ad

package
v6.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GetAccessCredentialsArgs 

type GetAccessCredentialsArgs struct {
	// The path to the AD secret backend to
	// read credentials from, with no leading or trailing `/`s.
	Backend string `pulumi:"backend"`
	// The namespace of the target resource.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace *string `pulumi:"namespace"`
	// The name of the AD secret backend role to read
	// credentials from, with no leading or trailing `/`s.
	Role string `pulumi:"role"`
}

A collection of arguments for invoking getAccessCredentials.

type GetAccessCredentialsOutputArgs 

type GetAccessCredentialsOutputArgs struct {
	// The path to the AD secret backend to
	// read credentials from, with no leading or trailing `/`s.
	Backend pulumi.StringInput `pulumi:"backend"`
	// The namespace of the target resource.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// The name of the AD secret backend role to read
	// credentials from, with no leading or trailing `/`s.
	Role pulumi.StringInput `pulumi:"role"`
}

A collection of arguments for invoking getAccessCredentials.

func (GetAccessCredentialsOutputArgs) ElementType 

func (GetAccessCredentialsOutputArgs) ElementType() reflect.Type

type GetAccessCredentialsResult 

type GetAccessCredentialsResult struct {
	Backend string `pulumi:"backend"`
	// The current set password on the Active Directory service account.
	CurrentPassword string `pulumi:"currentPassword"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The current set password on the Active Directory service account, provided because AD is eventually consistent.
	LastPassword string  `pulumi:"lastPassword"`
	Namespace    *string `pulumi:"namespace"`
	Role         string  `pulumi:"role"`
	// The Active Directory service account username.
	Username string `pulumi:"username"`
}

A collection of values returned by getAccessCredentials.

func GetAccessCredentials 

func GetAccessCredentials(ctx *pulumi.Context, args *GetAccessCredentialsArgs, opts ...pulumi.InvokeOption) (*GetAccessCredentialsResult, error)

## Example Usage

type GetAccessCredentialsResultOutput 

type GetAccessCredentialsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAccessCredentials.

func GetAccessCredentialsOutput 

func GetAccessCredentialsOutput(ctx *pulumi.Context, args GetAccessCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) Backend 

func (o GetAccessCredentialsResultOutput) Backend() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) CurrentPassword 

func (o GetAccessCredentialsResultOutput) CurrentPassword() pulumi.StringOutput

The current set password on the Active Directory service account.

func (GetAccessCredentialsResultOutput) ElementType 

func (GetAccessCredentialsResultOutput) ElementType() reflect.Type

func (GetAccessCredentialsResultOutput) Id 

func (o GetAccessCredentialsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAccessCredentialsResultOutput) LastPassword 

func (o GetAccessCredentialsResultOutput) LastPassword() pulumi.StringOutput

The current set password on the Active Directory service account, provided because AD is eventually consistent.

func (GetAccessCredentialsResultOutput) Namespace 

func (o GetAccessCredentialsResultOutput) Namespace() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) Role 

func (o GetAccessCredentialsResultOutput) Role() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutput 

func (o GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutput() GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutputWithContext 

func (o GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutputWithContext(ctx context.Context) GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) Username 

func (o GetAccessCredentialsResultOutput) Username() pulumi.StringOutput

The Active Directory service account username.

type SecretBackend 

type SecretBackend struct {
	pulumi.CustomResourceState

	// Use anonymous binds when performing LDAP group searches
	// (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch pulumi.BoolPtrOutput `pulumi:"anonymousGroupSearch"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ad`.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// Distinguished name of object to bind when performing user and group search.
	Binddn pulumi.StringOutput `pulumi:"binddn"`
	// Password to use along with binddn when performing user search.
	Bindpass pulumi.StringOutput `pulumi:"bindpass"`
	// If set, user and group names assigned to policies within the
	// backend will be case sensitive. Otherwise, names will be normalized to lower case.
	CaseSensitiveNames pulumi.BoolPtrOutput `pulumi:"caseSensitiveNames"`
	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	Certificate pulumi.StringPtrOutput `pulumi:"certificate"`
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsCert pulumi.StringPtrOutput `pulumi:"clientTlsCert"`
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsKey pulumi.StringPtrOutput `pulumi:"clientTlsKey"`
	// Default lease duration for secrets in seconds.
	DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"`
	// Denies an unauthenticated LDAP bind request if the user's password is empty;
	// defaults to true.
	DenyNullBind pulumi.BoolPtrOutput `pulumi:"denyNullBind"`
	// Human-friendly description of the mount for the Active Directory backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"`
	// Use anonymous bind to discover the bind Distinguished Name of a user.
	Discoverdn pulumi.BoolPtrOutput `pulumi:"discoverdn"`
	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
	// user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
	Groupattr pulumi.StringPtrOutput `pulumi:"groupattr"`
	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
	Groupdn pulumi.StringPtrOutput `pulumi:"groupdn"`
	// Go template for querying group membership of user (optional) The template can access
	// the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
	Groupfilter pulumi.StringPtrOutput `pulumi:"groupfilter"`
	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to `false`.
	InsecureTls pulumi.BoolPtrOutput `pulumi:"insecureTls"`
	// The number of seconds after a Vault rotation where, if Active Directory
	// shows a later rotation, it should be considered out-of-band
	LastRotationTolerance pulumi.IntOutput `pulumi:"lastRotationTolerance"`
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTtlSeconds pulumi.IntOutput `pulumi:"maxLeaseTtlSeconds"`
	// In seconds, the maximum password time-to-live.
	MaxTtl pulumi.IntOutput `pulumi:"maxTtl"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Name of the password policy to use to generate passwords.
	PasswordPolicy pulumi.StringPtrOutput `pulumi:"passwordPolicy"`
	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	RequestTimeout pulumi.IntPtrOutput `pulumi:"requestTimeout"`
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls pulumi.BoolOutput `pulumi:"starttls"`
	// Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
	// `tls12` or `tls13`. Defaults to `tls12`.
	TlsMaxVersion pulumi.StringOutput `pulumi:"tlsMaxVersion"`
	// Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
	// `tls12` or `tls13`. Defaults to `tls12`.
	TlsMinVersion pulumi.StringOutput `pulumi:"tlsMinVersion"`
	// In seconds, the default password time-to-live.
	Ttl pulumi.IntOutput `pulumi:"ttl"`
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain pulumi.StringOutput `pulumi:"upndomain"`
	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
	Url pulumi.StringPtrOutput `pulumi:"url"`
	// In Vault 1.1.1 a fix for handling group CN values of
	// different cases unfortunately introduced a regression that could cause previously defined groups
	// to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
	// matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
	// compatibility. It is enabled by default if the config is upgraded but disabled by default on
	// new configurations.
	UsePre111GroupCnBehavior pulumi.BoolOutput `pulumi:"usePre111GroupCnBehavior"`
	// If true, use the Active Directory tokenGroups constructed attribute of the
	// user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups pulumi.BoolPtrOutput `pulumi:"useTokenGroups"`
	// Attribute used when searching users. Defaults to `cn`.
	Userattr pulumi.StringPtrOutput `pulumi:"userattr"`
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	Userdn pulumi.StringPtrOutput `pulumi:"userdn"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ad"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ad.NewSecretBackend(ctx, "config", &ad.SecretBackendArgs{
			Backend:     pulumi.String("ad"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://ad"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AD secret backend can be imported using the `backend`, e.g.

```sh $ pulumi import vault:ad/secretBackend:SecretBackend ad ad ```

func GetSecretBackend 

func GetSecretBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendState, opts ...pulumi.ResourceOption) (*SecretBackend, error)

GetSecretBackend gets an existing SecretBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackend 

func NewSecretBackend(ctx *pulumi.Context,
	name string, args *SecretBackendArgs, opts ...pulumi.ResourceOption) (*SecretBackend, error)

NewSecretBackend registers a new resource with the given unique name, arguments, and options.

func (*SecretBackend) ElementType 

func (*SecretBackend) ElementType() reflect.Type

func (*SecretBackend) ToSecretBackendOutput 

func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput

func (*SecretBackend) ToSecretBackendOutputWithContext 

func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

type SecretBackendArgs 

type SecretBackendArgs struct {
	// Use anonymous binds when performing LDAP group searches
	// (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch pulumi.BoolPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ad`.
	Backend pulumi.StringPtrInput
	// Distinguished name of object to bind when performing user and group search.
	Binddn pulumi.StringInput
	// Password to use along with binddn when performing user search.
	Bindpass pulumi.StringInput
	// If set, user and group names assigned to policies within the
	// backend will be case sensitive. Otherwise, names will be normalized to lower case.
	CaseSensitiveNames pulumi.BoolPtrInput
	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	Certificate pulumi.StringPtrInput
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsCert pulumi.StringPtrInput
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsKey pulumi.StringPtrInput
	// Default lease duration for secrets in seconds.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// Denies an unauthenticated LDAP bind request if the user's password is empty;
	// defaults to true.
	DenyNullBind pulumi.BoolPtrInput
	// Human-friendly description of the mount for the Active Directory backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// Use anonymous bind to discover the bind Distinguished Name of a user.
	Discoverdn pulumi.BoolPtrInput
	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
	// user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
	Groupattr pulumi.StringPtrInput
	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
	Groupdn pulumi.StringPtrInput
	// Go template for querying group membership of user (optional) The template can access
	// the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
	Groupfilter pulumi.StringPtrInput
	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to `false`.
	InsecureTls pulumi.BoolPtrInput
	// The number of seconds after a Vault rotation where, if Active Directory
	// shows a later rotation, it should be considered out-of-band
	LastRotationTolerance pulumi.IntPtrInput
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	Local pulumi.BoolPtrInput
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// In seconds, the maximum password time-to-live.
	MaxTtl pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Name of the password policy to use to generate passwords.
	PasswordPolicy pulumi.StringPtrInput
	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	RequestTimeout pulumi.IntPtrInput
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls pulumi.BoolPtrInput
	// Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
	// `tls12` or `tls13`. Defaults to `tls12`.
	TlsMaxVersion pulumi.StringPtrInput
	// Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
	// `tls12` or `tls13`. Defaults to `tls12`.
	TlsMinVersion pulumi.StringPtrInput
	// In seconds, the default password time-to-live.
	Ttl pulumi.IntPtrInput
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain pulumi.StringPtrInput
	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
	Url pulumi.StringPtrInput
	// In Vault 1.1.1 a fix for handling group CN values of
	// different cases unfortunately introduced a regression that could cause previously defined groups
	// to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
	// matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
	// compatibility. It is enabled by default if the config is upgraded but disabled by default on
	// new configurations.
	UsePre111GroupCnBehavior pulumi.BoolPtrInput
	// If true, use the Active Directory tokenGroups constructed attribute of the
	// user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups pulumi.BoolPtrInput
	// Attribute used when searching users. Defaults to `cn`.
	Userattr pulumi.StringPtrInput
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	Userdn pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackend resource.

func (SecretBackendArgs) ElementType 

func (SecretBackendArgs) ElementType() reflect.Type

type SecretBackendArray 

type SecretBackendArray []SecretBackendInput

func (SecretBackendArray) ElementType 

func (SecretBackendArray) ElementType() reflect.Type

func (SecretBackendArray) ToSecretBackendArrayOutput 

func (i SecretBackendArray) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArray) ToSecretBackendArrayOutputWithContext 

func (i SecretBackendArray) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendArrayInput 

type SecretBackendArrayInput interface {
	pulumi.Input

	ToSecretBackendArrayOutput() SecretBackendArrayOutput
	ToSecretBackendArrayOutputWithContext(context.Context) SecretBackendArrayOutput
}

SecretBackendArrayInput is an input type that accepts SecretBackendArray and SecretBackendArrayOutput values. You can construct a concrete instance of `SecretBackendArrayInput` via: 

SecretBackendArray{ SecretBackendArgs{...} }

type SecretBackendArrayOutput 

type SecretBackendArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendArrayOutput) ElementType 

func (SecretBackendArrayOutput) ElementType() reflect.Type

func (SecretBackendArrayOutput) Index 

func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutput 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendInput 

type SecretBackendInput interface {
	pulumi.Input

	ToSecretBackendOutput() SecretBackendOutput
	ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
}

type SecretBackendMap 

type SecretBackendMap map[string]SecretBackendInput

func (SecretBackendMap) ElementType 

func (SecretBackendMap) ElementType() reflect.Type

func (SecretBackendMap) ToSecretBackendMapOutput 

func (i SecretBackendMap) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMap) ToSecretBackendMapOutputWithContext 

func (i SecretBackendMap) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendMapInput 

type SecretBackendMapInput interface {
	pulumi.Input

	ToSecretBackendMapOutput() SecretBackendMapOutput
	ToSecretBackendMapOutputWithContext(context.Context) SecretBackendMapOutput
}

SecretBackendMapInput is an input type that accepts SecretBackendMap and SecretBackendMapOutput values. You can construct a concrete instance of `SecretBackendMapInput` via: 

SecretBackendMap{ "key": SecretBackendArgs{...} }

type SecretBackendMapOutput 

type SecretBackendMapOutput struct{ *pulumi.OutputState }

func (SecretBackendMapOutput) ElementType 

func (SecretBackendMapOutput) ElementType() reflect.Type

func (SecretBackendMapOutput) MapIndex 

func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutput 

func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutputWithContext 

func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendOutput 

type SecretBackendOutput struct{ *pulumi.OutputState }

func (SecretBackendOutput) AnonymousGroupSearch 

func (o SecretBackendOutput) AnonymousGroupSearch() pulumi.BoolPtrOutput

Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).

func (SecretBackendOutput) Backend 

func (o SecretBackendOutput) Backend() pulumi.StringPtrOutput

The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `ad`.

func (SecretBackendOutput) Binddn 

func (o SecretBackendOutput) Binddn() pulumi.StringOutput

Distinguished name of object to bind when performing user and group search.

func (SecretBackendOutput) Bindpass 

func (o SecretBackendOutput) Bindpass() pulumi.StringOutput

Password to use along with binddn when performing user search.

func (SecretBackendOutput) CaseSensitiveNames 

func (o SecretBackendOutput) CaseSensitiveNames() pulumi.BoolPtrOutput

If set, user and group names assigned to policies within the backend will be case sensitive. Otherwise, names will be normalized to lower case.

func (SecretBackendOutput) Certificate 

func (o SecretBackendOutput) Certificate() pulumi.StringPtrOutput

CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.

func (SecretBackendOutput) ClientTlsCert 

func (o SecretBackendOutput) ClientTlsCert() pulumi.StringPtrOutput

Client certificate to provide to the LDAP server, must be x509 PEM encoded.

func (SecretBackendOutput) ClientTlsKey 

func (o SecretBackendOutput) ClientTlsKey() pulumi.StringPtrOutput

Client certificate key to provide to the LDAP server, must be x509 PEM encoded.

func (SecretBackendOutput) DefaultLeaseTtlSeconds 

func (o SecretBackendOutput) DefaultLeaseTtlSeconds() pulumi.IntOutput

Default lease duration for secrets in seconds.

func (SecretBackendOutput) DenyNullBind 

func (o SecretBackendOutput) DenyNullBind() pulumi.BoolPtrOutput

Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true.

func (SecretBackendOutput) Description 

func (o SecretBackendOutput) Description() pulumi.StringPtrOutput

Human-friendly description of the mount for the Active Directory backend.

func (SecretBackendOutput) DisableRemount 

func (o SecretBackendOutput) DisableRemount() pulumi.BoolPtrOutput

If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)

func (SecretBackendOutput) Discoverdn 

func (o SecretBackendOutput) Discoverdn() pulumi.BoolPtrOutput

Use anonymous bind to discover the bind Distinguished Name of a user.

func (SecretBackendOutput) ElementType 

func (SecretBackendOutput) ElementType() reflect.Type

func (SecretBackendOutput) Groupattr 

func (o SecretBackendOutput) Groupattr() pulumi.StringPtrOutput

LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.

func (SecretBackendOutput) Groupdn 

func (o SecretBackendOutput) Groupdn() pulumi.StringPtrOutput

LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).

func (SecretBackendOutput) Groupfilter 

func (o SecretBackendOutput) Groupfilter() pulumi.StringPtrOutput

Go template for querying group membership of user (optional) The template can access the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`

func (SecretBackendOutput) InsecureTls 

func (o SecretBackendOutput) InsecureTls() pulumi.BoolPtrOutput

Skip LDAP server SSL Certificate verification. This is not recommended for production. Defaults to `false`.

func (SecretBackendOutput) LastRotationTolerance 

func (o SecretBackendOutput) LastRotationTolerance() pulumi.IntOutput

The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band

func (SecretBackendOutput) Local 

func (o SecretBackendOutput) Local() pulumi.BoolPtrOutput

Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.

func (SecretBackendOutput) MaxLeaseTtlSeconds 

func (o SecretBackendOutput) MaxLeaseTtlSeconds() pulumi.IntOutput

Maximum possible lease duration for secrets in seconds.

func (SecretBackendOutput) MaxTtl 

func (o SecretBackendOutput) MaxTtl() pulumi.IntOutput

In seconds, the maximum password time-to-live.

func (SecretBackendOutput) Namespace 

func (o SecretBackendOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (SecretBackendOutput) PasswordPolicy 

func (o SecretBackendOutput) PasswordPolicy() pulumi.StringPtrOutput

Name of the password policy to use to generate passwords.

func (SecretBackendOutput) RequestTimeout 

func (o SecretBackendOutput) RequestTimeout() pulumi.IntPtrOutput

Timeout, in seconds, for the connection when making requests against the server before returning back an error.

func (SecretBackendOutput) Starttls 

func (o SecretBackendOutput) Starttls() pulumi.BoolOutput

Issue a StartTLS command after establishing unencrypted connection.

func (SecretBackendOutput) TlsMaxVersion 

func (o SecretBackendOutput) TlsMaxVersion() pulumi.StringOutput

Maximum TLS version to use. Accepted values are `tls10`, `tls11`, `tls12` or `tls13`. Defaults to `tls12`.

func (SecretBackendOutput) TlsMinVersion 

func (o SecretBackendOutput) TlsMinVersion() pulumi.StringOutput

Minimum TLS version to use. Accepted values are `tls10`, `tls11`, `tls12` or `tls13`. Defaults to `tls12`.

func (SecretBackendOutput) ToSecretBackendOutput 

func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendOutputWithContext 

func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

func (SecretBackendOutput) Ttl 

func (o SecretBackendOutput) Ttl() pulumi.IntOutput

In seconds, the default password time-to-live.

func (SecretBackendOutput) Upndomain 

func (o SecretBackendOutput) Upndomain() pulumi.StringOutput

Enables userPrincipalDomain login with [username]@UPNDomain.

func (SecretBackendOutput) Url 

func (o SecretBackendOutput) Url() pulumi.StringPtrOutput

LDAP URL to connect to. Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.

func (SecretBackendOutput) UsePre111GroupCnBehavior 

func (o SecretBackendOutput) UsePre111GroupCnBehavior() pulumi.BoolOutput

In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.

func (SecretBackendOutput) UseTokenGroups 

func (o SecretBackendOutput) UseTokenGroups() pulumi.BoolPtrOutput

If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.

func (SecretBackendOutput) Userattr 

func (o SecretBackendOutput) Userattr() pulumi.StringPtrOutput

Attribute used when searching users. Defaults to `cn`.

func (SecretBackendOutput) Userdn 

func (o SecretBackendOutput) Userdn() pulumi.StringPtrOutput

LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.

type SecretBackendState 

type SecretBackendState struct {
	// Use anonymous binds when performing LDAP group searches
	// (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch pulumi.BoolPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ad`.
	Backend pulumi.StringPtrInput
	// Distinguished name of object to bind when performing user and group search.
	Binddn pulumi.StringPtrInput
	// Password to use along with binddn when performing user search.
	Bindpass pulumi.StringPtrInput
	// If set, user and group names assigned to policies within the
	// backend will be case sensitive. Otherwise, names will be normalized to lower case.
	CaseSensitiveNames pulumi.BoolPtrInput
	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	Certificate pulumi.StringPtrInput
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsCert pulumi.StringPtrInput
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsKey pulumi.StringPtrInput
	// Default lease duration for secrets in seconds.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// Denies an unauthenticated LDAP bind request if the user's password is empty;
	// defaults to true.
	DenyNullBind pulumi.BoolPtrInput
	// Human-friendly description of the mount for the Active Directory backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// Use anonymous bind to discover the bind Distinguished Name of a user.
	Discoverdn pulumi.BoolPtrInput
	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
	// user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
	Groupattr pulumi.StringPtrInput
	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
	Groupdn pulumi.StringPtrInput
	// Go template for querying group membership of user (optional) The template can access
	// the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
	Groupfilter pulumi.StringPtrInput
	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to `false`.
	InsecureTls pulumi.BoolPtrInput
	// The number of seconds after a Vault rotation where, if Active Directory
	// shows a later rotation, it should be considered out-of-band
	LastRotationTolerance pulumi.IntPtrInput
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	Local pulumi.BoolPtrInput
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// In seconds, the maximum password time-to-live.
	MaxTtl pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Name of the password policy to use to generate passwords.
	PasswordPolicy pulumi.StringPtrInput
	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	RequestTimeout pulumi.IntPtrInput
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls pulumi.BoolPtrInput
	// Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
	// `tls12` or `tls13`. Defaults to `tls12`.
	TlsMaxVersion pulumi.StringPtrInput
	// Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
	// `tls12` or `tls13`. Defaults to `tls12`.
	TlsMinVersion pulumi.StringPtrInput
	// In seconds, the default password time-to-live.
	Ttl pulumi.IntPtrInput
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain pulumi.StringPtrInput
	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
	Url pulumi.StringPtrInput
	// In Vault 1.1.1 a fix for handling group CN values of
	// different cases unfortunately introduced a regression that could cause previously defined groups
	// to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
	// matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
	// compatibility. It is enabled by default if the config is upgraded but disabled by default on
	// new configurations.
	UsePre111GroupCnBehavior pulumi.BoolPtrInput
	// If true, use the Active Directory tokenGroups constructed attribute of the
	// user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups pulumi.BoolPtrInput
	// Attribute used when searching users. Defaults to `cn`.
	Userattr pulumi.StringPtrInput
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	Userdn pulumi.StringPtrInput
}

func (SecretBackendState) ElementType 

func (SecretBackendState) ElementType() reflect.Type

type SecretLibrary 

type SecretLibrary struct {
	pulumi.CustomResourceState

	// The path the AD secret backend is mounted at,
	// with no leading or trailing `/`s.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// Disable enforcing that service accounts must be checked in by the entity or client token that checked them out.
	DisableCheckInEnforcement pulumi.BoolPtrOutput `pulumi:"disableCheckInEnforcement"`
	// The maximum password time-to-live in seconds. Defaults to the configuration
	// maxTtl if not provided.
	MaxTtl pulumi.IntOutput `pulumi:"maxTtl"`
	// The name to identify this set of service accounts.
	// Must be unique within the backend.
	Name pulumi.StringOutput `pulumi:"name"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Specifies the slice of service accounts mapped to this set.
	ServiceAccountNames pulumi.StringArrayOutput `pulumi:"serviceAccountNames"`
	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	Ttl pulumi.IntOutput `pulumi:"ttl"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ad"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		config, err := ad.NewSecretBackend(ctx, "config", &ad.SecretBackendArgs{
			Backend:     pulumi.String("ad"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://ad"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		_, err = ad.NewSecretLibrary(ctx, "qa", &ad.SecretLibraryArgs{
			Backend: config.Backend,
			Name:    pulumi.String("qa"),
			ServiceAccountNames: pulumi.StringArray{
				pulumi.String("Bob"),
				pulumi.String("Mary"),
			},
			Ttl:                       pulumi.Int(60),
			DisableCheckInEnforcement: pulumi.Bool(true),
			MaxTtl:                    pulumi.Int(120),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AD secret backend libraries can be imported using the `path`, e.g.

```sh $ pulumi import vault:ad/secretLibrary:SecretLibrary role ad/library/bob ```

func GetSecretLibrary 

func GetSecretLibrary(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretLibraryState, opts ...pulumi.ResourceOption) (*SecretLibrary, error)

GetSecretLibrary gets an existing SecretLibrary resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretLibrary 

func NewSecretLibrary(ctx *pulumi.Context,
	name string, args *SecretLibraryArgs, opts ...pulumi.ResourceOption) (*SecretLibrary, error)

NewSecretLibrary registers a new resource with the given unique name, arguments, and options.

func (*SecretLibrary) ElementType 

func (*SecretLibrary) ElementType() reflect.Type

func (*SecretLibrary) ToSecretLibraryOutput 

func (i *SecretLibrary) ToSecretLibraryOutput() SecretLibraryOutput

func (*SecretLibrary) ToSecretLibraryOutputWithContext 

func (i *SecretLibrary) ToSecretLibraryOutputWithContext(ctx context.Context) SecretLibraryOutput

type SecretLibraryArgs 

type SecretLibraryArgs struct {
	// The path the AD secret backend is mounted at,
	// with no leading or trailing `/`s.
	Backend pulumi.StringInput
	// Disable enforcing that service accounts must be checked in by the entity or client token that checked them out.
	DisableCheckInEnforcement pulumi.BoolPtrInput
	// The maximum password time-to-live in seconds. Defaults to the configuration
	// maxTtl if not provided.
	MaxTtl pulumi.IntPtrInput
	// The name to identify this set of service accounts.
	// Must be unique within the backend.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies the slice of service accounts mapped to this set.
	ServiceAccountNames pulumi.StringArrayInput
	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	Ttl pulumi.IntPtrInput
}

The set of arguments for constructing a SecretLibrary resource.

func (SecretLibraryArgs) ElementType 

func (SecretLibraryArgs) ElementType() reflect.Type

type SecretLibraryArray 

type SecretLibraryArray []SecretLibraryInput

func (SecretLibraryArray) ElementType 

func (SecretLibraryArray) ElementType() reflect.Type

func (SecretLibraryArray) ToSecretLibraryArrayOutput 

func (i SecretLibraryArray) ToSecretLibraryArrayOutput() SecretLibraryArrayOutput

func (SecretLibraryArray) ToSecretLibraryArrayOutputWithContext 

func (i SecretLibraryArray) ToSecretLibraryArrayOutputWithContext(ctx context.Context) SecretLibraryArrayOutput

type SecretLibraryArrayInput 

type SecretLibraryArrayInput interface {
	pulumi.Input

	ToSecretLibraryArrayOutput() SecretLibraryArrayOutput
	ToSecretLibraryArrayOutputWithContext(context.Context) SecretLibraryArrayOutput
}

SecretLibraryArrayInput is an input type that accepts SecretLibraryArray and SecretLibraryArrayOutput values. You can construct a concrete instance of `SecretLibraryArrayInput` via: 

SecretLibraryArray{ SecretLibraryArgs{...} }

type SecretLibraryArrayOutput 

type SecretLibraryArrayOutput struct{ *pulumi.OutputState }

func (SecretLibraryArrayOutput) ElementType 

func (SecretLibraryArrayOutput) ElementType() reflect.Type

func (SecretLibraryArrayOutput) Index 

func (o SecretLibraryArrayOutput) Index(i pulumi.IntInput) SecretLibraryOutput

func (SecretLibraryArrayOutput) ToSecretLibraryArrayOutput 

func (o SecretLibraryArrayOutput) ToSecretLibraryArrayOutput() SecretLibraryArrayOutput

func (SecretLibraryArrayOutput) ToSecretLibraryArrayOutputWithContext 

func (o SecretLibraryArrayOutput) ToSecretLibraryArrayOutputWithContext(ctx context.Context) SecretLibraryArrayOutput

type SecretLibraryInput 

type SecretLibraryInput interface {
	pulumi.Input

	ToSecretLibraryOutput() SecretLibraryOutput
	ToSecretLibraryOutputWithContext(ctx context.Context) SecretLibraryOutput
}

type SecretLibraryMap 

type SecretLibraryMap map[string]SecretLibraryInput

func (SecretLibraryMap) ElementType 

func (SecretLibraryMap) ElementType() reflect.Type

func (SecretLibraryMap) ToSecretLibraryMapOutput 

func (i SecretLibraryMap) ToSecretLibraryMapOutput() SecretLibraryMapOutput

func (SecretLibraryMap) ToSecretLibraryMapOutputWithContext 

func (i SecretLibraryMap) ToSecretLibraryMapOutputWithContext(ctx context.Context) SecretLibraryMapOutput

type SecretLibraryMapInput 

type SecretLibraryMapInput interface {
	pulumi.Input

	ToSecretLibraryMapOutput() SecretLibraryMapOutput
	ToSecretLibraryMapOutputWithContext(context.Context) SecretLibraryMapOutput
}

SecretLibraryMapInput is an input type that accepts SecretLibraryMap and SecretLibraryMapOutput values. You can construct a concrete instance of `SecretLibraryMapInput` via: 

SecretLibraryMap{ "key": SecretLibraryArgs{...} }

type SecretLibraryMapOutput 

type SecretLibraryMapOutput struct{ *pulumi.OutputState }

func (SecretLibraryMapOutput) ElementType 

func (SecretLibraryMapOutput) ElementType() reflect.Type

func (SecretLibraryMapOutput) MapIndex 

func (o SecretLibraryMapOutput) MapIndex(k pulumi.StringInput) SecretLibraryOutput

func (SecretLibraryMapOutput) ToSecretLibraryMapOutput 

func (o SecretLibraryMapOutput) ToSecretLibraryMapOutput() SecretLibraryMapOutput

func (SecretLibraryMapOutput) ToSecretLibraryMapOutputWithContext 

func (o SecretLibraryMapOutput) ToSecretLibraryMapOutputWithContext(ctx context.Context) SecretLibraryMapOutput

type SecretLibraryOutput 

type SecretLibraryOutput struct{ *pulumi.OutputState }

func (SecretLibraryOutput) Backend 

func (o SecretLibraryOutput) Backend() pulumi.StringOutput

The path the AD secret backend is mounted at, with no leading or trailing `/`s.

func (SecretLibraryOutput) DisableCheckInEnforcement 

func (o SecretLibraryOutput) DisableCheckInEnforcement() pulumi.BoolPtrOutput

Disable enforcing that service accounts must be checked in by the entity or client token that checked them out.

func (SecretLibraryOutput) ElementType 

func (SecretLibraryOutput) ElementType() reflect.Type

func (SecretLibraryOutput) MaxTtl 

func (o SecretLibraryOutput) MaxTtl() pulumi.IntOutput

The maximum password time-to-live in seconds. Defaults to the configuration maxTtl if not provided.

func (SecretLibraryOutput) Name 

func (o SecretLibraryOutput) Name() pulumi.StringOutput

The name to identify this set of service accounts. Must be unique within the backend.

func (SecretLibraryOutput) Namespace 

func (o SecretLibraryOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (SecretLibraryOutput) ServiceAccountNames 

func (o SecretLibraryOutput) ServiceAccountNames() pulumi.StringArrayOutput

Specifies the slice of service accounts mapped to this set.

func (SecretLibraryOutput) ToSecretLibraryOutput 

func (o SecretLibraryOutput) ToSecretLibraryOutput() SecretLibraryOutput

func (SecretLibraryOutput) ToSecretLibraryOutputWithContext 

func (o SecretLibraryOutput) ToSecretLibraryOutputWithContext(ctx context.Context) SecretLibraryOutput

func (SecretLibraryOutput) Ttl 

func (o SecretLibraryOutput) Ttl() pulumi.IntOutput

The password time-to-live in seconds. Defaults to the configuration ttl if not provided.

type SecretLibraryState 

type SecretLibraryState struct {
	// The path the AD secret backend is mounted at,
	// with no leading or trailing `/`s.
	Backend pulumi.StringPtrInput
	// Disable enforcing that service accounts must be checked in by the entity or client token that checked them out.
	DisableCheckInEnforcement pulumi.BoolPtrInput
	// The maximum password time-to-live in seconds. Defaults to the configuration
	// maxTtl if not provided.
	MaxTtl pulumi.IntPtrInput
	// The name to identify this set of service accounts.
	// Must be unique within the backend.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies the slice of service accounts mapped to this set.
	ServiceAccountNames pulumi.StringArrayInput
	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	Ttl pulumi.IntPtrInput
}

func (SecretLibraryState) ElementType 

func (SecretLibraryState) ElementType() reflect.Type

type SecretRole 

type SecretRole struct {
	pulumi.CustomResourceState

	// The path the AD secret backend is mounted at,
	// with no leading or trailing `/`s.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// Timestamp of the last password rotation by Vault.
	LastVaultRotation pulumi.StringOutput `pulumi:"lastVaultRotation"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Timestamp of the last password set by Vault.
	PasswordLastSet pulumi.StringOutput `pulumi:"passwordLastSet"`
	// The name to identify this role within the backend.
	// Must be unique within the backend.
	Role pulumi.StringOutput `pulumi:"role"`
	// Specifies the name of the Active Directory service
	// account mapped to this role.
	ServiceAccountName pulumi.StringOutput `pulumi:"serviceAccountName"`
	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	Ttl pulumi.IntPtrOutput `pulumi:"ttl"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ad"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		config, err := ad.NewSecretBackend(ctx, "config", &ad.SecretBackendArgs{
			Backend:     pulumi.String("ad"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://ad"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		_, err = ad.NewSecretRole(ctx, "role", &ad.SecretRoleArgs{
			Backend:            config.Backend,
			Role:               pulumi.String("bob"),
			ServiceAccountName: pulumi.String("Bob"),
			Ttl:                pulumi.Int(60),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AD secret backend roles can be imported using the `path`, e.g.

```sh $ pulumi import vault:ad/secretRole:SecretRole role ad/roles/bob ```

func GetSecretRole 

func GetSecretRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretRoleState, opts ...pulumi.ResourceOption) (*SecretRole, error)

GetSecretRole gets an existing SecretRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretRole 

func NewSecretRole(ctx *pulumi.Context,
	name string, args *SecretRoleArgs, opts ...pulumi.ResourceOption) (*SecretRole, error)

NewSecretRole registers a new resource with the given unique name, arguments, and options.

func (*SecretRole) ElementType 

func (*SecretRole) ElementType() reflect.Type

func (*SecretRole) ToSecretRoleOutput 

func (i *SecretRole) ToSecretRoleOutput() SecretRoleOutput

func (*SecretRole) ToSecretRoleOutputWithContext 

func (i *SecretRole) ToSecretRoleOutputWithContext(ctx context.Context) SecretRoleOutput

type SecretRoleArgs 

type SecretRoleArgs struct {
	// The path the AD secret backend is mounted at,
	// with no leading or trailing `/`s.
	Backend pulumi.StringInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The name to identify this role within the backend.
	// Must be unique within the backend.
	Role pulumi.StringInput
	// Specifies the name of the Active Directory service
	// account mapped to this role.
	ServiceAccountName pulumi.StringInput
	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	Ttl pulumi.IntPtrInput
}

The set of arguments for constructing a SecretRole resource.

func (SecretRoleArgs) ElementType 

func (SecretRoleArgs) ElementType() reflect.Type

type SecretRoleArray 

type SecretRoleArray []SecretRoleInput

func (SecretRoleArray) ElementType 

func (SecretRoleArray) ElementType() reflect.Type

func (SecretRoleArray) ToSecretRoleArrayOutput 

func (i SecretRoleArray) ToSecretRoleArrayOutput() SecretRoleArrayOutput

func (SecretRoleArray) ToSecretRoleArrayOutputWithContext 

func (i SecretRoleArray) ToSecretRoleArrayOutputWithContext(ctx context.Context) SecretRoleArrayOutput

type SecretRoleArrayInput 

type SecretRoleArrayInput interface {
	pulumi.Input

	ToSecretRoleArrayOutput() SecretRoleArrayOutput
	ToSecretRoleArrayOutputWithContext(context.Context) SecretRoleArrayOutput
}

SecretRoleArrayInput is an input type that accepts SecretRoleArray and SecretRoleArrayOutput values. You can construct a concrete instance of `SecretRoleArrayInput` via: 

SecretRoleArray{ SecretRoleArgs{...} }

type SecretRoleArrayOutput 

type SecretRoleArrayOutput struct{ *pulumi.OutputState }

func (SecretRoleArrayOutput) ElementType 

func (SecretRoleArrayOutput) ElementType() reflect.Type

func (SecretRoleArrayOutput) Index 

func (o SecretRoleArrayOutput) Index(i pulumi.IntInput) SecretRoleOutput

func (SecretRoleArrayOutput) ToSecretRoleArrayOutput 

func (o SecretRoleArrayOutput) ToSecretRoleArrayOutput() SecretRoleArrayOutput

func (SecretRoleArrayOutput) ToSecretRoleArrayOutputWithContext 

func (o SecretRoleArrayOutput) ToSecretRoleArrayOutputWithContext(ctx context.Context) SecretRoleArrayOutput

type SecretRoleInput 

type SecretRoleInput interface {
	pulumi.Input

	ToSecretRoleOutput() SecretRoleOutput
	ToSecretRoleOutputWithContext(ctx context.Context) SecretRoleOutput
}

type SecretRoleMap 

type SecretRoleMap map[string]SecretRoleInput

func (SecretRoleMap) ElementType 

func (SecretRoleMap) ElementType() reflect.Type

func (SecretRoleMap) ToSecretRoleMapOutput 

func (i SecretRoleMap) ToSecretRoleMapOutput() SecretRoleMapOutput

func (SecretRoleMap) ToSecretRoleMapOutputWithContext 

func (i SecretRoleMap) ToSecretRoleMapOutputWithContext(ctx context.Context) SecretRoleMapOutput

type SecretRoleMapInput 

type SecretRoleMapInput interface {
	pulumi.Input

	ToSecretRoleMapOutput() SecretRoleMapOutput
	ToSecretRoleMapOutputWithContext(context.Context) SecretRoleMapOutput
}

SecretRoleMapInput is an input type that accepts SecretRoleMap and SecretRoleMapOutput values. You can construct a concrete instance of `SecretRoleMapInput` via: 

SecretRoleMap{ "key": SecretRoleArgs{...} }

type SecretRoleMapOutput 

type SecretRoleMapOutput struct{ *pulumi.OutputState }

func (SecretRoleMapOutput) ElementType 

func (SecretRoleMapOutput) ElementType() reflect.Type

func (SecretRoleMapOutput) MapIndex 

func (o SecretRoleMapOutput) MapIndex(k pulumi.StringInput) SecretRoleOutput

func (SecretRoleMapOutput) ToSecretRoleMapOutput 

func (o SecretRoleMapOutput) ToSecretRoleMapOutput() SecretRoleMapOutput

func (SecretRoleMapOutput) ToSecretRoleMapOutputWithContext 

func (o SecretRoleMapOutput) ToSecretRoleMapOutputWithContext(ctx context.Context) SecretRoleMapOutput

type SecretRoleOutput 

type SecretRoleOutput struct{ *pulumi.OutputState }

func (SecretRoleOutput) Backend 

func (o SecretRoleOutput) Backend() pulumi.StringOutput

The path the AD secret backend is mounted at, with no leading or trailing `/`s.

func (SecretRoleOutput) ElementType 

func (SecretRoleOutput) ElementType() reflect.Type

func (SecretRoleOutput) LastVaultRotation 

func (o SecretRoleOutput) LastVaultRotation() pulumi.StringOutput

Timestamp of the last password rotation by Vault.

func (SecretRoleOutput) Namespace 

func (o SecretRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (SecretRoleOutput) PasswordLastSet 

func (o SecretRoleOutput) PasswordLastSet() pulumi.StringOutput

Timestamp of the last password set by Vault.

func (SecretRoleOutput) Role 

func (o SecretRoleOutput) Role() pulumi.StringOutput

The name to identify this role within the backend. Must be unique within the backend.

func (SecretRoleOutput) ServiceAccountName 

func (o SecretRoleOutput) ServiceAccountName() pulumi.StringOutput

Specifies the name of the Active Directory service account mapped to this role.

func (SecretRoleOutput) ToSecretRoleOutput 

func (o SecretRoleOutput) ToSecretRoleOutput() SecretRoleOutput

func (SecretRoleOutput) ToSecretRoleOutputWithContext 

func (o SecretRoleOutput) ToSecretRoleOutputWithContext(ctx context.Context) SecretRoleOutput

func (SecretRoleOutput) Ttl 

func (o SecretRoleOutput) Ttl() pulumi.IntPtrOutput

The password time-to-live in seconds. Defaults to the configuration ttl if not provided.

type SecretRoleState 

type SecretRoleState struct {
	// The path the AD secret backend is mounted at,
	// with no leading or trailing `/`s.
	Backend pulumi.StringPtrInput
	// Timestamp of the last password rotation by Vault.
	LastVaultRotation pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Timestamp of the last password set by Vault.
	PasswordLastSet pulumi.StringPtrInput
	// The name to identify this role within the backend.
	// Must be unique within the backend.
	Role pulumi.StringPtrInput
	// Specifies the name of the Active Directory service
	// account mapped to this role.
	ServiceAccountName pulumi.StringPtrInput
	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	Ttl pulumi.IntPtrInput
}

func (SecretRoleState) ElementType 

func (SecretRoleState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.