Documentation ¶
Index ¶
- type AuthBackend
- type AuthBackendArgs
- type AuthBackendArray
- type AuthBackendArrayInput
- type AuthBackendArrayOutput
- func (AuthBackendArrayOutput) ElementType() reflect.Type
- func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput
- func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput
- func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput
- type AuthBackendGroup
- type AuthBackendGroupArgs
- type AuthBackendGroupArray
- type AuthBackendGroupArrayInput
- type AuthBackendGroupArrayOutput
- func (AuthBackendGroupArrayOutput) ElementType() reflect.Type
- func (o AuthBackendGroupArrayOutput) Index(i pulumi.IntInput) AuthBackendGroupOutput
- func (o AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput
- func (o AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutputWithContext(ctx context.Context) AuthBackendGroupArrayOutput
- type AuthBackendGroupInput
- type AuthBackendGroupMap
- type AuthBackendGroupMapInput
- type AuthBackendGroupMapOutput
- func (AuthBackendGroupMapOutput) ElementType() reflect.Type
- func (o AuthBackendGroupMapOutput) MapIndex(k pulumi.StringInput) AuthBackendGroupOutput
- func (o AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput
- func (o AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutputWithContext(ctx context.Context) AuthBackendGroupMapOutput
- type AuthBackendGroupOutput
- func (o AuthBackendGroupOutput) Backend() pulumi.StringPtrOutput
- func (AuthBackendGroupOutput) ElementType() reflect.Type
- func (o AuthBackendGroupOutput) Groupname() pulumi.StringOutput
- func (o AuthBackendGroupOutput) Namespace() pulumi.StringPtrOutput
- func (o AuthBackendGroupOutput) Policies() pulumi.StringArrayOutput
- func (o AuthBackendGroupOutput) ToAuthBackendGroupOutput() AuthBackendGroupOutput
- func (o AuthBackendGroupOutput) ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput
- type AuthBackendGroupState
- type AuthBackendInput
- type AuthBackendMap
- type AuthBackendMapInput
- type AuthBackendMapOutput
- func (AuthBackendMapOutput) ElementType() reflect.Type
- func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput
- func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput
- func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput
- type AuthBackendOutput
- func (o AuthBackendOutput) Accessor() pulumi.StringOutput
- func (o AuthBackendOutput) Binddn() pulumi.StringOutput
- func (o AuthBackendOutput) Bindpass() pulumi.StringOutput
- func (o AuthBackendOutput) CaseSensitiveNames() pulumi.BoolOutput
- func (o AuthBackendOutput) Certificate() pulumi.StringOutput
- func (o AuthBackendOutput) ClientTlsCert() pulumi.StringOutput
- func (o AuthBackendOutput) ClientTlsKey() pulumi.StringOutput
- func (o AuthBackendOutput) DenyNullBind() pulumi.BoolOutput
- func (o AuthBackendOutput) Description() pulumi.StringOutput
- func (o AuthBackendOutput) DisableRemount() pulumi.BoolPtrOutput
- func (o AuthBackendOutput) Discoverdn() pulumi.BoolOutput
- func (AuthBackendOutput) ElementType() reflect.Type
- func (o AuthBackendOutput) Groupattr() pulumi.StringOutput
- func (o AuthBackendOutput) Groupdn() pulumi.StringOutput
- func (o AuthBackendOutput) Groupfilter() pulumi.StringOutput
- func (o AuthBackendOutput) InsecureTls() pulumi.BoolOutput
- func (o AuthBackendOutput) Local() pulumi.BoolPtrOutput
- func (o AuthBackendOutput) MaxPageSize() pulumi.IntPtrOutput
- func (o AuthBackendOutput) Namespace() pulumi.StringPtrOutput
- func (o AuthBackendOutput) Path() pulumi.StringPtrOutput
- func (o AuthBackendOutput) Starttls() pulumi.BoolOutput
- func (o AuthBackendOutput) TlsMaxVersion() pulumi.StringOutput
- func (o AuthBackendOutput) TlsMinVersion() pulumi.StringOutput
- func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput
- func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
- func (o AuthBackendOutput) TokenBoundCidrs() pulumi.StringArrayOutput
- func (o AuthBackendOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput
- func (o AuthBackendOutput) TokenMaxTtl() pulumi.IntPtrOutput
- func (o AuthBackendOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput
- func (o AuthBackendOutput) TokenNumUses() pulumi.IntPtrOutput
- func (o AuthBackendOutput) TokenPeriod() pulumi.IntPtrOutput
- func (o AuthBackendOutput) TokenPolicies() pulumi.StringArrayOutput
- func (o AuthBackendOutput) TokenTtl() pulumi.IntPtrOutput
- func (o AuthBackendOutput) TokenType() pulumi.StringPtrOutput
- func (o AuthBackendOutput) Upndomain() pulumi.StringOutput
- func (o AuthBackendOutput) Url() pulumi.StringOutput
- func (o AuthBackendOutput) UseTokenGroups() pulumi.BoolOutput
- func (o AuthBackendOutput) Userattr() pulumi.StringOutput
- func (o AuthBackendOutput) Userdn() pulumi.StringOutput
- func (o AuthBackendOutput) Userfilter() pulumi.StringOutput
- func (o AuthBackendOutput) UsernameAsAlias() pulumi.BoolOutput
- type AuthBackendState
- type AuthBackendUser
- type AuthBackendUserArgs
- type AuthBackendUserArray
- type AuthBackendUserArrayInput
- type AuthBackendUserArrayOutput
- func (AuthBackendUserArrayOutput) ElementType() reflect.Type
- func (o AuthBackendUserArrayOutput) Index(i pulumi.IntInput) AuthBackendUserOutput
- func (o AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput
- func (o AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutputWithContext(ctx context.Context) AuthBackendUserArrayOutput
- type AuthBackendUserInput
- type AuthBackendUserMap
- type AuthBackendUserMapInput
- type AuthBackendUserMapOutput
- func (AuthBackendUserMapOutput) ElementType() reflect.Type
- func (o AuthBackendUserMapOutput) MapIndex(k pulumi.StringInput) AuthBackendUserOutput
- func (o AuthBackendUserMapOutput) ToAuthBackendUserMapOutput() AuthBackendUserMapOutput
- func (o AuthBackendUserMapOutput) ToAuthBackendUserMapOutputWithContext(ctx context.Context) AuthBackendUserMapOutput
- type AuthBackendUserOutput
- func (o AuthBackendUserOutput) Backend() pulumi.StringPtrOutput
- func (AuthBackendUserOutput) ElementType() reflect.Type
- func (o AuthBackendUserOutput) Groups() pulumi.StringArrayOutput
- func (o AuthBackendUserOutput) Namespace() pulumi.StringPtrOutput
- func (o AuthBackendUserOutput) Policies() pulumi.StringArrayOutput
- func (o AuthBackendUserOutput) ToAuthBackendUserOutput() AuthBackendUserOutput
- func (o AuthBackendUserOutput) ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput
- func (o AuthBackendUserOutput) Username() pulumi.StringOutput
- type AuthBackendUserState
- type GetDynamicCredentialsArgs
- type GetDynamicCredentialsOutputArgs
- type GetDynamicCredentialsResult
- type GetDynamicCredentialsResultOutput
- func (o GetDynamicCredentialsResultOutput) DistinguishedNames() pulumi.StringArrayOutput
- func (GetDynamicCredentialsResultOutput) ElementType() reflect.Type
- func (o GetDynamicCredentialsResultOutput) Id() pulumi.StringOutput
- func (o GetDynamicCredentialsResultOutput) LeaseDuration() pulumi.IntOutput
- func (o GetDynamicCredentialsResultOutput) LeaseId() pulumi.StringOutput
- func (o GetDynamicCredentialsResultOutput) LeaseRenewable() pulumi.BoolOutput
- func (o GetDynamicCredentialsResultOutput) Mount() pulumi.StringOutput
- func (o GetDynamicCredentialsResultOutput) Namespace() pulumi.StringPtrOutput
- func (o GetDynamicCredentialsResultOutput) Password() pulumi.StringOutput
- func (o GetDynamicCredentialsResultOutput) RoleName() pulumi.StringOutput
- func (o GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutput() GetDynamicCredentialsResultOutput
- func (o GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutputWithContext(ctx context.Context) GetDynamicCredentialsResultOutput
- func (o GetDynamicCredentialsResultOutput) Username() pulumi.StringOutput
- type GetStaticCredentialsArgs
- type GetStaticCredentialsOutputArgs
- type GetStaticCredentialsResult
- type GetStaticCredentialsResultOutput
- func (o GetStaticCredentialsResultOutput) Dn() pulumi.StringOutput
- func (GetStaticCredentialsResultOutput) ElementType() reflect.Type
- func (o GetStaticCredentialsResultOutput) Id() pulumi.StringOutput
- func (o GetStaticCredentialsResultOutput) LastPassword() pulumi.StringOutput
- func (o GetStaticCredentialsResultOutput) LastVaultRotation() pulumi.StringOutput
- func (o GetStaticCredentialsResultOutput) Mount() pulumi.StringOutput
- func (o GetStaticCredentialsResultOutput) Namespace() pulumi.StringPtrOutput
- func (o GetStaticCredentialsResultOutput) Password() pulumi.StringOutput
- func (o GetStaticCredentialsResultOutput) RoleName() pulumi.StringOutput
- func (o GetStaticCredentialsResultOutput) RotationPeriod() pulumi.IntOutput
- func (o GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutput() GetStaticCredentialsResultOutput
- func (o GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutputWithContext(ctx context.Context) GetStaticCredentialsResultOutput
- func (o GetStaticCredentialsResultOutput) Ttl() pulumi.IntOutput
- func (o GetStaticCredentialsResultOutput) Username() pulumi.StringOutput
- type SecretBackend
- type SecretBackendArgs
- type SecretBackendArray
- type SecretBackendArrayInput
- type SecretBackendArrayOutput
- func (SecretBackendArrayOutput) ElementType() reflect.Type
- func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput
- func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput
- func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput
- type SecretBackendDynamicRole
- type SecretBackendDynamicRoleArgs
- type SecretBackendDynamicRoleArray
- func (SecretBackendDynamicRoleArray) ElementType() reflect.Type
- func (i SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutput() SecretBackendDynamicRoleArrayOutput
- func (i SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutputWithContext(ctx context.Context) SecretBackendDynamicRoleArrayOutput
- type SecretBackendDynamicRoleArrayInput
- type SecretBackendDynamicRoleArrayOutput
- func (SecretBackendDynamicRoleArrayOutput) ElementType() reflect.Type
- func (o SecretBackendDynamicRoleArrayOutput) Index(i pulumi.IntInput) SecretBackendDynamicRoleOutput
- func (o SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutput() SecretBackendDynamicRoleArrayOutput
- func (o SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutputWithContext(ctx context.Context) SecretBackendDynamicRoleArrayOutput
- type SecretBackendDynamicRoleInput
- type SecretBackendDynamicRoleMap
- func (SecretBackendDynamicRoleMap) ElementType() reflect.Type
- func (i SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutput() SecretBackendDynamicRoleMapOutput
- func (i SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutputWithContext(ctx context.Context) SecretBackendDynamicRoleMapOutput
- type SecretBackendDynamicRoleMapInput
- type SecretBackendDynamicRoleMapOutput
- func (SecretBackendDynamicRoleMapOutput) ElementType() reflect.Type
- func (o SecretBackendDynamicRoleMapOutput) MapIndex(k pulumi.StringInput) SecretBackendDynamicRoleOutput
- func (o SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutput() SecretBackendDynamicRoleMapOutput
- func (o SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutputWithContext(ctx context.Context) SecretBackendDynamicRoleMapOutput
- type SecretBackendDynamicRoleOutput
- func (o SecretBackendDynamicRoleOutput) CreationLdif() pulumi.StringOutput
- func (o SecretBackendDynamicRoleOutput) DefaultTtl() pulumi.IntPtrOutput
- func (o SecretBackendDynamicRoleOutput) DeletionLdif() pulumi.StringOutput
- func (SecretBackendDynamicRoleOutput) ElementType() reflect.Type
- func (o SecretBackendDynamicRoleOutput) MaxTtl() pulumi.IntPtrOutput
- func (o SecretBackendDynamicRoleOutput) Mount() pulumi.StringPtrOutput
- func (o SecretBackendDynamicRoleOutput) Namespace() pulumi.StringPtrOutput
- func (o SecretBackendDynamicRoleOutput) RoleName() pulumi.StringOutput
- func (o SecretBackendDynamicRoleOutput) RollbackLdif() pulumi.StringPtrOutput
- func (o SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutput() SecretBackendDynamicRoleOutput
- func (o SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutputWithContext(ctx context.Context) SecretBackendDynamicRoleOutput
- func (o SecretBackendDynamicRoleOutput) UsernameTemplate() pulumi.StringPtrOutput
- type SecretBackendDynamicRoleState
- type SecretBackendInput
- type SecretBackendLibrarySet
- type SecretBackendLibrarySetArgs
- type SecretBackendLibrarySetArray
- func (SecretBackendLibrarySetArray) ElementType() reflect.Type
- func (i SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutput() SecretBackendLibrarySetArrayOutput
- func (i SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutputWithContext(ctx context.Context) SecretBackendLibrarySetArrayOutput
- type SecretBackendLibrarySetArrayInput
- type SecretBackendLibrarySetArrayOutput
- func (SecretBackendLibrarySetArrayOutput) ElementType() reflect.Type
- func (o SecretBackendLibrarySetArrayOutput) Index(i pulumi.IntInput) SecretBackendLibrarySetOutput
- func (o SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutput() SecretBackendLibrarySetArrayOutput
- func (o SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutputWithContext(ctx context.Context) SecretBackendLibrarySetArrayOutput
- type SecretBackendLibrarySetInput
- type SecretBackendLibrarySetMap
- func (SecretBackendLibrarySetMap) ElementType() reflect.Type
- func (i SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutput() SecretBackendLibrarySetMapOutput
- func (i SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutputWithContext(ctx context.Context) SecretBackendLibrarySetMapOutput
- type SecretBackendLibrarySetMapInput
- type SecretBackendLibrarySetMapOutput
- func (SecretBackendLibrarySetMapOutput) ElementType() reflect.Type
- func (o SecretBackendLibrarySetMapOutput) MapIndex(k pulumi.StringInput) SecretBackendLibrarySetOutput
- func (o SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutput() SecretBackendLibrarySetMapOutput
- func (o SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutputWithContext(ctx context.Context) SecretBackendLibrarySetMapOutput
- type SecretBackendLibrarySetOutput
- func (o SecretBackendLibrarySetOutput) DisableCheckInEnforcement() pulumi.BoolPtrOutput
- func (SecretBackendLibrarySetOutput) ElementType() reflect.Type
- func (o SecretBackendLibrarySetOutput) MaxTtl() pulumi.IntOutput
- func (o SecretBackendLibrarySetOutput) Mount() pulumi.StringPtrOutput
- func (o SecretBackendLibrarySetOutput) Name() pulumi.StringOutput
- func (o SecretBackendLibrarySetOutput) Namespace() pulumi.StringPtrOutput
- func (o SecretBackendLibrarySetOutput) ServiceAccountNames() pulumi.StringArrayOutput
- func (o SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutput() SecretBackendLibrarySetOutput
- func (o SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutputWithContext(ctx context.Context) SecretBackendLibrarySetOutput
- func (o SecretBackendLibrarySetOutput) Ttl() pulumi.IntOutput
- type SecretBackendLibrarySetState
- type SecretBackendMap
- type SecretBackendMapInput
- type SecretBackendMapOutput
- func (SecretBackendMapOutput) ElementType() reflect.Type
- func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput
- func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput
- func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput
- type SecretBackendOutput
- func (o SecretBackendOutput) Accessor() pulumi.StringOutput
- func (o SecretBackendOutput) AllowedManagedKeys() pulumi.StringArrayOutput
- func (o SecretBackendOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput
- func (o SecretBackendOutput) AuditNonHmacResponseKeys() pulumi.StringArrayOutput
- func (o SecretBackendOutput) Binddn() pulumi.StringOutput
- func (o SecretBackendOutput) Bindpass() pulumi.StringOutput
- func (o SecretBackendOutput) Certificate() pulumi.StringPtrOutput
- func (o SecretBackendOutput) ClientTlsCert() pulumi.StringPtrOutput
- func (o SecretBackendOutput) ClientTlsKey() pulumi.StringPtrOutput
- func (o SecretBackendOutput) ConnectionTimeout() pulumi.IntPtrOutput
- func (o SecretBackendOutput) DefaultLeaseTtlSeconds() pulumi.IntOutput
- func (o SecretBackendOutput) Description() pulumi.StringPtrOutput
- func (o SecretBackendOutput) DisableRemount() pulumi.BoolPtrOutput
- func (SecretBackendOutput) ElementType() reflect.Type
- func (o SecretBackendOutput) ExternalEntropyAccess() pulumi.BoolPtrOutput
- func (o SecretBackendOutput) InsecureTls() pulumi.BoolPtrOutput
- func (o SecretBackendOutput) Length() pulumi.IntOutputdeprecated
- func (o SecretBackendOutput) Local() pulumi.BoolPtrOutput
- func (o SecretBackendOutput) MaxLeaseTtlSeconds() pulumi.IntOutput
- func (o SecretBackendOutput) Namespace() pulumi.StringPtrOutput
- func (o SecretBackendOutput) Options() pulumi.MapOutput
- func (o SecretBackendOutput) PasswordPolicy() pulumi.StringPtrOutput
- func (o SecretBackendOutput) Path() pulumi.StringPtrOutput
- func (o SecretBackendOutput) RequestTimeout() pulumi.IntOutput
- func (o SecretBackendOutput) Schema() pulumi.StringOutput
- func (o SecretBackendOutput) SealWrap() pulumi.BoolOutput
- func (o SecretBackendOutput) Starttls() pulumi.BoolOutput
- func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput
- func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
- func (o SecretBackendOutput) Upndomain() pulumi.StringOutput
- func (o SecretBackendOutput) Url() pulumi.StringOutput
- func (o SecretBackendOutput) Userattr() pulumi.StringOutput
- func (o SecretBackendOutput) Userdn() pulumi.StringPtrOutput
- type SecretBackendState
- type SecretBackendStaticRole
- type SecretBackendStaticRoleArgs
- type SecretBackendStaticRoleArray
- func (SecretBackendStaticRoleArray) ElementType() reflect.Type
- func (i SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput
- func (i SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutputWithContext(ctx context.Context) SecretBackendStaticRoleArrayOutput
- type SecretBackendStaticRoleArrayInput
- type SecretBackendStaticRoleArrayOutput
- func (SecretBackendStaticRoleArrayOutput) ElementType() reflect.Type
- func (o SecretBackendStaticRoleArrayOutput) Index(i pulumi.IntInput) SecretBackendStaticRoleOutput
- func (o SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput
- func (o SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutputWithContext(ctx context.Context) SecretBackendStaticRoleArrayOutput
- type SecretBackendStaticRoleInput
- type SecretBackendStaticRoleMap
- func (SecretBackendStaticRoleMap) ElementType() reflect.Type
- func (i SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput
- func (i SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutputWithContext(ctx context.Context) SecretBackendStaticRoleMapOutput
- type SecretBackendStaticRoleMapInput
- type SecretBackendStaticRoleMapOutput
- func (SecretBackendStaticRoleMapOutput) ElementType() reflect.Type
- func (o SecretBackendStaticRoleMapOutput) MapIndex(k pulumi.StringInput) SecretBackendStaticRoleOutput
- func (o SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput
- func (o SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutputWithContext(ctx context.Context) SecretBackendStaticRoleMapOutput
- type SecretBackendStaticRoleOutput
- func (o SecretBackendStaticRoleOutput) Dn() pulumi.StringPtrOutput
- func (SecretBackendStaticRoleOutput) ElementType() reflect.Type
- func (o SecretBackendStaticRoleOutput) Mount() pulumi.StringPtrOutput
- func (o SecretBackendStaticRoleOutput) Namespace() pulumi.StringPtrOutput
- func (o SecretBackendStaticRoleOutput) RoleName() pulumi.StringOutput
- func (o SecretBackendStaticRoleOutput) RotationPeriod() pulumi.IntOutput
- func (o SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput
- func (o SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput
- func (o SecretBackendStaticRoleOutput) Username() pulumi.StringOutput
- type SecretBackendStaticRoleState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthBackend ¶
type AuthBackend struct { pulumi.CustomResourceState // The accessor for this auth mount. Accessor pulumi.StringOutput `pulumi:"accessor"` // DN of object to bind when performing user search Binddn pulumi.StringOutput `pulumi:"binddn"` // Password to use with `binddn` when performing user search Bindpass pulumi.StringOutput `pulumi:"bindpass"` // Control case senstivity of objects fetched from LDAP, this is used for object matching in vault CaseSensitiveNames pulumi.BoolOutput `pulumi:"caseSensitiveNames"` // Trusted CA to validate TLS certificate Certificate pulumi.StringOutput `pulumi:"certificate"` ClientTlsCert pulumi.StringOutput `pulumi:"clientTlsCert"` ClientTlsKey pulumi.StringOutput `pulumi:"clientTlsKey"` // Prevents users from bypassing authentication when providing an empty password. DenyNullBind pulumi.BoolOutput `pulumi:"denyNullBind"` // Description for the LDAP auth backend mount Description pulumi.StringOutput `pulumi:"description"` // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"` // Use anonymous bind to discover the bind DN of a user. Discoverdn pulumi.BoolOutput `pulumi:"discoverdn"` // LDAP attribute to follow on objects returned by groupfilter Groupattr pulumi.StringOutput `pulumi:"groupattr"` // Base DN under which to perform group search Groupdn pulumi.StringOutput `pulumi:"groupdn"` // Go template used to construct group membership query Groupfilter pulumi.StringOutput `pulumi:"groupfilter"` // Control whether or TLS certificates must be validated InsecureTls pulumi.BoolOutput `pulumi:"insecureTls"` // Specifies if the auth method is local only. Local pulumi.BoolPtrOutput `pulumi:"local"` // Sets the max page size for LDAP lookups, by default it's set to -1. // *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*. MaxPageSize pulumi.IntPtrOutput `pulumi:"maxPageSize"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Path to mount the LDAP auth backend under Path pulumi.StringPtrOutput `pulumi:"path"` // Control use of TLS when conecting to LDAP Starttls pulumi.BoolOutput `pulumi:"starttls"` // Maximum acceptable version of TLS TlsMaxVersion pulumi.StringOutput `pulumi:"tlsMaxVersion"` // Minimum acceptable version of TLS TlsMinVersion pulumi.StringOutput `pulumi:"tlsMinVersion"` // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"` // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"` // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"` // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"` // The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"` // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"` // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"` // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"` // The type of token to generate, service or batch TokenType pulumi.StringPtrOutput `pulumi:"tokenType"` // The `userPrincipalDomain` used to construct the UPN string for the authenticating user. Upndomain pulumi.StringOutput `pulumi:"upndomain"` // The URL of the LDAP server Url pulumi.StringOutput `pulumi:"url"` // Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships UseTokenGroups pulumi.BoolOutput `pulumi:"useTokenGroups"` // Attribute on user object matching username passed in Userattr pulumi.StringOutput `pulumi:"userattr"` // Base DN under which to perform user search Userdn pulumi.StringOutput `pulumi:"userdn"` // LDAP user search filter Userfilter pulumi.StringOutput `pulumi:"userfilter"` // Force the auth method to use the username passed by the user as the alias name. UsernameAsAlias pulumi.BoolOutput `pulumi:"usernameAsAlias"` }
Provides a resource for managing an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{ Discoverdn: pulumi.Bool(false), Groupdn: pulumi.String("OU=Groups,DC=example,DC=org"), Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"), Path: pulumi.String("ldap"), Upndomain: pulumi.String("EXAMPLE.ORG"), Url: pulumi.String("ldaps://dc-01.example.org"), Userattr: pulumi.String("sAMAccountName"), Userdn: pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"), }) if err != nil { return err } return nil }) }
```
## Import
LDAP authentication backends can be imported using the `path`, e.g.
```sh
$ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap
```
func GetAuthBackend ¶
func GetAuthBackend(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendState, opts ...pulumi.ResourceOption) (*AuthBackend, error)
GetAuthBackend gets an existing AuthBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackend ¶
func NewAuthBackend(ctx *pulumi.Context, name string, args *AuthBackendArgs, opts ...pulumi.ResourceOption) (*AuthBackend, error)
NewAuthBackend registers a new resource with the given unique name, arguments, and options.
func (*AuthBackend) ElementType ¶
func (*AuthBackend) ElementType() reflect.Type
func (*AuthBackend) ToAuthBackendOutput ¶
func (i *AuthBackend) ToAuthBackendOutput() AuthBackendOutput
func (*AuthBackend) ToAuthBackendOutputWithContext ¶
func (i *AuthBackend) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
type AuthBackendArgs ¶
type AuthBackendArgs struct { // DN of object to bind when performing user search Binddn pulumi.StringPtrInput // Password to use with `binddn` when performing user search Bindpass pulumi.StringPtrInput // Control case senstivity of objects fetched from LDAP, this is used for object matching in vault CaseSensitiveNames pulumi.BoolPtrInput // Trusted CA to validate TLS certificate Certificate pulumi.StringPtrInput ClientTlsCert pulumi.StringPtrInput ClientTlsKey pulumi.StringPtrInput // Prevents users from bypassing authentication when providing an empty password. DenyNullBind pulumi.BoolPtrInput // Description for the LDAP auth backend mount Description pulumi.StringPtrInput // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrInput // Use anonymous bind to discover the bind DN of a user. Discoverdn pulumi.BoolPtrInput // LDAP attribute to follow on objects returned by groupfilter Groupattr pulumi.StringPtrInput // Base DN under which to perform group search Groupdn pulumi.StringPtrInput // Go template used to construct group membership query Groupfilter pulumi.StringPtrInput // Control whether or TLS certificates must be validated InsecureTls pulumi.BoolPtrInput // Specifies if the auth method is local only. Local pulumi.BoolPtrInput // Sets the max page size for LDAP lookups, by default it's set to -1. // *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*. MaxPageSize pulumi.IntPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Path to mount the LDAP auth backend under Path pulumi.StringPtrInput // Control use of TLS when conecting to LDAP Starttls pulumi.BoolPtrInput // Maximum acceptable version of TLS TlsMaxVersion pulumi.StringPtrInput // Minimum acceptable version of TLS TlsMinVersion pulumi.StringPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token to generate, service or batch TokenType pulumi.StringPtrInput // The `userPrincipalDomain` used to construct the UPN string for the authenticating user. Upndomain pulumi.StringPtrInput // The URL of the LDAP server Url pulumi.StringInput // Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships UseTokenGroups pulumi.BoolPtrInput // Attribute on user object matching username passed in Userattr pulumi.StringPtrInput // Base DN under which to perform user search Userdn pulumi.StringPtrInput // LDAP user search filter Userfilter pulumi.StringPtrInput // Force the auth method to use the username passed by the user as the alias name. UsernameAsAlias pulumi.BoolPtrInput }
The set of arguments for constructing a AuthBackend resource.
func (AuthBackendArgs) ElementType ¶
func (AuthBackendArgs) ElementType() reflect.Type
type AuthBackendArray ¶
type AuthBackendArray []AuthBackendInput
func (AuthBackendArray) ElementType ¶
func (AuthBackendArray) ElementType() reflect.Type
func (AuthBackendArray) ToAuthBackendArrayOutput ¶
func (i AuthBackendArray) ToAuthBackendArrayOutput() AuthBackendArrayOutput
func (AuthBackendArray) ToAuthBackendArrayOutputWithContext ¶
func (i AuthBackendArray) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput
type AuthBackendArrayInput ¶
type AuthBackendArrayInput interface { pulumi.Input ToAuthBackendArrayOutput() AuthBackendArrayOutput ToAuthBackendArrayOutputWithContext(context.Context) AuthBackendArrayOutput }
AuthBackendArrayInput is an input type that accepts AuthBackendArray and AuthBackendArrayOutput values. You can construct a concrete instance of `AuthBackendArrayInput` via:
AuthBackendArray{ AuthBackendArgs{...} }
type AuthBackendArrayOutput ¶
type AuthBackendArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendArrayOutput) ElementType ¶
func (AuthBackendArrayOutput) ElementType() reflect.Type
func (AuthBackendArrayOutput) Index ¶
func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput
func (AuthBackendArrayOutput) ToAuthBackendArrayOutput ¶
func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput
func (AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext ¶
func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput
type AuthBackendGroup ¶
type AuthBackendGroup struct { pulumi.CustomResourceState // Path to the authentication backend // // For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap). Backend pulumi.StringPtrOutput `pulumi:"backend"` // The LDAP groupname Groupname pulumi.StringOutput `pulumi:"groupname"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Policies which should be granted to members of the group Policies pulumi.StringArrayOutput `pulumi:"policies"` }
Provides a resource to create a group in an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { ldap, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{ Path: pulumi.String("ldap"), Url: pulumi.String("ldaps://dc-01.example.org"), Userdn: pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"), Userattr: pulumi.String("sAMAccountName"), Upndomain: pulumi.String("EXAMPLE.ORG"), Discoverdn: pulumi.Bool(false), Groupdn: pulumi.String("OU=Groups,DC=example,DC=org"), Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"), }) if err != nil { return err } _, err = ldap.NewAuthBackendGroup(ctx, "group", &ldap.AuthBackendGroupArgs{ Groupname: pulumi.String("dba"), Policies: pulumi.StringArray{ pulumi.String("dba"), }, Backend: ldap.Path, }) if err != nil { return err } return nil }) }
```
## Import
LDAP authentication backend groups can be imported using the `path`, e.g.
```sh
$ pulumi import vault:ldap/authBackendGroup:AuthBackendGroup foo auth/ldap/groups/foo
```
func GetAuthBackendGroup ¶
func GetAuthBackendGroup(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendGroupState, opts ...pulumi.ResourceOption) (*AuthBackendGroup, error)
GetAuthBackendGroup gets an existing AuthBackendGroup resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendGroup ¶
func NewAuthBackendGroup(ctx *pulumi.Context, name string, args *AuthBackendGroupArgs, opts ...pulumi.ResourceOption) (*AuthBackendGroup, error)
NewAuthBackendGroup registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendGroup) ElementType ¶
func (*AuthBackendGroup) ElementType() reflect.Type
func (*AuthBackendGroup) ToAuthBackendGroupOutput ¶
func (i *AuthBackendGroup) ToAuthBackendGroupOutput() AuthBackendGroupOutput
func (*AuthBackendGroup) ToAuthBackendGroupOutputWithContext ¶
func (i *AuthBackendGroup) ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput
type AuthBackendGroupArgs ¶
type AuthBackendGroupArgs struct { // Path to the authentication backend // // For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap). Backend pulumi.StringPtrInput // The LDAP groupname Groupname pulumi.StringInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Policies which should be granted to members of the group Policies pulumi.StringArrayInput }
The set of arguments for constructing a AuthBackendGroup resource.
func (AuthBackendGroupArgs) ElementType ¶
func (AuthBackendGroupArgs) ElementType() reflect.Type
type AuthBackendGroupArray ¶
type AuthBackendGroupArray []AuthBackendGroupInput
func (AuthBackendGroupArray) ElementType ¶
func (AuthBackendGroupArray) ElementType() reflect.Type
func (AuthBackendGroupArray) ToAuthBackendGroupArrayOutput ¶
func (i AuthBackendGroupArray) ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput
func (AuthBackendGroupArray) ToAuthBackendGroupArrayOutputWithContext ¶
func (i AuthBackendGroupArray) ToAuthBackendGroupArrayOutputWithContext(ctx context.Context) AuthBackendGroupArrayOutput
type AuthBackendGroupArrayInput ¶
type AuthBackendGroupArrayInput interface { pulumi.Input ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput ToAuthBackendGroupArrayOutputWithContext(context.Context) AuthBackendGroupArrayOutput }
AuthBackendGroupArrayInput is an input type that accepts AuthBackendGroupArray and AuthBackendGroupArrayOutput values. You can construct a concrete instance of `AuthBackendGroupArrayInput` via:
AuthBackendGroupArray{ AuthBackendGroupArgs{...} }
type AuthBackendGroupArrayOutput ¶
type AuthBackendGroupArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendGroupArrayOutput) ElementType ¶
func (AuthBackendGroupArrayOutput) ElementType() reflect.Type
func (AuthBackendGroupArrayOutput) Index ¶
func (o AuthBackendGroupArrayOutput) Index(i pulumi.IntInput) AuthBackendGroupOutput
func (AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutput ¶
func (o AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput
func (AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutputWithContext ¶
func (o AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutputWithContext(ctx context.Context) AuthBackendGroupArrayOutput
type AuthBackendGroupInput ¶
type AuthBackendGroupInput interface { pulumi.Input ToAuthBackendGroupOutput() AuthBackendGroupOutput ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput }
type AuthBackendGroupMap ¶
type AuthBackendGroupMap map[string]AuthBackendGroupInput
func (AuthBackendGroupMap) ElementType ¶
func (AuthBackendGroupMap) ElementType() reflect.Type
func (AuthBackendGroupMap) ToAuthBackendGroupMapOutput ¶
func (i AuthBackendGroupMap) ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput
func (AuthBackendGroupMap) ToAuthBackendGroupMapOutputWithContext ¶
func (i AuthBackendGroupMap) ToAuthBackendGroupMapOutputWithContext(ctx context.Context) AuthBackendGroupMapOutput
type AuthBackendGroupMapInput ¶
type AuthBackendGroupMapInput interface { pulumi.Input ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput ToAuthBackendGroupMapOutputWithContext(context.Context) AuthBackendGroupMapOutput }
AuthBackendGroupMapInput is an input type that accepts AuthBackendGroupMap and AuthBackendGroupMapOutput values. You can construct a concrete instance of `AuthBackendGroupMapInput` via:
AuthBackendGroupMap{ "key": AuthBackendGroupArgs{...} }
type AuthBackendGroupMapOutput ¶
type AuthBackendGroupMapOutput struct{ *pulumi.OutputState }
func (AuthBackendGroupMapOutput) ElementType ¶
func (AuthBackendGroupMapOutput) ElementType() reflect.Type
func (AuthBackendGroupMapOutput) MapIndex ¶
func (o AuthBackendGroupMapOutput) MapIndex(k pulumi.StringInput) AuthBackendGroupOutput
func (AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutput ¶
func (o AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput
func (AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutputWithContext ¶
func (o AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutputWithContext(ctx context.Context) AuthBackendGroupMapOutput
type AuthBackendGroupOutput ¶
type AuthBackendGroupOutput struct{ *pulumi.OutputState }
func (AuthBackendGroupOutput) Backend ¶ added in v5.6.0
func (o AuthBackendGroupOutput) Backend() pulumi.StringPtrOutput
Path to the authentication backend
For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
func (AuthBackendGroupOutput) ElementType ¶
func (AuthBackendGroupOutput) ElementType() reflect.Type
func (AuthBackendGroupOutput) Groupname ¶ added in v5.6.0
func (o AuthBackendGroupOutput) Groupname() pulumi.StringOutput
The LDAP groupname
func (AuthBackendGroupOutput) Namespace ¶ added in v5.7.0
func (o AuthBackendGroupOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.
func (AuthBackendGroupOutput) Policies ¶ added in v5.6.0
func (o AuthBackendGroupOutput) Policies() pulumi.StringArrayOutput
Policies which should be granted to members of the group
func (AuthBackendGroupOutput) ToAuthBackendGroupOutput ¶
func (o AuthBackendGroupOutput) ToAuthBackendGroupOutput() AuthBackendGroupOutput
func (AuthBackendGroupOutput) ToAuthBackendGroupOutputWithContext ¶
func (o AuthBackendGroupOutput) ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput
type AuthBackendGroupState ¶
type AuthBackendGroupState struct { // Path to the authentication backend // // For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap). Backend pulumi.StringPtrInput // The LDAP groupname Groupname pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Policies which should be granted to members of the group Policies pulumi.StringArrayInput }
func (AuthBackendGroupState) ElementType ¶
func (AuthBackendGroupState) ElementType() reflect.Type
type AuthBackendInput ¶
type AuthBackendInput interface { pulumi.Input ToAuthBackendOutput() AuthBackendOutput ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput }
type AuthBackendMap ¶
type AuthBackendMap map[string]AuthBackendInput
func (AuthBackendMap) ElementType ¶
func (AuthBackendMap) ElementType() reflect.Type
func (AuthBackendMap) ToAuthBackendMapOutput ¶
func (i AuthBackendMap) ToAuthBackendMapOutput() AuthBackendMapOutput
func (AuthBackendMap) ToAuthBackendMapOutputWithContext ¶
func (i AuthBackendMap) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput
type AuthBackendMapInput ¶
type AuthBackendMapInput interface { pulumi.Input ToAuthBackendMapOutput() AuthBackendMapOutput ToAuthBackendMapOutputWithContext(context.Context) AuthBackendMapOutput }
AuthBackendMapInput is an input type that accepts AuthBackendMap and AuthBackendMapOutput values. You can construct a concrete instance of `AuthBackendMapInput` via:
AuthBackendMap{ "key": AuthBackendArgs{...} }
type AuthBackendMapOutput ¶
type AuthBackendMapOutput struct{ *pulumi.OutputState }
func (AuthBackendMapOutput) ElementType ¶
func (AuthBackendMapOutput) ElementType() reflect.Type
func (AuthBackendMapOutput) MapIndex ¶
func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput
func (AuthBackendMapOutput) ToAuthBackendMapOutput ¶
func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput
func (AuthBackendMapOutput) ToAuthBackendMapOutputWithContext ¶
func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput
type AuthBackendOutput ¶
type AuthBackendOutput struct{ *pulumi.OutputState }
func (AuthBackendOutput) Accessor ¶ added in v5.6.0
func (o AuthBackendOutput) Accessor() pulumi.StringOutput
The accessor for this auth mount.
func (AuthBackendOutput) Binddn ¶ added in v5.6.0
func (o AuthBackendOutput) Binddn() pulumi.StringOutput
DN of object to bind when performing user search
func (AuthBackendOutput) Bindpass ¶ added in v5.6.0
func (o AuthBackendOutput) Bindpass() pulumi.StringOutput
Password to use with `binddn` when performing user search
func (AuthBackendOutput) CaseSensitiveNames ¶ added in v5.6.0
func (o AuthBackendOutput) CaseSensitiveNames() pulumi.BoolOutput
Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
func (AuthBackendOutput) Certificate ¶ added in v5.6.0
func (o AuthBackendOutput) Certificate() pulumi.StringOutput
Trusted CA to validate TLS certificate
func (AuthBackendOutput) ClientTlsCert ¶ added in v5.6.0
func (o AuthBackendOutput) ClientTlsCert() pulumi.StringOutput
func (AuthBackendOutput) ClientTlsKey ¶ added in v5.6.0
func (o AuthBackendOutput) ClientTlsKey() pulumi.StringOutput
func (AuthBackendOutput) DenyNullBind ¶ added in v5.6.0
func (o AuthBackendOutput) DenyNullBind() pulumi.BoolOutput
Prevents users from bypassing authentication when providing an empty password.
func (AuthBackendOutput) Description ¶ added in v5.6.0
func (o AuthBackendOutput) Description() pulumi.StringOutput
Description for the LDAP auth backend mount
func (AuthBackendOutput) DisableRemount ¶ added in v5.7.0
func (o AuthBackendOutput) DisableRemount() pulumi.BoolPtrOutput
If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
func (AuthBackendOutput) Discoverdn ¶ added in v5.6.0
func (o AuthBackendOutput) Discoverdn() pulumi.BoolOutput
Use anonymous bind to discover the bind DN of a user.
func (AuthBackendOutput) ElementType ¶
func (AuthBackendOutput) ElementType() reflect.Type
func (AuthBackendOutput) Groupattr ¶ added in v5.6.0
func (o AuthBackendOutput) Groupattr() pulumi.StringOutput
LDAP attribute to follow on objects returned by groupfilter
func (AuthBackendOutput) Groupdn ¶ added in v5.6.0
func (o AuthBackendOutput) Groupdn() pulumi.StringOutput
Base DN under which to perform group search
func (AuthBackendOutput) Groupfilter ¶ added in v5.6.0
func (o AuthBackendOutput) Groupfilter() pulumi.StringOutput
Go template used to construct group membership query
func (AuthBackendOutput) InsecureTls ¶ added in v5.6.0
func (o AuthBackendOutput) InsecureTls() pulumi.BoolOutput
Control whether or TLS certificates must be validated
func (AuthBackendOutput) Local ¶ added in v5.6.0
func (o AuthBackendOutput) Local() pulumi.BoolPtrOutput
Specifies if the auth method is local only.
func (AuthBackendOutput) MaxPageSize ¶ added in v5.13.0
func (o AuthBackendOutput) MaxPageSize() pulumi.IntPtrOutput
Sets the max page size for LDAP lookups, by default it's set to -1. *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
func (AuthBackendOutput) Namespace ¶ added in v5.7.0
func (o AuthBackendOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.
func (AuthBackendOutput) Path ¶ added in v5.6.0
func (o AuthBackendOutput) Path() pulumi.StringPtrOutput
Path to mount the LDAP auth backend under
func (AuthBackendOutput) Starttls ¶ added in v5.6.0
func (o AuthBackendOutput) Starttls() pulumi.BoolOutput
Control use of TLS when conecting to LDAP
func (AuthBackendOutput) TlsMaxVersion ¶ added in v5.6.0
func (o AuthBackendOutput) TlsMaxVersion() pulumi.StringOutput
Maximum acceptable version of TLS
func (AuthBackendOutput) TlsMinVersion ¶ added in v5.6.0
func (o AuthBackendOutput) TlsMinVersion() pulumi.StringOutput
Minimum acceptable version of TLS
func (AuthBackendOutput) ToAuthBackendOutput ¶
func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput
func (AuthBackendOutput) ToAuthBackendOutputWithContext ¶
func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
func (AuthBackendOutput) TokenBoundCidrs ¶ added in v5.6.0
func (o AuthBackendOutput) TokenBoundCidrs() pulumi.StringArrayOutput
List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
func (AuthBackendOutput) TokenExplicitMaxTtl ¶ added in v5.6.0
func (o AuthBackendOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput
If set, will encode an [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) onto the token in number of seconds. This is a hard cap even if `tokenTtl` and `tokenMaxTtl` would otherwise allow a renewal.
func (AuthBackendOutput) TokenMaxTtl ¶ added in v5.6.0
func (o AuthBackendOutput) TokenMaxTtl() pulumi.IntPtrOutput
The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
func (AuthBackendOutput) TokenNoDefaultPolicy ¶ added in v5.6.0
func (o AuthBackendOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput
If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
func (AuthBackendOutput) TokenNumUses ¶ added in v5.6.0
func (o AuthBackendOutput) TokenNumUses() pulumi.IntPtrOutput
The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses) of times a generated token may be used (within its lifetime); 0 means unlimited.
func (AuthBackendOutput) TokenPeriod ¶ added in v5.6.0
func (o AuthBackendOutput) TokenPeriod() pulumi.IntPtrOutput
If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.
func (AuthBackendOutput) TokenPolicies ¶ added in v5.6.0
func (o AuthBackendOutput) TokenPolicies() pulumi.StringArrayOutput
List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
func (AuthBackendOutput) TokenTtl ¶ added in v5.6.0
func (o AuthBackendOutput) TokenTtl() pulumi.IntPtrOutput
The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.
func (AuthBackendOutput) TokenType ¶ added in v5.6.0
func (o AuthBackendOutput) TokenType() pulumi.StringPtrOutput
The type of token to generate, service or batch
func (AuthBackendOutput) Upndomain ¶ added in v5.6.0
func (o AuthBackendOutput) Upndomain() pulumi.StringOutput
The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
func (AuthBackendOutput) Url ¶ added in v5.6.0
func (o AuthBackendOutput) Url() pulumi.StringOutput
The URL of the LDAP server
func (AuthBackendOutput) UseTokenGroups ¶ added in v5.6.0
func (o AuthBackendOutput) UseTokenGroups() pulumi.BoolOutput
Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
func (AuthBackendOutput) Userattr ¶ added in v5.6.0
func (o AuthBackendOutput) Userattr() pulumi.StringOutput
Attribute on user object matching username passed in
func (AuthBackendOutput) Userdn ¶ added in v5.6.0
func (o AuthBackendOutput) Userdn() pulumi.StringOutput
Base DN under which to perform user search
func (AuthBackendOutput) Userfilter ¶ added in v5.6.0
func (o AuthBackendOutput) Userfilter() pulumi.StringOutput
LDAP user search filter
func (AuthBackendOutput) UsernameAsAlias ¶ added in v5.7.0
func (o AuthBackendOutput) UsernameAsAlias() pulumi.BoolOutput
Force the auth method to use the username passed by the user as the alias name.
type AuthBackendState ¶
type AuthBackendState struct { // The accessor for this auth mount. Accessor pulumi.StringPtrInput // DN of object to bind when performing user search Binddn pulumi.StringPtrInput // Password to use with `binddn` when performing user search Bindpass pulumi.StringPtrInput // Control case senstivity of objects fetched from LDAP, this is used for object matching in vault CaseSensitiveNames pulumi.BoolPtrInput // Trusted CA to validate TLS certificate Certificate pulumi.StringPtrInput ClientTlsCert pulumi.StringPtrInput ClientTlsKey pulumi.StringPtrInput // Prevents users from bypassing authentication when providing an empty password. DenyNullBind pulumi.BoolPtrInput // Description for the LDAP auth backend mount Description pulumi.StringPtrInput // If set, opts out of mount migration on path updates. // See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration) DisableRemount pulumi.BoolPtrInput // Use anonymous bind to discover the bind DN of a user. Discoverdn pulumi.BoolPtrInput // LDAP attribute to follow on objects returned by groupfilter Groupattr pulumi.StringPtrInput // Base DN under which to perform group search Groupdn pulumi.StringPtrInput // Go template used to construct group membership query Groupfilter pulumi.StringPtrInput // Control whether or TLS certificates must be validated InsecureTls pulumi.BoolPtrInput // Specifies if the auth method is local only. Local pulumi.BoolPtrInput // Sets the max page size for LDAP lookups, by default it's set to -1. // *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*. MaxPageSize pulumi.IntPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Path to mount the LDAP auth backend under Path pulumi.StringPtrInput // Control use of TLS when conecting to LDAP Starttls pulumi.BoolPtrInput // Maximum acceptable version of TLS TlsMaxVersion pulumi.StringPtrInput // Minimum acceptable version of TLS TlsMinVersion pulumi.StringPtrInput // List of CIDR blocks; if set, specifies blocks of IP // addresses which can authenticate successfully, and ties the resulting token to these blocks // as well. TokenBoundCidrs pulumi.StringArrayInput // If set, will encode an // [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) // onto the token in number of seconds. This is a hard cap even if `tokenTtl` and // `tokenMaxTtl` would otherwise allow a renewal. TokenExplicitMaxTtl pulumi.IntPtrInput // The maximum lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenMaxTtl pulumi.IntPtrInput // If set, the default policy will not be set on // generated tokens; otherwise it will be added to the policies set in token_policies. TokenNoDefaultPolicy pulumi.BoolPtrInput // The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses) // of times a generated token may be used (within its lifetime); 0 means unlimited. TokenNumUses pulumi.IntPtrInput // If set, indicates that the // token generated using this role should never expire. The token should be renewed within the // duration specified by this value. At each renewal, the token's TTL will be set to the // value of this field. Specified in seconds. TokenPeriod pulumi.IntPtrInput // List of policies to encode onto generated tokens. Depending // on the auth method, this list may be supplemented by user/group/other values. TokenPolicies pulumi.StringArrayInput // The incremental lifetime for generated tokens in number of seconds. // Its current value will be referenced at renewal time. TokenTtl pulumi.IntPtrInput // The type of token to generate, service or batch TokenType pulumi.StringPtrInput // The `userPrincipalDomain` used to construct the UPN string for the authenticating user. Upndomain pulumi.StringPtrInput // The URL of the LDAP server Url pulumi.StringPtrInput // Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships UseTokenGroups pulumi.BoolPtrInput // Attribute on user object matching username passed in Userattr pulumi.StringPtrInput // Base DN under which to perform user search Userdn pulumi.StringPtrInput // LDAP user search filter Userfilter pulumi.StringPtrInput // Force the auth method to use the username passed by the user as the alias name. UsernameAsAlias pulumi.BoolPtrInput }
func (AuthBackendState) ElementType ¶
func (AuthBackendState) ElementType() reflect.Type
type AuthBackendUser ¶
type AuthBackendUser struct { pulumi.CustomResourceState // Path to the authentication backend // // For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap). Backend pulumi.StringPtrOutput `pulumi:"backend"` // Override LDAP groups which should be granted to user Groups pulumi.StringArrayOutput `pulumi:"groups"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Policies which should be granted to user Policies pulumi.StringArrayOutput `pulumi:"policies"` // The LDAP username Username pulumi.StringOutput `pulumi:"username"` }
Provides a resource to create a user in an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { ldap, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{ Path: pulumi.String("ldap"), Url: pulumi.String("ldaps://dc-01.example.org"), Userdn: pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"), Userattr: pulumi.String("sAMAccountName"), Upndomain: pulumi.String("EXAMPLE.ORG"), Discoverdn: pulumi.Bool(false), Groupdn: pulumi.String("OU=Groups,DC=example,DC=org"), Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"), }) if err != nil { return err } _, err = ldap.NewAuthBackendUser(ctx, "user", &ldap.AuthBackendUserArgs{ Username: pulumi.String("test-user"), Policies: pulumi.StringArray{ pulumi.String("dba"), pulumi.String("sysops"), }, Backend: ldap.Path, }) if err != nil { return err } return nil }) }
```
## Import
LDAP authentication backend users can be imported using the `path`, e.g.
```sh
$ pulumi import vault:ldap/authBackendUser:AuthBackendUser foo auth/ldap/users/foo
```
func GetAuthBackendUser ¶
func GetAuthBackendUser(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AuthBackendUserState, opts ...pulumi.ResourceOption) (*AuthBackendUser, error)
GetAuthBackendUser gets an existing AuthBackendUser resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAuthBackendUser ¶
func NewAuthBackendUser(ctx *pulumi.Context, name string, args *AuthBackendUserArgs, opts ...pulumi.ResourceOption) (*AuthBackendUser, error)
NewAuthBackendUser registers a new resource with the given unique name, arguments, and options.
func (*AuthBackendUser) ElementType ¶
func (*AuthBackendUser) ElementType() reflect.Type
func (*AuthBackendUser) ToAuthBackendUserOutput ¶
func (i *AuthBackendUser) ToAuthBackendUserOutput() AuthBackendUserOutput
func (*AuthBackendUser) ToAuthBackendUserOutputWithContext ¶
func (i *AuthBackendUser) ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput
type AuthBackendUserArgs ¶
type AuthBackendUserArgs struct { // Path to the authentication backend // // For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap). Backend pulumi.StringPtrInput // Override LDAP groups which should be granted to user Groups pulumi.StringArrayInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Policies which should be granted to user Policies pulumi.StringArrayInput // The LDAP username Username pulumi.StringInput }
The set of arguments for constructing a AuthBackendUser resource.
func (AuthBackendUserArgs) ElementType ¶
func (AuthBackendUserArgs) ElementType() reflect.Type
type AuthBackendUserArray ¶
type AuthBackendUserArray []AuthBackendUserInput
func (AuthBackendUserArray) ElementType ¶
func (AuthBackendUserArray) ElementType() reflect.Type
func (AuthBackendUserArray) ToAuthBackendUserArrayOutput ¶
func (i AuthBackendUserArray) ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput
func (AuthBackendUserArray) ToAuthBackendUserArrayOutputWithContext ¶
func (i AuthBackendUserArray) ToAuthBackendUserArrayOutputWithContext(ctx context.Context) AuthBackendUserArrayOutput
type AuthBackendUserArrayInput ¶
type AuthBackendUserArrayInput interface { pulumi.Input ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput ToAuthBackendUserArrayOutputWithContext(context.Context) AuthBackendUserArrayOutput }
AuthBackendUserArrayInput is an input type that accepts AuthBackendUserArray and AuthBackendUserArrayOutput values. You can construct a concrete instance of `AuthBackendUserArrayInput` via:
AuthBackendUserArray{ AuthBackendUserArgs{...} }
type AuthBackendUserArrayOutput ¶
type AuthBackendUserArrayOutput struct{ *pulumi.OutputState }
func (AuthBackendUserArrayOutput) ElementType ¶
func (AuthBackendUserArrayOutput) ElementType() reflect.Type
func (AuthBackendUserArrayOutput) Index ¶
func (o AuthBackendUserArrayOutput) Index(i pulumi.IntInput) AuthBackendUserOutput
func (AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutput ¶
func (o AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput
func (AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutputWithContext ¶
func (o AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutputWithContext(ctx context.Context) AuthBackendUserArrayOutput
type AuthBackendUserInput ¶
type AuthBackendUserInput interface { pulumi.Input ToAuthBackendUserOutput() AuthBackendUserOutput ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput }
type AuthBackendUserMap ¶
type AuthBackendUserMap map[string]AuthBackendUserInput
func (AuthBackendUserMap) ElementType ¶
func (AuthBackendUserMap) ElementType() reflect.Type
func (AuthBackendUserMap) ToAuthBackendUserMapOutput ¶
func (i AuthBackendUserMap) ToAuthBackendUserMapOutput() AuthBackendUserMapOutput
func (AuthBackendUserMap) ToAuthBackendUserMapOutputWithContext ¶
func (i AuthBackendUserMap) ToAuthBackendUserMapOutputWithContext(ctx context.Context) AuthBackendUserMapOutput
type AuthBackendUserMapInput ¶
type AuthBackendUserMapInput interface { pulumi.Input ToAuthBackendUserMapOutput() AuthBackendUserMapOutput ToAuthBackendUserMapOutputWithContext(context.Context) AuthBackendUserMapOutput }
AuthBackendUserMapInput is an input type that accepts AuthBackendUserMap and AuthBackendUserMapOutput values. You can construct a concrete instance of `AuthBackendUserMapInput` via:
AuthBackendUserMap{ "key": AuthBackendUserArgs{...} }
type AuthBackendUserMapOutput ¶
type AuthBackendUserMapOutput struct{ *pulumi.OutputState }
func (AuthBackendUserMapOutput) ElementType ¶
func (AuthBackendUserMapOutput) ElementType() reflect.Type
func (AuthBackendUserMapOutput) MapIndex ¶
func (o AuthBackendUserMapOutput) MapIndex(k pulumi.StringInput) AuthBackendUserOutput
func (AuthBackendUserMapOutput) ToAuthBackendUserMapOutput ¶
func (o AuthBackendUserMapOutput) ToAuthBackendUserMapOutput() AuthBackendUserMapOutput
func (AuthBackendUserMapOutput) ToAuthBackendUserMapOutputWithContext ¶
func (o AuthBackendUserMapOutput) ToAuthBackendUserMapOutputWithContext(ctx context.Context) AuthBackendUserMapOutput
type AuthBackendUserOutput ¶
type AuthBackendUserOutput struct{ *pulumi.OutputState }
func (AuthBackendUserOutput) Backend ¶ added in v5.6.0
func (o AuthBackendUserOutput) Backend() pulumi.StringPtrOutput
Path to the authentication backend
For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
func (AuthBackendUserOutput) ElementType ¶
func (AuthBackendUserOutput) ElementType() reflect.Type
func (AuthBackendUserOutput) Groups ¶ added in v5.6.0
func (o AuthBackendUserOutput) Groups() pulumi.StringArrayOutput
Override LDAP groups which should be granted to user
func (AuthBackendUserOutput) Namespace ¶ added in v5.7.0
func (o AuthBackendUserOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.
func (AuthBackendUserOutput) Policies ¶ added in v5.6.0
func (o AuthBackendUserOutput) Policies() pulumi.StringArrayOutput
Policies which should be granted to user
func (AuthBackendUserOutput) ToAuthBackendUserOutput ¶
func (o AuthBackendUserOutput) ToAuthBackendUserOutput() AuthBackendUserOutput
func (AuthBackendUserOutput) ToAuthBackendUserOutputWithContext ¶
func (o AuthBackendUserOutput) ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput
func (AuthBackendUserOutput) Username ¶ added in v5.6.0
func (o AuthBackendUserOutput) Username() pulumi.StringOutput
The LDAP username
type AuthBackendUserState ¶
type AuthBackendUserState struct { // Path to the authentication backend // // For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap). Backend pulumi.StringPtrInput // Override LDAP groups which should be granted to user Groups pulumi.StringArrayInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Policies which should be granted to user Policies pulumi.StringArrayInput // The LDAP username Username pulumi.StringPtrInput }
func (AuthBackendUserState) ElementType ¶
func (AuthBackendUserState) ElementType() reflect.Type
type GetDynamicCredentialsArgs ¶ added in v5.17.0
type GetDynamicCredentialsArgs struct { Mount string `pulumi:"mount"` Namespace *string `pulumi:"namespace"` RoleName string `pulumi:"roleName"` }
A collection of arguments for invoking getDynamicCredentials.
type GetDynamicCredentialsOutputArgs ¶ added in v5.17.0
type GetDynamicCredentialsOutputArgs struct { Mount pulumi.StringInput `pulumi:"mount"` Namespace pulumi.StringPtrInput `pulumi:"namespace"` RoleName pulumi.StringInput `pulumi:"roleName"` }
A collection of arguments for invoking getDynamicCredentials.
func (GetDynamicCredentialsOutputArgs) ElementType ¶ added in v5.17.0
func (GetDynamicCredentialsOutputArgs) ElementType() reflect.Type
type GetDynamicCredentialsResult ¶ added in v5.17.0
type GetDynamicCredentialsResult struct { DistinguishedNames []string `pulumi:"distinguishedNames"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` LeaseDuration int `pulumi:"leaseDuration"` LeaseId string `pulumi:"leaseId"` LeaseRenewable bool `pulumi:"leaseRenewable"` Mount string `pulumi:"mount"` Namespace *string `pulumi:"namespace"` Password string `pulumi:"password"` RoleName string `pulumi:"roleName"` Username string `pulumi:"username"` }
A collection of values returned by getDynamicCredentials.
func GetDynamicCredentials ¶ added in v5.17.0
func GetDynamicCredentials(ctx *pulumi.Context, args *GetDynamicCredentialsArgs, opts ...pulumi.InvokeOption) (*GetDynamicCredentialsResult, error)
type GetDynamicCredentialsResultOutput ¶ added in v5.17.0
type GetDynamicCredentialsResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getDynamicCredentials.
func GetDynamicCredentialsOutput ¶ added in v5.17.0
func GetDynamicCredentialsOutput(ctx *pulumi.Context, args GetDynamicCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetDynamicCredentialsResultOutput
func (GetDynamicCredentialsResultOutput) DistinguishedNames ¶ added in v5.17.0
func (o GetDynamicCredentialsResultOutput) DistinguishedNames() pulumi.StringArrayOutput
func (GetDynamicCredentialsResultOutput) ElementType ¶ added in v5.17.0
func (GetDynamicCredentialsResultOutput) ElementType() reflect.Type
func (GetDynamicCredentialsResultOutput) Id ¶ added in v5.17.0
func (o GetDynamicCredentialsResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetDynamicCredentialsResultOutput) LeaseDuration ¶ added in v5.17.0
func (o GetDynamicCredentialsResultOutput) LeaseDuration() pulumi.IntOutput
func (GetDynamicCredentialsResultOutput) LeaseId ¶ added in v5.17.0
func (o GetDynamicCredentialsResultOutput) LeaseId() pulumi.StringOutput
func (GetDynamicCredentialsResultOutput) LeaseRenewable ¶ added in v5.17.0
func (o GetDynamicCredentialsResultOutput) LeaseRenewable() pulumi.BoolOutput
func (GetDynamicCredentialsResultOutput) Mount ¶ added in v5.17.0
func (o GetDynamicCredentialsResultOutput) Mount() pulumi.StringOutput
func (GetDynamicCredentialsResultOutput) Namespace ¶ added in v5.17.0
func (o GetDynamicCredentialsResultOutput) Namespace() pulumi.StringPtrOutput
func (GetDynamicCredentialsResultOutput) Password ¶ added in v5.17.0
func (o GetDynamicCredentialsResultOutput) Password() pulumi.StringOutput
func (GetDynamicCredentialsResultOutput) RoleName ¶ added in v5.17.0
func (o GetDynamicCredentialsResultOutput) RoleName() pulumi.StringOutput
func (GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutput ¶ added in v5.17.0
func (o GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutput() GetDynamicCredentialsResultOutput
func (GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutputWithContext ¶ added in v5.17.0
func (o GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutputWithContext(ctx context.Context) GetDynamicCredentialsResultOutput
func (GetDynamicCredentialsResultOutput) Username ¶ added in v5.17.0
func (o GetDynamicCredentialsResultOutput) Username() pulumi.StringOutput
type GetStaticCredentialsArgs ¶ added in v5.17.0
type GetStaticCredentialsArgs struct { Mount string `pulumi:"mount"` Namespace *string `pulumi:"namespace"` RoleName string `pulumi:"roleName"` }
A collection of arguments for invoking getStaticCredentials.
type GetStaticCredentialsOutputArgs ¶ added in v5.17.0
type GetStaticCredentialsOutputArgs struct { Mount pulumi.StringInput `pulumi:"mount"` Namespace pulumi.StringPtrInput `pulumi:"namespace"` RoleName pulumi.StringInput `pulumi:"roleName"` }
A collection of arguments for invoking getStaticCredentials.
func (GetStaticCredentialsOutputArgs) ElementType ¶ added in v5.17.0
func (GetStaticCredentialsOutputArgs) ElementType() reflect.Type
type GetStaticCredentialsResult ¶ added in v5.17.0
type GetStaticCredentialsResult struct { Dn string `pulumi:"dn"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` LastPassword string `pulumi:"lastPassword"` LastVaultRotation string `pulumi:"lastVaultRotation"` Mount string `pulumi:"mount"` Namespace *string `pulumi:"namespace"` Password string `pulumi:"password"` RoleName string `pulumi:"roleName"` RotationPeriod int `pulumi:"rotationPeriod"` Ttl int `pulumi:"ttl"` Username string `pulumi:"username"` }
A collection of values returned by getStaticCredentials.
func GetStaticCredentials ¶ added in v5.17.0
func GetStaticCredentials(ctx *pulumi.Context, args *GetStaticCredentialsArgs, opts ...pulumi.InvokeOption) (*GetStaticCredentialsResult, error)
type GetStaticCredentialsResultOutput ¶ added in v5.17.0
type GetStaticCredentialsResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getStaticCredentials.
func GetStaticCredentialsOutput ¶ added in v5.17.0
func GetStaticCredentialsOutput(ctx *pulumi.Context, args GetStaticCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetStaticCredentialsResultOutput
func (GetStaticCredentialsResultOutput) Dn ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) Dn() pulumi.StringOutput
func (GetStaticCredentialsResultOutput) ElementType ¶ added in v5.17.0
func (GetStaticCredentialsResultOutput) ElementType() reflect.Type
func (GetStaticCredentialsResultOutput) Id ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetStaticCredentialsResultOutput) LastPassword ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) LastPassword() pulumi.StringOutput
func (GetStaticCredentialsResultOutput) LastVaultRotation ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) LastVaultRotation() pulumi.StringOutput
func (GetStaticCredentialsResultOutput) Mount ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) Mount() pulumi.StringOutput
func (GetStaticCredentialsResultOutput) Namespace ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) Namespace() pulumi.StringPtrOutput
func (GetStaticCredentialsResultOutput) Password ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) Password() pulumi.StringOutput
func (GetStaticCredentialsResultOutput) RoleName ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) RoleName() pulumi.StringOutput
func (GetStaticCredentialsResultOutput) RotationPeriod ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) RotationPeriod() pulumi.IntOutput
func (GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutput ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutput() GetStaticCredentialsResultOutput
func (GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutputWithContext ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutputWithContext(ctx context.Context) GetStaticCredentialsResultOutput
func (GetStaticCredentialsResultOutput) Ttl ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) Ttl() pulumi.IntOutput
func (GetStaticCredentialsResultOutput) Username ¶ added in v5.17.0
func (o GetStaticCredentialsResultOutput) Username() pulumi.StringOutput
type SecretBackend ¶ added in v5.13.0
type SecretBackend struct { pulumi.CustomResourceState // Accessor of the mount Accessor pulumi.StringOutput `pulumi:"accessor"` // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys pulumi.StringArrayOutput `pulumi:"allowedManagedKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayOutput `pulumi:"auditNonHmacRequestKeys"` // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys pulumi.StringArrayOutput `pulumi:"auditNonHmacResponseKeys"` // Distinguished name of object to bind when performing user and group search. Binddn pulumi.StringOutput `pulumi:"binddn"` // Password to use along with binddn when performing user search. Bindpass pulumi.StringOutput `pulumi:"bindpass"` // CA certificate to use when verifying LDAP server certificate, must be // x509 PEM encoded. Certificate pulumi.StringPtrOutput `pulumi:"certificate"` // Client certificate to provide to the LDAP server, must be x509 PEM encoded. ClientTlsCert pulumi.StringPtrOutput `pulumi:"clientTlsCert"` // Client certificate key to provide to the LDAP server, must be x509 PEM encoded. ClientTlsKey pulumi.StringPtrOutput `pulumi:"clientTlsKey"` // Timeout, in seconds, when attempting to connect to the LDAP server before trying // the next URL in the configuration. ConnectionTimeout pulumi.IntPtrOutput `pulumi:"connectionTimeout"` // Default lease duration for secrets in seconds. DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"` // Human-friendly description of the mount for the Active Directory backend. Description pulumi.StringPtrOutput `pulumi:"description"` // If set, opts out of mount migration on path updates. DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"` // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess pulumi.BoolPtrOutput `pulumi:"externalEntropyAccess"` // Skip LDAP server SSL Certificate verification. This is not recommended for production. // Defaults to `false`. InsecureTls pulumi.BoolPtrOutput `pulumi:"insecureTls"` // **Deprecated** use `passwordPolicy`. The desired length of passwords that Vault generates. // *Mutually exclusive with `passwordPolicy` on vault-1.11+* // // Deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5. Length pulumi.IntOutput `pulumi:"length"` // Mark the secrets engine as local-only. Local engines are not replicated or removed by // replication.Tolerance duration to use when checking the last rotation time. Local pulumi.BoolPtrOutput `pulumi:"local"` // Maximum possible lease duration for secrets in seconds. MaxLeaseTtlSeconds pulumi.IntOutput `pulumi:"maxLeaseTtlSeconds"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Specifies mount type specific options that are passed to the backend Options pulumi.MapOutput `pulumi:"options"` // Name of the password policy to use to generate passwords. PasswordPolicy pulumi.StringPtrOutput `pulumi:"passwordPolicy"` // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Path pulumi.StringPtrOutput `pulumi:"path"` // Timeout, in seconds, for the connection when making requests against the server // before returning back an error. RequestTimeout pulumi.IntOutput `pulumi:"requestTimeout"` // The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`. Schema pulumi.StringOutput `pulumi:"schema"` // Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap pulumi.BoolOutput `pulumi:"sealWrap"` // Issue a StartTLS command after establishing unencrypted connection. Starttls pulumi.BoolOutput `pulumi:"starttls"` // Enables userPrincipalDomain login with [username]@UPNDomain. Upndomain pulumi.StringOutput `pulumi:"upndomain"` // LDAP URL to connect to. Multiple URLs can be specified by concatenating // them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`. Url pulumi.StringOutput `pulumi:"url"` // Attribute used when searching users. Defaults to `cn`. Userattr pulumi.StringOutput `pulumi:"userattr"` // LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`. Userdn pulumi.StringPtrOutput `pulumi:"userdn"` }
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{ Binddn: pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"), Bindpass: pulumi.String("SuperSecretPassw0rd"), InsecureTls: pulumi.Bool(true), Path: pulumi.String("my-custom-ldap"), Url: pulumi.String("ldaps://localhost"), Userdn: pulumi.String("CN=Users,DC=corp,DC=example,DC=net"), }) if err != nil { return err } return nil }) }
```
## Import
LDAP secret backend can be imported using the `${mount}/config`, e.g.
```sh
$ pulumi import vault:ldap/secretBackend:SecretBackend config ldap/config
```
func GetSecretBackend ¶ added in v5.13.0
func GetSecretBackend(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretBackendState, opts ...pulumi.ResourceOption) (*SecretBackend, error)
GetSecretBackend gets an existing SecretBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretBackend ¶ added in v5.13.0
func NewSecretBackend(ctx *pulumi.Context, name string, args *SecretBackendArgs, opts ...pulumi.ResourceOption) (*SecretBackend, error)
NewSecretBackend registers a new resource with the given unique name, arguments, and options.
func (*SecretBackend) ElementType ¶ added in v5.13.0
func (*SecretBackend) ElementType() reflect.Type
func (*SecretBackend) ToSecretBackendOutput ¶ added in v5.13.0
func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput
func (*SecretBackend) ToSecretBackendOutputWithContext ¶ added in v5.13.0
func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
type SecretBackendArgs ¶ added in v5.13.0
type SecretBackendArgs struct { // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys pulumi.StringArrayInput // Distinguished name of object to bind when performing user and group search. Binddn pulumi.StringInput // Password to use along with binddn when performing user search. Bindpass pulumi.StringInput // CA certificate to use when verifying LDAP server certificate, must be // x509 PEM encoded. Certificate pulumi.StringPtrInput // Client certificate to provide to the LDAP server, must be x509 PEM encoded. ClientTlsCert pulumi.StringPtrInput // Client certificate key to provide to the LDAP server, must be x509 PEM encoded. ClientTlsKey pulumi.StringPtrInput // Timeout, in seconds, when attempting to connect to the LDAP server before trying // the next URL in the configuration. ConnectionTimeout pulumi.IntPtrInput // Default lease duration for secrets in seconds. DefaultLeaseTtlSeconds pulumi.IntPtrInput // Human-friendly description of the mount for the Active Directory backend. Description pulumi.StringPtrInput // If set, opts out of mount migration on path updates. DisableRemount pulumi.BoolPtrInput // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess pulumi.BoolPtrInput // Skip LDAP server SSL Certificate verification. This is not recommended for production. // Defaults to `false`. InsecureTls pulumi.BoolPtrInput // **Deprecated** use `passwordPolicy`. The desired length of passwords that Vault generates. // *Mutually exclusive with `passwordPolicy` on vault-1.11+* // // Deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5. Length pulumi.IntPtrInput // Mark the secrets engine as local-only. Local engines are not replicated or removed by // replication.Tolerance duration to use when checking the last rotation time. Local pulumi.BoolPtrInput // Maximum possible lease duration for secrets in seconds. MaxLeaseTtlSeconds pulumi.IntPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Specifies mount type specific options that are passed to the backend Options pulumi.MapInput // Name of the password policy to use to generate passwords. PasswordPolicy pulumi.StringPtrInput // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Path pulumi.StringPtrInput // Timeout, in seconds, for the connection when making requests against the server // before returning back an error. RequestTimeout pulumi.IntPtrInput // The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`. Schema pulumi.StringPtrInput // Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap pulumi.BoolPtrInput // Issue a StartTLS command after establishing unencrypted connection. Starttls pulumi.BoolPtrInput // Enables userPrincipalDomain login with [username]@UPNDomain. Upndomain pulumi.StringPtrInput // LDAP URL to connect to. Multiple URLs can be specified by concatenating // them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`. Url pulumi.StringPtrInput // Attribute used when searching users. Defaults to `cn`. Userattr pulumi.StringPtrInput // LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`. Userdn pulumi.StringPtrInput }
The set of arguments for constructing a SecretBackend resource.
func (SecretBackendArgs) ElementType ¶ added in v5.13.0
func (SecretBackendArgs) ElementType() reflect.Type
type SecretBackendArray ¶ added in v5.13.0
type SecretBackendArray []SecretBackendInput
func (SecretBackendArray) ElementType ¶ added in v5.13.0
func (SecretBackendArray) ElementType() reflect.Type
func (SecretBackendArray) ToSecretBackendArrayOutput ¶ added in v5.13.0
func (i SecretBackendArray) ToSecretBackendArrayOutput() SecretBackendArrayOutput
func (SecretBackendArray) ToSecretBackendArrayOutputWithContext ¶ added in v5.13.0
func (i SecretBackendArray) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput
type SecretBackendArrayInput ¶ added in v5.13.0
type SecretBackendArrayInput interface { pulumi.Input ToSecretBackendArrayOutput() SecretBackendArrayOutput ToSecretBackendArrayOutputWithContext(context.Context) SecretBackendArrayOutput }
SecretBackendArrayInput is an input type that accepts SecretBackendArray and SecretBackendArrayOutput values. You can construct a concrete instance of `SecretBackendArrayInput` via:
SecretBackendArray{ SecretBackendArgs{...} }
type SecretBackendArrayOutput ¶ added in v5.13.0
type SecretBackendArrayOutput struct{ *pulumi.OutputState }
func (SecretBackendArrayOutput) ElementType ¶ added in v5.13.0
func (SecretBackendArrayOutput) ElementType() reflect.Type
func (SecretBackendArrayOutput) Index ¶ added in v5.13.0
func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput
func (SecretBackendArrayOutput) ToSecretBackendArrayOutput ¶ added in v5.13.0
func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput
func (SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext ¶ added in v5.13.0
func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput
type SecretBackendDynamicRole ¶ added in v5.13.0
type SecretBackendDynamicRole struct { pulumi.CustomResourceState // A templatized LDIF string used to create a user // account. This may contain multiple LDIF entries. The `creationLdif` can also // be used to add the user account to an existing group. All LDIF entries are // performed in order. If Vault encounters an error while executing the // `creationLdif` it will stop at the first error and not execute any remaining // LDIF entries. If an error occurs and `rollbackLdif` is specified, the LDIF // entries in `rollbackLdif` will be executed. See `rollbackLdif` for more // details. This field may optionally be provided as a base64 encoded string. CreationLdif pulumi.StringOutput `pulumi:"creationLdif"` // Specifies the TTL for the leases associated with this role. DefaultTtl pulumi.IntPtrOutput `pulumi:"defaultTtl"` // A templatized LDIF string used to delete the // user account once its TTL has expired. This may contain multiple LDIF // entries. All LDIF entries are performed in order. If Vault encounters an // error while executing an entry in the `deletionLdif` it will attempt to // continue executing any remaining entries. This field may optionally be // provided as a base64 encoded string. DeletionLdif pulumi.StringOutput `pulumi:"deletionLdif"` // Specifies the maximum TTL for the leases associated with this role. MaxTtl pulumi.IntPtrOutput `pulumi:"maxTtl"` // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Mount pulumi.StringPtrOutput `pulumi:"mount"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Name of the role. RoleName pulumi.StringOutput `pulumi:"roleName"` // A templatized LDIF string used to attempt to // rollback any changes in the event that execution of the `creationLdif` results // in an error. This may contain multiple LDIF entries. All LDIF entries are // performed in order. If Vault encounters an error while executing an entry in // the `rollbackLdif` it will attempt to continue executing any remaining // entries. This field may optionally be provided as a base64 encoded string. RollbackLdif pulumi.StringPtrOutput `pulumi:"rollbackLdif"` // A template used to generate a dynamic // username. This will be used to fill in the `.Username` field within the // `creationLdif` string. UsernameTemplate pulumi.StringPtrOutput `pulumi:"usernameTemplate"` }
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{ Path: pulumi.String("my-custom-ldap"), Binddn: pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"), Bindpass: pulumi.String("SuperSecretPassw0rd"), Url: pulumi.String("ldaps://localhost"), Userdn: pulumi.String("CN=Users,DC=corp,DC=example,DC=net"), }) if err != nil { return err } _, err = ldap.NewSecretBackendDynamicRole(ctx, "role", &ldap.SecretBackendDynamicRoleArgs{ Mount: config.Path, RoleName: pulumi.String("alice"), CreationLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person objectClass: top cn: learn sn: {{.Password | utf16le | base64}} memberOf: cn=dev,ou=groups,dc=learn,dc=example userPassword: {{.Password}} `),
DeletionLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example changetype: delete `),
}) if err != nil { return err } return nil }) }
```
## Import
LDAP secret backend dynamic role can be imported using the full path to the role of the form: `<mount_path>/dynamic-role/<role_name>` e.g.
```sh
$ pulumi import vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole role ldap/role/dynamic-role
```
func GetSecretBackendDynamicRole ¶ added in v5.13.0
func GetSecretBackendDynamicRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretBackendDynamicRoleState, opts ...pulumi.ResourceOption) (*SecretBackendDynamicRole, error)
GetSecretBackendDynamicRole gets an existing SecretBackendDynamicRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretBackendDynamicRole ¶ added in v5.13.0
func NewSecretBackendDynamicRole(ctx *pulumi.Context, name string, args *SecretBackendDynamicRoleArgs, opts ...pulumi.ResourceOption) (*SecretBackendDynamicRole, error)
NewSecretBackendDynamicRole registers a new resource with the given unique name, arguments, and options.
func (*SecretBackendDynamicRole) ElementType ¶ added in v5.13.0
func (*SecretBackendDynamicRole) ElementType() reflect.Type
func (*SecretBackendDynamicRole) ToSecretBackendDynamicRoleOutput ¶ added in v5.13.0
func (i *SecretBackendDynamicRole) ToSecretBackendDynamicRoleOutput() SecretBackendDynamicRoleOutput
func (*SecretBackendDynamicRole) ToSecretBackendDynamicRoleOutputWithContext ¶ added in v5.13.0
func (i *SecretBackendDynamicRole) ToSecretBackendDynamicRoleOutputWithContext(ctx context.Context) SecretBackendDynamicRoleOutput
type SecretBackendDynamicRoleArgs ¶ added in v5.13.0
type SecretBackendDynamicRoleArgs struct { // A templatized LDIF string used to create a user // account. This may contain multiple LDIF entries. The `creationLdif` can also // be used to add the user account to an existing group. All LDIF entries are // performed in order. If Vault encounters an error while executing the // `creationLdif` it will stop at the first error and not execute any remaining // LDIF entries. If an error occurs and `rollbackLdif` is specified, the LDIF // entries in `rollbackLdif` will be executed. See `rollbackLdif` for more // details. This field may optionally be provided as a base64 encoded string. CreationLdif pulumi.StringInput // Specifies the TTL for the leases associated with this role. DefaultTtl pulumi.IntPtrInput // A templatized LDIF string used to delete the // user account once its TTL has expired. This may contain multiple LDIF // entries. All LDIF entries are performed in order. If Vault encounters an // error while executing an entry in the `deletionLdif` it will attempt to // continue executing any remaining entries. This field may optionally be // provided as a base64 encoded string. DeletionLdif pulumi.StringInput // Specifies the maximum TTL for the leases associated with this role. MaxTtl pulumi.IntPtrInput // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Mount pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Name of the role. RoleName pulumi.StringInput // A templatized LDIF string used to attempt to // rollback any changes in the event that execution of the `creationLdif` results // in an error. This may contain multiple LDIF entries. All LDIF entries are // performed in order. If Vault encounters an error while executing an entry in // the `rollbackLdif` it will attempt to continue executing any remaining // entries. This field may optionally be provided as a base64 encoded string. RollbackLdif pulumi.StringPtrInput // A template used to generate a dynamic // username. This will be used to fill in the `.Username` field within the // `creationLdif` string. UsernameTemplate pulumi.StringPtrInput }
The set of arguments for constructing a SecretBackendDynamicRole resource.
func (SecretBackendDynamicRoleArgs) ElementType ¶ added in v5.13.0
func (SecretBackendDynamicRoleArgs) ElementType() reflect.Type
type SecretBackendDynamicRoleArray ¶ added in v5.13.0
type SecretBackendDynamicRoleArray []SecretBackendDynamicRoleInput
func (SecretBackendDynamicRoleArray) ElementType ¶ added in v5.13.0
func (SecretBackendDynamicRoleArray) ElementType() reflect.Type
func (SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutput ¶ added in v5.13.0
func (i SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutput() SecretBackendDynamicRoleArrayOutput
func (SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutputWithContext ¶ added in v5.13.0
func (i SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutputWithContext(ctx context.Context) SecretBackendDynamicRoleArrayOutput
type SecretBackendDynamicRoleArrayInput ¶ added in v5.13.0
type SecretBackendDynamicRoleArrayInput interface { pulumi.Input ToSecretBackendDynamicRoleArrayOutput() SecretBackendDynamicRoleArrayOutput ToSecretBackendDynamicRoleArrayOutputWithContext(context.Context) SecretBackendDynamicRoleArrayOutput }
SecretBackendDynamicRoleArrayInput is an input type that accepts SecretBackendDynamicRoleArray and SecretBackendDynamicRoleArrayOutput values. You can construct a concrete instance of `SecretBackendDynamicRoleArrayInput` via:
SecretBackendDynamicRoleArray{ SecretBackendDynamicRoleArgs{...} }
type SecretBackendDynamicRoleArrayOutput ¶ added in v5.13.0
type SecretBackendDynamicRoleArrayOutput struct{ *pulumi.OutputState }
func (SecretBackendDynamicRoleArrayOutput) ElementType ¶ added in v5.13.0
func (SecretBackendDynamicRoleArrayOutput) ElementType() reflect.Type
func (SecretBackendDynamicRoleArrayOutput) Index ¶ added in v5.13.0
func (o SecretBackendDynamicRoleArrayOutput) Index(i pulumi.IntInput) SecretBackendDynamicRoleOutput
func (SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutput ¶ added in v5.13.0
func (o SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutput() SecretBackendDynamicRoleArrayOutput
func (SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutputWithContext ¶ added in v5.13.0
func (o SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutputWithContext(ctx context.Context) SecretBackendDynamicRoleArrayOutput
type SecretBackendDynamicRoleInput ¶ added in v5.13.0
type SecretBackendDynamicRoleInput interface { pulumi.Input ToSecretBackendDynamicRoleOutput() SecretBackendDynamicRoleOutput ToSecretBackendDynamicRoleOutputWithContext(ctx context.Context) SecretBackendDynamicRoleOutput }
type SecretBackendDynamicRoleMap ¶ added in v5.13.0
type SecretBackendDynamicRoleMap map[string]SecretBackendDynamicRoleInput
func (SecretBackendDynamicRoleMap) ElementType ¶ added in v5.13.0
func (SecretBackendDynamicRoleMap) ElementType() reflect.Type
func (SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutput ¶ added in v5.13.0
func (i SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutput() SecretBackendDynamicRoleMapOutput
func (SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutputWithContext ¶ added in v5.13.0
func (i SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutputWithContext(ctx context.Context) SecretBackendDynamicRoleMapOutput
type SecretBackendDynamicRoleMapInput ¶ added in v5.13.0
type SecretBackendDynamicRoleMapInput interface { pulumi.Input ToSecretBackendDynamicRoleMapOutput() SecretBackendDynamicRoleMapOutput ToSecretBackendDynamicRoleMapOutputWithContext(context.Context) SecretBackendDynamicRoleMapOutput }
SecretBackendDynamicRoleMapInput is an input type that accepts SecretBackendDynamicRoleMap and SecretBackendDynamicRoleMapOutput values. You can construct a concrete instance of `SecretBackendDynamicRoleMapInput` via:
SecretBackendDynamicRoleMap{ "key": SecretBackendDynamicRoleArgs{...} }
type SecretBackendDynamicRoleMapOutput ¶ added in v5.13.0
type SecretBackendDynamicRoleMapOutput struct{ *pulumi.OutputState }
func (SecretBackendDynamicRoleMapOutput) ElementType ¶ added in v5.13.0
func (SecretBackendDynamicRoleMapOutput) ElementType() reflect.Type
func (SecretBackendDynamicRoleMapOutput) MapIndex ¶ added in v5.13.0
func (o SecretBackendDynamicRoleMapOutput) MapIndex(k pulumi.StringInput) SecretBackendDynamicRoleOutput
func (SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutput ¶ added in v5.13.0
func (o SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutput() SecretBackendDynamicRoleMapOutput
func (SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutputWithContext ¶ added in v5.13.0
func (o SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutputWithContext(ctx context.Context) SecretBackendDynamicRoleMapOutput
type SecretBackendDynamicRoleOutput ¶ added in v5.13.0
type SecretBackendDynamicRoleOutput struct{ *pulumi.OutputState }
func (SecretBackendDynamicRoleOutput) CreationLdif ¶ added in v5.13.0
func (o SecretBackendDynamicRoleOutput) CreationLdif() pulumi.StringOutput
A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The `creationLdif` can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the `creationLdif` it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and `rollbackLdif` is specified, the LDIF entries in `rollbackLdif` will be executed. See `rollbackLdif` for more details. This field may optionally be provided as a base64 encoded string.
func (SecretBackendDynamicRoleOutput) DefaultTtl ¶ added in v5.13.0
func (o SecretBackendDynamicRoleOutput) DefaultTtl() pulumi.IntPtrOutput
Specifies the TTL for the leases associated with this role.
func (SecretBackendDynamicRoleOutput) DeletionLdif ¶ added in v5.13.0
func (o SecretBackendDynamicRoleOutput) DeletionLdif() pulumi.StringOutput
A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the `deletionLdif` it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
func (SecretBackendDynamicRoleOutput) ElementType ¶ added in v5.13.0
func (SecretBackendDynamicRoleOutput) ElementType() reflect.Type
func (SecretBackendDynamicRoleOutput) MaxTtl ¶ added in v5.13.0
func (o SecretBackendDynamicRoleOutput) MaxTtl() pulumi.IntPtrOutput
Specifies the maximum TTL for the leases associated with this role.
func (SecretBackendDynamicRoleOutput) Mount ¶ added in v5.13.0
func (o SecretBackendDynamicRoleOutput) Mount() pulumi.StringPtrOutput
The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `ldap`.
func (SecretBackendDynamicRoleOutput) Namespace ¶ added in v5.13.0
func (o SecretBackendDynamicRoleOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.
func (SecretBackendDynamicRoleOutput) RoleName ¶ added in v5.13.0
func (o SecretBackendDynamicRoleOutput) RoleName() pulumi.StringOutput
Name of the role.
func (SecretBackendDynamicRoleOutput) RollbackLdif ¶ added in v5.13.0
func (o SecretBackendDynamicRoleOutput) RollbackLdif() pulumi.StringPtrOutput
A templatized LDIF string used to attempt to rollback any changes in the event that execution of the `creationLdif` results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the `rollbackLdif` it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
func (SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutput ¶ added in v5.13.0
func (o SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutput() SecretBackendDynamicRoleOutput
func (SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutputWithContext ¶ added in v5.13.0
func (o SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutputWithContext(ctx context.Context) SecretBackendDynamicRoleOutput
func (SecretBackendDynamicRoleOutput) UsernameTemplate ¶ added in v5.13.0
func (o SecretBackendDynamicRoleOutput) UsernameTemplate() pulumi.StringPtrOutput
A template used to generate a dynamic username. This will be used to fill in the `.Username` field within the `creationLdif` string.
type SecretBackendDynamicRoleState ¶ added in v5.13.0
type SecretBackendDynamicRoleState struct { // A templatized LDIF string used to create a user // account. This may contain multiple LDIF entries. The `creationLdif` can also // be used to add the user account to an existing group. All LDIF entries are // performed in order. If Vault encounters an error while executing the // `creationLdif` it will stop at the first error and not execute any remaining // LDIF entries. If an error occurs and `rollbackLdif` is specified, the LDIF // entries in `rollbackLdif` will be executed. See `rollbackLdif` for more // details. This field may optionally be provided as a base64 encoded string. CreationLdif pulumi.StringPtrInput // Specifies the TTL for the leases associated with this role. DefaultTtl pulumi.IntPtrInput // A templatized LDIF string used to delete the // user account once its TTL has expired. This may contain multiple LDIF // entries. All LDIF entries are performed in order. If Vault encounters an // error while executing an entry in the `deletionLdif` it will attempt to // continue executing any remaining entries. This field may optionally be // provided as a base64 encoded string. DeletionLdif pulumi.StringPtrInput // Specifies the maximum TTL for the leases associated with this role. MaxTtl pulumi.IntPtrInput // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Mount pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Name of the role. RoleName pulumi.StringPtrInput // A templatized LDIF string used to attempt to // rollback any changes in the event that execution of the `creationLdif` results // in an error. This may contain multiple LDIF entries. All LDIF entries are // performed in order. If Vault encounters an error while executing an entry in // the `rollbackLdif` it will attempt to continue executing any remaining // entries. This field may optionally be provided as a base64 encoded string. RollbackLdif pulumi.StringPtrInput // A template used to generate a dynamic // username. This will be used to fill in the `.Username` field within the // `creationLdif` string. UsernameTemplate pulumi.StringPtrInput }
func (SecretBackendDynamicRoleState) ElementType ¶ added in v5.13.0
func (SecretBackendDynamicRoleState) ElementType() reflect.Type
type SecretBackendInput ¶ added in v5.13.0
type SecretBackendInput interface { pulumi.Input ToSecretBackendOutput() SecretBackendOutput ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput }
type SecretBackendLibrarySet ¶ added in v5.13.0
type SecretBackendLibrarySet struct { pulumi.CustomResourceState // Disable enforcing that service // accounts must be checked in by the entity or client token that checked them // out. Defaults to false. DisableCheckInEnforcement pulumi.BoolPtrOutput `pulumi:"disableCheckInEnforcement"` // The maximum password time-to-live in seconds. Defaults // to the configuration maxTtl if not provided. MaxTtl pulumi.IntOutput `pulumi:"maxTtl"` // The path where the LDAP secrets backend is mounted. Mount pulumi.StringPtrOutput `pulumi:"mount"` // The name to identify this set of service accounts. // Must be unique within the backend. Name pulumi.StringOutput `pulumi:"name"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Specifies the slice of service accounts mapped to this set. ServiceAccountNames pulumi.StringArrayOutput `pulumi:"serviceAccountNames"` // The password time-to-live in seconds. Defaults to the configuration // ttl if not provided. Ttl pulumi.IntOutput `pulumi:"ttl"` }
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{ Path: pulumi.String("ldap"), Binddn: pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"), Bindpass: pulumi.String("SuperSecretPassw0rd"), Url: pulumi.String("ldaps://localhost"), InsecureTls: pulumi.Bool(true), Userdn: pulumi.String("CN=Users,DC=corp,DC=example,DC=net"), }) if err != nil { return err } _, err = ldap.NewSecretBackendLibrarySet(ctx, "qa", &ldap.SecretBackendLibrarySetArgs{ Mount: config.Path, ServiceAccountNames: pulumi.StringArray{ pulumi.String("Bob"), pulumi.String("Mary"), }, Ttl: pulumi.Int(60), DisableCheckInEnforcement: pulumi.Bool(true), MaxTtl: pulumi.Int(120), }) if err != nil { return err } return nil }) }
```
## Import
LDAP secret backend libraries can be imported using the `path`, e.g.
```sh
$ pulumi import vault:ldap/secretBackendLibrarySet:SecretBackendLibrarySet qa ldap/library/bob
```
func GetSecretBackendLibrarySet ¶ added in v5.13.0
func GetSecretBackendLibrarySet(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretBackendLibrarySetState, opts ...pulumi.ResourceOption) (*SecretBackendLibrarySet, error)
GetSecretBackendLibrarySet gets an existing SecretBackendLibrarySet resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretBackendLibrarySet ¶ added in v5.13.0
func NewSecretBackendLibrarySet(ctx *pulumi.Context, name string, args *SecretBackendLibrarySetArgs, opts ...pulumi.ResourceOption) (*SecretBackendLibrarySet, error)
NewSecretBackendLibrarySet registers a new resource with the given unique name, arguments, and options.
func (*SecretBackendLibrarySet) ElementType ¶ added in v5.13.0
func (*SecretBackendLibrarySet) ElementType() reflect.Type
func (*SecretBackendLibrarySet) ToSecretBackendLibrarySetOutput ¶ added in v5.13.0
func (i *SecretBackendLibrarySet) ToSecretBackendLibrarySetOutput() SecretBackendLibrarySetOutput
func (*SecretBackendLibrarySet) ToSecretBackendLibrarySetOutputWithContext ¶ added in v5.13.0
func (i *SecretBackendLibrarySet) ToSecretBackendLibrarySetOutputWithContext(ctx context.Context) SecretBackendLibrarySetOutput
type SecretBackendLibrarySetArgs ¶ added in v5.13.0
type SecretBackendLibrarySetArgs struct { // Disable enforcing that service // accounts must be checked in by the entity or client token that checked them // out. Defaults to false. DisableCheckInEnforcement pulumi.BoolPtrInput // The maximum password time-to-live in seconds. Defaults // to the configuration maxTtl if not provided. MaxTtl pulumi.IntPtrInput // The path where the LDAP secrets backend is mounted. Mount pulumi.StringPtrInput // The name to identify this set of service accounts. // Must be unique within the backend. Name pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Specifies the slice of service accounts mapped to this set. ServiceAccountNames pulumi.StringArrayInput // The password time-to-live in seconds. Defaults to the configuration // ttl if not provided. Ttl pulumi.IntPtrInput }
The set of arguments for constructing a SecretBackendLibrarySet resource.
func (SecretBackendLibrarySetArgs) ElementType ¶ added in v5.13.0
func (SecretBackendLibrarySetArgs) ElementType() reflect.Type
type SecretBackendLibrarySetArray ¶ added in v5.13.0
type SecretBackendLibrarySetArray []SecretBackendLibrarySetInput
func (SecretBackendLibrarySetArray) ElementType ¶ added in v5.13.0
func (SecretBackendLibrarySetArray) ElementType() reflect.Type
func (SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutput ¶ added in v5.13.0
func (i SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutput() SecretBackendLibrarySetArrayOutput
func (SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutputWithContext ¶ added in v5.13.0
func (i SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutputWithContext(ctx context.Context) SecretBackendLibrarySetArrayOutput
type SecretBackendLibrarySetArrayInput ¶ added in v5.13.0
type SecretBackendLibrarySetArrayInput interface { pulumi.Input ToSecretBackendLibrarySetArrayOutput() SecretBackendLibrarySetArrayOutput ToSecretBackendLibrarySetArrayOutputWithContext(context.Context) SecretBackendLibrarySetArrayOutput }
SecretBackendLibrarySetArrayInput is an input type that accepts SecretBackendLibrarySetArray and SecretBackendLibrarySetArrayOutput values. You can construct a concrete instance of `SecretBackendLibrarySetArrayInput` via:
SecretBackendLibrarySetArray{ SecretBackendLibrarySetArgs{...} }
type SecretBackendLibrarySetArrayOutput ¶ added in v5.13.0
type SecretBackendLibrarySetArrayOutput struct{ *pulumi.OutputState }
func (SecretBackendLibrarySetArrayOutput) ElementType ¶ added in v5.13.0
func (SecretBackendLibrarySetArrayOutput) ElementType() reflect.Type
func (SecretBackendLibrarySetArrayOutput) Index ¶ added in v5.13.0
func (o SecretBackendLibrarySetArrayOutput) Index(i pulumi.IntInput) SecretBackendLibrarySetOutput
func (SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutput ¶ added in v5.13.0
func (o SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutput() SecretBackendLibrarySetArrayOutput
func (SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutputWithContext ¶ added in v5.13.0
func (o SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutputWithContext(ctx context.Context) SecretBackendLibrarySetArrayOutput
type SecretBackendLibrarySetInput ¶ added in v5.13.0
type SecretBackendLibrarySetInput interface { pulumi.Input ToSecretBackendLibrarySetOutput() SecretBackendLibrarySetOutput ToSecretBackendLibrarySetOutputWithContext(ctx context.Context) SecretBackendLibrarySetOutput }
type SecretBackendLibrarySetMap ¶ added in v5.13.0
type SecretBackendLibrarySetMap map[string]SecretBackendLibrarySetInput
func (SecretBackendLibrarySetMap) ElementType ¶ added in v5.13.0
func (SecretBackendLibrarySetMap) ElementType() reflect.Type
func (SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutput ¶ added in v5.13.0
func (i SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutput() SecretBackendLibrarySetMapOutput
func (SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutputWithContext ¶ added in v5.13.0
func (i SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutputWithContext(ctx context.Context) SecretBackendLibrarySetMapOutput
type SecretBackendLibrarySetMapInput ¶ added in v5.13.0
type SecretBackendLibrarySetMapInput interface { pulumi.Input ToSecretBackendLibrarySetMapOutput() SecretBackendLibrarySetMapOutput ToSecretBackendLibrarySetMapOutputWithContext(context.Context) SecretBackendLibrarySetMapOutput }
SecretBackendLibrarySetMapInput is an input type that accepts SecretBackendLibrarySetMap and SecretBackendLibrarySetMapOutput values. You can construct a concrete instance of `SecretBackendLibrarySetMapInput` via:
SecretBackendLibrarySetMap{ "key": SecretBackendLibrarySetArgs{...} }
type SecretBackendLibrarySetMapOutput ¶ added in v5.13.0
type SecretBackendLibrarySetMapOutput struct{ *pulumi.OutputState }
func (SecretBackendLibrarySetMapOutput) ElementType ¶ added in v5.13.0
func (SecretBackendLibrarySetMapOutput) ElementType() reflect.Type
func (SecretBackendLibrarySetMapOutput) MapIndex ¶ added in v5.13.0
func (o SecretBackendLibrarySetMapOutput) MapIndex(k pulumi.StringInput) SecretBackendLibrarySetOutput
func (SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutput ¶ added in v5.13.0
func (o SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutput() SecretBackendLibrarySetMapOutput
func (SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutputWithContext ¶ added in v5.13.0
func (o SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutputWithContext(ctx context.Context) SecretBackendLibrarySetMapOutput
type SecretBackendLibrarySetOutput ¶ added in v5.13.0
type SecretBackendLibrarySetOutput struct{ *pulumi.OutputState }
func (SecretBackendLibrarySetOutput) DisableCheckInEnforcement ¶ added in v5.13.0
func (o SecretBackendLibrarySetOutput) DisableCheckInEnforcement() pulumi.BoolPtrOutput
Disable enforcing that service accounts must be checked in by the entity or client token that checked them out. Defaults to false.
func (SecretBackendLibrarySetOutput) ElementType ¶ added in v5.13.0
func (SecretBackendLibrarySetOutput) ElementType() reflect.Type
func (SecretBackendLibrarySetOutput) MaxTtl ¶ added in v5.13.0
func (o SecretBackendLibrarySetOutput) MaxTtl() pulumi.IntOutput
The maximum password time-to-live in seconds. Defaults to the configuration maxTtl if not provided.
func (SecretBackendLibrarySetOutput) Mount ¶ added in v5.13.0
func (o SecretBackendLibrarySetOutput) Mount() pulumi.StringPtrOutput
The path where the LDAP secrets backend is mounted.
func (SecretBackendLibrarySetOutput) Name ¶ added in v5.13.0
func (o SecretBackendLibrarySetOutput) Name() pulumi.StringOutput
The name to identify this set of service accounts. Must be unique within the backend.
func (SecretBackendLibrarySetOutput) Namespace ¶ added in v5.13.0
func (o SecretBackendLibrarySetOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.
func (SecretBackendLibrarySetOutput) ServiceAccountNames ¶ added in v5.13.0
func (o SecretBackendLibrarySetOutput) ServiceAccountNames() pulumi.StringArrayOutput
Specifies the slice of service accounts mapped to this set.
func (SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutput ¶ added in v5.13.0
func (o SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutput() SecretBackendLibrarySetOutput
func (SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutputWithContext ¶ added in v5.13.0
func (o SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutputWithContext(ctx context.Context) SecretBackendLibrarySetOutput
func (SecretBackendLibrarySetOutput) Ttl ¶ added in v5.13.0
func (o SecretBackendLibrarySetOutput) Ttl() pulumi.IntOutput
The password time-to-live in seconds. Defaults to the configuration ttl if not provided.
type SecretBackendLibrarySetState ¶ added in v5.13.0
type SecretBackendLibrarySetState struct { // Disable enforcing that service // accounts must be checked in by the entity or client token that checked them // out. Defaults to false. DisableCheckInEnforcement pulumi.BoolPtrInput // The maximum password time-to-live in seconds. Defaults // to the configuration maxTtl if not provided. MaxTtl pulumi.IntPtrInput // The path where the LDAP secrets backend is mounted. Mount pulumi.StringPtrInput // The name to identify this set of service accounts. // Must be unique within the backend. Name pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Specifies the slice of service accounts mapped to this set. ServiceAccountNames pulumi.StringArrayInput // The password time-to-live in seconds. Defaults to the configuration // ttl if not provided. Ttl pulumi.IntPtrInput }
func (SecretBackendLibrarySetState) ElementType ¶ added in v5.13.0
func (SecretBackendLibrarySetState) ElementType() reflect.Type
type SecretBackendMap ¶ added in v5.13.0
type SecretBackendMap map[string]SecretBackendInput
func (SecretBackendMap) ElementType ¶ added in v5.13.0
func (SecretBackendMap) ElementType() reflect.Type
func (SecretBackendMap) ToSecretBackendMapOutput ¶ added in v5.13.0
func (i SecretBackendMap) ToSecretBackendMapOutput() SecretBackendMapOutput
func (SecretBackendMap) ToSecretBackendMapOutputWithContext ¶ added in v5.13.0
func (i SecretBackendMap) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput
type SecretBackendMapInput ¶ added in v5.13.0
type SecretBackendMapInput interface { pulumi.Input ToSecretBackendMapOutput() SecretBackendMapOutput ToSecretBackendMapOutputWithContext(context.Context) SecretBackendMapOutput }
SecretBackendMapInput is an input type that accepts SecretBackendMap and SecretBackendMapOutput values. You can construct a concrete instance of `SecretBackendMapInput` via:
SecretBackendMap{ "key": SecretBackendArgs{...} }
type SecretBackendMapOutput ¶ added in v5.13.0
type SecretBackendMapOutput struct{ *pulumi.OutputState }
func (SecretBackendMapOutput) ElementType ¶ added in v5.13.0
func (SecretBackendMapOutput) ElementType() reflect.Type
func (SecretBackendMapOutput) MapIndex ¶ added in v5.13.0
func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput
func (SecretBackendMapOutput) ToSecretBackendMapOutput ¶ added in v5.13.0
func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput
func (SecretBackendMapOutput) ToSecretBackendMapOutputWithContext ¶ added in v5.13.0
func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput
type SecretBackendOutput ¶ added in v5.13.0
type SecretBackendOutput struct{ *pulumi.OutputState }
func (SecretBackendOutput) Accessor ¶ added in v5.13.0
func (o SecretBackendOutput) Accessor() pulumi.StringOutput
Accessor of the mount
func (SecretBackendOutput) AllowedManagedKeys ¶ added in v5.13.0
func (o SecretBackendOutput) AllowedManagedKeys() pulumi.StringArrayOutput
List of managed key registry entry names that the mount in question is allowed to access
func (SecretBackendOutput) AuditNonHmacRequestKeys ¶ added in v5.13.0
func (o SecretBackendOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput
Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
func (SecretBackendOutput) AuditNonHmacResponseKeys ¶ added in v5.13.0
func (o SecretBackendOutput) AuditNonHmacResponseKeys() pulumi.StringArrayOutput
Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
func (SecretBackendOutput) Binddn ¶ added in v5.13.0
func (o SecretBackendOutput) Binddn() pulumi.StringOutput
Distinguished name of object to bind when performing user and group search.
func (SecretBackendOutput) Bindpass ¶ added in v5.13.0
func (o SecretBackendOutput) Bindpass() pulumi.StringOutput
Password to use along with binddn when performing user search.
func (SecretBackendOutput) Certificate ¶ added in v5.13.0
func (o SecretBackendOutput) Certificate() pulumi.StringPtrOutput
CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.
func (SecretBackendOutput) ClientTlsCert ¶ added in v5.13.0
func (o SecretBackendOutput) ClientTlsCert() pulumi.StringPtrOutput
Client certificate to provide to the LDAP server, must be x509 PEM encoded.
func (SecretBackendOutput) ClientTlsKey ¶ added in v5.13.0
func (o SecretBackendOutput) ClientTlsKey() pulumi.StringPtrOutput
Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
func (SecretBackendOutput) ConnectionTimeout ¶ added in v5.13.0
func (o SecretBackendOutput) ConnectionTimeout() pulumi.IntPtrOutput
Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.
func (SecretBackendOutput) DefaultLeaseTtlSeconds ¶ added in v5.13.0
func (o SecretBackendOutput) DefaultLeaseTtlSeconds() pulumi.IntOutput
Default lease duration for secrets in seconds.
func (SecretBackendOutput) Description ¶ added in v5.13.0
func (o SecretBackendOutput) Description() pulumi.StringPtrOutput
Human-friendly description of the mount for the Active Directory backend.
func (SecretBackendOutput) DisableRemount ¶ added in v5.13.0
func (o SecretBackendOutput) DisableRemount() pulumi.BoolPtrOutput
If set, opts out of mount migration on path updates.
func (SecretBackendOutput) ElementType ¶ added in v5.13.0
func (SecretBackendOutput) ElementType() reflect.Type
func (SecretBackendOutput) ExternalEntropyAccess ¶ added in v5.13.0
func (o SecretBackendOutput) ExternalEntropyAccess() pulumi.BoolPtrOutput
Enable the secrets engine to access Vault's external entropy source
func (SecretBackendOutput) InsecureTls ¶ added in v5.13.0
func (o SecretBackendOutput) InsecureTls() pulumi.BoolPtrOutput
Skip LDAP server SSL Certificate verification. This is not recommended for production. Defaults to `false`.
func (SecretBackendOutput) Length
deprecated
added in
v5.13.0
func (o SecretBackendOutput) Length() pulumi.IntOutput
**Deprecated** use `passwordPolicy`. The desired length of passwords that Vault generates. *Mutually exclusive with `passwordPolicy` on vault-1.11+*
Deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.
func (SecretBackendOutput) Local ¶ added in v5.13.0
func (o SecretBackendOutput) Local() pulumi.BoolPtrOutput
Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.
func (SecretBackendOutput) MaxLeaseTtlSeconds ¶ added in v5.13.0
func (o SecretBackendOutput) MaxLeaseTtlSeconds() pulumi.IntOutput
Maximum possible lease duration for secrets in seconds.
func (SecretBackendOutput) Namespace ¶ added in v5.13.0
func (o SecretBackendOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.
func (SecretBackendOutput) Options ¶ added in v5.13.0
func (o SecretBackendOutput) Options() pulumi.MapOutput
Specifies mount type specific options that are passed to the backend
func (SecretBackendOutput) PasswordPolicy ¶ added in v5.13.0
func (o SecretBackendOutput) PasswordPolicy() pulumi.StringPtrOutput
Name of the password policy to use to generate passwords.
func (SecretBackendOutput) Path ¶ added in v5.13.0
func (o SecretBackendOutput) Path() pulumi.StringPtrOutput
The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `ldap`.
func (SecretBackendOutput) RequestTimeout ¶ added in v5.13.0
func (o SecretBackendOutput) RequestTimeout() pulumi.IntOutput
Timeout, in seconds, for the connection when making requests against the server before returning back an error.
func (SecretBackendOutput) Schema ¶ added in v5.13.0
func (o SecretBackendOutput) Schema() pulumi.StringOutput
The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
func (SecretBackendOutput) SealWrap ¶ added in v5.13.0
func (o SecretBackendOutput) SealWrap() pulumi.BoolOutput
Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
func (SecretBackendOutput) Starttls ¶ added in v5.13.0
func (o SecretBackendOutput) Starttls() pulumi.BoolOutput
Issue a StartTLS command after establishing unencrypted connection.
func (SecretBackendOutput) ToSecretBackendOutput ¶ added in v5.13.0
func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput
func (SecretBackendOutput) ToSecretBackendOutputWithContext ¶ added in v5.13.0
func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
func (SecretBackendOutput) Upndomain ¶ added in v5.13.0
func (o SecretBackendOutput) Upndomain() pulumi.StringOutput
Enables userPrincipalDomain login with [username]@UPNDomain.
func (SecretBackendOutput) Url ¶ added in v5.13.0
func (o SecretBackendOutput) Url() pulumi.StringOutput
LDAP URL to connect to. Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
func (SecretBackendOutput) Userattr ¶ added in v5.13.0
func (o SecretBackendOutput) Userattr() pulumi.StringOutput
Attribute used when searching users. Defaults to `cn`.
func (SecretBackendOutput) Userdn ¶ added in v5.13.0
func (o SecretBackendOutput) Userdn() pulumi.StringPtrOutput
LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
type SecretBackendState ¶ added in v5.13.0
type SecretBackendState struct { // Accessor of the mount Accessor pulumi.StringPtrInput // List of managed key registry entry names that the mount in question is allowed to access AllowedManagedKeys pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. AuditNonHmacRequestKeys pulumi.StringArrayInput // Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. AuditNonHmacResponseKeys pulumi.StringArrayInput // Distinguished name of object to bind when performing user and group search. Binddn pulumi.StringPtrInput // Password to use along with binddn when performing user search. Bindpass pulumi.StringPtrInput // CA certificate to use when verifying LDAP server certificate, must be // x509 PEM encoded. Certificate pulumi.StringPtrInput // Client certificate to provide to the LDAP server, must be x509 PEM encoded. ClientTlsCert pulumi.StringPtrInput // Client certificate key to provide to the LDAP server, must be x509 PEM encoded. ClientTlsKey pulumi.StringPtrInput // Timeout, in seconds, when attempting to connect to the LDAP server before trying // the next URL in the configuration. ConnectionTimeout pulumi.IntPtrInput // Default lease duration for secrets in seconds. DefaultLeaseTtlSeconds pulumi.IntPtrInput // Human-friendly description of the mount for the Active Directory backend. Description pulumi.StringPtrInput // If set, opts out of mount migration on path updates. DisableRemount pulumi.BoolPtrInput // Enable the secrets engine to access Vault's external entropy source ExternalEntropyAccess pulumi.BoolPtrInput // Skip LDAP server SSL Certificate verification. This is not recommended for production. // Defaults to `false`. InsecureTls pulumi.BoolPtrInput // **Deprecated** use `passwordPolicy`. The desired length of passwords that Vault generates. // *Mutually exclusive with `passwordPolicy` on vault-1.11+* // // Deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5. Length pulumi.IntPtrInput // Mark the secrets engine as local-only. Local engines are not replicated or removed by // replication.Tolerance duration to use when checking the last rotation time. Local pulumi.BoolPtrInput // Maximum possible lease duration for secrets in seconds. MaxLeaseTtlSeconds pulumi.IntPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Specifies mount type specific options that are passed to the backend Options pulumi.MapInput // Name of the password policy to use to generate passwords. PasswordPolicy pulumi.StringPtrInput // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Path pulumi.StringPtrInput // Timeout, in seconds, for the connection when making requests against the server // before returning back an error. RequestTimeout pulumi.IntPtrInput // The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`. Schema pulumi.StringPtrInput // Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability SealWrap pulumi.BoolPtrInput // Issue a StartTLS command after establishing unencrypted connection. Starttls pulumi.BoolPtrInput // Enables userPrincipalDomain login with [username]@UPNDomain. Upndomain pulumi.StringPtrInput // LDAP URL to connect to. Multiple URLs can be specified by concatenating // them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`. Url pulumi.StringPtrInput // Attribute used when searching users. Defaults to `cn`. Userattr pulumi.StringPtrInput // LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`. Userdn pulumi.StringPtrInput }
func (SecretBackendState) ElementType ¶ added in v5.13.0
func (SecretBackendState) ElementType() reflect.Type
type SecretBackendStaticRole ¶ added in v5.13.0
type SecretBackendStaticRole struct { pulumi.CustomResourceState // Distinguished name (DN) of the existing LDAP entry to manage // password rotation for. If given, it will take precedence over `username` for the LDAP // search performed during password rotation. Cannot be modified after creation. Dn pulumi.StringPtrOutput `pulumi:"dn"` // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Mount pulumi.StringPtrOutput `pulumi:"mount"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrOutput `pulumi:"namespace"` // Name of the role. RoleName pulumi.StringOutput `pulumi:"roleName"` // How often Vault should rotate the password of the user entry. RotationPeriod pulumi.IntOutput `pulumi:"rotationPeriod"` // The username of the existing LDAP entry to manage password rotation for. Username pulumi.StringOutput `pulumi:"username"` }
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/ldap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{ Path: pulumi.String("my-custom-ldap"), Binddn: pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"), Bindpass: pulumi.String("SuperSecretPassw0rd"), Url: pulumi.String("ldaps://localhost"), InsecureTls: pulumi.Bool(true), Userdn: pulumi.String("CN=Users,DC=corp,DC=example,DC=net"), }) if err != nil { return err } _, err = ldap.NewSecretBackendStaticRole(ctx, "role", &ldap.SecretBackendStaticRoleArgs{ Mount: config.Path, Username: pulumi.String("alice"), Dn: pulumi.String("cn=alice,ou=Users,DC=corp,DC=example,DC=net"), RoleName: pulumi.String("alice"), RotationPeriod: pulumi.Int(60), }) if err != nil { return err } return nil }) }
```
## Import
LDAP secret backend static role can be imported using the full path to the role of the form: `<mount_path>/static-role/<role_name>` e.g.
```sh
$ pulumi import vault:ldap/secretBackendStaticRole:SecretBackendStaticRole role ldap/static-role/example-role
```
func GetSecretBackendStaticRole ¶ added in v5.13.0
func GetSecretBackendStaticRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretBackendStaticRoleState, opts ...pulumi.ResourceOption) (*SecretBackendStaticRole, error)
GetSecretBackendStaticRole gets an existing SecretBackendStaticRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretBackendStaticRole ¶ added in v5.13.0
func NewSecretBackendStaticRole(ctx *pulumi.Context, name string, args *SecretBackendStaticRoleArgs, opts ...pulumi.ResourceOption) (*SecretBackendStaticRole, error)
NewSecretBackendStaticRole registers a new resource with the given unique name, arguments, and options.
func (*SecretBackendStaticRole) ElementType ¶ added in v5.13.0
func (*SecretBackendStaticRole) ElementType() reflect.Type
func (*SecretBackendStaticRole) ToSecretBackendStaticRoleOutput ¶ added in v5.13.0
func (i *SecretBackendStaticRole) ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput
func (*SecretBackendStaticRole) ToSecretBackendStaticRoleOutputWithContext ¶ added in v5.13.0
func (i *SecretBackendStaticRole) ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput
type SecretBackendStaticRoleArgs ¶ added in v5.13.0
type SecretBackendStaticRoleArgs struct { // Distinguished name (DN) of the existing LDAP entry to manage // password rotation for. If given, it will take precedence over `username` for the LDAP // search performed during password rotation. Cannot be modified after creation. Dn pulumi.StringPtrInput // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Mount pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Name of the role. RoleName pulumi.StringInput // How often Vault should rotate the password of the user entry. RotationPeriod pulumi.IntInput // The username of the existing LDAP entry to manage password rotation for. Username pulumi.StringInput }
The set of arguments for constructing a SecretBackendStaticRole resource.
func (SecretBackendStaticRoleArgs) ElementType ¶ added in v5.13.0
func (SecretBackendStaticRoleArgs) ElementType() reflect.Type
type SecretBackendStaticRoleArray ¶ added in v5.13.0
type SecretBackendStaticRoleArray []SecretBackendStaticRoleInput
func (SecretBackendStaticRoleArray) ElementType ¶ added in v5.13.0
func (SecretBackendStaticRoleArray) ElementType() reflect.Type
func (SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutput ¶ added in v5.13.0
func (i SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput
func (SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutputWithContext ¶ added in v5.13.0
func (i SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutputWithContext(ctx context.Context) SecretBackendStaticRoleArrayOutput
type SecretBackendStaticRoleArrayInput ¶ added in v5.13.0
type SecretBackendStaticRoleArrayInput interface { pulumi.Input ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput ToSecretBackendStaticRoleArrayOutputWithContext(context.Context) SecretBackendStaticRoleArrayOutput }
SecretBackendStaticRoleArrayInput is an input type that accepts SecretBackendStaticRoleArray and SecretBackendStaticRoleArrayOutput values. You can construct a concrete instance of `SecretBackendStaticRoleArrayInput` via:
SecretBackendStaticRoleArray{ SecretBackendStaticRoleArgs{...} }
type SecretBackendStaticRoleArrayOutput ¶ added in v5.13.0
type SecretBackendStaticRoleArrayOutput struct{ *pulumi.OutputState }
func (SecretBackendStaticRoleArrayOutput) ElementType ¶ added in v5.13.0
func (SecretBackendStaticRoleArrayOutput) ElementType() reflect.Type
func (SecretBackendStaticRoleArrayOutput) Index ¶ added in v5.13.0
func (o SecretBackendStaticRoleArrayOutput) Index(i pulumi.IntInput) SecretBackendStaticRoleOutput
func (SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutput ¶ added in v5.13.0
func (o SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput
func (SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutputWithContext ¶ added in v5.13.0
func (o SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutputWithContext(ctx context.Context) SecretBackendStaticRoleArrayOutput
type SecretBackendStaticRoleInput ¶ added in v5.13.0
type SecretBackendStaticRoleInput interface { pulumi.Input ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput }
type SecretBackendStaticRoleMap ¶ added in v5.13.0
type SecretBackendStaticRoleMap map[string]SecretBackendStaticRoleInput
func (SecretBackendStaticRoleMap) ElementType ¶ added in v5.13.0
func (SecretBackendStaticRoleMap) ElementType() reflect.Type
func (SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutput ¶ added in v5.13.0
func (i SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput
func (SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutputWithContext ¶ added in v5.13.0
func (i SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutputWithContext(ctx context.Context) SecretBackendStaticRoleMapOutput
type SecretBackendStaticRoleMapInput ¶ added in v5.13.0
type SecretBackendStaticRoleMapInput interface { pulumi.Input ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput ToSecretBackendStaticRoleMapOutputWithContext(context.Context) SecretBackendStaticRoleMapOutput }
SecretBackendStaticRoleMapInput is an input type that accepts SecretBackendStaticRoleMap and SecretBackendStaticRoleMapOutput values. You can construct a concrete instance of `SecretBackendStaticRoleMapInput` via:
SecretBackendStaticRoleMap{ "key": SecretBackendStaticRoleArgs{...} }
type SecretBackendStaticRoleMapOutput ¶ added in v5.13.0
type SecretBackendStaticRoleMapOutput struct{ *pulumi.OutputState }
func (SecretBackendStaticRoleMapOutput) ElementType ¶ added in v5.13.0
func (SecretBackendStaticRoleMapOutput) ElementType() reflect.Type
func (SecretBackendStaticRoleMapOutput) MapIndex ¶ added in v5.13.0
func (o SecretBackendStaticRoleMapOutput) MapIndex(k pulumi.StringInput) SecretBackendStaticRoleOutput
func (SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutput ¶ added in v5.13.0
func (o SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput
func (SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutputWithContext ¶ added in v5.13.0
func (o SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutputWithContext(ctx context.Context) SecretBackendStaticRoleMapOutput
type SecretBackendStaticRoleOutput ¶ added in v5.13.0
type SecretBackendStaticRoleOutput struct{ *pulumi.OutputState }
func (SecretBackendStaticRoleOutput) Dn ¶ added in v5.13.0
func (o SecretBackendStaticRoleOutput) Dn() pulumi.StringPtrOutput
Distinguished name (DN) of the existing LDAP entry to manage password rotation for. If given, it will take precedence over `username` for the LDAP search performed during password rotation. Cannot be modified after creation.
func (SecretBackendStaticRoleOutput) ElementType ¶ added in v5.13.0
func (SecretBackendStaticRoleOutput) ElementType() reflect.Type
func (SecretBackendStaticRoleOutput) Mount ¶ added in v5.13.0
func (o SecretBackendStaticRoleOutput) Mount() pulumi.StringPtrOutput
The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `ldap`.
func (SecretBackendStaticRoleOutput) Namespace ¶ added in v5.13.0
func (o SecretBackendStaticRoleOutput) Namespace() pulumi.StringPtrOutput
The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). *Available only for Vault Enterprise*.
func (SecretBackendStaticRoleOutput) RoleName ¶ added in v5.13.0
func (o SecretBackendStaticRoleOutput) RoleName() pulumi.StringOutput
Name of the role.
func (SecretBackendStaticRoleOutput) RotationPeriod ¶ added in v5.13.0
func (o SecretBackendStaticRoleOutput) RotationPeriod() pulumi.IntOutput
How often Vault should rotate the password of the user entry.
func (SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutput ¶ added in v5.13.0
func (o SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput
func (SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutputWithContext ¶ added in v5.13.0
func (o SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput
func (SecretBackendStaticRoleOutput) Username ¶ added in v5.13.0
func (o SecretBackendStaticRoleOutput) Username() pulumi.StringOutput
The username of the existing LDAP entry to manage password rotation for.
type SecretBackendStaticRoleState ¶ added in v5.13.0
type SecretBackendStaticRoleState struct { // Distinguished name (DN) of the existing LDAP entry to manage // password rotation for. If given, it will take precedence over `username` for the LDAP // search performed during password rotation. Cannot be modified after creation. Dn pulumi.StringPtrInput // The unique path this backend should be mounted at. Must // not begin or end with a `/`. Defaults to `ldap`. Mount pulumi.StringPtrInput // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace). // *Available only for Vault Enterprise*. Namespace pulumi.StringPtrInput // Name of the role. RoleName pulumi.StringPtrInput // How often Vault should rotate the password of the user entry. RotationPeriod pulumi.IntPtrInput // The username of the existing LDAP entry to manage password rotation for. Username pulumi.StringPtrInput }
func (SecretBackendStaticRoleState) ElementType ¶ added in v5.13.0
func (SecretBackendStaticRoleState) ElementType() reflect.Type