ldap

package
v5.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackend 

type AuthBackend struct {
	pulumi.CustomResourceState

	// The accessor for this auth mount.
	Accessor pulumi.StringOutput `pulumi:"accessor"`
	// DN of object to bind when performing user search
	Binddn pulumi.StringOutput `pulumi:"binddn"`
	// Password to use with `binddn` when performing user search
	Bindpass pulumi.StringOutput `pulumi:"bindpass"`
	// Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
	CaseSensitiveNames pulumi.BoolOutput `pulumi:"caseSensitiveNames"`
	// Trusted CA to validate TLS certificate
	Certificate   pulumi.StringOutput `pulumi:"certificate"`
	ClientTlsCert pulumi.StringOutput `pulumi:"clientTlsCert"`
	ClientTlsKey  pulumi.StringOutput `pulumi:"clientTlsKey"`
	// Prevents users from bypassing authentication when providing an empty password.
	DenyNullBind pulumi.BoolOutput `pulumi:"denyNullBind"`
	// Description for the LDAP auth backend mount
	Description pulumi.StringOutput `pulumi:"description"`
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"`
	// Use anonymous bind to discover the bind DN of a user.
	Discoverdn pulumi.BoolOutput `pulumi:"discoverdn"`
	// LDAP attribute to follow on objects returned by groupfilter
	Groupattr pulumi.StringOutput `pulumi:"groupattr"`
	// Base DN under which to perform group search
	Groupdn pulumi.StringOutput `pulumi:"groupdn"`
	// Go template used to construct group membership query
	Groupfilter pulumi.StringOutput `pulumi:"groupfilter"`
	// Control whether or TLS certificates must be validated
	InsecureTls pulumi.BoolOutput `pulumi:"insecureTls"`
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// Sets the max page size for LDAP lookups, by default it's set to -1.
	// *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
	MaxPageSize pulumi.IntPtrOutput `pulumi:"maxPageSize"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Path to mount the LDAP auth backend under
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// Control use of TLS when conecting to LDAP
	Starttls pulumi.BoolOutput `pulumi:"starttls"`
	// Maximum acceptable version of TLS
	TlsMaxVersion pulumi.StringOutput `pulumi:"tlsMaxVersion"`
	// Minimum acceptable version of TLS
	TlsMinVersion pulumi.StringOutput `pulumi:"tlsMinVersion"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
	// The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
	Upndomain pulumi.StringOutput `pulumi:"upndomain"`
	// The URL of the LDAP server
	Url pulumi.StringOutput `pulumi:"url"`
	// Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
	UseTokenGroups pulumi.BoolOutput `pulumi:"useTokenGroups"`
	// Attribute on user object matching username passed in
	Userattr pulumi.StringOutput `pulumi:"userattr"`
	// Base DN under which to perform user search
	Userdn pulumi.StringOutput `pulumi:"userdn"`
	// LDAP user search filter
	Userfilter pulumi.StringOutput `pulumi:"userfilter"`
	// Force the auth method to use the username passed by the user as the alias name.
	UsernameAsAlias pulumi.BoolOutput `pulumi:"usernameAsAlias"`
}

Provides a resource for managing an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
			Discoverdn:  pulumi.Bool(false),
			Groupdn:     pulumi.String("OU=Groups,DC=example,DC=org"),
			Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
			Path:        pulumi.String("ldap"),
			Upndomain:   pulumi.String("EXAMPLE.ORG"),
			Url:         pulumi.String("ldaps://dc-01.example.org"),
			Userattr:    pulumi.String("sAMAccountName"),
			Userdn:      pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP authentication backends can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap

```

func GetAuthBackend 

func GetAuthBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendState, opts ...pulumi.ResourceOption) (*AuthBackend, error)

GetAuthBackend gets an existing AuthBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackend 

func NewAuthBackend(ctx *pulumi.Context,
	name string, args *AuthBackendArgs, opts ...pulumi.ResourceOption) (*AuthBackend, error)

NewAuthBackend registers a new resource with the given unique name, arguments, and options.

func (*AuthBackend) ElementType 

func (*AuthBackend) ElementType() reflect.Type

func (*AuthBackend) ToAuthBackendOutput 

func (i *AuthBackend) ToAuthBackendOutput() AuthBackendOutput

func (*AuthBackend) ToAuthBackendOutputWithContext 

func (i *AuthBackend) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

type AuthBackendArgs 

type AuthBackendArgs struct {
	// DN of object to bind when performing user search
	Binddn pulumi.StringPtrInput
	// Password to use with `binddn` when performing user search
	Bindpass pulumi.StringPtrInput
	// Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
	CaseSensitiveNames pulumi.BoolPtrInput
	// Trusted CA to validate TLS certificate
	Certificate   pulumi.StringPtrInput
	ClientTlsCert pulumi.StringPtrInput
	ClientTlsKey  pulumi.StringPtrInput
	// Prevents users from bypassing authentication when providing an empty password.
	DenyNullBind pulumi.BoolPtrInput
	// Description for the LDAP auth backend mount
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// Use anonymous bind to discover the bind DN of a user.
	Discoverdn pulumi.BoolPtrInput
	// LDAP attribute to follow on objects returned by groupfilter
	Groupattr pulumi.StringPtrInput
	// Base DN under which to perform group search
	Groupdn pulumi.StringPtrInput
	// Go template used to construct group membership query
	Groupfilter pulumi.StringPtrInput
	// Control whether or TLS certificates must be validated
	InsecureTls pulumi.BoolPtrInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// Sets the max page size for LDAP lookups, by default it's set to -1.
	// *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
	MaxPageSize pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Path to mount the LDAP auth backend under
	Path pulumi.StringPtrInput
	// Control use of TLS when conecting to LDAP
	Starttls pulumi.BoolPtrInput
	// Maximum acceptable version of TLS
	TlsMaxVersion pulumi.StringPtrInput
	// Minimum acceptable version of TLS
	TlsMinVersion pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrInput
	// The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
	Upndomain pulumi.StringPtrInput
	// The URL of the LDAP server
	Url pulumi.StringInput
	// Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
	UseTokenGroups pulumi.BoolPtrInput
	// Attribute on user object matching username passed in
	Userattr pulumi.StringPtrInput
	// Base DN under which to perform user search
	Userdn pulumi.StringPtrInput
	// LDAP user search filter
	Userfilter pulumi.StringPtrInput
	// Force the auth method to use the username passed by the user as the alias name.
	UsernameAsAlias pulumi.BoolPtrInput
}

The set of arguments for constructing a AuthBackend resource.

func (AuthBackendArgs) ElementType 

func (AuthBackendArgs) ElementType() reflect.Type

type AuthBackendArray 

type AuthBackendArray []AuthBackendInput

func (AuthBackendArray) ElementType 

func (AuthBackendArray) ElementType() reflect.Type

func (AuthBackendArray) ToAuthBackendArrayOutput 

func (i AuthBackendArray) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArray) ToAuthBackendArrayOutputWithContext 

func (i AuthBackendArray) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendArrayInput 

type AuthBackendArrayInput interface {
	pulumi.Input

	ToAuthBackendArrayOutput() AuthBackendArrayOutput
	ToAuthBackendArrayOutputWithContext(context.Context) AuthBackendArrayOutput
}

AuthBackendArrayInput is an input type that accepts AuthBackendArray and AuthBackendArrayOutput values. You can construct a concrete instance of `AuthBackendArrayInput` via: 

AuthBackendArray{ AuthBackendArgs{...} }

type AuthBackendArrayOutput 

type AuthBackendArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendArrayOutput) ElementType 

func (AuthBackendArrayOutput) ElementType() reflect.Type

func (AuthBackendArrayOutput) Index 

func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutput 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendGroup 

type AuthBackendGroup struct {
	pulumi.CustomResourceState

	// Path to the authentication backend
	//
	// For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The LDAP groupname
	Groupname pulumi.StringOutput `pulumi:"groupname"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Policies which should be granted to members of the group
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
}

Provides a resource to create a group in an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		ldap, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
			Path:        pulumi.String("ldap"),
			Url:         pulumi.String("ldaps://dc-01.example.org"),
			Userdn:      pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
			Userattr:    pulumi.String("sAMAccountName"),
			Upndomain:   pulumi.String("EXAMPLE.ORG"),
			Discoverdn:  pulumi.Bool(false),
			Groupdn:     pulumi.String("OU=Groups,DC=example,DC=org"),
			Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewAuthBackendGroup(ctx, "group", &ldap.AuthBackendGroupArgs{
			Groupname: pulumi.String("dba"),
			Policies: pulumi.StringArray{
				pulumi.String("dba"),
			},
			Backend: ldap.Path,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP authentication backend groups can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:ldap/authBackendGroup:AuthBackendGroup foo auth/ldap/groups/foo

```

func GetAuthBackendGroup 

func GetAuthBackendGroup(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendGroupState, opts ...pulumi.ResourceOption) (*AuthBackendGroup, error)

GetAuthBackendGroup gets an existing AuthBackendGroup resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendGroup 

func NewAuthBackendGroup(ctx *pulumi.Context,
	name string, args *AuthBackendGroupArgs, opts ...pulumi.ResourceOption) (*AuthBackendGroup, error)

NewAuthBackendGroup registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendGroup) ElementType 

func (*AuthBackendGroup) ElementType() reflect.Type

func (*AuthBackendGroup) ToAuthBackendGroupOutput 

func (i *AuthBackendGroup) ToAuthBackendGroupOutput() AuthBackendGroupOutput

func (*AuthBackendGroup) ToAuthBackendGroupOutputWithContext 

func (i *AuthBackendGroup) ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput

type AuthBackendGroupArgs 

type AuthBackendGroupArgs struct {
	// Path to the authentication backend
	//
	// For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
	Backend pulumi.StringPtrInput
	// The LDAP groupname
	Groupname pulumi.StringInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Policies which should be granted to members of the group
	Policies pulumi.StringArrayInput
}

The set of arguments for constructing a AuthBackendGroup resource.

func (AuthBackendGroupArgs) ElementType 

func (AuthBackendGroupArgs) ElementType() reflect.Type

type AuthBackendGroupArray 

type AuthBackendGroupArray []AuthBackendGroupInput

func (AuthBackendGroupArray) ElementType 

func (AuthBackendGroupArray) ElementType() reflect.Type

func (AuthBackendGroupArray) ToAuthBackendGroupArrayOutput 

func (i AuthBackendGroupArray) ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput

func (AuthBackendGroupArray) ToAuthBackendGroupArrayOutputWithContext 

func (i AuthBackendGroupArray) ToAuthBackendGroupArrayOutputWithContext(ctx context.Context) AuthBackendGroupArrayOutput

type AuthBackendGroupArrayInput 

type AuthBackendGroupArrayInput interface {
	pulumi.Input

	ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput
	ToAuthBackendGroupArrayOutputWithContext(context.Context) AuthBackendGroupArrayOutput
}

AuthBackendGroupArrayInput is an input type that accepts AuthBackendGroupArray and AuthBackendGroupArrayOutput values. You can construct a concrete instance of `AuthBackendGroupArrayInput` via: 

AuthBackendGroupArray{ AuthBackendGroupArgs{...} }

type AuthBackendGroupArrayOutput 

type AuthBackendGroupArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendGroupArrayOutput) ElementType 

func (AuthBackendGroupArrayOutput) ElementType() reflect.Type

func (AuthBackendGroupArrayOutput) Index 

func (o AuthBackendGroupArrayOutput) Index(i pulumi.IntInput) AuthBackendGroupOutput

func (AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutput 

func (o AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput

func (AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutputWithContext 

func (o AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutputWithContext(ctx context.Context) AuthBackendGroupArrayOutput

type AuthBackendGroupInput 

type AuthBackendGroupInput interface {
	pulumi.Input

	ToAuthBackendGroupOutput() AuthBackendGroupOutput
	ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput
}

type AuthBackendGroupMap 

type AuthBackendGroupMap map[string]AuthBackendGroupInput

func (AuthBackendGroupMap) ElementType 

func (AuthBackendGroupMap) ElementType() reflect.Type

func (AuthBackendGroupMap) ToAuthBackendGroupMapOutput 

func (i AuthBackendGroupMap) ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput

func (AuthBackendGroupMap) ToAuthBackendGroupMapOutputWithContext 

func (i AuthBackendGroupMap) ToAuthBackendGroupMapOutputWithContext(ctx context.Context) AuthBackendGroupMapOutput

type AuthBackendGroupMapInput 

type AuthBackendGroupMapInput interface {
	pulumi.Input

	ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput
	ToAuthBackendGroupMapOutputWithContext(context.Context) AuthBackendGroupMapOutput
}

AuthBackendGroupMapInput is an input type that accepts AuthBackendGroupMap and AuthBackendGroupMapOutput values. You can construct a concrete instance of `AuthBackendGroupMapInput` via: 

AuthBackendGroupMap{ "key": AuthBackendGroupArgs{...} }

type AuthBackendGroupMapOutput 

type AuthBackendGroupMapOutput struct{ *pulumi.OutputState }

func (AuthBackendGroupMapOutput) ElementType 

func (AuthBackendGroupMapOutput) ElementType() reflect.Type

func (AuthBackendGroupMapOutput) MapIndex 

func (o AuthBackendGroupMapOutput) MapIndex(k pulumi.StringInput) AuthBackendGroupOutput

func (AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutput 

func (o AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput

func (AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutputWithContext 

func (o AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutputWithContext(ctx context.Context) AuthBackendGroupMapOutput

type AuthBackendGroupOutput 

type AuthBackendGroupOutput struct{ *pulumi.OutputState }

func (AuthBackendGroupOutput) Backend added in v5.6.0 

func (o AuthBackendGroupOutput) Backend() pulumi.StringPtrOutput

Path to the authentication backend

For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).

func (AuthBackendGroupOutput) ElementType 

func (AuthBackendGroupOutput) ElementType() reflect.Type

func (AuthBackendGroupOutput) Groupname added in v5.6.0 

func (o AuthBackendGroupOutput) Groupname() pulumi.StringOutput

The LDAP groupname

func (AuthBackendGroupOutput) Namespace added in v5.7.0 

func (o AuthBackendGroupOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (AuthBackendGroupOutput) Policies added in v5.6.0 

func (o AuthBackendGroupOutput) Policies() pulumi.StringArrayOutput

Policies which should be granted to members of the group

func (AuthBackendGroupOutput) ToAuthBackendGroupOutput 

func (o AuthBackendGroupOutput) ToAuthBackendGroupOutput() AuthBackendGroupOutput

func (AuthBackendGroupOutput) ToAuthBackendGroupOutputWithContext 

func (o AuthBackendGroupOutput) ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput

type AuthBackendGroupState 

type AuthBackendGroupState struct {
	// Path to the authentication backend
	//
	// For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
	Backend pulumi.StringPtrInput
	// The LDAP groupname
	Groupname pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Policies which should be granted to members of the group
	Policies pulumi.StringArrayInput
}

func (AuthBackendGroupState) ElementType 

func (AuthBackendGroupState) ElementType() reflect.Type

type AuthBackendInput 

type AuthBackendInput interface {
	pulumi.Input

	ToAuthBackendOutput() AuthBackendOutput
	ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
}

type AuthBackendMap 

type AuthBackendMap map[string]AuthBackendInput

func (AuthBackendMap) ElementType 

func (AuthBackendMap) ElementType() reflect.Type

func (AuthBackendMap) ToAuthBackendMapOutput 

func (i AuthBackendMap) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMap) ToAuthBackendMapOutputWithContext 

func (i AuthBackendMap) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendMapInput 

type AuthBackendMapInput interface {
	pulumi.Input

	ToAuthBackendMapOutput() AuthBackendMapOutput
	ToAuthBackendMapOutputWithContext(context.Context) AuthBackendMapOutput
}

AuthBackendMapInput is an input type that accepts AuthBackendMap and AuthBackendMapOutput values. You can construct a concrete instance of `AuthBackendMapInput` via: 

AuthBackendMap{ "key": AuthBackendArgs{...} }

type AuthBackendMapOutput 

type AuthBackendMapOutput struct{ *pulumi.OutputState }

func (AuthBackendMapOutput) ElementType 

func (AuthBackendMapOutput) ElementType() reflect.Type

func (AuthBackendMapOutput) MapIndex 

func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutput 

func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutputWithContext 

func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendOutput 

type AuthBackendOutput struct{ *pulumi.OutputState }

func (AuthBackendOutput) Accessor added in v5.6.0 

func (o AuthBackendOutput) Accessor() pulumi.StringOutput

The accessor for this auth mount.

func (AuthBackendOutput) Binddn added in v5.6.0 

func (o AuthBackendOutput) Binddn() pulumi.StringOutput

DN of object to bind when performing user search

func (AuthBackendOutput) Bindpass added in v5.6.0 

func (o AuthBackendOutput) Bindpass() pulumi.StringOutput

Password to use with `binddn` when performing user search

func (AuthBackendOutput) CaseSensitiveNames added in v5.6.0 

func (o AuthBackendOutput) CaseSensitiveNames() pulumi.BoolOutput

Control case senstivity of objects fetched from LDAP, this is used for object matching in vault

func (AuthBackendOutput) Certificate added in v5.6.0 

func (o AuthBackendOutput) Certificate() pulumi.StringOutput

Trusted CA to validate TLS certificate

func (AuthBackendOutput) ClientTlsCert added in v5.6.0 

func (o AuthBackendOutput) ClientTlsCert() pulumi.StringOutput

func (AuthBackendOutput) ClientTlsKey added in v5.6.0 

func (o AuthBackendOutput) ClientTlsKey() pulumi.StringOutput

func (AuthBackendOutput) DenyNullBind added in v5.6.0 

func (o AuthBackendOutput) DenyNullBind() pulumi.BoolOutput

Prevents users from bypassing authentication when providing an empty password.

func (AuthBackendOutput) Description added in v5.6.0 

func (o AuthBackendOutput) Description() pulumi.StringOutput

Description for the LDAP auth backend mount

func (AuthBackendOutput) DisableRemount added in v5.7.0 

func (o AuthBackendOutput) DisableRemount() pulumi.BoolPtrOutput

If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)

func (AuthBackendOutput) Discoverdn added in v5.6.0 

func (o AuthBackendOutput) Discoverdn() pulumi.BoolOutput

Use anonymous bind to discover the bind DN of a user.

func (AuthBackendOutput) ElementType 

func (AuthBackendOutput) ElementType() reflect.Type

func (AuthBackendOutput) Groupattr added in v5.6.0 

func (o AuthBackendOutput) Groupattr() pulumi.StringOutput

LDAP attribute to follow on objects returned by groupfilter

func (AuthBackendOutput) Groupdn added in v5.6.0 

func (o AuthBackendOutput) Groupdn() pulumi.StringOutput

Base DN under which to perform group search

func (AuthBackendOutput) Groupfilter added in v5.6.0 

func (o AuthBackendOutput) Groupfilter() pulumi.StringOutput

Go template used to construct group membership query

func (AuthBackendOutput) InsecureTls added in v5.6.0 

func (o AuthBackendOutput) InsecureTls() pulumi.BoolOutput

Control whether or TLS certificates must be validated

func (AuthBackendOutput) Local added in v5.6.0 

func (o AuthBackendOutput) Local() pulumi.BoolPtrOutput

Specifies if the auth method is local only.

func (AuthBackendOutput) MaxPageSize added in v5.13.0 

func (o AuthBackendOutput) MaxPageSize() pulumi.IntPtrOutput

Sets the max page size for LDAP lookups, by default it's set to -1. *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.

func (AuthBackendOutput) Namespace added in v5.7.0 

func (o AuthBackendOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (AuthBackendOutput) Path added in v5.6.0 

func (o AuthBackendOutput) Path() pulumi.StringPtrOutput

Path to mount the LDAP auth backend under

func (AuthBackendOutput) Starttls added in v5.6.0 

func (o AuthBackendOutput) Starttls() pulumi.BoolOutput

Control use of TLS when conecting to LDAP

func (AuthBackendOutput) TlsMaxVersion added in v5.6.0 

func (o AuthBackendOutput) TlsMaxVersion() pulumi.StringOutput

Maximum acceptable version of TLS

func (AuthBackendOutput) TlsMinVersion added in v5.6.0 

func (o AuthBackendOutput) TlsMinVersion() pulumi.StringOutput

Minimum acceptable version of TLS

func (AuthBackendOutput) ToAuthBackendOutput 

func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput

func (AuthBackendOutput) ToAuthBackendOutputWithContext 

func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

func (AuthBackendOutput) TokenBoundCidrs added in v5.6.0 

func (o AuthBackendOutput) TokenBoundCidrs() pulumi.StringArrayOutput

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

func (AuthBackendOutput) TokenExplicitMaxTtl added in v5.6.0 

func (o AuthBackendOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput

If set, will encode an [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) onto the token in number of seconds. This is a hard cap even if `tokenTtl` and `tokenMaxTtl` would otherwise allow a renewal.

func (AuthBackendOutput) TokenMaxTtl added in v5.6.0 

func (o AuthBackendOutput) TokenMaxTtl() pulumi.IntPtrOutput

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

func (AuthBackendOutput) TokenNoDefaultPolicy added in v5.6.0 

func (o AuthBackendOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

func (AuthBackendOutput) TokenNumUses added in v5.6.0 

func (o AuthBackendOutput) TokenNumUses() pulumi.IntPtrOutput

The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses) of times a generated token may be used (within its lifetime); 0 means unlimited.

func (AuthBackendOutput) TokenPeriod added in v5.6.0 

func (o AuthBackendOutput) TokenPeriod() pulumi.IntPtrOutput

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.

func (AuthBackendOutput) TokenPolicies added in v5.6.0 

func (o AuthBackendOutput) TokenPolicies() pulumi.StringArrayOutput

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

func (AuthBackendOutput) TokenTtl added in v5.6.0 

func (o AuthBackendOutput) TokenTtl() pulumi.IntPtrOutput

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

func (AuthBackendOutput) TokenType added in v5.6.0 

func (o AuthBackendOutput) TokenType() pulumi.StringPtrOutput

The type of token to generate, service or batch

func (AuthBackendOutput) Upndomain added in v5.6.0 

func (o AuthBackendOutput) Upndomain() pulumi.StringOutput

The `userPrincipalDomain` used to construct the UPN string for the authenticating user.

func (AuthBackendOutput) Url added in v5.6.0 

func (o AuthBackendOutput) Url() pulumi.StringOutput

The URL of the LDAP server

func (AuthBackendOutput) UseTokenGroups added in v5.6.0 

func (o AuthBackendOutput) UseTokenGroups() pulumi.BoolOutput

Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships

func (AuthBackendOutput) Userattr added in v5.6.0 

func (o AuthBackendOutput) Userattr() pulumi.StringOutput

Attribute on user object matching username passed in

func (AuthBackendOutput) Userdn added in v5.6.0 

func (o AuthBackendOutput) Userdn() pulumi.StringOutput

Base DN under which to perform user search

func (AuthBackendOutput) Userfilter added in v5.6.0 

func (o AuthBackendOutput) Userfilter() pulumi.StringOutput

LDAP user search filter

func (AuthBackendOutput) UsernameAsAlias added in v5.7.0 

func (o AuthBackendOutput) UsernameAsAlias() pulumi.BoolOutput

Force the auth method to use the username passed by the user as the alias name.

type AuthBackendState 

type AuthBackendState struct {
	// The accessor for this auth mount.
	Accessor pulumi.StringPtrInput
	// DN of object to bind when performing user search
	Binddn pulumi.StringPtrInput
	// Password to use with `binddn` when performing user search
	Bindpass pulumi.StringPtrInput
	// Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
	CaseSensitiveNames pulumi.BoolPtrInput
	// Trusted CA to validate TLS certificate
	Certificate   pulumi.StringPtrInput
	ClientTlsCert pulumi.StringPtrInput
	ClientTlsKey  pulumi.StringPtrInput
	// Prevents users from bypassing authentication when providing an empty password.
	DenyNullBind pulumi.BoolPtrInput
	// Description for the LDAP auth backend mount
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// Use anonymous bind to discover the bind DN of a user.
	Discoverdn pulumi.BoolPtrInput
	// LDAP attribute to follow on objects returned by groupfilter
	Groupattr pulumi.StringPtrInput
	// Base DN under which to perform group search
	Groupdn pulumi.StringPtrInput
	// Go template used to construct group membership query
	Groupfilter pulumi.StringPtrInput
	// Control whether or TLS certificates must be validated
	InsecureTls pulumi.BoolPtrInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// Sets the max page size for LDAP lookups, by default it's set to -1.
	// *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
	MaxPageSize pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Path to mount the LDAP auth backend under
	Path pulumi.StringPtrInput
	// Control use of TLS when conecting to LDAP
	Starttls pulumi.BoolPtrInput
	// Maximum acceptable version of TLS
	TlsMaxVersion pulumi.StringPtrInput
	// Minimum acceptable version of TLS
	TlsMinVersion pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrInput
	// The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
	Upndomain pulumi.StringPtrInput
	// The URL of the LDAP server
	Url pulumi.StringPtrInput
	// Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
	UseTokenGroups pulumi.BoolPtrInput
	// Attribute on user object matching username passed in
	Userattr pulumi.StringPtrInput
	// Base DN under which to perform user search
	Userdn pulumi.StringPtrInput
	// LDAP user search filter
	Userfilter pulumi.StringPtrInput
	// Force the auth method to use the username passed by the user as the alias name.
	UsernameAsAlias pulumi.BoolPtrInput
}

func (AuthBackendState) ElementType 

func (AuthBackendState) ElementType() reflect.Type

type AuthBackendUser 

type AuthBackendUser struct {
	pulumi.CustomResourceState

	// Path to the authentication backend
	//
	// For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// Override LDAP groups which should be granted to user
	Groups pulumi.StringArrayOutput `pulumi:"groups"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Policies which should be granted to user
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// The LDAP username
	Username pulumi.StringOutput `pulumi:"username"`
}

Provides a resource to create a user in an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		ldap, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
			Path:        pulumi.String("ldap"),
			Url:         pulumi.String("ldaps://dc-01.example.org"),
			Userdn:      pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
			Userattr:    pulumi.String("sAMAccountName"),
			Upndomain:   pulumi.String("EXAMPLE.ORG"),
			Discoverdn:  pulumi.Bool(false),
			Groupdn:     pulumi.String("OU=Groups,DC=example,DC=org"),
			Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewAuthBackendUser(ctx, "user", &ldap.AuthBackendUserArgs{
			Username: pulumi.String("test-user"),
			Policies: pulumi.StringArray{
				pulumi.String("dba"),
				pulumi.String("sysops"),
			},
			Backend: ldap.Path,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP authentication backend users can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:ldap/authBackendUser:AuthBackendUser foo auth/ldap/users/foo

```

func GetAuthBackendUser 

func GetAuthBackendUser(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendUserState, opts ...pulumi.ResourceOption) (*AuthBackendUser, error)

GetAuthBackendUser gets an existing AuthBackendUser resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendUser 

func NewAuthBackendUser(ctx *pulumi.Context,
	name string, args *AuthBackendUserArgs, opts ...pulumi.ResourceOption) (*AuthBackendUser, error)

NewAuthBackendUser registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendUser) ElementType 

func (*AuthBackendUser) ElementType() reflect.Type

func (*AuthBackendUser) ToAuthBackendUserOutput 

func (i *AuthBackendUser) ToAuthBackendUserOutput() AuthBackendUserOutput

func (*AuthBackendUser) ToAuthBackendUserOutputWithContext 

func (i *AuthBackendUser) ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput

type AuthBackendUserArgs 

type AuthBackendUserArgs struct {
	// Path to the authentication backend
	//
	// For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
	Backend pulumi.StringPtrInput
	// Override LDAP groups which should be granted to user
	Groups pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Policies which should be granted to user
	Policies pulumi.StringArrayInput
	// The LDAP username
	Username pulumi.StringInput
}

The set of arguments for constructing a AuthBackendUser resource.

func (AuthBackendUserArgs) ElementType 

func (AuthBackendUserArgs) ElementType() reflect.Type

type AuthBackendUserArray 

type AuthBackendUserArray []AuthBackendUserInput

func (AuthBackendUserArray) ElementType 

func (AuthBackendUserArray) ElementType() reflect.Type

func (AuthBackendUserArray) ToAuthBackendUserArrayOutput 

func (i AuthBackendUserArray) ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput

func (AuthBackendUserArray) ToAuthBackendUserArrayOutputWithContext 

func (i AuthBackendUserArray) ToAuthBackendUserArrayOutputWithContext(ctx context.Context) AuthBackendUserArrayOutput

type AuthBackendUserArrayInput 

type AuthBackendUserArrayInput interface {
	pulumi.Input

	ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput
	ToAuthBackendUserArrayOutputWithContext(context.Context) AuthBackendUserArrayOutput
}

AuthBackendUserArrayInput is an input type that accepts AuthBackendUserArray and AuthBackendUserArrayOutput values. You can construct a concrete instance of `AuthBackendUserArrayInput` via: 

AuthBackendUserArray{ AuthBackendUserArgs{...} }

type AuthBackendUserArrayOutput 

type AuthBackendUserArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendUserArrayOutput) ElementType 

func (AuthBackendUserArrayOutput) ElementType() reflect.Type

func (AuthBackendUserArrayOutput) Index 

func (o AuthBackendUserArrayOutput) Index(i pulumi.IntInput) AuthBackendUserOutput

func (AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutput 

func (o AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput

func (AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutputWithContext 

func (o AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutputWithContext(ctx context.Context) AuthBackendUserArrayOutput

type AuthBackendUserInput 

type AuthBackendUserInput interface {
	pulumi.Input

	ToAuthBackendUserOutput() AuthBackendUserOutput
	ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput
}

type AuthBackendUserMap 

type AuthBackendUserMap map[string]AuthBackendUserInput

func (AuthBackendUserMap) ElementType 

func (AuthBackendUserMap) ElementType() reflect.Type

func (AuthBackendUserMap) ToAuthBackendUserMapOutput 

func (i AuthBackendUserMap) ToAuthBackendUserMapOutput() AuthBackendUserMapOutput

func (AuthBackendUserMap) ToAuthBackendUserMapOutputWithContext 

func (i AuthBackendUserMap) ToAuthBackendUserMapOutputWithContext(ctx context.Context) AuthBackendUserMapOutput

type AuthBackendUserMapInput 

type AuthBackendUserMapInput interface {
	pulumi.Input

	ToAuthBackendUserMapOutput() AuthBackendUserMapOutput
	ToAuthBackendUserMapOutputWithContext(context.Context) AuthBackendUserMapOutput
}

AuthBackendUserMapInput is an input type that accepts AuthBackendUserMap and AuthBackendUserMapOutput values. You can construct a concrete instance of `AuthBackendUserMapInput` via: 

AuthBackendUserMap{ "key": AuthBackendUserArgs{...} }

type AuthBackendUserMapOutput 

type AuthBackendUserMapOutput struct{ *pulumi.OutputState }

func (AuthBackendUserMapOutput) ElementType 

func (AuthBackendUserMapOutput) ElementType() reflect.Type

func (AuthBackendUserMapOutput) MapIndex 

func (o AuthBackendUserMapOutput) MapIndex(k pulumi.StringInput) AuthBackendUserOutput

func (AuthBackendUserMapOutput) ToAuthBackendUserMapOutput 

func (o AuthBackendUserMapOutput) ToAuthBackendUserMapOutput() AuthBackendUserMapOutput

func (AuthBackendUserMapOutput) ToAuthBackendUserMapOutputWithContext 

func (o AuthBackendUserMapOutput) ToAuthBackendUserMapOutputWithContext(ctx context.Context) AuthBackendUserMapOutput

type AuthBackendUserOutput 

type AuthBackendUserOutput struct{ *pulumi.OutputState }

func (AuthBackendUserOutput) Backend added in v5.6.0 

func (o AuthBackendUserOutput) Backend() pulumi.StringPtrOutput

Path to the authentication backend

For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).

func (AuthBackendUserOutput) ElementType 

func (AuthBackendUserOutput) ElementType() reflect.Type

func (AuthBackendUserOutput) Groups added in v5.6.0 

func (o AuthBackendUserOutput) Groups() pulumi.StringArrayOutput

Override LDAP groups which should be granted to user

func (AuthBackendUserOutput) Namespace added in v5.7.0 

func (o AuthBackendUserOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (AuthBackendUserOutput) Policies added in v5.6.0 

func (o AuthBackendUserOutput) Policies() pulumi.StringArrayOutput

Policies which should be granted to user

func (AuthBackendUserOutput) ToAuthBackendUserOutput 

func (o AuthBackendUserOutput) ToAuthBackendUserOutput() AuthBackendUserOutput

func (AuthBackendUserOutput) ToAuthBackendUserOutputWithContext 

func (o AuthBackendUserOutput) ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput

func (AuthBackendUserOutput) Username added in v5.6.0 

func (o AuthBackendUserOutput) Username() pulumi.StringOutput

The LDAP username

type AuthBackendUserState 

type AuthBackendUserState struct {
	// Path to the authentication backend
	//
	// For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
	Backend pulumi.StringPtrInput
	// Override LDAP groups which should be granted to user
	Groups pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Policies which should be granted to user
	Policies pulumi.StringArrayInput
	// The LDAP username
	Username pulumi.StringPtrInput
}

func (AuthBackendUserState) ElementType 

func (AuthBackendUserState) ElementType() reflect.Type

type GetDynamicCredentialsArgs added in v5.17.0 

type GetDynamicCredentialsArgs struct {
	Mount     string  `pulumi:"mount"`
	Namespace *string `pulumi:"namespace"`
	RoleName  string  `pulumi:"roleName"`
}

A collection of arguments for invoking getDynamicCredentials.

type GetDynamicCredentialsOutputArgs added in v5.17.0 

type GetDynamicCredentialsOutputArgs struct {
	Mount     pulumi.StringInput    `pulumi:"mount"`
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	RoleName  pulumi.StringInput    `pulumi:"roleName"`
}

A collection of arguments for invoking getDynamicCredentials.

func (GetDynamicCredentialsOutputArgs) ElementType added in v5.17.0 

func (GetDynamicCredentialsOutputArgs) ElementType() reflect.Type

type GetDynamicCredentialsResult added in v5.17.0 

type GetDynamicCredentialsResult struct {
	DistinguishedNames []string `pulumi:"distinguishedNames"`
	// The provider-assigned unique ID for this managed resource.
	Id             string  `pulumi:"id"`
	LeaseDuration  int     `pulumi:"leaseDuration"`
	LeaseId        string  `pulumi:"leaseId"`
	LeaseRenewable bool    `pulumi:"leaseRenewable"`
	Mount          string  `pulumi:"mount"`
	Namespace      *string `pulumi:"namespace"`
	Password       string  `pulumi:"password"`
	RoleName       string  `pulumi:"roleName"`
	Username       string  `pulumi:"username"`
}

A collection of values returned by getDynamicCredentials.

func GetDynamicCredentials added in v5.17.0 

func GetDynamicCredentials(ctx *pulumi.Context, args *GetDynamicCredentialsArgs, opts ...pulumi.InvokeOption) (*GetDynamicCredentialsResult, error)

type GetDynamicCredentialsResultOutput added in v5.17.0 

type GetDynamicCredentialsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getDynamicCredentials.

func GetDynamicCredentialsOutput added in v5.17.0 

func GetDynamicCredentialsOutput(ctx *pulumi.Context, args GetDynamicCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetDynamicCredentialsResultOutput

func (GetDynamicCredentialsResultOutput) DistinguishedNames added in v5.17.0 

func (o GetDynamicCredentialsResultOutput) DistinguishedNames() pulumi.StringArrayOutput

func (GetDynamicCredentialsResultOutput) ElementType added in v5.17.0 

func (GetDynamicCredentialsResultOutput) ElementType() reflect.Type

func (GetDynamicCredentialsResultOutput) Id added in v5.17.0 

func (o GetDynamicCredentialsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetDynamicCredentialsResultOutput) LeaseDuration added in v5.17.0 

func (o GetDynamicCredentialsResultOutput) LeaseDuration() pulumi.IntOutput

func (GetDynamicCredentialsResultOutput) LeaseId added in v5.17.0 

func (o GetDynamicCredentialsResultOutput) LeaseId() pulumi.StringOutput

func (GetDynamicCredentialsResultOutput) LeaseRenewable added in v5.17.0 

func (o GetDynamicCredentialsResultOutput) LeaseRenewable() pulumi.BoolOutput

func (GetDynamicCredentialsResultOutput) Mount added in v5.17.0 

func (o GetDynamicCredentialsResultOutput) Mount() pulumi.StringOutput

func (GetDynamicCredentialsResultOutput) Namespace added in v5.17.0 

func (o GetDynamicCredentialsResultOutput) Namespace() pulumi.StringPtrOutput

func (GetDynamicCredentialsResultOutput) Password added in v5.17.0 

func (o GetDynamicCredentialsResultOutput) Password() pulumi.StringOutput

func (GetDynamicCredentialsResultOutput) RoleName added in v5.17.0 

func (o GetDynamicCredentialsResultOutput) RoleName() pulumi.StringOutput

func (GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutput added in v5.17.0 

func (o GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutput() GetDynamicCredentialsResultOutput

func (GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutputWithContext added in v5.17.0 

func (o GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutputWithContext(ctx context.Context) GetDynamicCredentialsResultOutput

func (GetDynamicCredentialsResultOutput) Username added in v5.17.0 

func (o GetDynamicCredentialsResultOutput) Username() pulumi.StringOutput

type GetStaticCredentialsArgs added in v5.17.0 

type GetStaticCredentialsArgs struct {
	Mount     string  `pulumi:"mount"`
	Namespace *string `pulumi:"namespace"`
	RoleName  string  `pulumi:"roleName"`
}

A collection of arguments for invoking getStaticCredentials.

type GetStaticCredentialsOutputArgs added in v5.17.0 

type GetStaticCredentialsOutputArgs struct {
	Mount     pulumi.StringInput    `pulumi:"mount"`
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	RoleName  pulumi.StringInput    `pulumi:"roleName"`
}

A collection of arguments for invoking getStaticCredentials.

func (GetStaticCredentialsOutputArgs) ElementType added in v5.17.0 

func (GetStaticCredentialsOutputArgs) ElementType() reflect.Type

type GetStaticCredentialsResult added in v5.17.0 

type GetStaticCredentialsResult struct {
	Dn string `pulumi:"dn"`
	// The provider-assigned unique ID for this managed resource.
	Id                string  `pulumi:"id"`
	LastPassword      string  `pulumi:"lastPassword"`
	LastVaultRotation string  `pulumi:"lastVaultRotation"`
	Mount             string  `pulumi:"mount"`
	Namespace         *string `pulumi:"namespace"`
	Password          string  `pulumi:"password"`
	RoleName          string  `pulumi:"roleName"`
	RotationPeriod    int     `pulumi:"rotationPeriod"`
	Ttl               int     `pulumi:"ttl"`
	Username          string  `pulumi:"username"`
}

A collection of values returned by getStaticCredentials.

func GetStaticCredentials added in v5.17.0 

func GetStaticCredentials(ctx *pulumi.Context, args *GetStaticCredentialsArgs, opts ...pulumi.InvokeOption) (*GetStaticCredentialsResult, error)

type GetStaticCredentialsResultOutput added in v5.17.0 

type GetStaticCredentialsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getStaticCredentials.

func GetStaticCredentialsOutput added in v5.17.0 

func GetStaticCredentialsOutput(ctx *pulumi.Context, args GetStaticCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetStaticCredentialsResultOutput

func (GetStaticCredentialsResultOutput) Dn added in v5.17.0 

func (o GetStaticCredentialsResultOutput) Dn() pulumi.StringOutput

func (GetStaticCredentialsResultOutput) ElementType added in v5.17.0 

func (GetStaticCredentialsResultOutput) ElementType() reflect.Type

func (GetStaticCredentialsResultOutput) Id added in v5.17.0 

func (o GetStaticCredentialsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetStaticCredentialsResultOutput) LastPassword added in v5.17.0 

func (o GetStaticCredentialsResultOutput) LastPassword() pulumi.StringOutput

func (GetStaticCredentialsResultOutput) LastVaultRotation added in v5.17.0 

func (o GetStaticCredentialsResultOutput) LastVaultRotation() pulumi.StringOutput

func (GetStaticCredentialsResultOutput) Mount added in v5.17.0 

func (o GetStaticCredentialsResultOutput) Mount() pulumi.StringOutput

func (GetStaticCredentialsResultOutput) Namespace added in v5.17.0 

func (o GetStaticCredentialsResultOutput) Namespace() pulumi.StringPtrOutput

func (GetStaticCredentialsResultOutput) Password added in v5.17.0 

func (o GetStaticCredentialsResultOutput) Password() pulumi.StringOutput

func (GetStaticCredentialsResultOutput) RoleName added in v5.17.0 

func (o GetStaticCredentialsResultOutput) RoleName() pulumi.StringOutput

func (GetStaticCredentialsResultOutput) RotationPeriod added in v5.17.0 

func (o GetStaticCredentialsResultOutput) RotationPeriod() pulumi.IntOutput

func (GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutput added in v5.17.0 

func (o GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutput() GetStaticCredentialsResultOutput

func (GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutputWithContext added in v5.17.0 

func (o GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutputWithContext(ctx context.Context) GetStaticCredentialsResultOutput

func (GetStaticCredentialsResultOutput) Ttl added in v5.17.0 

func (o GetStaticCredentialsResultOutput) Ttl() pulumi.IntOutput

func (GetStaticCredentialsResultOutput) Username added in v5.17.0 

func (o GetStaticCredentialsResultOutput) Username() pulumi.StringOutput

type SecretBackend added in v5.13.0 

type SecretBackend struct {
	pulumi.CustomResourceState

	// Accessor of the mount
	Accessor pulumi.StringOutput `pulumi:"accessor"`
	// List of managed key registry entry names that the mount in question is allowed to access
	AllowedManagedKeys pulumi.StringArrayOutput `pulumi:"allowedManagedKeys"`
	// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
	AuditNonHmacRequestKeys pulumi.StringArrayOutput `pulumi:"auditNonHmacRequestKeys"`
	// Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
	AuditNonHmacResponseKeys pulumi.StringArrayOutput `pulumi:"auditNonHmacResponseKeys"`
	// Distinguished name of object to bind when performing user and group search.
	Binddn pulumi.StringOutput `pulumi:"binddn"`
	// Password to use along with binddn when performing user search.
	Bindpass pulumi.StringOutput `pulumi:"bindpass"`
	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	Certificate pulumi.StringPtrOutput `pulumi:"certificate"`
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsCert pulumi.StringPtrOutput `pulumi:"clientTlsCert"`
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsKey pulumi.StringPtrOutput `pulumi:"clientTlsKey"`
	// Timeout, in seconds, when attempting to connect to the LDAP server before trying
	// the next URL in the configuration.
	ConnectionTimeout pulumi.IntPtrOutput `pulumi:"connectionTimeout"`
	// Default lease duration for secrets in seconds.
	DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"`
	// Human-friendly description of the mount for the Active Directory backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// If set, opts out of mount migration on path updates.
	DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"`
	// Enable the secrets engine to access Vault's external entropy source
	ExternalEntropyAccess pulumi.BoolPtrOutput `pulumi:"externalEntropyAccess"`
	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to `false`.
	InsecureTls pulumi.BoolPtrOutput `pulumi:"insecureTls"`
	// **Deprecated** use `passwordPolicy`. The desired length of passwords that Vault generates.
	// *Mutually exclusive with `passwordPolicy` on vault-1.11+*
	//
	// Deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.
	Length pulumi.IntOutput `pulumi:"length"`
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTtlSeconds pulumi.IntOutput `pulumi:"maxLeaseTtlSeconds"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Specifies mount type specific options that are passed to the backend
	Options pulumi.MapOutput `pulumi:"options"`
	// Name of the password policy to use to generate passwords.
	PasswordPolicy pulumi.StringPtrOutput `pulumi:"passwordPolicy"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	RequestTimeout pulumi.IntOutput `pulumi:"requestTimeout"`
	// The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
	Schema pulumi.StringOutput `pulumi:"schema"`
	// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
	SealWrap pulumi.BoolOutput `pulumi:"sealWrap"`
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls pulumi.BoolOutput `pulumi:"starttls"`
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain pulumi.StringOutput `pulumi:"upndomain"`
	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
	Url pulumi.StringOutput `pulumi:"url"`
	// Attribute used when searching users. Defaults to `cn`.
	Userattr pulumi.StringOutput `pulumi:"userattr"`
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	Userdn pulumi.StringPtrOutput `pulumi:"userdn"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			InsecureTls: pulumi.Bool(true),
			Path:        pulumi.String("my-custom-ldap"),
			Url:         pulumi.String("ldaps://localhost"),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP secret backend can be imported using the `${mount}/config`, e.g.

```sh 

$ pulumi import vault:ldap/secretBackend:SecretBackend config ldap/config

```

func GetSecretBackend added in v5.13.0 

func GetSecretBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendState, opts ...pulumi.ResourceOption) (*SecretBackend, error)

GetSecretBackend gets an existing SecretBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackend added in v5.13.0 

func NewSecretBackend(ctx *pulumi.Context,
	name string, args *SecretBackendArgs, opts ...pulumi.ResourceOption) (*SecretBackend, error)

NewSecretBackend registers a new resource with the given unique name, arguments, and options.

func (*SecretBackend) ElementType added in v5.13.0 

func (*SecretBackend) ElementType() reflect.Type

func (*SecretBackend) ToSecretBackendOutput added in v5.13.0 

func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput

func (*SecretBackend) ToSecretBackendOutputWithContext added in v5.13.0 

func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

type SecretBackendArgs added in v5.13.0 

type SecretBackendArgs struct {
	// List of managed key registry entry names that the mount in question is allowed to access
	AllowedManagedKeys pulumi.StringArrayInput
	// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
	AuditNonHmacRequestKeys pulumi.StringArrayInput
	// Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
	AuditNonHmacResponseKeys pulumi.StringArrayInput
	// Distinguished name of object to bind when performing user and group search.
	Binddn pulumi.StringInput
	// Password to use along with binddn when performing user search.
	Bindpass pulumi.StringInput
	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	Certificate pulumi.StringPtrInput
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsCert pulumi.StringPtrInput
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsKey pulumi.StringPtrInput
	// Timeout, in seconds, when attempting to connect to the LDAP server before trying
	// the next URL in the configuration.
	ConnectionTimeout pulumi.IntPtrInput
	// Default lease duration for secrets in seconds.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// Human-friendly description of the mount for the Active Directory backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	DisableRemount pulumi.BoolPtrInput
	// Enable the secrets engine to access Vault's external entropy source
	ExternalEntropyAccess pulumi.BoolPtrInput
	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to `false`.
	InsecureTls pulumi.BoolPtrInput
	// **Deprecated** use `passwordPolicy`. The desired length of passwords that Vault generates.
	// *Mutually exclusive with `passwordPolicy` on vault-1.11+*
	//
	// Deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.
	Length pulumi.IntPtrInput
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	Local pulumi.BoolPtrInput
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies mount type specific options that are passed to the backend
	Options pulumi.MapInput
	// Name of the password policy to use to generate passwords.
	PasswordPolicy pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Path pulumi.StringPtrInput
	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	RequestTimeout pulumi.IntPtrInput
	// The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
	Schema pulumi.StringPtrInput
	// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
	SealWrap pulumi.BoolPtrInput
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls pulumi.BoolPtrInput
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain pulumi.StringPtrInput
	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
	Url pulumi.StringPtrInput
	// Attribute used when searching users. Defaults to `cn`.
	Userattr pulumi.StringPtrInput
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	Userdn pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackend resource.

func (SecretBackendArgs) ElementType added in v5.13.0 

func (SecretBackendArgs) ElementType() reflect.Type

type SecretBackendArray added in v5.13.0 

type SecretBackendArray []SecretBackendInput

func (SecretBackendArray) ElementType added in v5.13.0 

func (SecretBackendArray) ElementType() reflect.Type

func (SecretBackendArray) ToSecretBackendArrayOutput added in v5.13.0 

func (i SecretBackendArray) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArray) ToSecretBackendArrayOutputWithContext added in v5.13.0 

func (i SecretBackendArray) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendArrayInput added in v5.13.0 

type SecretBackendArrayInput interface {
	pulumi.Input

	ToSecretBackendArrayOutput() SecretBackendArrayOutput
	ToSecretBackendArrayOutputWithContext(context.Context) SecretBackendArrayOutput
}

SecretBackendArrayInput is an input type that accepts SecretBackendArray and SecretBackendArrayOutput values. You can construct a concrete instance of `SecretBackendArrayInput` via: 

SecretBackendArray{ SecretBackendArgs{...} }

type SecretBackendArrayOutput added in v5.13.0 

type SecretBackendArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendArrayOutput) ElementType added in v5.13.0 

func (SecretBackendArrayOutput) ElementType() reflect.Type

func (SecretBackendArrayOutput) Index added in v5.13.0 

func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutput added in v5.13.0 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext added in v5.13.0 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendDynamicRole added in v5.13.0 

type SecretBackendDynamicRole struct {
	pulumi.CustomResourceState

	// A templatized LDIF string used to create a user
	// account. This may contain multiple LDIF entries. The `creationLdif` can also
	// be used to add the user account to an existing group. All LDIF entries are
	// performed in order. If Vault encounters an error while executing the
	// `creationLdif` it will stop at the first error and not execute any remaining
	// LDIF entries. If an error occurs and `rollbackLdif` is specified, the LDIF
	// entries in `rollbackLdif` will be executed. See `rollbackLdif` for more
	// details. This field may optionally be provided as a base64 encoded string.
	CreationLdif pulumi.StringOutput `pulumi:"creationLdif"`
	// Specifies the TTL for the leases associated with this role.
	DefaultTtl pulumi.IntPtrOutput `pulumi:"defaultTtl"`
	// A templatized LDIF string used to delete the
	// user account once its TTL has expired. This may contain multiple LDIF
	// entries. All LDIF entries are performed in order. If Vault encounters an
	// error while executing an entry in the `deletionLdif` it will attempt to
	// continue executing any remaining entries. This field may optionally be
	// provided as a base64 encoded string.
	DeletionLdif pulumi.StringOutput `pulumi:"deletionLdif"`
	// Specifies the maximum TTL for the leases associated with this role.
	MaxTtl pulumi.IntPtrOutput `pulumi:"maxTtl"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Mount pulumi.StringPtrOutput `pulumi:"mount"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Name of the role.
	RoleName pulumi.StringOutput `pulumi:"roleName"`
	// A templatized LDIF string used to attempt to
	// rollback any changes in the event that execution of the `creationLdif` results
	// in an error. This may contain multiple LDIF entries. All LDIF entries are
	// performed in order. If Vault encounters an error while executing an entry in
	// the `rollbackLdif` it will attempt to continue executing any remaining
	// entries. This field may optionally be provided as a base64 encoded string.
	RollbackLdif pulumi.StringPtrOutput `pulumi:"rollbackLdif"`
	// A template used to generate a dynamic
	// username. This will be used to fill in the `.Username` field within the
	// `creationLdif` string.
	UsernameTemplate pulumi.StringPtrOutput `pulumi:"usernameTemplate"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Path:     pulumi.String("my-custom-ldap"),
			Binddn:   pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass: pulumi.String("SuperSecretPassw0rd"),
			Url:      pulumi.String("ldaps://localhost"),
			Userdn:   pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewSecretBackendDynamicRole(ctx, "role", &ldap.SecretBackendDynamicRoleArgs{
			Mount:    config.Path,
			RoleName: pulumi.String("alice"),
			CreationLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example

objectClass: person objectClass: top cn: learn sn: {{.Password | utf16le | base64}} memberOf: cn=dev,ou=groups,dc=learn,dc=example userPassword: {{.Password}} `), 

DeletionLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example

changetype: delete 

rollback_ldif = <<EOT

dn: cn={{.Username}},ou=users,dc=learn,dc=example changetype: delete `), 

		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP secret backend dynamic role can be imported using the full path to the role of the form: `<mount_path>/dynamic-role/<role_name>` e.g.

```sh 

$ pulumi import vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole role ldap/role/dynamic-role

```

func GetSecretBackendDynamicRole added in v5.13.0 

func GetSecretBackendDynamicRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendDynamicRoleState, opts ...pulumi.ResourceOption) (*SecretBackendDynamicRole, error)

GetSecretBackendDynamicRole gets an existing SecretBackendDynamicRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendDynamicRole added in v5.13.0 

func NewSecretBackendDynamicRole(ctx *pulumi.Context,
	name string, args *SecretBackendDynamicRoleArgs, opts ...pulumi.ResourceOption) (*SecretBackendDynamicRole, error)

NewSecretBackendDynamicRole registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendDynamicRole) ElementType added in v5.13.0 

func (*SecretBackendDynamicRole) ElementType() reflect.Type

func (*SecretBackendDynamicRole) ToSecretBackendDynamicRoleOutput added in v5.13.0 

func (i *SecretBackendDynamicRole) ToSecretBackendDynamicRoleOutput() SecretBackendDynamicRoleOutput

func (*SecretBackendDynamicRole) ToSecretBackendDynamicRoleOutputWithContext added in v5.13.0 

func (i *SecretBackendDynamicRole) ToSecretBackendDynamicRoleOutputWithContext(ctx context.Context) SecretBackendDynamicRoleOutput

type SecretBackendDynamicRoleArgs added in v5.13.0 

type SecretBackendDynamicRoleArgs struct {
	// A templatized LDIF string used to create a user
	// account. This may contain multiple LDIF entries. The `creationLdif` can also
	// be used to add the user account to an existing group. All LDIF entries are
	// performed in order. If Vault encounters an error while executing the
	// `creationLdif` it will stop at the first error and not execute any remaining
	// LDIF entries. If an error occurs and `rollbackLdif` is specified, the LDIF
	// entries in `rollbackLdif` will be executed. See `rollbackLdif` for more
	// details. This field may optionally be provided as a base64 encoded string.
	CreationLdif pulumi.StringInput
	// Specifies the TTL for the leases associated with this role.
	DefaultTtl pulumi.IntPtrInput
	// A templatized LDIF string used to delete the
	// user account once its TTL has expired. This may contain multiple LDIF
	// entries. All LDIF entries are performed in order. If Vault encounters an
	// error while executing an entry in the `deletionLdif` it will attempt to
	// continue executing any remaining entries. This field may optionally be
	// provided as a base64 encoded string.
	DeletionLdif pulumi.StringInput
	// Specifies the maximum TTL for the leases associated with this role.
	MaxTtl pulumi.IntPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Mount pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Name of the role.
	RoleName pulumi.StringInput
	// A templatized LDIF string used to attempt to
	// rollback any changes in the event that execution of the `creationLdif` results
	// in an error. This may contain multiple LDIF entries. All LDIF entries are
	// performed in order. If Vault encounters an error while executing an entry in
	// the `rollbackLdif` it will attempt to continue executing any remaining
	// entries. This field may optionally be provided as a base64 encoded string.
	RollbackLdif pulumi.StringPtrInput
	// A template used to generate a dynamic
	// username. This will be used to fill in the `.Username` field within the
	// `creationLdif` string.
	UsernameTemplate pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackendDynamicRole resource.

func (SecretBackendDynamicRoleArgs) ElementType added in v5.13.0 

func (SecretBackendDynamicRoleArgs) ElementType() reflect.Type

type SecretBackendDynamicRoleArray added in v5.13.0 

type SecretBackendDynamicRoleArray []SecretBackendDynamicRoleInput

func (SecretBackendDynamicRoleArray) ElementType added in v5.13.0 

func (SecretBackendDynamicRoleArray) ElementType() reflect.Type

func (SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutput added in v5.13.0 

func (i SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutput() SecretBackendDynamicRoleArrayOutput

func (SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutputWithContext added in v5.13.0 

func (i SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutputWithContext(ctx context.Context) SecretBackendDynamicRoleArrayOutput

type SecretBackendDynamicRoleArrayInput added in v5.13.0 

type SecretBackendDynamicRoleArrayInput interface {
	pulumi.Input

	ToSecretBackendDynamicRoleArrayOutput() SecretBackendDynamicRoleArrayOutput
	ToSecretBackendDynamicRoleArrayOutputWithContext(context.Context) SecretBackendDynamicRoleArrayOutput
}

SecretBackendDynamicRoleArrayInput is an input type that accepts SecretBackendDynamicRoleArray and SecretBackendDynamicRoleArrayOutput values. You can construct a concrete instance of `SecretBackendDynamicRoleArrayInput` via: 

SecretBackendDynamicRoleArray{ SecretBackendDynamicRoleArgs{...} }

type SecretBackendDynamicRoleArrayOutput added in v5.13.0 

type SecretBackendDynamicRoleArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendDynamicRoleArrayOutput) ElementType added in v5.13.0 

func (SecretBackendDynamicRoleArrayOutput) ElementType() reflect.Type

func (SecretBackendDynamicRoleArrayOutput) Index added in v5.13.0 

func (o SecretBackendDynamicRoleArrayOutput) Index(i pulumi.IntInput) SecretBackendDynamicRoleOutput

func (SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutput added in v5.13.0 

func (o SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutput() SecretBackendDynamicRoleArrayOutput

func (SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutputWithContext added in v5.13.0 

func (o SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutputWithContext(ctx context.Context) SecretBackendDynamicRoleArrayOutput

type SecretBackendDynamicRoleInput added in v5.13.0 

type SecretBackendDynamicRoleInput interface {
	pulumi.Input

	ToSecretBackendDynamicRoleOutput() SecretBackendDynamicRoleOutput
	ToSecretBackendDynamicRoleOutputWithContext(ctx context.Context) SecretBackendDynamicRoleOutput
}

type SecretBackendDynamicRoleMap added in v5.13.0 

type SecretBackendDynamicRoleMap map[string]SecretBackendDynamicRoleInput

func (SecretBackendDynamicRoleMap) ElementType added in v5.13.0 

func (SecretBackendDynamicRoleMap) ElementType() reflect.Type

func (SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutput added in v5.13.0 

func (i SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutput() SecretBackendDynamicRoleMapOutput

func (SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutputWithContext added in v5.13.0 

func (i SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutputWithContext(ctx context.Context) SecretBackendDynamicRoleMapOutput

type SecretBackendDynamicRoleMapInput added in v5.13.0 

type SecretBackendDynamicRoleMapInput interface {
	pulumi.Input

	ToSecretBackendDynamicRoleMapOutput() SecretBackendDynamicRoleMapOutput
	ToSecretBackendDynamicRoleMapOutputWithContext(context.Context) SecretBackendDynamicRoleMapOutput
}

SecretBackendDynamicRoleMapInput is an input type that accepts SecretBackendDynamicRoleMap and SecretBackendDynamicRoleMapOutput values. You can construct a concrete instance of `SecretBackendDynamicRoleMapInput` via: 

SecretBackendDynamicRoleMap{ "key": SecretBackendDynamicRoleArgs{...} }

type SecretBackendDynamicRoleMapOutput added in v5.13.0 

type SecretBackendDynamicRoleMapOutput struct{ *pulumi.OutputState }

func (SecretBackendDynamicRoleMapOutput) ElementType added in v5.13.0 

func (SecretBackendDynamicRoleMapOutput) ElementType() reflect.Type

func (SecretBackendDynamicRoleMapOutput) MapIndex added in v5.13.0 

func (o SecretBackendDynamicRoleMapOutput) MapIndex(k pulumi.StringInput) SecretBackendDynamicRoleOutput

func (SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutput added in v5.13.0 

func (o SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutput() SecretBackendDynamicRoleMapOutput

func (SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutputWithContext added in v5.13.0 

func (o SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutputWithContext(ctx context.Context) SecretBackendDynamicRoleMapOutput

type SecretBackendDynamicRoleOutput added in v5.13.0 

type SecretBackendDynamicRoleOutput struct{ *pulumi.OutputState }

func (SecretBackendDynamicRoleOutput) CreationLdif added in v5.13.0 

func (o SecretBackendDynamicRoleOutput) CreationLdif() pulumi.StringOutput

A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The `creationLdif` can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the `creationLdif` it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and `rollbackLdif` is specified, the LDIF entries in `rollbackLdif` will be executed. See `rollbackLdif` for more details. This field may optionally be provided as a base64 encoded string.

func (SecretBackendDynamicRoleOutput) DefaultTtl added in v5.13.0 

func (o SecretBackendDynamicRoleOutput) DefaultTtl() pulumi.IntPtrOutput

Specifies the TTL for the leases associated with this role.

func (SecretBackendDynamicRoleOutput) DeletionLdif added in v5.13.0 

func (o SecretBackendDynamicRoleOutput) DeletionLdif() pulumi.StringOutput

A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the `deletionLdif` it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.

func (SecretBackendDynamicRoleOutput) ElementType added in v5.13.0 

func (SecretBackendDynamicRoleOutput) ElementType() reflect.Type

func (SecretBackendDynamicRoleOutput) MaxTtl added in v5.13.0 

func (o SecretBackendDynamicRoleOutput) MaxTtl() pulumi.IntPtrOutput

Specifies the maximum TTL for the leases associated with this role.

func (SecretBackendDynamicRoleOutput) Mount added in v5.13.0 

func (o SecretBackendDynamicRoleOutput) Mount() pulumi.StringPtrOutput

The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `ldap`.

func (SecretBackendDynamicRoleOutput) Namespace added in v5.13.0 

func (o SecretBackendDynamicRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (SecretBackendDynamicRoleOutput) RoleName added in v5.13.0 

func (o SecretBackendDynamicRoleOutput) RoleName() pulumi.StringOutput

Name of the role.

func (SecretBackendDynamicRoleOutput) RollbackLdif added in v5.13.0 

func (o SecretBackendDynamicRoleOutput) RollbackLdif() pulumi.StringPtrOutput

A templatized LDIF string used to attempt to rollback any changes in the event that execution of the `creationLdif` results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the `rollbackLdif` it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.

func (SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutput added in v5.13.0 

func (o SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutput() SecretBackendDynamicRoleOutput

func (SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutputWithContext added in v5.13.0 

func (o SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutputWithContext(ctx context.Context) SecretBackendDynamicRoleOutput

func (SecretBackendDynamicRoleOutput) UsernameTemplate added in v5.13.0 

func (o SecretBackendDynamicRoleOutput) UsernameTemplate() pulumi.StringPtrOutput

A template used to generate a dynamic username. This will be used to fill in the `.Username` field within the `creationLdif` string.

type SecretBackendDynamicRoleState added in v5.13.0 

type SecretBackendDynamicRoleState struct {
	// A templatized LDIF string used to create a user
	// account. This may contain multiple LDIF entries. The `creationLdif` can also
	// be used to add the user account to an existing group. All LDIF entries are
	// performed in order. If Vault encounters an error while executing the
	// `creationLdif` it will stop at the first error and not execute any remaining
	// LDIF entries. If an error occurs and `rollbackLdif` is specified, the LDIF
	// entries in `rollbackLdif` will be executed. See `rollbackLdif` for more
	// details. This field may optionally be provided as a base64 encoded string.
	CreationLdif pulumi.StringPtrInput
	// Specifies the TTL for the leases associated with this role.
	DefaultTtl pulumi.IntPtrInput
	// A templatized LDIF string used to delete the
	// user account once its TTL has expired. This may contain multiple LDIF
	// entries. All LDIF entries are performed in order. If Vault encounters an
	// error while executing an entry in the `deletionLdif` it will attempt to
	// continue executing any remaining entries. This field may optionally be
	// provided as a base64 encoded string.
	DeletionLdif pulumi.StringPtrInput
	// Specifies the maximum TTL for the leases associated with this role.
	MaxTtl pulumi.IntPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Mount pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Name of the role.
	RoleName pulumi.StringPtrInput
	// A templatized LDIF string used to attempt to
	// rollback any changes in the event that execution of the `creationLdif` results
	// in an error. This may contain multiple LDIF entries. All LDIF entries are
	// performed in order. If Vault encounters an error while executing an entry in
	// the `rollbackLdif` it will attempt to continue executing any remaining
	// entries. This field may optionally be provided as a base64 encoded string.
	RollbackLdif pulumi.StringPtrInput
	// A template used to generate a dynamic
	// username. This will be used to fill in the `.Username` field within the
	// `creationLdif` string.
	UsernameTemplate pulumi.StringPtrInput
}

func (SecretBackendDynamicRoleState) ElementType added in v5.13.0 

func (SecretBackendDynamicRoleState) ElementType() reflect.Type

type SecretBackendInput added in v5.13.0 

type SecretBackendInput interface {
	pulumi.Input

	ToSecretBackendOutput() SecretBackendOutput
	ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
}

type SecretBackendLibrarySet added in v5.13.0 

type SecretBackendLibrarySet struct {
	pulumi.CustomResourceState

	// Disable enforcing that service
	// accounts must be checked in by the entity or client token that checked them
	// out. Defaults to false.
	DisableCheckInEnforcement pulumi.BoolPtrOutput `pulumi:"disableCheckInEnforcement"`
	// The maximum password time-to-live in seconds. Defaults
	// to the configuration maxTtl if not provided.
	MaxTtl pulumi.IntOutput `pulumi:"maxTtl"`
	// The path where the LDAP secrets backend is mounted.
	Mount pulumi.StringPtrOutput `pulumi:"mount"`
	// The name to identify this set of service accounts.
	// Must be unique within the backend.
	Name pulumi.StringOutput `pulumi:"name"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Specifies the slice of service accounts mapped to this set.
	ServiceAccountNames pulumi.StringArrayOutput `pulumi:"serviceAccountNames"`
	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	Ttl pulumi.IntOutput `pulumi:"ttl"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Path:        pulumi.String("ldap"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://localhost"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewSecretBackendLibrarySet(ctx, "qa", &ldap.SecretBackendLibrarySetArgs{
			Mount: config.Path,
			ServiceAccountNames: pulumi.StringArray{
				pulumi.String("Bob"),
				pulumi.String("Mary"),
			},
			Ttl:                       pulumi.Int(60),
			DisableCheckInEnforcement: pulumi.Bool(true),
			MaxTtl:                    pulumi.Int(120),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP secret backend libraries can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:ldap/secretBackendLibrarySet:SecretBackendLibrarySet qa ldap/library/bob

```

func GetSecretBackendLibrarySet added in v5.13.0 

func GetSecretBackendLibrarySet(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendLibrarySetState, opts ...pulumi.ResourceOption) (*SecretBackendLibrarySet, error)

GetSecretBackendLibrarySet gets an existing SecretBackendLibrarySet resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendLibrarySet added in v5.13.0 

func NewSecretBackendLibrarySet(ctx *pulumi.Context,
	name string, args *SecretBackendLibrarySetArgs, opts ...pulumi.ResourceOption) (*SecretBackendLibrarySet, error)

NewSecretBackendLibrarySet registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendLibrarySet) ElementType added in v5.13.0 

func (*SecretBackendLibrarySet) ElementType() reflect.Type

func (*SecretBackendLibrarySet) ToSecretBackendLibrarySetOutput added in v5.13.0 

func (i *SecretBackendLibrarySet) ToSecretBackendLibrarySetOutput() SecretBackendLibrarySetOutput

func (*SecretBackendLibrarySet) ToSecretBackendLibrarySetOutputWithContext added in v5.13.0 

func (i *SecretBackendLibrarySet) ToSecretBackendLibrarySetOutputWithContext(ctx context.Context) SecretBackendLibrarySetOutput

type SecretBackendLibrarySetArgs added in v5.13.0 

type SecretBackendLibrarySetArgs struct {
	// Disable enforcing that service
	// accounts must be checked in by the entity or client token that checked them
	// out. Defaults to false.
	DisableCheckInEnforcement pulumi.BoolPtrInput
	// The maximum password time-to-live in seconds. Defaults
	// to the configuration maxTtl if not provided.
	MaxTtl pulumi.IntPtrInput
	// The path where the LDAP secrets backend is mounted.
	Mount pulumi.StringPtrInput
	// The name to identify this set of service accounts.
	// Must be unique within the backend.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies the slice of service accounts mapped to this set.
	ServiceAccountNames pulumi.StringArrayInput
	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	Ttl pulumi.IntPtrInput
}

The set of arguments for constructing a SecretBackendLibrarySet resource.

func (SecretBackendLibrarySetArgs) ElementType added in v5.13.0 

func (SecretBackendLibrarySetArgs) ElementType() reflect.Type

type SecretBackendLibrarySetArray added in v5.13.0 

type SecretBackendLibrarySetArray []SecretBackendLibrarySetInput

func (SecretBackendLibrarySetArray) ElementType added in v5.13.0 

func (SecretBackendLibrarySetArray) ElementType() reflect.Type

func (SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutput added in v5.13.0 

func (i SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutput() SecretBackendLibrarySetArrayOutput

func (SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutputWithContext added in v5.13.0 

func (i SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutputWithContext(ctx context.Context) SecretBackendLibrarySetArrayOutput

type SecretBackendLibrarySetArrayInput added in v5.13.0 

type SecretBackendLibrarySetArrayInput interface {
	pulumi.Input

	ToSecretBackendLibrarySetArrayOutput() SecretBackendLibrarySetArrayOutput
	ToSecretBackendLibrarySetArrayOutputWithContext(context.Context) SecretBackendLibrarySetArrayOutput
}

SecretBackendLibrarySetArrayInput is an input type that accepts SecretBackendLibrarySetArray and SecretBackendLibrarySetArrayOutput values. You can construct a concrete instance of `SecretBackendLibrarySetArrayInput` via: 

SecretBackendLibrarySetArray{ SecretBackendLibrarySetArgs{...} }

type SecretBackendLibrarySetArrayOutput added in v5.13.0 

type SecretBackendLibrarySetArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendLibrarySetArrayOutput) ElementType added in v5.13.0 

func (SecretBackendLibrarySetArrayOutput) ElementType() reflect.Type

func (SecretBackendLibrarySetArrayOutput) Index added in v5.13.0 

func (o SecretBackendLibrarySetArrayOutput) Index(i pulumi.IntInput) SecretBackendLibrarySetOutput

func (SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutput added in v5.13.0 

func (o SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutput() SecretBackendLibrarySetArrayOutput

func (SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutputWithContext added in v5.13.0 

func (o SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutputWithContext(ctx context.Context) SecretBackendLibrarySetArrayOutput

type SecretBackendLibrarySetInput added in v5.13.0 

type SecretBackendLibrarySetInput interface {
	pulumi.Input

	ToSecretBackendLibrarySetOutput() SecretBackendLibrarySetOutput
	ToSecretBackendLibrarySetOutputWithContext(ctx context.Context) SecretBackendLibrarySetOutput
}

type SecretBackendLibrarySetMap added in v5.13.0 

type SecretBackendLibrarySetMap map[string]SecretBackendLibrarySetInput

func (SecretBackendLibrarySetMap) ElementType added in v5.13.0 

func (SecretBackendLibrarySetMap) ElementType() reflect.Type

func (SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutput added in v5.13.0 

func (i SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutput() SecretBackendLibrarySetMapOutput

func (SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutputWithContext added in v5.13.0 

func (i SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutputWithContext(ctx context.Context) SecretBackendLibrarySetMapOutput

type SecretBackendLibrarySetMapInput added in v5.13.0 

type SecretBackendLibrarySetMapInput interface {
	pulumi.Input

	ToSecretBackendLibrarySetMapOutput() SecretBackendLibrarySetMapOutput
	ToSecretBackendLibrarySetMapOutputWithContext(context.Context) SecretBackendLibrarySetMapOutput
}

SecretBackendLibrarySetMapInput is an input type that accepts SecretBackendLibrarySetMap and SecretBackendLibrarySetMapOutput values. You can construct a concrete instance of `SecretBackendLibrarySetMapInput` via: 

SecretBackendLibrarySetMap{ "key": SecretBackendLibrarySetArgs{...} }

type SecretBackendLibrarySetMapOutput added in v5.13.0 

type SecretBackendLibrarySetMapOutput struct{ *pulumi.OutputState }

func (SecretBackendLibrarySetMapOutput) ElementType added in v5.13.0 

func (SecretBackendLibrarySetMapOutput) ElementType() reflect.Type

func (SecretBackendLibrarySetMapOutput) MapIndex added in v5.13.0 

func (o SecretBackendLibrarySetMapOutput) MapIndex(k pulumi.StringInput) SecretBackendLibrarySetOutput

func (SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutput added in v5.13.0 

func (o SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutput() SecretBackendLibrarySetMapOutput

func (SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutputWithContext added in v5.13.0 

func (o SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutputWithContext(ctx context.Context) SecretBackendLibrarySetMapOutput

type SecretBackendLibrarySetOutput added in v5.13.0 

type SecretBackendLibrarySetOutput struct{ *pulumi.OutputState }

func (SecretBackendLibrarySetOutput) DisableCheckInEnforcement added in v5.13.0 

func (o SecretBackendLibrarySetOutput) DisableCheckInEnforcement() pulumi.BoolPtrOutput

Disable enforcing that service accounts must be checked in by the entity or client token that checked them out. Defaults to false.

func (SecretBackendLibrarySetOutput) ElementType added in v5.13.0 

func (SecretBackendLibrarySetOutput) ElementType() reflect.Type

func (SecretBackendLibrarySetOutput) MaxTtl added in v5.13.0 

func (o SecretBackendLibrarySetOutput) MaxTtl() pulumi.IntOutput

The maximum password time-to-live in seconds. Defaults to the configuration maxTtl if not provided.

func (SecretBackendLibrarySetOutput) Mount added in v5.13.0 

func (o SecretBackendLibrarySetOutput) Mount() pulumi.StringPtrOutput

The path where the LDAP secrets backend is mounted.

func (SecretBackendLibrarySetOutput) Name added in v5.13.0 

func (o SecretBackendLibrarySetOutput) Name() pulumi.StringOutput

The name to identify this set of service accounts. Must be unique within the backend.

func (SecretBackendLibrarySetOutput) Namespace added in v5.13.0 

func (o SecretBackendLibrarySetOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (SecretBackendLibrarySetOutput) ServiceAccountNames added in v5.13.0 

func (o SecretBackendLibrarySetOutput) ServiceAccountNames() pulumi.StringArrayOutput

Specifies the slice of service accounts mapped to this set.

func (SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutput added in v5.13.0 

func (o SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutput() SecretBackendLibrarySetOutput

func (SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutputWithContext added in v5.13.0 

func (o SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutputWithContext(ctx context.Context) SecretBackendLibrarySetOutput

func (SecretBackendLibrarySetOutput) Ttl added in v5.13.0 

func (o SecretBackendLibrarySetOutput) Ttl() pulumi.IntOutput

The password time-to-live in seconds. Defaults to the configuration ttl if not provided.

type SecretBackendLibrarySetState added in v5.13.0 

type SecretBackendLibrarySetState struct {
	// Disable enforcing that service
	// accounts must be checked in by the entity or client token that checked them
	// out. Defaults to false.
	DisableCheckInEnforcement pulumi.BoolPtrInput
	// The maximum password time-to-live in seconds. Defaults
	// to the configuration maxTtl if not provided.
	MaxTtl pulumi.IntPtrInput
	// The path where the LDAP secrets backend is mounted.
	Mount pulumi.StringPtrInput
	// The name to identify this set of service accounts.
	// Must be unique within the backend.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies the slice of service accounts mapped to this set.
	ServiceAccountNames pulumi.StringArrayInput
	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	Ttl pulumi.IntPtrInput
}

func (SecretBackendLibrarySetState) ElementType added in v5.13.0 

func (SecretBackendLibrarySetState) ElementType() reflect.Type

type SecretBackendMap added in v5.13.0 

type SecretBackendMap map[string]SecretBackendInput

func (SecretBackendMap) ElementType added in v5.13.0 

func (SecretBackendMap) ElementType() reflect.Type

func (SecretBackendMap) ToSecretBackendMapOutput added in v5.13.0 

func (i SecretBackendMap) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMap) ToSecretBackendMapOutputWithContext added in v5.13.0 

func (i SecretBackendMap) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendMapInput added in v5.13.0 

type SecretBackendMapInput interface {
	pulumi.Input

	ToSecretBackendMapOutput() SecretBackendMapOutput
	ToSecretBackendMapOutputWithContext(context.Context) SecretBackendMapOutput
}

SecretBackendMapInput is an input type that accepts SecretBackendMap and SecretBackendMapOutput values. You can construct a concrete instance of `SecretBackendMapInput` via: 

SecretBackendMap{ "key": SecretBackendArgs{...} }

type SecretBackendMapOutput added in v5.13.0 

type SecretBackendMapOutput struct{ *pulumi.OutputState }

func (SecretBackendMapOutput) ElementType added in v5.13.0 

func (SecretBackendMapOutput) ElementType() reflect.Type

func (SecretBackendMapOutput) MapIndex added in v5.13.0 

func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutput added in v5.13.0 

func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutputWithContext added in v5.13.0 

func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendOutput added in v5.13.0 

type SecretBackendOutput struct{ *pulumi.OutputState }

func (SecretBackendOutput) Accessor added in v5.13.0 

func (o SecretBackendOutput) Accessor() pulumi.StringOutput

Accessor of the mount

func (SecretBackendOutput) AllowedManagedKeys added in v5.13.0 

func (o SecretBackendOutput) AllowedManagedKeys() pulumi.StringArrayOutput

List of managed key registry entry names that the mount in question is allowed to access

func (SecretBackendOutput) AuditNonHmacRequestKeys added in v5.13.0 

func (o SecretBackendOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput

Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.

func (SecretBackendOutput) AuditNonHmacResponseKeys added in v5.13.0 

func (o SecretBackendOutput) AuditNonHmacResponseKeys() pulumi.StringArrayOutput

Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.

func (SecretBackendOutput) Binddn added in v5.13.0 

func (o SecretBackendOutput) Binddn() pulumi.StringOutput

Distinguished name of object to bind when performing user and group search.

func (SecretBackendOutput) Bindpass added in v5.13.0 

func (o SecretBackendOutput) Bindpass() pulumi.StringOutput

Password to use along with binddn when performing user search.

func (SecretBackendOutput) Certificate added in v5.13.0 

func (o SecretBackendOutput) Certificate() pulumi.StringPtrOutput

CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.

func (SecretBackendOutput) ClientTlsCert added in v5.13.0 

func (o SecretBackendOutput) ClientTlsCert() pulumi.StringPtrOutput

Client certificate to provide to the LDAP server, must be x509 PEM encoded.

func (SecretBackendOutput) ClientTlsKey added in v5.13.0 

func (o SecretBackendOutput) ClientTlsKey() pulumi.StringPtrOutput

Client certificate key to provide to the LDAP server, must be x509 PEM encoded.

func (SecretBackendOutput) ConnectionTimeout added in v5.13.0 

func (o SecretBackendOutput) ConnectionTimeout() pulumi.IntPtrOutput

Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.

func (SecretBackendOutput) DefaultLeaseTtlSeconds added in v5.13.0 

func (o SecretBackendOutput) DefaultLeaseTtlSeconds() pulumi.IntOutput

Default lease duration for secrets in seconds.

func (SecretBackendOutput) Description added in v5.13.0 

func (o SecretBackendOutput) Description() pulumi.StringPtrOutput

Human-friendly description of the mount for the Active Directory backend.

func (SecretBackendOutput) DisableRemount added in v5.13.0 

func (o SecretBackendOutput) DisableRemount() pulumi.BoolPtrOutput

If set, opts out of mount migration on path updates.

func (SecretBackendOutput) ElementType added in v5.13.0 

func (SecretBackendOutput) ElementType() reflect.Type

func (SecretBackendOutput) ExternalEntropyAccess added in v5.13.0 

func (o SecretBackendOutput) ExternalEntropyAccess() pulumi.BoolPtrOutput

Enable the secrets engine to access Vault's external entropy source

func (SecretBackendOutput) InsecureTls added in v5.13.0 

func (o SecretBackendOutput) InsecureTls() pulumi.BoolPtrOutput

Skip LDAP server SSL Certificate verification. This is not recommended for production. Defaults to `false`.

func (SecretBackendOutput) Length deprecated added in v5.13.0 

func (o SecretBackendOutput) Length() pulumi.IntOutput

**Deprecated** use `passwordPolicy`. The desired length of passwords that Vault generates. *Mutually exclusive with `passwordPolicy` on vault-1.11+*

Deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.

func (SecretBackendOutput) Local added in v5.13.0 

func (o SecretBackendOutput) Local() pulumi.BoolPtrOutput

Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.

func (SecretBackendOutput) MaxLeaseTtlSeconds added in v5.13.0 

func (o SecretBackendOutput) MaxLeaseTtlSeconds() pulumi.IntOutput

Maximum possible lease duration for secrets in seconds.

func (SecretBackendOutput) Namespace added in v5.13.0 

func (o SecretBackendOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (SecretBackendOutput) Options added in v5.13.0 

func (o SecretBackendOutput) Options() pulumi.MapOutput

Specifies mount type specific options that are passed to the backend

func (SecretBackendOutput) PasswordPolicy added in v5.13.0 

func (o SecretBackendOutput) PasswordPolicy() pulumi.StringPtrOutput

Name of the password policy to use to generate passwords.

func (SecretBackendOutput) Path added in v5.13.0 

func (o SecretBackendOutput) Path() pulumi.StringPtrOutput

The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `ldap`.

func (SecretBackendOutput) RequestTimeout added in v5.13.0 

func (o SecretBackendOutput) RequestTimeout() pulumi.IntOutput

Timeout, in seconds, for the connection when making requests against the server before returning back an error.

func (SecretBackendOutput) Schema added in v5.13.0 

func (o SecretBackendOutput) Schema() pulumi.StringOutput

The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.

func (SecretBackendOutput) SealWrap added in v5.13.0 

func (o SecretBackendOutput) SealWrap() pulumi.BoolOutput

Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability

func (SecretBackendOutput) Starttls added in v5.13.0 

func (o SecretBackendOutput) Starttls() pulumi.BoolOutput

Issue a StartTLS command after establishing unencrypted connection.

func (SecretBackendOutput) ToSecretBackendOutput added in v5.13.0 

func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendOutputWithContext added in v5.13.0 

func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

func (SecretBackendOutput) Upndomain added in v5.13.0 

func (o SecretBackendOutput) Upndomain() pulumi.StringOutput

Enables userPrincipalDomain login with [username]@UPNDomain.

func (SecretBackendOutput) Url added in v5.13.0 

func (o SecretBackendOutput) Url() pulumi.StringOutput

LDAP URL to connect to. Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.

func (SecretBackendOutput) Userattr added in v5.13.0 

func (o SecretBackendOutput) Userattr() pulumi.StringOutput

Attribute used when searching users. Defaults to `cn`.

func (SecretBackendOutput) Userdn added in v5.13.0 

func (o SecretBackendOutput) Userdn() pulumi.StringPtrOutput

LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.

type SecretBackendState added in v5.13.0 

type SecretBackendState struct {
	// Accessor of the mount
	Accessor pulumi.StringPtrInput
	// List of managed key registry entry names that the mount in question is allowed to access
	AllowedManagedKeys pulumi.StringArrayInput
	// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
	AuditNonHmacRequestKeys pulumi.StringArrayInput
	// Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
	AuditNonHmacResponseKeys pulumi.StringArrayInput
	// Distinguished name of object to bind when performing user and group search.
	Binddn pulumi.StringPtrInput
	// Password to use along with binddn when performing user search.
	Bindpass pulumi.StringPtrInput
	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	Certificate pulumi.StringPtrInput
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsCert pulumi.StringPtrInput
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsKey pulumi.StringPtrInput
	// Timeout, in seconds, when attempting to connect to the LDAP server before trying
	// the next URL in the configuration.
	ConnectionTimeout pulumi.IntPtrInput
	// Default lease duration for secrets in seconds.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// Human-friendly description of the mount for the Active Directory backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	DisableRemount pulumi.BoolPtrInput
	// Enable the secrets engine to access Vault's external entropy source
	ExternalEntropyAccess pulumi.BoolPtrInput
	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to `false`.
	InsecureTls pulumi.BoolPtrInput
	// **Deprecated** use `passwordPolicy`. The desired length of passwords that Vault generates.
	// *Mutually exclusive with `passwordPolicy` on vault-1.11+*
	//
	// Deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.
	Length pulumi.IntPtrInput
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	Local pulumi.BoolPtrInput
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies mount type specific options that are passed to the backend
	Options pulumi.MapInput
	// Name of the password policy to use to generate passwords.
	PasswordPolicy pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Path pulumi.StringPtrInput
	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	RequestTimeout pulumi.IntPtrInput
	// The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
	Schema pulumi.StringPtrInput
	// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
	SealWrap pulumi.BoolPtrInput
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls pulumi.BoolPtrInput
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain pulumi.StringPtrInput
	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
	Url pulumi.StringPtrInput
	// Attribute used when searching users. Defaults to `cn`.
	Userattr pulumi.StringPtrInput
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	Userdn pulumi.StringPtrInput
}

func (SecretBackendState) ElementType added in v5.13.0 

func (SecretBackendState) ElementType() reflect.Type

type SecretBackendStaticRole added in v5.13.0 

type SecretBackendStaticRole struct {
	pulumi.CustomResourceState

	// Distinguished name (DN) of the existing LDAP entry to manage
	// password rotation for. If given, it will take precedence over `username` for the LDAP
	// search performed during password rotation. Cannot be modified after creation.
	Dn pulumi.StringPtrOutput `pulumi:"dn"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Mount pulumi.StringPtrOutput `pulumi:"mount"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Name of the role.
	RoleName pulumi.StringOutput `pulumi:"roleName"`
	// How often Vault should rotate the password of the user entry.
	RotationPeriod pulumi.IntOutput `pulumi:"rotationPeriod"`
	// The username of the existing LDAP entry to manage password rotation for.
	Username pulumi.StringOutput `pulumi:"username"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Path:        pulumi.String("my-custom-ldap"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://localhost"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewSecretBackendStaticRole(ctx, "role", &ldap.SecretBackendStaticRoleArgs{
			Mount:          config.Path,
			Username:       pulumi.String("alice"),
			Dn:             pulumi.String("cn=alice,ou=Users,DC=corp,DC=example,DC=net"),
			RoleName:       pulumi.String("alice"),
			RotationPeriod: pulumi.Int(60),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP secret backend static role can be imported using the full path to the role of the form: `<mount_path>/static-role/<role_name>` e.g.

```sh 

$ pulumi import vault:ldap/secretBackendStaticRole:SecretBackendStaticRole role ldap/static-role/example-role

```

func GetSecretBackendStaticRole added in v5.13.0 

func GetSecretBackendStaticRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendStaticRoleState, opts ...pulumi.ResourceOption) (*SecretBackendStaticRole, error)

GetSecretBackendStaticRole gets an existing SecretBackendStaticRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendStaticRole added in v5.13.0 

func NewSecretBackendStaticRole(ctx *pulumi.Context,
	name string, args *SecretBackendStaticRoleArgs, opts ...pulumi.ResourceOption) (*SecretBackendStaticRole, error)

NewSecretBackendStaticRole registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendStaticRole) ElementType added in v5.13.0 

func (*SecretBackendStaticRole) ElementType() reflect.Type

func (*SecretBackendStaticRole) ToSecretBackendStaticRoleOutput added in v5.13.0 

func (i *SecretBackendStaticRole) ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput

func (*SecretBackendStaticRole) ToSecretBackendStaticRoleOutputWithContext added in v5.13.0 

func (i *SecretBackendStaticRole) ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput

type SecretBackendStaticRoleArgs added in v5.13.0 

type SecretBackendStaticRoleArgs struct {
	// Distinguished name (DN) of the existing LDAP entry to manage
	// password rotation for. If given, it will take precedence over `username` for the LDAP
	// search performed during password rotation. Cannot be modified after creation.
	Dn pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Mount pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Name of the role.
	RoleName pulumi.StringInput
	// How often Vault should rotate the password of the user entry.
	RotationPeriod pulumi.IntInput
	// The username of the existing LDAP entry to manage password rotation for.
	Username pulumi.StringInput
}

The set of arguments for constructing a SecretBackendStaticRole resource.

func (SecretBackendStaticRoleArgs) ElementType added in v5.13.0 

func (SecretBackendStaticRoleArgs) ElementType() reflect.Type

type SecretBackendStaticRoleArray added in v5.13.0 

type SecretBackendStaticRoleArray []SecretBackendStaticRoleInput

func (SecretBackendStaticRoleArray) ElementType added in v5.13.0 

func (SecretBackendStaticRoleArray) ElementType() reflect.Type

func (SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutput added in v5.13.0 

func (i SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput

func (SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutputWithContext added in v5.13.0 

func (i SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutputWithContext(ctx context.Context) SecretBackendStaticRoleArrayOutput

type SecretBackendStaticRoleArrayInput added in v5.13.0 

type SecretBackendStaticRoleArrayInput interface {
	pulumi.Input

	ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput
	ToSecretBackendStaticRoleArrayOutputWithContext(context.Context) SecretBackendStaticRoleArrayOutput
}

SecretBackendStaticRoleArrayInput is an input type that accepts SecretBackendStaticRoleArray and SecretBackendStaticRoleArrayOutput values. You can construct a concrete instance of `SecretBackendStaticRoleArrayInput` via: 

SecretBackendStaticRoleArray{ SecretBackendStaticRoleArgs{...} }

type SecretBackendStaticRoleArrayOutput added in v5.13.0 

type SecretBackendStaticRoleArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendStaticRoleArrayOutput) ElementType added in v5.13.0 

func (SecretBackendStaticRoleArrayOutput) ElementType() reflect.Type

func (SecretBackendStaticRoleArrayOutput) Index added in v5.13.0 

func (o SecretBackendStaticRoleArrayOutput) Index(i pulumi.IntInput) SecretBackendStaticRoleOutput

func (SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutput added in v5.13.0 

func (o SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput

func (SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutputWithContext added in v5.13.0 

func (o SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutputWithContext(ctx context.Context) SecretBackendStaticRoleArrayOutput

type SecretBackendStaticRoleInput added in v5.13.0 

type SecretBackendStaticRoleInput interface {
	pulumi.Input

	ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput
	ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput
}

type SecretBackendStaticRoleMap added in v5.13.0 

type SecretBackendStaticRoleMap map[string]SecretBackendStaticRoleInput

func (SecretBackendStaticRoleMap) ElementType added in v5.13.0 

func (SecretBackendStaticRoleMap) ElementType() reflect.Type

func (SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutput added in v5.13.0 

func (i SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput

func (SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutputWithContext added in v5.13.0 

func (i SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutputWithContext(ctx context.Context) SecretBackendStaticRoleMapOutput

type SecretBackendStaticRoleMapInput added in v5.13.0 

type SecretBackendStaticRoleMapInput interface {
	pulumi.Input

	ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput
	ToSecretBackendStaticRoleMapOutputWithContext(context.Context) SecretBackendStaticRoleMapOutput
}

SecretBackendStaticRoleMapInput is an input type that accepts SecretBackendStaticRoleMap and SecretBackendStaticRoleMapOutput values. You can construct a concrete instance of `SecretBackendStaticRoleMapInput` via: 

SecretBackendStaticRoleMap{ "key": SecretBackendStaticRoleArgs{...} }

type SecretBackendStaticRoleMapOutput added in v5.13.0 

type SecretBackendStaticRoleMapOutput struct{ *pulumi.OutputState }

func (SecretBackendStaticRoleMapOutput) ElementType added in v5.13.0 

func (SecretBackendStaticRoleMapOutput) ElementType() reflect.Type

func (SecretBackendStaticRoleMapOutput) MapIndex added in v5.13.0 

func (o SecretBackendStaticRoleMapOutput) MapIndex(k pulumi.StringInput) SecretBackendStaticRoleOutput

func (SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutput added in v5.13.0 

func (o SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput

func (SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutputWithContext added in v5.13.0 

func (o SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutputWithContext(ctx context.Context) SecretBackendStaticRoleMapOutput

type SecretBackendStaticRoleOutput added in v5.13.0 

type SecretBackendStaticRoleOutput struct{ *pulumi.OutputState }

func (SecretBackendStaticRoleOutput) Dn added in v5.13.0 

func (o SecretBackendStaticRoleOutput) Dn() pulumi.StringPtrOutput

Distinguished name (DN) of the existing LDAP entry to manage password rotation for. If given, it will take precedence over `username` for the LDAP search performed during password rotation. Cannot be modified after creation.

func (SecretBackendStaticRoleOutput) ElementType added in v5.13.0 

func (SecretBackendStaticRoleOutput) ElementType() reflect.Type

func (SecretBackendStaticRoleOutput) Mount added in v5.13.0 

func (o SecretBackendStaticRoleOutput) Mount() pulumi.StringPtrOutput

The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `ldap`.

func (SecretBackendStaticRoleOutput) Namespace added in v5.13.0 

func (o SecretBackendStaticRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.

func (SecretBackendStaticRoleOutput) RoleName added in v5.13.0 

func (o SecretBackendStaticRoleOutput) RoleName() pulumi.StringOutput

Name of the role.

func (SecretBackendStaticRoleOutput) RotationPeriod added in v5.13.0 

func (o SecretBackendStaticRoleOutput) RotationPeriod() pulumi.IntOutput

How often Vault should rotate the password of the user entry.

func (SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutput added in v5.13.0 

func (o SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput

func (SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutputWithContext added in v5.13.0 

func (o SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput

func (SecretBackendStaticRoleOutput) Username added in v5.13.0 

func (o SecretBackendStaticRoleOutput) Username() pulumi.StringOutput

The username of the existing LDAP entry to manage password rotation for.

type SecretBackendStaticRoleState added in v5.13.0 

type SecretBackendStaticRoleState struct {
	// Distinguished name (DN) of the existing LDAP entry to manage
	// password rotation for. If given, it will take precedence over `username` for the LDAP
	// search performed during password rotation. Cannot be modified after creation.
	Dn pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Mount pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Name of the role.
	RoleName pulumi.StringPtrInput
	// How often Vault should rotate the password of the user entry.
	RotationPeriod pulumi.IntPtrInput
	// The username of the existing LDAP entry to manage password rotation for.
	Username pulumi.StringPtrInput
}

func (SecretBackendStaticRoleState) ElementType added in v5.13.0 

func (SecretBackendStaticRoleState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.