AuthBackendGroupArrayInput 

type AuthBackendGroupArrayInput interface {
	pulumi.Input

	ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput
	ToAuthBackendGroupArrayOutputWithContext(context.Context) AuthBackendGroupArrayOutput
}

AuthBackendGroupArrayInput is an input type that accepts AuthBackendGroupArray and AuthBackendGroupArrayOutput values. You can construct a concrete instance of `AuthBackendGroupArrayInput` via: 

AuthBackendGroupArray{ AuthBackendGroupArgs{...} }

type AuthBackendGroupArrayOutput 

type AuthBackendGroupArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendGroupArrayOutput) ElementType 

func (AuthBackendGroupArrayOutput) ElementType() reflect.Type

func (AuthBackendGroupArrayOutput) Index 

func (o AuthBackendGroupArrayOutput) Index(i pulumi.IntInput) AuthBackendGroupOutput

func (AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutput 

func (o AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput

func (AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutputWithContext 

func (o AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutputWithContext(ctx context.Context) AuthBackendGroupArrayOutput

type AuthBackendGroupInput 

type AuthBackendGroupInput interface {
	pulumi.Input

	ToAuthBackendGroupOutput() AuthBackendGroupOutput
	ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput
}

type AuthBackendGroupMap 

type AuthBackendGroupMap map[string]AuthBackendGroupInput

func (AuthBackendGroupMap) ElementType 

func (AuthBackendGroupMap) ElementType() reflect.Type

func (AuthBackendGroupMap) ToAuthBackendGroupMapOutput 

func (i AuthBackendGroupMap) ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput

func (AuthBackendGroupMap) ToAuthBackendGroupMapOutputWithContext 

func (i AuthBackendGroupMap) ToAuthBackendGroupMapOutputWithContext(ctx context.Context) AuthBackendGroupMapOutput

type AuthBackendGroupMapInput 

type AuthBackendGroupMapInput interface {
	pulumi.Input

	ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput
	ToAuthBackendGroupMapOutputWithContext(context.Context) AuthBackendGroupMapOutput
}

AuthBackendGroupMapInput is an input type that accepts AuthBackendGroupMap and AuthBackendGroupMapOutput values. You can construct a concrete instance of `AuthBackendGroupMapInput` via: 

AuthBackendGroupMap{ "key": AuthBackendGroupArgs{...} }

type AuthBackendGroupMapOutput 

type AuthBackendGroupMapOutput struct{ *pulumi.OutputState }

func (AuthBackendGroupMapOutput) ElementType 

func (AuthBackendGroupMapOutput) ElementType() reflect.Type

func (AuthBackendGroupMapOutput) MapIndex 

func (o AuthBackendGroupMapOutput) MapIndex(k pulumi.StringInput) AuthBackendGroupOutput

func (AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutput 

func (o AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput

func (AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutputWithContext 

func (o AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutputWithContext(ctx context.Context) AuthBackendGroupMapOutput

type AuthBackendGroupOutput 

type AuthBackendGroupOutput struct{ *pulumi.OutputState }

func (AuthBackendGroupOutput) ElementType 

func (AuthBackendGroupOutput) ElementType() reflect.Type

func (AuthBackendGroupOutput) ToAuthBackendGroupOutput 

func (o AuthBackendGroupOutput) ToAuthBackendGroupOutput() AuthBackendGroupOutput

func (AuthBackendGroupOutput) ToAuthBackendGroupOutputWithContext 

func (o AuthBackendGroupOutput) ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput

func (AuthBackendGroupOutput) ToAuthBackendGroupPtrOutput 

func (o AuthBackendGroupOutput) ToAuthBackendGroupPtrOutput() AuthBackendGroupPtrOutput

func (AuthBackendGroupOutput) ToAuthBackendGroupPtrOutputWithContext 

func (o AuthBackendGroupOutput) ToAuthBackendGroupPtrOutputWithContext(ctx context.Context) AuthBackendGroupPtrOutput

type AuthBackendGroupPtrInput 

type AuthBackendGroupPtrInput interface {
	pulumi.Input

	ToAuthBackendGroupPtrOutput() AuthBackendGroupPtrOutput
	ToAuthBackendGroupPtrOutputWithContext(ctx context.Context) AuthBackendGroupPtrOutput
}

type AuthBackendGroupPtrOutput 

type AuthBackendGroupPtrOutput struct{ *pulumi.OutputState }

func (AuthBackendGroupPtrOutput) Elem added in v4.6.0 

func (o AuthBackendGroupPtrOutput) Elem() AuthBackendGroupOutput

func (AuthBackendGroupPtrOutput) ElementType 

func (AuthBackendGroupPtrOutput) ElementType() reflect.Type

func (AuthBackendGroupPtrOutput) ToAuthBackendGroupPtrOutput 

func (o AuthBackendGroupPtrOutput) ToAuthBackendGroupPtrOutput() AuthBackendGroupPtrOutput

func (AuthBackendGroupPtrOutput) ToAuthBackendGroupPtrOutputWithContext 

func (o AuthBackendGroupPtrOutput) ToAuthBackendGroupPtrOutputWithContext(ctx context.Context) AuthBackendGroupPtrOutput

type AuthBackendGroupState 

type AuthBackendGroupState struct {
	// Path to the authentication backend
	Backend pulumi.StringPtrInput
	// The LDAP groupname
	Groupname pulumi.StringPtrInput
	// Policies which should be granted to members of the group
	Policies pulumi.StringArrayInput
}

func (AuthBackendGroupState) ElementType 

func (AuthBackendGroupState) ElementType() reflect.Type

type AuthBackendInput 

type AuthBackendInput interface {
	pulumi.Input

	ToAuthBackendOutput() AuthBackendOutput
	ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
}

type AuthBackendMap 

type AuthBackendMap map[string]AuthBackendInput

func (AuthBackendMap) ElementType 

func (AuthBackendMap) ElementType() reflect.Type

func (AuthBackendMap) ToAuthBackendMapOutput 

func (i AuthBackendMap) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMap) ToAuthBackendMapOutputWithContext 

func (i AuthBackendMap) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendMapInput 

type AuthBackendMapInput interface {
	pulumi.Input

	ToAuthBackendMapOutput() AuthBackendMapOutput
	ToAuthBackendMapOutputWithContext(context.Context) AuthBackendMapOutput
}

AuthBackendMapInput is an input type that accepts AuthBackendMap and AuthBackendMapOutput values. You can construct a concrete instance of `AuthBackendMapInput` via: 

AuthBackendMap{ "key": AuthBackendArgs{...} }

type AuthBackendMapOutput 

type AuthBackendMapOutput struct{ *pulumi.OutputState }

func (AuthBackendMapOutput) ElementType 

func (AuthBackendMapOutput) ElementType() reflect.Type

func (AuthBackendMapOutput) MapIndex 

func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutput 

func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutputWithContext 

func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendOutput 

type AuthBackendOutput struct{ *pulumi.OutputState }

func (AuthBackendOutput) ElementType 

func (AuthBackendOutput) ElementType() reflect.Type

func (AuthBackendOutput) ToAuthBackendOutput 

func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput

func (AuthBackendOutput) ToAuthBackendOutputWithContext 

func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

func (AuthBackendOutput) ToAuthBackendPtrOutput 

func (o AuthBackendOutput) ToAuthBackendPtrOutput() AuthBackendPtrOutput

func (AuthBackendOutput) ToAuthBackendPtrOutputWithContext 

func (o AuthBackendOutput) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput

type AuthBackendPtrInput 

type AuthBackendPtrInput interface {
	pulumi.Input

	ToAuthBackendPtrOutput() AuthBackendPtrOutput
	ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput
}

type AuthBackendPtrOutput 

type AuthBackendPtrOutput struct{ *pulumi.OutputState }

func (AuthBackendPtrOutput) Elem added in v4.6.0 

func (o AuthBackendPtrOutput) Elem() AuthBackendOutput

func (AuthBackendPtrOutput) ElementType 

func (AuthBackendPtrOutput) ElementType() reflect.Type

func (AuthBackendPtrOutput) ToAuthBackendPtrOutput 

func (o AuthBackendPtrOutput) ToAuthBackendPtrOutput() AuthBackendPtrOutput

func (AuthBackendPtrOutput) ToAuthBackendPtrOutputWithContext 

func (o AuthBackendPtrOutput) ToAuthBackendPtrOutputWithContext(ctx context.Context) AuthBackendPtrOutput

type AuthBackendState 

type AuthBackendState struct {
	// The accessor for this auth mount.
	Accessor pulumi.StringPtrInput
	// DN of object to bind when performing user search
	Binddn pulumi.StringPtrInput
	// Password to use with `binddn` when performing user search
	Bindpass pulumi.StringPtrInput
	// Trusted CA to validate TLS certificate
	Certificate   pulumi.StringPtrInput
	ClientTlsCert pulumi.StringPtrInput
	ClientTlsKey  pulumi.StringPtrInput
	DenyNullBind  pulumi.BoolPtrInput
	// Description for the LDAP auth backend mount
	Description pulumi.StringPtrInput
	Discoverdn  pulumi.BoolPtrInput
	// LDAP attribute to follow on objects returned by groupfilter
	Groupattr pulumi.StringPtrInput
	// Base DN under which to perform group search
	Groupdn pulumi.StringPtrInput
	// Go template used to construct group membership query
	Groupfilter pulumi.StringPtrInput
	// Control whether or TLS certificates must be validated
	InsecureTls pulumi.BoolPtrInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// Path to mount the LDAP auth backend under
	Path pulumi.StringPtrInput
	// Control use of TLS when conecting to LDAP
	Starttls pulumi.BoolPtrInput
	// Maximum acceptable version of TLS
	TlsMaxVersion pulumi.StringPtrInput
	// Minimum acceptable version of TLS
	TlsMinVersion pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The userPrincipalDomain used to construct UPN string
	Upndomain pulumi.StringPtrInput
	// The URL of the LDAP server
	Url pulumi.StringPtrInput
	// Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
	UseTokenGroups pulumi.BoolPtrInput
	// Attribute on user object matching username passed in
	Userattr pulumi.StringPtrInput
	// Base DN under which to perform user search
	Userdn pulumi.StringPtrInput
}

func (AuthBackendState) ElementType 

func (AuthBackendState) ElementType() reflect.Type

type AuthBackendUser 

type AuthBackendUser struct {
	pulumi.CustomResourceState

	// Path to the authentication backend
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// Override LDAP groups which should be granted to user
	Groups pulumi.StringArrayOutput `pulumi:"groups"`
	// Policies which should be granted to user
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// The LDAP username
	Username pulumi.StringOutput `pulumi:"username"`
}

Provides a resource to create a user in an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		ldap, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
			Path:        pulumi.String("ldap"),
			Url:         pulumi.String("ldaps://dc-01.example.org"),
			Userdn:      pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
			Userattr:    pulumi.String("sAMAccountName"),
			Upndomain:   pulumi.String("EXAMPLE.ORG"),
			Discoverdn:  pulumi.Bool(false),
			Groupdn:     pulumi.String("OU=Groups,DC=example,DC=org"),
			Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewAuthBackendUser(ctx, "user", &ldap.AuthBackendUserArgs{
			Username: pulumi.String("test-user"),
			Policies: pulumi.StringArray{
				pulumi.String("dba"),
				pulumi.String("sysops"),
			},
			Backend: ldap.Path,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP authentication backend users can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:ldap/authBackendUser:AuthBackendUser foo auth/ldap/users/foo

```

func GetAuthBackendUser 

func GetAuthBackendUser(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendUserState, opts ...pulumi.ResourceOption) (*AuthBackendUser, error)

GetAuthBackendUser gets an existing AuthBackendUser resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendUser 

func NewAuthBackendUser(ctx *pulumi.Context,
	name string, args *AuthBackendUserArgs, opts ...pulumi.ResourceOption) (*AuthBackendUser, error)

NewAuthBackendUser registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendUser) ElementType 

func (*AuthBackendUser) ElementType() reflect.Type

func (*AuthBackendUser) ToAuthBackendUserOutput 

func (i *AuthBackendUser) ToAuthBackendUserOutput() AuthBackendUserOutput

func (*AuthBackendUser) ToAuthBackendUserOutputWithContext 

func (i *AuthBackendUser) ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput

func (*AuthBackendUser) ToAuthBackendUserPtrOutput 

func (i *AuthBackendUser) ToAuthBackendUserPtrOutput() AuthBackendUserPtrOutput

func (*AuthBackendUser) ToAuthBackendUserPtrOutputWithContext 

func (i *AuthBackendUser) ToAuthBackendUserPtrOutputWithContext(ctx context.Context) AuthBackendUserPtrOutput

type AuthBackendUserArgs 

type AuthBackendUserArgs struct {
	// Path to the authentication backend
	Backend pulumi.StringPtrInput
	// Override LDAP groups which should be granted to user
	Groups pulumi.StringArrayInput
	// Policies which should be granted to user
	Policies pulumi.StringArrayInput
	// The LDAP username
	Username pulumi.StringInput
}

The set of arguments for constructing a AuthBackendUser resource.

func (AuthBackendUserArgs) ElementType 

func (AuthBackendUserArgs) ElementType() reflect.Type

type AuthBackendUserArray 

type AuthBackendUserArray []AuthBackendUserInput

func (AuthBackendUserArray) ElementType 

func (AuthBackendUserArray) ElementType() reflect.Type

func (AuthBackendUserArray) ToAuthBackendUserArrayOutput 

func (i AuthBackendUserArray) ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput

func (AuthBackendUserArray) ToAuthBackendUserArrayOutputWithContext 

func (i AuthBackendUserArray) ToAuthBackendUserArrayOutputWithContext(ctx context.Context) AuthBackendUserArrayOutput

type AuthBackendUserArrayInput 

type AuthBackendUserArrayInput interface {
	pulumi.Input

	ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput
	ToAuthBackendUserArrayOutputWithContext(context.Context) AuthBackendUserArrayOutput
}

AuthBackendUserArrayInput is an input type that accepts AuthBackendUserArray and AuthBackendUserArrayOutput values. You can construct a concrete instance of `AuthBackendUserArrayInput` via: 

AuthBackendUserArray{ AuthBackendUserArgs{...} }

type AuthBackendUserArrayOutput 

type AuthBackendUserArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendUserArrayOutput) ElementType 

func (AuthBackendUserArrayOutput) ElementType() reflect.Type

func (AuthBackendUserArrayOutput) Index 

func (o AuthBackendUserArrayOutput) Index(i pulumi.IntInput) AuthBackendUserOutput

func (AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutput 

func (o AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput

func (AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutputWithContext 

func (o AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutputWithContext(ctx context.Context) AuthBackendUserArrayOutput

type AuthBackendUserInput 

type AuthBackendUserInput interface {
	pulumi.Input

	ToAuthBackendUserOutput() AuthBackendUserOutput
	ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput
}

type AuthBackendUserMap 

type AuthBackendUserMap map[string]AuthBackendUserInput

func (AuthBackendUserMap) ElementType 

func (AuthBackendUserMap) ElementType() reflect.Type

func (AuthBackendUserMap) ToAuthBackendUserMapOutput 

func (i AuthBackendUserMap) ToAuthBackendUserMapOutput() AuthBackendUserMapOutput

func (AuthBackendUserMap) ToAuthBackendUserMapOutputWithContext 

func (i AuthBackendUserMap) ToAuthBackendUserMapOutputWithContext(ctx context.Context) AuthBackendUserMapOutput

type AuthBackendUserMapInput 

type AuthBackendUserMapInput interface {
	pulumi.Input

	ToAuthBackendUserMapOutput() AuthBackendUserMapOutput
	ToAuthBackendUserMapOutputWithContext(context.Context) AuthBackendUserMapOutput
}

AuthBackendUserMapInput is an input type that accepts AuthBackendUserMap and AuthBackendUserMapOutput values. You can construct a concrete instance of `AuthBackendUserMapInput` via: 

AuthBackendUserMap{ "key": AuthBackendUserArgs{...} }

type AuthBackendUserMapOutput 

type AuthBackendUserMapOutput struct{ *pulumi.OutputState }

func (AuthBackendUserMapOutput) ElementType 

func (AuthBackendUserMapOutput) ElementType() reflect.Type

func (AuthBackendUserMapOutput) MapIndex 

func (o AuthBackendUserMapOutput) MapIndex(k pulumi.StringInput) AuthBackendUserOutput

func (AuthBackendUserMapOutput) ToAuthBackendUserMapOutput 

func (o AuthBackendUserMapOutput) ToAuthBackendUserMapOutput() AuthBackendUserMapOutput

func (AuthBackendUserMapOutput) ToAuthBackendUserMapOutputWithContext 

func (o AuthBackendUserMapOutput) ToAuthBackendUserMapOutputWithContext(ctx context.Context) AuthBackendUserMapOutput

type AuthBackendUserOutput 

type AuthBackendUserOutput struct{ *pulumi.OutputState }

func (AuthBackendUserOutput) ElementType 

func (AuthBackendUserOutput) ElementType() reflect.Type

func (AuthBackendUserOutput) ToAuthBackendUserOutput 

func (o AuthBackendUserOutput) ToAuthBackendUserOutput() AuthBackendUserOutput

func (AuthBackendUserOutput) ToAuthBackendUserOutputWithContext 

func (o AuthBackendUserOutput) ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput

func (AuthBackendUserOutput) ToAuthBackendUserPtrOutput 

func (o AuthBackendUserOutput) ToAuthBackendUserPtrOutput() AuthBackendUserPtrOutput

func (AuthBackendUserOutput) ToAuthBackendUserPtrOutputWithContext 

func (o AuthBackendUserOutput) ToAuthBackendUserPtrOutputWithContext(ctx context.Context) AuthBackendUserPtrOutput

type AuthBackendUserPtrInput 

type AuthBackendUserPtrInput interface {
	pulumi.Input

	ToAuthBackendUserPtrOutput() AuthBackendUserPtrOutput
	ToAuthBackendUserPtrOutputWithContext(ctx context.Context) AuthBackendUserPtrOutput
}

type AuthBackendUserPtrOutput 

type AuthBackendUserPtrOutput struct{ *pulumi.OutputState }

func (AuthBackendUserPtrOutput) Elem added in v4.6.0 

func (o AuthBackendUserPtrOutput) Elem() AuthBackendUserOutput

func (AuthBackendUserPtrOutput) ElementType 

func (AuthBackendUserPtrOutput) ElementType() reflect.Type

func (AuthBackendUserPtrOutput) ToAuthBackendUserPtrOutput 

func (o AuthBackendUserPtrOutput) ToAuthBackendUserPtrOutput() AuthBackendUserPtrOutput

func (AuthBackendUserPtrOutput) ToAuthBackendUserPtrOutputWithContext 

func (o AuthBackendUserPtrOutput) ToAuthBackendUserPtrOutputWithContext(ctx context.Context) AuthBackendUserPtrOutput

type AuthBackendUserState 

type AuthBackendUserState struct {
	// Path to the authentication backend
	Backend pulumi.StringPtrInput
	// Override LDAP groups which should be granted to user
	Groups pulumi.StringArrayInput
	// Policies which should be granted to user
	Policies pulumi.StringArrayInput
	// The LDAP username
	Username pulumi.StringPtrInput
}

func (AuthBackendUserState) ElementType 

func (AuthBackendUserState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.