ldap

package
v6.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackend 

type AuthBackend struct {
	pulumi.CustomResourceState

	// The accessor for this auth mount.
	Accessor pulumi.StringOutput `pulumi:"accessor"`
	// DN of object to bind when performing user search
	Binddn pulumi.StringOutput `pulumi:"binddn"`
	// Password to use with `binddn` when performing user search
	Bindpass pulumi.StringOutput `pulumi:"bindpass"`
	// Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
	CaseSensitiveNames pulumi.BoolOutput `pulumi:"caseSensitiveNames"`
	// Trusted CA to validate TLS certificate
	Certificate   pulumi.StringOutput `pulumi:"certificate"`
	ClientTlsCert pulumi.StringOutput `pulumi:"clientTlsCert"`
	ClientTlsKey  pulumi.StringOutput `pulumi:"clientTlsKey"`
	// Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
	ConnectionTimeout pulumi.IntOutput `pulumi:"connectionTimeout"`
	// Prevents users from bypassing authentication when providing an empty password.
	DenyNullBind pulumi.BoolOutput `pulumi:"denyNullBind"`
	// Description for the LDAP auth backend mount
	Description pulumi.StringOutput `pulumi:"description"`
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"`
	// Use anonymous bind to discover the bind DN of a user.
	Discoverdn pulumi.BoolOutput `pulumi:"discoverdn"`
	// LDAP attribute to follow on objects returned by groupfilter
	Groupattr pulumi.StringOutput `pulumi:"groupattr"`
	// Base DN under which to perform group search
	Groupdn pulumi.StringOutput `pulumi:"groupdn"`
	// Go template used to construct group membership query
	Groupfilter pulumi.StringOutput `pulumi:"groupfilter"`
	// Control whether or TLS certificates must be validated
	InsecureTls pulumi.BoolOutput `pulumi:"insecureTls"`
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// Sets the max page size for LDAP lookups, by default it's set to -1.
	// *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
	MaxPageSize pulumi.IntPtrOutput `pulumi:"maxPageSize"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Path to mount the LDAP auth backend under
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// Control use of TLS when conecting to LDAP
	Starttls pulumi.BoolOutput `pulumi:"starttls"`
	// Maximum acceptable version of TLS
	TlsMaxVersion pulumi.StringOutput `pulumi:"tlsMaxVersion"`
	// Minimum acceptable version of TLS
	TlsMinVersion pulumi.StringOutput `pulumi:"tlsMinVersion"`
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime of the generated token
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// Generated Token's Period
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// Generated Token's Policies
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The initial ttl of the token to generate in seconds
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
	// The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
	Upndomain pulumi.StringOutput `pulumi:"upndomain"`
	// The URL of the LDAP server
	Url pulumi.StringOutput `pulumi:"url"`
	// Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
	UseTokenGroups pulumi.BoolOutput `pulumi:"useTokenGroups"`
	// Attribute on user object matching username passed in
	Userattr pulumi.StringOutput `pulumi:"userattr"`
	// Base DN under which to perform user search
	Userdn pulumi.StringOutput `pulumi:"userdn"`
	// LDAP user search filter
	Userfilter pulumi.StringOutput `pulumi:"userfilter"`
	// Force the auth method to use the username passed by the user as the alias name.
	UsernameAsAlias pulumi.BoolOutput `pulumi:"usernameAsAlias"`
}

Provides a resource for managing an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
			Path:        pulumi.String("ldap"),
			Url:         pulumi.String("ldaps://dc-01.example.org"),
			Userdn:      pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
			Userattr:    pulumi.String("sAMAccountName"),
			Upndomain:   pulumi.String("EXAMPLE.ORG"),
			Discoverdn:  pulumi.Bool(false),
			Groupdn:     pulumi.String("OU=Groups,DC=example,DC=org"),
			Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP authentication backends can be imported using the `path`, e.g.

```sh $ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap ```

func GetAuthBackend 

func GetAuthBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendState, opts ...pulumi.ResourceOption) (*AuthBackend, error)

GetAuthBackend gets an existing AuthBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackend 

func NewAuthBackend(ctx *pulumi.Context,
	name string, args *AuthBackendArgs, opts ...pulumi.ResourceOption) (*AuthBackend, error)

NewAuthBackend registers a new resource with the given unique name, arguments, and options.

func (*AuthBackend) ElementType 

func (*AuthBackend) ElementType() reflect.Type

func (*AuthBackend) ToAuthBackendOutput 

func (i *AuthBackend) ToAuthBackendOutput() AuthBackendOutput

func (*AuthBackend) ToAuthBackendOutputWithContext 

func (i *AuthBackend) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

type AuthBackendArgs 

type AuthBackendArgs struct {
	// DN of object to bind when performing user search
	Binddn pulumi.StringPtrInput
	// Password to use with `binddn` when performing user search
	Bindpass pulumi.StringPtrInput
	// Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
	CaseSensitiveNames pulumi.BoolPtrInput
	// Trusted CA to validate TLS certificate
	Certificate   pulumi.StringPtrInput
	ClientTlsCert pulumi.StringPtrInput
	ClientTlsKey  pulumi.StringPtrInput
	// Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
	ConnectionTimeout pulumi.IntPtrInput
	// Prevents users from bypassing authentication when providing an empty password.
	DenyNullBind pulumi.BoolPtrInput
	// Description for the LDAP auth backend mount
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// Use anonymous bind to discover the bind DN of a user.
	Discoverdn pulumi.BoolPtrInput
	// LDAP attribute to follow on objects returned by groupfilter
	Groupattr pulumi.StringPtrInput
	// Base DN under which to perform group search
	Groupdn pulumi.StringPtrInput
	// Go template used to construct group membership query
	Groupfilter pulumi.StringPtrInput
	// Control whether or TLS certificates must be validated
	InsecureTls pulumi.BoolPtrInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// Sets the max page size for LDAP lookups, by default it's set to -1.
	// *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
	MaxPageSize pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Path to mount the LDAP auth backend under
	Path pulumi.StringPtrInput
	// Control use of TLS when conecting to LDAP
	Starttls pulumi.BoolPtrInput
	// Maximum acceptable version of TLS
	TlsMaxVersion pulumi.StringPtrInput
	// Minimum acceptable version of TLS
	TlsMinVersion pulumi.StringPtrInput
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs pulumi.StringArrayInput
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime of the generated token
	TokenMaxTtl pulumi.IntPtrInput
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrInput
	// Generated Token's Period
	TokenPeriod pulumi.IntPtrInput
	// Generated Token's Policies
	TokenPolicies pulumi.StringArrayInput
	// The initial ttl of the token to generate in seconds
	TokenTtl pulumi.IntPtrInput
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrInput
	// The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
	Upndomain pulumi.StringPtrInput
	// The URL of the LDAP server
	Url pulumi.StringInput
	// Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
	UseTokenGroups pulumi.BoolPtrInput
	// Attribute on user object matching username passed in
	Userattr pulumi.StringPtrInput
	// Base DN under which to perform user search
	Userdn pulumi.StringPtrInput
	// LDAP user search filter
	Userfilter pulumi.StringPtrInput
	// Force the auth method to use the username passed by the user as the alias name.
	UsernameAsAlias pulumi.BoolPtrInput
}

The set of arguments for constructing a AuthBackend resource.

func (AuthBackendArgs) ElementType 

func (AuthBackendArgs) ElementType() reflect.Type

type AuthBackendArray 

type AuthBackendArray []AuthBackendInput

func (AuthBackendArray) ElementType 

func (AuthBackendArray) ElementType() reflect.Type

func (AuthBackendArray) ToAuthBackendArrayOutput 

func (i AuthBackendArray) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArray) ToAuthBackendArrayOutputWithContext 

func (i AuthBackendArray) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendArrayInput 

type AuthBackendArrayInput interface {
	pulumi.Input

	ToAuthBackendArrayOutput() AuthBackendArrayOutput
	ToAuthBackendArrayOutputWithContext(context.Context) AuthBackendArrayOutput
}

AuthBackendArrayInput is an input type that accepts AuthBackendArray and AuthBackendArrayOutput values. You can construct a concrete instance of `AuthBackendArrayInput` via: 

AuthBackendArray{ AuthBackendArgs{...} }

type AuthBackendArrayOutput 

type AuthBackendArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendArrayOutput) ElementType 

func (AuthBackendArrayOutput) ElementType() reflect.Type

func (AuthBackendArrayOutput) Index 

func (o AuthBackendArrayOutput) Index(i pulumi.IntInput) AuthBackendOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutput 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutput() AuthBackendArrayOutput

func (AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext 

func (o AuthBackendArrayOutput) ToAuthBackendArrayOutputWithContext(ctx context.Context) AuthBackendArrayOutput

type AuthBackendGroup 

type AuthBackendGroup struct {
	pulumi.CustomResourceState

	// Path to the authentication backend
	//
	// For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The LDAP groupname
	Groupname pulumi.StringOutput `pulumi:"groupname"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Policies which should be granted to members of the group
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
}

Provides a resource to create a group in an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		ldap, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
			Path:        pulumi.String("ldap"),
			Url:         pulumi.String("ldaps://dc-01.example.org"),
			Userdn:      pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
			Userattr:    pulumi.String("sAMAccountName"),
			Upndomain:   pulumi.String("EXAMPLE.ORG"),
			Discoverdn:  pulumi.Bool(false),
			Groupdn:     pulumi.String("OU=Groups,DC=example,DC=org"),
			Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewAuthBackendGroup(ctx, "group", &ldap.AuthBackendGroupArgs{
			Groupname: pulumi.String("dba"),
			Policies: pulumi.StringArray{
				pulumi.String("dba"),
			},
			Backend: ldap.Path,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP authentication backend groups can be imported using the `path`, e.g.

```sh $ pulumi import vault:ldap/authBackendGroup:AuthBackendGroup foo auth/ldap/groups/foo ```

func GetAuthBackendGroup 

func GetAuthBackendGroup(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendGroupState, opts ...pulumi.ResourceOption) (*AuthBackendGroup, error)

GetAuthBackendGroup gets an existing AuthBackendGroup resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendGroup 

func NewAuthBackendGroup(ctx *pulumi.Context,
	name string, args *AuthBackendGroupArgs, opts ...pulumi.ResourceOption) (*AuthBackendGroup, error)

NewAuthBackendGroup registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendGroup) ElementType 

func (*AuthBackendGroup) ElementType() reflect.Type

func (*AuthBackendGroup) ToAuthBackendGroupOutput 

func (i *AuthBackendGroup) ToAuthBackendGroupOutput() AuthBackendGroupOutput

func (*AuthBackendGroup) ToAuthBackendGroupOutputWithContext 

func (i *AuthBackendGroup) ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput

type AuthBackendGroupArgs 

type AuthBackendGroupArgs struct {
	// Path to the authentication backend
	//
	// For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
	Backend pulumi.StringPtrInput
	// The LDAP groupname
	Groupname pulumi.StringInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Policies which should be granted to members of the group
	Policies pulumi.StringArrayInput
}

The set of arguments for constructing a AuthBackendGroup resource.

func (AuthBackendGroupArgs) ElementType 

func (AuthBackendGroupArgs) ElementType() reflect.Type

type AuthBackendGroupArray 

type AuthBackendGroupArray []AuthBackendGroupInput

func (AuthBackendGroupArray) ElementType 

func (AuthBackendGroupArray) ElementType() reflect.Type

func (AuthBackendGroupArray) ToAuthBackendGroupArrayOutput 

func (i AuthBackendGroupArray) ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput

func (AuthBackendGroupArray) ToAuthBackendGroupArrayOutputWithContext 

func (i AuthBackendGroupArray) ToAuthBackendGroupArrayOutputWithContext(ctx context.Context) AuthBackendGroupArrayOutput

type AuthBackendGroupArrayInput 

type AuthBackendGroupArrayInput interface {
	pulumi.Input

	ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput
	ToAuthBackendGroupArrayOutputWithContext(context.Context) AuthBackendGroupArrayOutput
}

AuthBackendGroupArrayInput is an input type that accepts AuthBackendGroupArray and AuthBackendGroupArrayOutput values. You can construct a concrete instance of `AuthBackendGroupArrayInput` via: 

AuthBackendGroupArray{ AuthBackendGroupArgs{...} }

type AuthBackendGroupArrayOutput 

type AuthBackendGroupArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendGroupArrayOutput) ElementType 

func (AuthBackendGroupArrayOutput) ElementType() reflect.Type

func (AuthBackendGroupArrayOutput) Index 

func (o AuthBackendGroupArrayOutput) Index(i pulumi.IntInput) AuthBackendGroupOutput

func (AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutput 

func (o AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutput() AuthBackendGroupArrayOutput

func (AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutputWithContext 

func (o AuthBackendGroupArrayOutput) ToAuthBackendGroupArrayOutputWithContext(ctx context.Context) AuthBackendGroupArrayOutput

type AuthBackendGroupInput 

type AuthBackendGroupInput interface {
	pulumi.Input

	ToAuthBackendGroupOutput() AuthBackendGroupOutput
	ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput
}

type AuthBackendGroupMap 

type AuthBackendGroupMap map[string]AuthBackendGroupInput

func (AuthBackendGroupMap) ElementType 

func (AuthBackendGroupMap) ElementType() reflect.Type

func (AuthBackendGroupMap) ToAuthBackendGroupMapOutput 

func (i AuthBackendGroupMap) ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput

func (AuthBackendGroupMap) ToAuthBackendGroupMapOutputWithContext 

func (i AuthBackendGroupMap) ToAuthBackendGroupMapOutputWithContext(ctx context.Context) AuthBackendGroupMapOutput

type AuthBackendGroupMapInput 

type AuthBackendGroupMapInput interface {
	pulumi.Input

	ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput
	ToAuthBackendGroupMapOutputWithContext(context.Context) AuthBackendGroupMapOutput
}

AuthBackendGroupMapInput is an input type that accepts AuthBackendGroupMap and AuthBackendGroupMapOutput values. You can construct a concrete instance of `AuthBackendGroupMapInput` via: 

AuthBackendGroupMap{ "key": AuthBackendGroupArgs{...} }

type AuthBackendGroupMapOutput 

type AuthBackendGroupMapOutput struct{ *pulumi.OutputState }

func (AuthBackendGroupMapOutput) ElementType 

func (AuthBackendGroupMapOutput) ElementType() reflect.Type

func (AuthBackendGroupMapOutput) MapIndex 

func (o AuthBackendGroupMapOutput) MapIndex(k pulumi.StringInput) AuthBackendGroupOutput

func (AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutput 

func (o AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutput() AuthBackendGroupMapOutput

func (AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutputWithContext 

func (o AuthBackendGroupMapOutput) ToAuthBackendGroupMapOutputWithContext(ctx context.Context) AuthBackendGroupMapOutput

type AuthBackendGroupOutput 

type AuthBackendGroupOutput struct{ *pulumi.OutputState }

func (AuthBackendGroupOutput) Backend 

func (o AuthBackendGroupOutput) Backend() pulumi.StringPtrOutput

Path to the authentication backend

For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).

func (AuthBackendGroupOutput) ElementType 

func (AuthBackendGroupOutput) ElementType() reflect.Type

func (AuthBackendGroupOutput) Groupname 

func (o AuthBackendGroupOutput) Groupname() pulumi.StringOutput

The LDAP groupname

func (AuthBackendGroupOutput) Namespace 

func (o AuthBackendGroupOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendGroupOutput) Policies 

func (o AuthBackendGroupOutput) Policies() pulumi.StringArrayOutput

Policies which should be granted to members of the group

func (AuthBackendGroupOutput) ToAuthBackendGroupOutput 

func (o AuthBackendGroupOutput) ToAuthBackendGroupOutput() AuthBackendGroupOutput

func (AuthBackendGroupOutput) ToAuthBackendGroupOutputWithContext 

func (o AuthBackendGroupOutput) ToAuthBackendGroupOutputWithContext(ctx context.Context) AuthBackendGroupOutput

type AuthBackendGroupState 

type AuthBackendGroupState struct {
	// Path to the authentication backend
	//
	// For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
	Backend pulumi.StringPtrInput
	// The LDAP groupname
	Groupname pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Policies which should be granted to members of the group
	Policies pulumi.StringArrayInput
}

func (AuthBackendGroupState) ElementType 

func (AuthBackendGroupState) ElementType() reflect.Type

type AuthBackendInput 

type AuthBackendInput interface {
	pulumi.Input

	ToAuthBackendOutput() AuthBackendOutput
	ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput
}

type AuthBackendMap 

type AuthBackendMap map[string]AuthBackendInput

func (AuthBackendMap) ElementType 

func (AuthBackendMap) ElementType() reflect.Type

func (AuthBackendMap) ToAuthBackendMapOutput 

func (i AuthBackendMap) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMap) ToAuthBackendMapOutputWithContext 

func (i AuthBackendMap) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendMapInput 

type AuthBackendMapInput interface {
	pulumi.Input

	ToAuthBackendMapOutput() AuthBackendMapOutput
	ToAuthBackendMapOutputWithContext(context.Context) AuthBackendMapOutput
}

AuthBackendMapInput is an input type that accepts AuthBackendMap and AuthBackendMapOutput values. You can construct a concrete instance of `AuthBackendMapInput` via: 

AuthBackendMap{ "key": AuthBackendArgs{...} }

type AuthBackendMapOutput 

type AuthBackendMapOutput struct{ *pulumi.OutputState }

func (AuthBackendMapOutput) ElementType 

func (AuthBackendMapOutput) ElementType() reflect.Type

func (AuthBackendMapOutput) MapIndex 

func (o AuthBackendMapOutput) MapIndex(k pulumi.StringInput) AuthBackendOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutput 

func (o AuthBackendMapOutput) ToAuthBackendMapOutput() AuthBackendMapOutput

func (AuthBackendMapOutput) ToAuthBackendMapOutputWithContext 

func (o AuthBackendMapOutput) ToAuthBackendMapOutputWithContext(ctx context.Context) AuthBackendMapOutput

type AuthBackendOutput 

type AuthBackendOutput struct{ *pulumi.OutputState }

func (AuthBackendOutput) Accessor 

func (o AuthBackendOutput) Accessor() pulumi.StringOutput

The accessor for this auth mount.

func (AuthBackendOutput) Binddn 

func (o AuthBackendOutput) Binddn() pulumi.StringOutput

DN of object to bind when performing user search

func (AuthBackendOutput) Bindpass 

func (o AuthBackendOutput) Bindpass() pulumi.StringOutput

Password to use with `binddn` when performing user search

func (AuthBackendOutput) CaseSensitiveNames 

func (o AuthBackendOutput) CaseSensitiveNames() pulumi.BoolOutput

Control case senstivity of objects fetched from LDAP, this is used for object matching in vault

func (AuthBackendOutput) Certificate 

func (o AuthBackendOutput) Certificate() pulumi.StringOutput

Trusted CA to validate TLS certificate

func (AuthBackendOutput) ClientTlsCert 

func (o AuthBackendOutput) ClientTlsCert() pulumi.StringOutput

func (AuthBackendOutput) ClientTlsKey 

func (o AuthBackendOutput) ClientTlsKey() pulumi.StringOutput

func (AuthBackendOutput) ConnectionTimeout added in v6.4.0 

func (o AuthBackendOutput) ConnectionTimeout() pulumi.IntOutput

Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)

func (AuthBackendOutput) DenyNullBind 

func (o AuthBackendOutput) DenyNullBind() pulumi.BoolOutput

Prevents users from bypassing authentication when providing an empty password.

func (AuthBackendOutput) Description 

func (o AuthBackendOutput) Description() pulumi.StringOutput

Description for the LDAP auth backend mount

func (AuthBackendOutput) DisableRemount 

func (o AuthBackendOutput) DisableRemount() pulumi.BoolPtrOutput

If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)

func (AuthBackendOutput) Discoverdn 

func (o AuthBackendOutput) Discoverdn() pulumi.BoolOutput

Use anonymous bind to discover the bind DN of a user.

func (AuthBackendOutput) ElementType 

func (AuthBackendOutput) ElementType() reflect.Type

func (AuthBackendOutput) Groupattr 

func (o AuthBackendOutput) Groupattr() pulumi.StringOutput

LDAP attribute to follow on objects returned by groupfilter

func (AuthBackendOutput) Groupdn 

func (o AuthBackendOutput) Groupdn() pulumi.StringOutput

Base DN under which to perform group search

func (AuthBackendOutput) Groupfilter 

func (o AuthBackendOutput) Groupfilter() pulumi.StringOutput

Go template used to construct group membership query

func (AuthBackendOutput) InsecureTls 

func (o AuthBackendOutput) InsecureTls() pulumi.BoolOutput

Control whether or TLS certificates must be validated

func (AuthBackendOutput) Local 

func (o AuthBackendOutput) Local() pulumi.BoolPtrOutput

Specifies if the auth method is local only.

func (AuthBackendOutput) MaxPageSize 

func (o AuthBackendOutput) MaxPageSize() pulumi.IntPtrOutput

Sets the max page size for LDAP lookups, by default it's set to -1. *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.

func (AuthBackendOutput) Namespace 

func (o AuthBackendOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendOutput) Path 

func (o AuthBackendOutput) Path() pulumi.StringPtrOutput

Path to mount the LDAP auth backend under

func (AuthBackendOutput) Starttls 

func (o AuthBackendOutput) Starttls() pulumi.BoolOutput

Control use of TLS when conecting to LDAP

func (AuthBackendOutput) TlsMaxVersion 

func (o AuthBackendOutput) TlsMaxVersion() pulumi.StringOutput

Maximum acceptable version of TLS

func (AuthBackendOutput) TlsMinVersion 

func (o AuthBackendOutput) TlsMinVersion() pulumi.StringOutput

Minimum acceptable version of TLS

func (AuthBackendOutput) ToAuthBackendOutput 

func (o AuthBackendOutput) ToAuthBackendOutput() AuthBackendOutput

func (AuthBackendOutput) ToAuthBackendOutputWithContext 

func (o AuthBackendOutput) ToAuthBackendOutputWithContext(ctx context.Context) AuthBackendOutput

func (AuthBackendOutput) TokenBoundCidrs 

func (o AuthBackendOutput) TokenBoundCidrs() pulumi.StringArrayOutput

Specifies the blocks of IP addresses which are allowed to use the generated token

func (AuthBackendOutput) TokenExplicitMaxTtl 

func (o AuthBackendOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput

Generated Token's Explicit Maximum TTL in seconds

func (AuthBackendOutput) TokenMaxTtl 

func (o AuthBackendOutput) TokenMaxTtl() pulumi.IntPtrOutput

The maximum lifetime of the generated token

func (AuthBackendOutput) TokenNoDefaultPolicy 

func (o AuthBackendOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput

If true, the 'default' policy will not automatically be added to generated tokens

func (AuthBackendOutput) TokenNumUses 

func (o AuthBackendOutput) TokenNumUses() pulumi.IntPtrOutput

The maximum number of times a token may be used, a value of zero means unlimited

func (AuthBackendOutput) TokenPeriod 

func (o AuthBackendOutput) TokenPeriod() pulumi.IntPtrOutput

Generated Token's Period

func (AuthBackendOutput) TokenPolicies 

func (o AuthBackendOutput) TokenPolicies() pulumi.StringArrayOutput

Generated Token's Policies

func (AuthBackendOutput) TokenTtl 

func (o AuthBackendOutput) TokenTtl() pulumi.IntPtrOutput

The initial ttl of the token to generate in seconds

func (AuthBackendOutput) TokenType 

func (o AuthBackendOutput) TokenType() pulumi.StringPtrOutput

The type of token to generate, service or batch

func (AuthBackendOutput) Upndomain 

func (o AuthBackendOutput) Upndomain() pulumi.StringOutput

The `userPrincipalDomain` used to construct the UPN string for the authenticating user.

func (AuthBackendOutput) Url 

func (o AuthBackendOutput) Url() pulumi.StringOutput

The URL of the LDAP server

func (AuthBackendOutput) UseTokenGroups 

func (o AuthBackendOutput) UseTokenGroups() pulumi.BoolOutput

Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships

func (AuthBackendOutput) Userattr 

func (o AuthBackendOutput) Userattr() pulumi.StringOutput

Attribute on user object matching username passed in

func (AuthBackendOutput) Userdn 

func (o AuthBackendOutput) Userdn() pulumi.StringOutput

Base DN under which to perform user search

func (AuthBackendOutput) Userfilter 

func (o AuthBackendOutput) Userfilter() pulumi.StringOutput

LDAP user search filter

func (AuthBackendOutput) UsernameAsAlias 

func (o AuthBackendOutput) UsernameAsAlias() pulumi.BoolOutput

Force the auth method to use the username passed by the user as the alias name.

type AuthBackendState 

type AuthBackendState struct {
	// The accessor for this auth mount.
	Accessor pulumi.StringPtrInput
	// DN of object to bind when performing user search
	Binddn pulumi.StringPtrInput
	// Password to use with `binddn` when performing user search
	Bindpass pulumi.StringPtrInput
	// Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
	CaseSensitiveNames pulumi.BoolPtrInput
	// Trusted CA to validate TLS certificate
	Certificate   pulumi.StringPtrInput
	ClientTlsCert pulumi.StringPtrInput
	ClientTlsKey  pulumi.StringPtrInput
	// Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
	ConnectionTimeout pulumi.IntPtrInput
	// Prevents users from bypassing authentication when providing an empty password.
	DenyNullBind pulumi.BoolPtrInput
	// Description for the LDAP auth backend mount
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// Use anonymous bind to discover the bind DN of a user.
	Discoverdn pulumi.BoolPtrInput
	// LDAP attribute to follow on objects returned by groupfilter
	Groupattr pulumi.StringPtrInput
	// Base DN under which to perform group search
	Groupdn pulumi.StringPtrInput
	// Go template used to construct group membership query
	Groupfilter pulumi.StringPtrInput
	// Control whether or TLS certificates must be validated
	InsecureTls pulumi.BoolPtrInput
	// Specifies if the auth method is local only.
	Local pulumi.BoolPtrInput
	// Sets the max page size for LDAP lookups, by default it's set to -1.
	// *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
	MaxPageSize pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Path to mount the LDAP auth backend under
	Path pulumi.StringPtrInput
	// Control use of TLS when conecting to LDAP
	Starttls pulumi.BoolPtrInput
	// Maximum acceptable version of TLS
	TlsMaxVersion pulumi.StringPtrInput
	// Minimum acceptable version of TLS
	TlsMinVersion pulumi.StringPtrInput
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs pulumi.StringArrayInput
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime of the generated token
	TokenMaxTtl pulumi.IntPtrInput
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrInput
	// Generated Token's Period
	TokenPeriod pulumi.IntPtrInput
	// Generated Token's Policies
	TokenPolicies pulumi.StringArrayInput
	// The initial ttl of the token to generate in seconds
	TokenTtl pulumi.IntPtrInput
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrInput
	// The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
	Upndomain pulumi.StringPtrInput
	// The URL of the LDAP server
	Url pulumi.StringPtrInput
	// Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
	UseTokenGroups pulumi.BoolPtrInput
	// Attribute on user object matching username passed in
	Userattr pulumi.StringPtrInput
	// Base DN under which to perform user search
	Userdn pulumi.StringPtrInput
	// LDAP user search filter
	Userfilter pulumi.StringPtrInput
	// Force the auth method to use the username passed by the user as the alias name.
	UsernameAsAlias pulumi.BoolPtrInput
}

func (AuthBackendState) ElementType 

func (AuthBackendState) ElementType() reflect.Type

type AuthBackendUser 

type AuthBackendUser struct {
	pulumi.CustomResourceState

	// Path to the authentication backend
	//
	// For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// Override LDAP groups which should be granted to user
	Groups pulumi.StringArrayOutput `pulumi:"groups"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Policies which should be granted to user
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// The LDAP username
	Username pulumi.StringOutput `pulumi:"username"`
}

Provides a resource to create a user in an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		ldap, err := ldap.NewAuthBackend(ctx, "ldap", &ldap.AuthBackendArgs{
			Path:        pulumi.String("ldap"),
			Url:         pulumi.String("ldaps://dc-01.example.org"),
			Userdn:      pulumi.String("OU=Users,OU=Accounts,DC=example,DC=org"),
			Userattr:    pulumi.String("sAMAccountName"),
			Upndomain:   pulumi.String("EXAMPLE.ORG"),
			Discoverdn:  pulumi.Bool(false),
			Groupdn:     pulumi.String("OU=Groups,DC=example,DC=org"),
			Groupfilter: pulumi.String("(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewAuthBackendUser(ctx, "user", &ldap.AuthBackendUserArgs{
			Username: pulumi.String("test-user"),
			Policies: pulumi.StringArray{
				pulumi.String("dba"),
				pulumi.String("sysops"),
			},
			Backend: ldap.Path,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP authentication backend users can be imported using the `path`, e.g.

```sh $ pulumi import vault:ldap/authBackendUser:AuthBackendUser foo auth/ldap/users/foo ```

func GetAuthBackendUser 

func GetAuthBackendUser(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendUserState, opts ...pulumi.ResourceOption) (*AuthBackendUser, error)

GetAuthBackendUser gets an existing AuthBackendUser resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendUser 

func NewAuthBackendUser(ctx *pulumi.Context,
	name string, args *AuthBackendUserArgs, opts ...pulumi.ResourceOption) (*AuthBackendUser, error)

NewAuthBackendUser registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendUser) ElementType 

func (*AuthBackendUser) ElementType() reflect.Type

func (*AuthBackendUser) ToAuthBackendUserOutput 

func (i *AuthBackendUser) ToAuthBackendUserOutput() AuthBackendUserOutput

func (*AuthBackendUser) ToAuthBackendUserOutputWithContext 

func (i *AuthBackendUser) ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput

type AuthBackendUserArgs 

type AuthBackendUserArgs struct {
	// Path to the authentication backend
	//
	// For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
	Backend pulumi.StringPtrInput
	// Override LDAP groups which should be granted to user
	Groups pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Policies which should be granted to user
	Policies pulumi.StringArrayInput
	// The LDAP username
	Username pulumi.StringInput
}

The set of arguments for constructing a AuthBackendUser resource.

func (AuthBackendUserArgs) ElementType 

func (AuthBackendUserArgs) ElementType() reflect.Type

type AuthBackendUserArray 

type AuthBackendUserArray []AuthBackendUserInput

func (AuthBackendUserArray) ElementType 

func (AuthBackendUserArray) ElementType() reflect.Type

func (AuthBackendUserArray) ToAuthBackendUserArrayOutput 

func (i AuthBackendUserArray) ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput

func (AuthBackendUserArray) ToAuthBackendUserArrayOutputWithContext 

func (i AuthBackendUserArray) ToAuthBackendUserArrayOutputWithContext(ctx context.Context) AuthBackendUserArrayOutput

type AuthBackendUserArrayInput 

type AuthBackendUserArrayInput interface {
	pulumi.Input

	ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput
	ToAuthBackendUserArrayOutputWithContext(context.Context) AuthBackendUserArrayOutput
}

AuthBackendUserArrayInput is an input type that accepts AuthBackendUserArray and AuthBackendUserArrayOutput values. You can construct a concrete instance of `AuthBackendUserArrayInput` via: 

AuthBackendUserArray{ AuthBackendUserArgs{...} }

type AuthBackendUserArrayOutput 

type AuthBackendUserArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendUserArrayOutput) ElementType 

func (AuthBackendUserArrayOutput) ElementType() reflect.Type

func (AuthBackendUserArrayOutput) Index 

func (o AuthBackendUserArrayOutput) Index(i pulumi.IntInput) AuthBackendUserOutput

func (AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutput 

func (o AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutput() AuthBackendUserArrayOutput

func (AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutputWithContext 

func (o AuthBackendUserArrayOutput) ToAuthBackendUserArrayOutputWithContext(ctx context.Context) AuthBackendUserArrayOutput

type AuthBackendUserInput 

type AuthBackendUserInput interface {
	pulumi.Input

	ToAuthBackendUserOutput() AuthBackendUserOutput
	ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput
}

type AuthBackendUserMap 

type AuthBackendUserMap map[string]AuthBackendUserInput

func (AuthBackendUserMap) ElementType 

func (AuthBackendUserMap) ElementType() reflect.Type

func (AuthBackendUserMap) ToAuthBackendUserMapOutput 

func (i AuthBackendUserMap) ToAuthBackendUserMapOutput() AuthBackendUserMapOutput

func (AuthBackendUserMap) ToAuthBackendUserMapOutputWithContext 

func (i AuthBackendUserMap) ToAuthBackendUserMapOutputWithContext(ctx context.Context) AuthBackendUserMapOutput

type AuthBackendUserMapInput 

type AuthBackendUserMapInput interface {
	pulumi.Input

	ToAuthBackendUserMapOutput() AuthBackendUserMapOutput
	ToAuthBackendUserMapOutputWithContext(context.Context) AuthBackendUserMapOutput
}

AuthBackendUserMapInput is an input type that accepts AuthBackendUserMap and AuthBackendUserMapOutput values. You can construct a concrete instance of `AuthBackendUserMapInput` via: 

AuthBackendUserMap{ "key": AuthBackendUserArgs{...} }

type AuthBackendUserMapOutput 

type AuthBackendUserMapOutput struct{ *pulumi.OutputState }

func (AuthBackendUserMapOutput) ElementType 

func (AuthBackendUserMapOutput) ElementType() reflect.Type

func (AuthBackendUserMapOutput) MapIndex 

func (o AuthBackendUserMapOutput) MapIndex(k pulumi.StringInput) AuthBackendUserOutput

func (AuthBackendUserMapOutput) ToAuthBackendUserMapOutput 

func (o AuthBackendUserMapOutput) ToAuthBackendUserMapOutput() AuthBackendUserMapOutput

func (AuthBackendUserMapOutput) ToAuthBackendUserMapOutputWithContext 

func (o AuthBackendUserMapOutput) ToAuthBackendUserMapOutputWithContext(ctx context.Context) AuthBackendUserMapOutput

type AuthBackendUserOutput 

type AuthBackendUserOutput struct{ *pulumi.OutputState }

func (AuthBackendUserOutput) Backend 

func (o AuthBackendUserOutput) Backend() pulumi.StringPtrOutput

Path to the authentication backend

For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).

func (AuthBackendUserOutput) ElementType 

func (AuthBackendUserOutput) ElementType() reflect.Type

func (AuthBackendUserOutput) Groups 

func (o AuthBackendUserOutput) Groups() pulumi.StringArrayOutput

Override LDAP groups which should be granted to user

func (AuthBackendUserOutput) Namespace 

func (o AuthBackendUserOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendUserOutput) Policies 

func (o AuthBackendUserOutput) Policies() pulumi.StringArrayOutput

Policies which should be granted to user

func (AuthBackendUserOutput) ToAuthBackendUserOutput 

func (o AuthBackendUserOutput) ToAuthBackendUserOutput() AuthBackendUserOutput

func (AuthBackendUserOutput) ToAuthBackendUserOutputWithContext 

func (o AuthBackendUserOutput) ToAuthBackendUserOutputWithContext(ctx context.Context) AuthBackendUserOutput

func (AuthBackendUserOutput) Username 

func (o AuthBackendUserOutput) Username() pulumi.StringOutput

The LDAP username

type AuthBackendUserState 

type AuthBackendUserState struct {
	// Path to the authentication backend
	//
	// For more details on the usage of each argument consult the [Vault LDAP API documentation](https://www.vaultproject.io/api-docs/auth/ldap).
	Backend pulumi.StringPtrInput
	// Override LDAP groups which should be granted to user
	Groups pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Policies which should be granted to user
	Policies pulumi.StringArrayInput
	// The LDAP username
	Username pulumi.StringPtrInput
}

func (AuthBackendUserState) ElementType 

func (AuthBackendUserState) ElementType() reflect.Type

type GetDynamicCredentialsArgs 

type GetDynamicCredentialsArgs struct {
	Mount     string  `pulumi:"mount"`
	Namespace *string `pulumi:"namespace"`
	RoleName  string  `pulumi:"roleName"`
}

A collection of arguments for invoking getDynamicCredentials.

type GetDynamicCredentialsOutputArgs 

type GetDynamicCredentialsOutputArgs struct {
	Mount     pulumi.StringInput    `pulumi:"mount"`
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	RoleName  pulumi.StringInput    `pulumi:"roleName"`
}

A collection of arguments for invoking getDynamicCredentials.

func (GetDynamicCredentialsOutputArgs) ElementType 

func (GetDynamicCredentialsOutputArgs) ElementType() reflect.Type

type GetDynamicCredentialsResult 

type GetDynamicCredentialsResult struct {
	DistinguishedNames []string `pulumi:"distinguishedNames"`
	// The provider-assigned unique ID for this managed resource.
	Id             string  `pulumi:"id"`
	LeaseDuration  int     `pulumi:"leaseDuration"`
	LeaseId        string  `pulumi:"leaseId"`
	LeaseRenewable bool    `pulumi:"leaseRenewable"`
	Mount          string  `pulumi:"mount"`
	Namespace      *string `pulumi:"namespace"`
	Password       string  `pulumi:"password"`
	RoleName       string  `pulumi:"roleName"`
	Username       string  `pulumi:"username"`
}

A collection of values returned by getDynamicCredentials.

func GetDynamicCredentials 

func GetDynamicCredentials(ctx *pulumi.Context, args *GetDynamicCredentialsArgs, opts ...pulumi.InvokeOption) (*GetDynamicCredentialsResult, error)

type GetDynamicCredentialsResultOutput 

type GetDynamicCredentialsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getDynamicCredentials.

func GetDynamicCredentialsOutput 

func GetDynamicCredentialsOutput(ctx *pulumi.Context, args GetDynamicCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetDynamicCredentialsResultOutput

func (GetDynamicCredentialsResultOutput) DistinguishedNames 

func (o GetDynamicCredentialsResultOutput) DistinguishedNames() pulumi.StringArrayOutput

func (GetDynamicCredentialsResultOutput) ElementType 

func (GetDynamicCredentialsResultOutput) ElementType() reflect.Type

func (GetDynamicCredentialsResultOutput) Id 

func (o GetDynamicCredentialsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetDynamicCredentialsResultOutput) LeaseDuration 

func (o GetDynamicCredentialsResultOutput) LeaseDuration() pulumi.IntOutput

func (GetDynamicCredentialsResultOutput) LeaseId 

func (o GetDynamicCredentialsResultOutput) LeaseId() pulumi.StringOutput

func (GetDynamicCredentialsResultOutput) LeaseRenewable 

func (o GetDynamicCredentialsResultOutput) LeaseRenewable() pulumi.BoolOutput

func (GetDynamicCredentialsResultOutput) Mount 

func (o GetDynamicCredentialsResultOutput) Mount() pulumi.StringOutput

func (GetDynamicCredentialsResultOutput) Namespace 

func (o GetDynamicCredentialsResultOutput) Namespace() pulumi.StringPtrOutput

func (GetDynamicCredentialsResultOutput) Password 

func (o GetDynamicCredentialsResultOutput) Password() pulumi.StringOutput

func (GetDynamicCredentialsResultOutput) RoleName 

func (o GetDynamicCredentialsResultOutput) RoleName() pulumi.StringOutput

func (GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutput 

func (o GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutput() GetDynamicCredentialsResultOutput

func (GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutputWithContext 

func (o GetDynamicCredentialsResultOutput) ToGetDynamicCredentialsResultOutputWithContext(ctx context.Context) GetDynamicCredentialsResultOutput

func (GetDynamicCredentialsResultOutput) Username 

func (o GetDynamicCredentialsResultOutput) Username() pulumi.StringOutput

type GetStaticCredentialsArgs 

type GetStaticCredentialsArgs struct {
	Mount     string  `pulumi:"mount"`
	Namespace *string `pulumi:"namespace"`
	RoleName  string  `pulumi:"roleName"`
}

A collection of arguments for invoking getStaticCredentials.

type GetStaticCredentialsOutputArgs 

type GetStaticCredentialsOutputArgs struct {
	Mount     pulumi.StringInput    `pulumi:"mount"`
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	RoleName  pulumi.StringInput    `pulumi:"roleName"`
}

A collection of arguments for invoking getStaticCredentials.

func (GetStaticCredentialsOutputArgs) ElementType 

func (GetStaticCredentialsOutputArgs) ElementType() reflect.Type

type GetStaticCredentialsResult 

type GetStaticCredentialsResult struct {
	Dn string `pulumi:"dn"`
	// The provider-assigned unique ID for this managed resource.
	Id                string  `pulumi:"id"`
	LastPassword      string  `pulumi:"lastPassword"`
	LastVaultRotation string  `pulumi:"lastVaultRotation"`
	Mount             string  `pulumi:"mount"`
	Namespace         *string `pulumi:"namespace"`
	Password          string  `pulumi:"password"`
	RoleName          string  `pulumi:"roleName"`
	RotationPeriod    int     `pulumi:"rotationPeriod"`
	Ttl               int     `pulumi:"ttl"`
	Username          string  `pulumi:"username"`
}

A collection of values returned by getStaticCredentials.

func GetStaticCredentials 

func GetStaticCredentials(ctx *pulumi.Context, args *GetStaticCredentialsArgs, opts ...pulumi.InvokeOption) (*GetStaticCredentialsResult, error)

type GetStaticCredentialsResultOutput 

type GetStaticCredentialsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getStaticCredentials.

func GetStaticCredentialsOutput 

func GetStaticCredentialsOutput(ctx *pulumi.Context, args GetStaticCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetStaticCredentialsResultOutput

func (GetStaticCredentialsResultOutput) Dn 

func (o GetStaticCredentialsResultOutput) Dn() pulumi.StringOutput

func (GetStaticCredentialsResultOutput) ElementType 

func (GetStaticCredentialsResultOutput) ElementType() reflect.Type

func (GetStaticCredentialsResultOutput) Id 

func (o GetStaticCredentialsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetStaticCredentialsResultOutput) LastPassword 

func (o GetStaticCredentialsResultOutput) LastPassword() pulumi.StringOutput

func (GetStaticCredentialsResultOutput) LastVaultRotation 

func (o GetStaticCredentialsResultOutput) LastVaultRotation() pulumi.StringOutput

func (GetStaticCredentialsResultOutput) Mount 

func (o GetStaticCredentialsResultOutput) Mount() pulumi.StringOutput

func (GetStaticCredentialsResultOutput) Namespace 

func (o GetStaticCredentialsResultOutput) Namespace() pulumi.StringPtrOutput

func (GetStaticCredentialsResultOutput) Password 

func (o GetStaticCredentialsResultOutput) Password() pulumi.StringOutput

func (GetStaticCredentialsResultOutput) RoleName 

func (o GetStaticCredentialsResultOutput) RoleName() pulumi.StringOutput

func (GetStaticCredentialsResultOutput) RotationPeriod 

func (o GetStaticCredentialsResultOutput) RotationPeriod() pulumi.IntOutput

func (GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutput 

func (o GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutput() GetStaticCredentialsResultOutput

func (GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutputWithContext 

func (o GetStaticCredentialsResultOutput) ToGetStaticCredentialsResultOutputWithContext(ctx context.Context) GetStaticCredentialsResultOutput

func (GetStaticCredentialsResultOutput) Ttl 

func (o GetStaticCredentialsResultOutput) Ttl() pulumi.IntOutput

func (GetStaticCredentialsResultOutput) Username 

func (o GetStaticCredentialsResultOutput) Username() pulumi.StringOutput

type SecretBackend 

type SecretBackend struct {
	pulumi.CustomResourceState

	// Accessor of the mount
	Accessor pulumi.StringOutput `pulumi:"accessor"`
	// List of managed key registry entry names that the mount in question is allowed to access
	AllowedManagedKeys pulumi.StringArrayOutput `pulumi:"allowedManagedKeys"`
	// List of headers to allow and pass from the request to the plugin
	AllowedResponseHeaders pulumi.StringArrayOutput `pulumi:"allowedResponseHeaders"`
	// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
	AuditNonHmacRequestKeys pulumi.StringArrayOutput `pulumi:"auditNonHmacRequestKeys"`
	// Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
	AuditNonHmacResponseKeys pulumi.StringArrayOutput `pulumi:"auditNonHmacResponseKeys"`
	// Distinguished name of object to bind when performing user and group search.
	Binddn pulumi.StringOutput `pulumi:"binddn"`
	// Password to use along with binddn when performing user search.
	Bindpass pulumi.StringOutput `pulumi:"bindpass"`
	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	Certificate pulumi.StringPtrOutput `pulumi:"certificate"`
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsCert pulumi.StringPtrOutput `pulumi:"clientTlsCert"`
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsKey pulumi.StringPtrOutput `pulumi:"clientTlsKey"`
	// Timeout, in seconds, when attempting to connect to the LDAP server before trying
	// the next URL in the configuration.
	ConnectionTimeout pulumi.IntPtrOutput `pulumi:"connectionTimeout"`
	// Default lease duration for secrets in seconds.
	DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"`
	// List of headers to allow and pass from the request to the plugin
	DelegatedAuthAccessors pulumi.StringArrayOutput `pulumi:"delegatedAuthAccessors"`
	// Human-friendly description of the mount for the Active Directory backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// If set, opts out of mount migration on path updates.
	DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"`
	// Enable the secrets engine to access Vault's external entropy source
	ExternalEntropyAccess pulumi.BoolPtrOutput `pulumi:"externalEntropyAccess"`
	// The key to use for signing plugin workload identity tokens
	IdentityTokenKey pulumi.StringPtrOutput `pulumi:"identityTokenKey"`
	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to `false`.
	InsecureTls pulumi.BoolPtrOutput `pulumi:"insecureTls"`
	// Specifies whether to show this mount in the UI-specific listing endpoint
	ListingVisibility pulumi.StringPtrOutput `pulumi:"listingVisibility"`
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTtlSeconds pulumi.IntOutput `pulumi:"maxLeaseTtlSeconds"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Specifies mount type specific options that are passed to the backend
	Options pulumi.StringMapOutput `pulumi:"options"`
	// List of headers to allow and pass from the request to the plugin
	PassthroughRequestHeaders pulumi.StringArrayOutput `pulumi:"passthroughRequestHeaders"`
	// Name of the password policy to use to generate passwords.
	PasswordPolicy pulumi.StringPtrOutput `pulumi:"passwordPolicy"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
	PluginVersion pulumi.StringPtrOutput `pulumi:"pluginVersion"`
	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	RequestTimeout pulumi.IntOutput `pulumi:"requestTimeout"`
	// The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
	Schema pulumi.StringOutput `pulumi:"schema"`
	// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
	SealWrap pulumi.BoolOutput `pulumi:"sealWrap"`
	// If set to true, static roles will not be rotated during import.
	// Defaults to false. Requires Vault 1.16 or above.
	SkipStaticRoleImportRotation pulumi.BoolPtrOutput `pulumi:"skipStaticRoleImportRotation"`
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls pulumi.BoolOutput `pulumi:"starttls"`
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain pulumi.StringOutput `pulumi:"upndomain"`
	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
	Url pulumi.StringOutput `pulumi:"url"`
	// Attribute used when searching users. Defaults to `cn`.
	Userattr pulumi.StringOutput `pulumi:"userattr"`
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	Userdn pulumi.StringPtrOutput `pulumi:"userdn"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Path:        pulumi.String("my-custom-ldap"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://localhost"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP secret backend can be imported using the `${mount}/config`, e.g.

```sh $ pulumi import vault:ldap/secretBackend:SecretBackend config ldap/config ```

func GetSecretBackend 

func GetSecretBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendState, opts ...pulumi.ResourceOption) (*SecretBackend, error)

GetSecretBackend gets an existing SecretBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackend 

func NewSecretBackend(ctx *pulumi.Context,
	name string, args *SecretBackendArgs, opts ...pulumi.ResourceOption) (*SecretBackend, error)

NewSecretBackend registers a new resource with the given unique name, arguments, and options.

func (*SecretBackend) ElementType 

func (*SecretBackend) ElementType() reflect.Type

func (*SecretBackend) ToSecretBackendOutput 

func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput

func (*SecretBackend) ToSecretBackendOutputWithContext 

func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

type SecretBackendArgs 

type SecretBackendArgs struct {
	// List of managed key registry entry names that the mount in question is allowed to access
	AllowedManagedKeys pulumi.StringArrayInput
	// List of headers to allow and pass from the request to the plugin
	AllowedResponseHeaders pulumi.StringArrayInput
	// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
	AuditNonHmacRequestKeys pulumi.StringArrayInput
	// Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
	AuditNonHmacResponseKeys pulumi.StringArrayInput
	// Distinguished name of object to bind when performing user and group search.
	Binddn pulumi.StringInput
	// Password to use along with binddn when performing user search.
	Bindpass pulumi.StringInput
	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	Certificate pulumi.StringPtrInput
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsCert pulumi.StringPtrInput
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsKey pulumi.StringPtrInput
	// Timeout, in seconds, when attempting to connect to the LDAP server before trying
	// the next URL in the configuration.
	ConnectionTimeout pulumi.IntPtrInput
	// Default lease duration for secrets in seconds.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// List of headers to allow and pass from the request to the plugin
	DelegatedAuthAccessors pulumi.StringArrayInput
	// Human-friendly description of the mount for the Active Directory backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	DisableRemount pulumi.BoolPtrInput
	// Enable the secrets engine to access Vault's external entropy source
	ExternalEntropyAccess pulumi.BoolPtrInput
	// The key to use for signing plugin workload identity tokens
	IdentityTokenKey pulumi.StringPtrInput
	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to `false`.
	InsecureTls pulumi.BoolPtrInput
	// Specifies whether to show this mount in the UI-specific listing endpoint
	ListingVisibility pulumi.StringPtrInput
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	Local pulumi.BoolPtrInput
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies mount type specific options that are passed to the backend
	Options pulumi.StringMapInput
	// List of headers to allow and pass from the request to the plugin
	PassthroughRequestHeaders pulumi.StringArrayInput
	// Name of the password policy to use to generate passwords.
	PasswordPolicy pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Path pulumi.StringPtrInput
	// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
	PluginVersion pulumi.StringPtrInput
	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	RequestTimeout pulumi.IntPtrInput
	// The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
	Schema pulumi.StringPtrInput
	// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
	SealWrap pulumi.BoolPtrInput
	// If set to true, static roles will not be rotated during import.
	// Defaults to false. Requires Vault 1.16 or above.
	SkipStaticRoleImportRotation pulumi.BoolPtrInput
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls pulumi.BoolPtrInput
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain pulumi.StringPtrInput
	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
	Url pulumi.StringPtrInput
	// Attribute used when searching users. Defaults to `cn`.
	Userattr pulumi.StringPtrInput
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	Userdn pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackend resource.

func (SecretBackendArgs) ElementType 

func (SecretBackendArgs) ElementType() reflect.Type

type SecretBackendArray 

type SecretBackendArray []SecretBackendInput

func (SecretBackendArray) ElementType 

func (SecretBackendArray) ElementType() reflect.Type

func (SecretBackendArray) ToSecretBackendArrayOutput 

func (i SecretBackendArray) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArray) ToSecretBackendArrayOutputWithContext 

func (i SecretBackendArray) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendArrayInput 

type SecretBackendArrayInput interface {
	pulumi.Input

	ToSecretBackendArrayOutput() SecretBackendArrayOutput
	ToSecretBackendArrayOutputWithContext(context.Context) SecretBackendArrayOutput
}

SecretBackendArrayInput is an input type that accepts SecretBackendArray and SecretBackendArrayOutput values. You can construct a concrete instance of `SecretBackendArrayInput` via: 

SecretBackendArray{ SecretBackendArgs{...} }

type SecretBackendArrayOutput 

type SecretBackendArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendArrayOutput) ElementType 

func (SecretBackendArrayOutput) ElementType() reflect.Type

func (SecretBackendArrayOutput) Index 

func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutput 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendDynamicRole 

type SecretBackendDynamicRole struct {
	pulumi.CustomResourceState

	// A templatized LDIF string used to create a user
	// account. This may contain multiple LDIF entries. The `creationLdif` can also
	// be used to add the user account to an existing group. All LDIF entries are
	// performed in order. If Vault encounters an error while executing the
	// `creationLdif` it will stop at the first error and not execute any remaining
	// LDIF entries. If an error occurs and `rollbackLdif` is specified, the LDIF
	// entries in `rollbackLdif` will be executed. See `rollbackLdif` for more
	// details. This field may optionally be provided as a base64 encoded string.
	CreationLdif pulumi.StringOutput `pulumi:"creationLdif"`
	// Specifies the TTL for the leases associated with this role.
	DefaultTtl pulumi.IntPtrOutput `pulumi:"defaultTtl"`
	// A templatized LDIF string used to delete the
	// user account once its TTL has expired. This may contain multiple LDIF
	// entries. All LDIF entries are performed in order. If Vault encounters an
	// error while executing an entry in the `deletionLdif` it will attempt to
	// continue executing any remaining entries. This field may optionally be
	// provided as a base64 encoded string.
	DeletionLdif pulumi.StringOutput `pulumi:"deletionLdif"`
	// Specifies the maximum TTL for the leases associated with this role.
	MaxTtl pulumi.IntPtrOutput `pulumi:"maxTtl"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Mount pulumi.StringPtrOutput `pulumi:"mount"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Name of the role.
	RoleName pulumi.StringOutput `pulumi:"roleName"`
	// A templatized LDIF string used to attempt to
	// rollback any changes in the event that execution of the `creationLdif` results
	// in an error. This may contain multiple LDIF entries. All LDIF entries are
	// performed in order. If Vault encounters an error while executing an entry in
	// the `rollbackLdif` it will attempt to continue executing any remaining
	// entries. This field may optionally be provided as a base64 encoded string.
	RollbackLdif pulumi.StringPtrOutput `pulumi:"rollbackLdif"`
	// A template used to generate a dynamic
	// username. This will be used to fill in the `.Username` field within the
	// `creationLdif` string.
	UsernameTemplate pulumi.StringPtrOutput `pulumi:"usernameTemplate"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Path:     pulumi.String("my-custom-ldap"),
			Binddn:   pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass: pulumi.String("SuperSecretPassw0rd"),
			Url:      pulumi.String("ldaps://localhost"),
			Userdn:   pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewSecretBackendDynamicRole(ctx, "role", &ldap.SecretBackendDynamicRoleArgs{
			Mount:    config.Path,
			RoleName: pulumi.String("alice"),
			CreationLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example

objectClass: person objectClass: top cn: learn sn: {{.Password | utf16le | base64}} memberOf: cn=dev,ou=groups,dc=learn,dc=example userPassword: {{.Password}} `), 

DeletionLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example

changetype: delete 

rollback_ldif = <<EOT

dn: cn={{.Username}},ou=users,dc=learn,dc=example changetype: delete `), 

		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP secret backend dynamic role can be imported using the full path to the role of the form: `<mount_path>/dynamic-role/<role_name>` e.g.

```sh $ pulumi import vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole role ldap/role/dynamic-role ```

func GetSecretBackendDynamicRole 

func GetSecretBackendDynamicRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendDynamicRoleState, opts ...pulumi.ResourceOption) (*SecretBackendDynamicRole, error)

GetSecretBackendDynamicRole gets an existing SecretBackendDynamicRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendDynamicRole 

func NewSecretBackendDynamicRole(ctx *pulumi.Context,
	name string, args *SecretBackendDynamicRoleArgs, opts ...pulumi.ResourceOption) (*SecretBackendDynamicRole, error)

NewSecretBackendDynamicRole registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendDynamicRole) ElementType 

func (*SecretBackendDynamicRole) ElementType() reflect.Type

func (*SecretBackendDynamicRole) ToSecretBackendDynamicRoleOutput 

func (i *SecretBackendDynamicRole) ToSecretBackendDynamicRoleOutput() SecretBackendDynamicRoleOutput

func (*SecretBackendDynamicRole) ToSecretBackendDynamicRoleOutputWithContext 

func (i *SecretBackendDynamicRole) ToSecretBackendDynamicRoleOutputWithContext(ctx context.Context) SecretBackendDynamicRoleOutput

type SecretBackendDynamicRoleArgs 

type SecretBackendDynamicRoleArgs struct {
	// A templatized LDIF string used to create a user
	// account. This may contain multiple LDIF entries. The `creationLdif` can also
	// be used to add the user account to an existing group. All LDIF entries are
	// performed in order. If Vault encounters an error while executing the
	// `creationLdif` it will stop at the first error and not execute any remaining
	// LDIF entries. If an error occurs and `rollbackLdif` is specified, the LDIF
	// entries in `rollbackLdif` will be executed. See `rollbackLdif` for more
	// details. This field may optionally be provided as a base64 encoded string.
	CreationLdif pulumi.StringInput
	// Specifies the TTL for the leases associated with this role.
	DefaultTtl pulumi.IntPtrInput
	// A templatized LDIF string used to delete the
	// user account once its TTL has expired. This may contain multiple LDIF
	// entries. All LDIF entries are performed in order. If Vault encounters an
	// error while executing an entry in the `deletionLdif` it will attempt to
	// continue executing any remaining entries. This field may optionally be
	// provided as a base64 encoded string.
	DeletionLdif pulumi.StringInput
	// Specifies the maximum TTL for the leases associated with this role.
	MaxTtl pulumi.IntPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Mount pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Name of the role.
	RoleName pulumi.StringInput
	// A templatized LDIF string used to attempt to
	// rollback any changes in the event that execution of the `creationLdif` results
	// in an error. This may contain multiple LDIF entries. All LDIF entries are
	// performed in order. If Vault encounters an error while executing an entry in
	// the `rollbackLdif` it will attempt to continue executing any remaining
	// entries. This field may optionally be provided as a base64 encoded string.
	RollbackLdif pulumi.StringPtrInput
	// A template used to generate a dynamic
	// username. This will be used to fill in the `.Username` field within the
	// `creationLdif` string.
	UsernameTemplate pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackendDynamicRole resource.

func (SecretBackendDynamicRoleArgs) ElementType 

func (SecretBackendDynamicRoleArgs) ElementType() reflect.Type

type SecretBackendDynamicRoleArray 

type SecretBackendDynamicRoleArray []SecretBackendDynamicRoleInput

func (SecretBackendDynamicRoleArray) ElementType 

func (SecretBackendDynamicRoleArray) ElementType() reflect.Type

func (SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutput 

func (i SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutput() SecretBackendDynamicRoleArrayOutput

func (SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutputWithContext 

func (i SecretBackendDynamicRoleArray) ToSecretBackendDynamicRoleArrayOutputWithContext(ctx context.Context) SecretBackendDynamicRoleArrayOutput

type SecretBackendDynamicRoleArrayInput 

type SecretBackendDynamicRoleArrayInput interface {
	pulumi.Input

	ToSecretBackendDynamicRoleArrayOutput() SecretBackendDynamicRoleArrayOutput
	ToSecretBackendDynamicRoleArrayOutputWithContext(context.Context) SecretBackendDynamicRoleArrayOutput
}

SecretBackendDynamicRoleArrayInput is an input type that accepts SecretBackendDynamicRoleArray and SecretBackendDynamicRoleArrayOutput values. You can construct a concrete instance of `SecretBackendDynamicRoleArrayInput` via: 

SecretBackendDynamicRoleArray{ SecretBackendDynamicRoleArgs{...} }

type SecretBackendDynamicRoleArrayOutput 

type SecretBackendDynamicRoleArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendDynamicRoleArrayOutput) ElementType 

func (SecretBackendDynamicRoleArrayOutput) ElementType() reflect.Type

func (SecretBackendDynamicRoleArrayOutput) Index 

func (o SecretBackendDynamicRoleArrayOutput) Index(i pulumi.IntInput) SecretBackendDynamicRoleOutput

func (SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutput 

func (o SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutput() SecretBackendDynamicRoleArrayOutput

func (SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutputWithContext 

func (o SecretBackendDynamicRoleArrayOutput) ToSecretBackendDynamicRoleArrayOutputWithContext(ctx context.Context) SecretBackendDynamicRoleArrayOutput

type SecretBackendDynamicRoleInput 

type SecretBackendDynamicRoleInput interface {
	pulumi.Input

	ToSecretBackendDynamicRoleOutput() SecretBackendDynamicRoleOutput
	ToSecretBackendDynamicRoleOutputWithContext(ctx context.Context) SecretBackendDynamicRoleOutput
}

type SecretBackendDynamicRoleMap 

type SecretBackendDynamicRoleMap map[string]SecretBackendDynamicRoleInput

func (SecretBackendDynamicRoleMap) ElementType 

func (SecretBackendDynamicRoleMap) ElementType() reflect.Type

func (SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutput 

func (i SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutput() SecretBackendDynamicRoleMapOutput

func (SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutputWithContext 

func (i SecretBackendDynamicRoleMap) ToSecretBackendDynamicRoleMapOutputWithContext(ctx context.Context) SecretBackendDynamicRoleMapOutput

type SecretBackendDynamicRoleMapInput 

type SecretBackendDynamicRoleMapInput interface {
	pulumi.Input

	ToSecretBackendDynamicRoleMapOutput() SecretBackendDynamicRoleMapOutput
	ToSecretBackendDynamicRoleMapOutputWithContext(context.Context) SecretBackendDynamicRoleMapOutput
}

SecretBackendDynamicRoleMapInput is an input type that accepts SecretBackendDynamicRoleMap and SecretBackendDynamicRoleMapOutput values. You can construct a concrete instance of `SecretBackendDynamicRoleMapInput` via: 

SecretBackendDynamicRoleMap{ "key": SecretBackendDynamicRoleArgs{...} }

type SecretBackendDynamicRoleMapOutput 

type SecretBackendDynamicRoleMapOutput struct{ *pulumi.OutputState }

func (SecretBackendDynamicRoleMapOutput) ElementType 

func (SecretBackendDynamicRoleMapOutput) ElementType() reflect.Type

func (SecretBackendDynamicRoleMapOutput) MapIndex 

func (o SecretBackendDynamicRoleMapOutput) MapIndex(k pulumi.StringInput) SecretBackendDynamicRoleOutput

func (SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutput 

func (o SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutput() SecretBackendDynamicRoleMapOutput

func (SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutputWithContext 

func (o SecretBackendDynamicRoleMapOutput) ToSecretBackendDynamicRoleMapOutputWithContext(ctx context.Context) SecretBackendDynamicRoleMapOutput

type SecretBackendDynamicRoleOutput 

type SecretBackendDynamicRoleOutput struct{ *pulumi.OutputState }

func (SecretBackendDynamicRoleOutput) CreationLdif 

func (o SecretBackendDynamicRoleOutput) CreationLdif() pulumi.StringOutput

A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The `creationLdif` can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the `creationLdif` it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and `rollbackLdif` is specified, the LDIF entries in `rollbackLdif` will be executed. See `rollbackLdif` for more details. This field may optionally be provided as a base64 encoded string.

func (SecretBackendDynamicRoleOutput) DefaultTtl 

func (o SecretBackendDynamicRoleOutput) DefaultTtl() pulumi.IntPtrOutput

Specifies the TTL for the leases associated with this role.

func (SecretBackendDynamicRoleOutput) DeletionLdif 

func (o SecretBackendDynamicRoleOutput) DeletionLdif() pulumi.StringOutput

A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the `deletionLdif` it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.

func (SecretBackendDynamicRoleOutput) ElementType 

func (SecretBackendDynamicRoleOutput) ElementType() reflect.Type

func (SecretBackendDynamicRoleOutput) MaxTtl 

func (o SecretBackendDynamicRoleOutput) MaxTtl() pulumi.IntPtrOutput

Specifies the maximum TTL for the leases associated with this role.

func (SecretBackendDynamicRoleOutput) Mount 

func (o SecretBackendDynamicRoleOutput) Mount() pulumi.StringPtrOutput

The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `ldap`.

func (SecretBackendDynamicRoleOutput) Namespace 

func (o SecretBackendDynamicRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (SecretBackendDynamicRoleOutput) RoleName 

func (o SecretBackendDynamicRoleOutput) RoleName() pulumi.StringOutput

Name of the role.

func (SecretBackendDynamicRoleOutput) RollbackLdif 

func (o SecretBackendDynamicRoleOutput) RollbackLdif() pulumi.StringPtrOutput

A templatized LDIF string used to attempt to rollback any changes in the event that execution of the `creationLdif` results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the `rollbackLdif` it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.

func (SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutput 

func (o SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutput() SecretBackendDynamicRoleOutput

func (SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutputWithContext 

func (o SecretBackendDynamicRoleOutput) ToSecretBackendDynamicRoleOutputWithContext(ctx context.Context) SecretBackendDynamicRoleOutput

func (SecretBackendDynamicRoleOutput) UsernameTemplate 

func (o SecretBackendDynamicRoleOutput) UsernameTemplate() pulumi.StringPtrOutput

A template used to generate a dynamic username. This will be used to fill in the `.Username` field within the `creationLdif` string.

type SecretBackendDynamicRoleState 

type SecretBackendDynamicRoleState struct {
	// A templatized LDIF string used to create a user
	// account. This may contain multiple LDIF entries. The `creationLdif` can also
	// be used to add the user account to an existing group. All LDIF entries are
	// performed in order. If Vault encounters an error while executing the
	// `creationLdif` it will stop at the first error and not execute any remaining
	// LDIF entries. If an error occurs and `rollbackLdif` is specified, the LDIF
	// entries in `rollbackLdif` will be executed. See `rollbackLdif` for more
	// details. This field may optionally be provided as a base64 encoded string.
	CreationLdif pulumi.StringPtrInput
	// Specifies the TTL for the leases associated with this role.
	DefaultTtl pulumi.IntPtrInput
	// A templatized LDIF string used to delete the
	// user account once its TTL has expired. This may contain multiple LDIF
	// entries. All LDIF entries are performed in order. If Vault encounters an
	// error while executing an entry in the `deletionLdif` it will attempt to
	// continue executing any remaining entries. This field may optionally be
	// provided as a base64 encoded string.
	DeletionLdif pulumi.StringPtrInput
	// Specifies the maximum TTL for the leases associated with this role.
	MaxTtl pulumi.IntPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Mount pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Name of the role.
	RoleName pulumi.StringPtrInput
	// A templatized LDIF string used to attempt to
	// rollback any changes in the event that execution of the `creationLdif` results
	// in an error. This may contain multiple LDIF entries. All LDIF entries are
	// performed in order. If Vault encounters an error while executing an entry in
	// the `rollbackLdif` it will attempt to continue executing any remaining
	// entries. This field may optionally be provided as a base64 encoded string.
	RollbackLdif pulumi.StringPtrInput
	// A template used to generate a dynamic
	// username. This will be used to fill in the `.Username` field within the
	// `creationLdif` string.
	UsernameTemplate pulumi.StringPtrInput
}

func (SecretBackendDynamicRoleState) ElementType 

func (SecretBackendDynamicRoleState) ElementType() reflect.Type

type SecretBackendInput 

type SecretBackendInput interface {
	pulumi.Input

	ToSecretBackendOutput() SecretBackendOutput
	ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
}

type SecretBackendLibrarySet 

type SecretBackendLibrarySet struct {
	pulumi.CustomResourceState

	// Disable enforcing that service
	// accounts must be checked in by the entity or client token that checked them
	// out. Defaults to false.
	DisableCheckInEnforcement pulumi.BoolPtrOutput `pulumi:"disableCheckInEnforcement"`
	// The maximum password time-to-live in seconds. Defaults
	// to the configuration maxTtl if not provided.
	MaxTtl pulumi.IntOutput `pulumi:"maxTtl"`
	// The path where the LDAP secrets backend is mounted.
	Mount pulumi.StringPtrOutput `pulumi:"mount"`
	// The name to identify this set of service accounts.
	// Must be unique within the backend.
	Name pulumi.StringOutput `pulumi:"name"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Specifies the slice of service accounts mapped to this set.
	ServiceAccountNames pulumi.StringArrayOutput `pulumi:"serviceAccountNames"`
	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	Ttl pulumi.IntOutput `pulumi:"ttl"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Path:        pulumi.String("ldap"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://localhost"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewSecretBackendLibrarySet(ctx, "qa", &ldap.SecretBackendLibrarySetArgs{
			Mount: config.Path,
			Name:  pulumi.String("qa"),
			ServiceAccountNames: pulumi.StringArray{
				pulumi.String("Bob"),
				pulumi.String("Mary"),
			},
			Ttl:                       pulumi.Int(60),
			DisableCheckInEnforcement: pulumi.Bool(true),
			MaxTtl:                    pulumi.Int(120),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP secret backend libraries can be imported using the `path`, e.g.

```sh $ pulumi import vault:ldap/secretBackendLibrarySet:SecretBackendLibrarySet qa ldap/library/bob ```

func GetSecretBackendLibrarySet 

func GetSecretBackendLibrarySet(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendLibrarySetState, opts ...pulumi.ResourceOption) (*SecretBackendLibrarySet, error)

GetSecretBackendLibrarySet gets an existing SecretBackendLibrarySet resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendLibrarySet 

func NewSecretBackendLibrarySet(ctx *pulumi.Context,
	name string, args *SecretBackendLibrarySetArgs, opts ...pulumi.ResourceOption) (*SecretBackendLibrarySet, error)

NewSecretBackendLibrarySet registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendLibrarySet) ElementType 

func (*SecretBackendLibrarySet) ElementType() reflect.Type

func (*SecretBackendLibrarySet) ToSecretBackendLibrarySetOutput 

func (i *SecretBackendLibrarySet) ToSecretBackendLibrarySetOutput() SecretBackendLibrarySetOutput

func (*SecretBackendLibrarySet) ToSecretBackendLibrarySetOutputWithContext 

func (i *SecretBackendLibrarySet) ToSecretBackendLibrarySetOutputWithContext(ctx context.Context) SecretBackendLibrarySetOutput

type SecretBackendLibrarySetArgs 

type SecretBackendLibrarySetArgs struct {
	// Disable enforcing that service
	// accounts must be checked in by the entity or client token that checked them
	// out. Defaults to false.
	DisableCheckInEnforcement pulumi.BoolPtrInput
	// The maximum password time-to-live in seconds. Defaults
	// to the configuration maxTtl if not provided.
	MaxTtl pulumi.IntPtrInput
	// The path where the LDAP secrets backend is mounted.
	Mount pulumi.StringPtrInput
	// The name to identify this set of service accounts.
	// Must be unique within the backend.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies the slice of service accounts mapped to this set.
	ServiceAccountNames pulumi.StringArrayInput
	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	Ttl pulumi.IntPtrInput
}

The set of arguments for constructing a SecretBackendLibrarySet resource.

func (SecretBackendLibrarySetArgs) ElementType 

func (SecretBackendLibrarySetArgs) ElementType() reflect.Type

type SecretBackendLibrarySetArray 

type SecretBackendLibrarySetArray []SecretBackendLibrarySetInput

func (SecretBackendLibrarySetArray) ElementType 

func (SecretBackendLibrarySetArray) ElementType() reflect.Type

func (SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutput 

func (i SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutput() SecretBackendLibrarySetArrayOutput

func (SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutputWithContext 

func (i SecretBackendLibrarySetArray) ToSecretBackendLibrarySetArrayOutputWithContext(ctx context.Context) SecretBackendLibrarySetArrayOutput

type SecretBackendLibrarySetArrayInput 

type SecretBackendLibrarySetArrayInput interface {
	pulumi.Input

	ToSecretBackendLibrarySetArrayOutput() SecretBackendLibrarySetArrayOutput
	ToSecretBackendLibrarySetArrayOutputWithContext(context.Context) SecretBackendLibrarySetArrayOutput
}

SecretBackendLibrarySetArrayInput is an input type that accepts SecretBackendLibrarySetArray and SecretBackendLibrarySetArrayOutput values. You can construct a concrete instance of `SecretBackendLibrarySetArrayInput` via: 

SecretBackendLibrarySetArray{ SecretBackendLibrarySetArgs{...} }

type SecretBackendLibrarySetArrayOutput 

type SecretBackendLibrarySetArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendLibrarySetArrayOutput) ElementType 

func (SecretBackendLibrarySetArrayOutput) ElementType() reflect.Type

func (SecretBackendLibrarySetArrayOutput) Index 

func (o SecretBackendLibrarySetArrayOutput) Index(i pulumi.IntInput) SecretBackendLibrarySetOutput

func (SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutput 

func (o SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutput() SecretBackendLibrarySetArrayOutput

func (SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutputWithContext 

func (o SecretBackendLibrarySetArrayOutput) ToSecretBackendLibrarySetArrayOutputWithContext(ctx context.Context) SecretBackendLibrarySetArrayOutput

type SecretBackendLibrarySetInput 

type SecretBackendLibrarySetInput interface {
	pulumi.Input

	ToSecretBackendLibrarySetOutput() SecretBackendLibrarySetOutput
	ToSecretBackendLibrarySetOutputWithContext(ctx context.Context) SecretBackendLibrarySetOutput
}

type SecretBackendLibrarySetMap 

type SecretBackendLibrarySetMap map[string]SecretBackendLibrarySetInput

func (SecretBackendLibrarySetMap) ElementType 

func (SecretBackendLibrarySetMap) ElementType() reflect.Type

func (SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutput 

func (i SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutput() SecretBackendLibrarySetMapOutput

func (SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutputWithContext 

func (i SecretBackendLibrarySetMap) ToSecretBackendLibrarySetMapOutputWithContext(ctx context.Context) SecretBackendLibrarySetMapOutput

type SecretBackendLibrarySetMapInput 

type SecretBackendLibrarySetMapInput interface {
	pulumi.Input

	ToSecretBackendLibrarySetMapOutput() SecretBackendLibrarySetMapOutput
	ToSecretBackendLibrarySetMapOutputWithContext(context.Context) SecretBackendLibrarySetMapOutput
}

SecretBackendLibrarySetMapInput is an input type that accepts SecretBackendLibrarySetMap and SecretBackendLibrarySetMapOutput values. You can construct a concrete instance of `SecretBackendLibrarySetMapInput` via: 

SecretBackendLibrarySetMap{ "key": SecretBackendLibrarySetArgs{...} }

type SecretBackendLibrarySetMapOutput 

type SecretBackendLibrarySetMapOutput struct{ *pulumi.OutputState }

func (SecretBackendLibrarySetMapOutput) ElementType 

func (SecretBackendLibrarySetMapOutput) ElementType() reflect.Type

func (SecretBackendLibrarySetMapOutput) MapIndex 

func (o SecretBackendLibrarySetMapOutput) MapIndex(k pulumi.StringInput) SecretBackendLibrarySetOutput

func (SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutput 

func (o SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutput() SecretBackendLibrarySetMapOutput

func (SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutputWithContext 

func (o SecretBackendLibrarySetMapOutput) ToSecretBackendLibrarySetMapOutputWithContext(ctx context.Context) SecretBackendLibrarySetMapOutput

type SecretBackendLibrarySetOutput 

type SecretBackendLibrarySetOutput struct{ *pulumi.OutputState }

func (SecretBackendLibrarySetOutput) DisableCheckInEnforcement 

func (o SecretBackendLibrarySetOutput) DisableCheckInEnforcement() pulumi.BoolPtrOutput

Disable enforcing that service accounts must be checked in by the entity or client token that checked them out. Defaults to false.

func (SecretBackendLibrarySetOutput) ElementType 

func (SecretBackendLibrarySetOutput) ElementType() reflect.Type

func (SecretBackendLibrarySetOutput) MaxTtl 

func (o SecretBackendLibrarySetOutput) MaxTtl() pulumi.IntOutput

The maximum password time-to-live in seconds. Defaults to the configuration maxTtl if not provided.

func (SecretBackendLibrarySetOutput) Mount 

func (o SecretBackendLibrarySetOutput) Mount() pulumi.StringPtrOutput

The path where the LDAP secrets backend is mounted.

func (SecretBackendLibrarySetOutput) Name 

func (o SecretBackendLibrarySetOutput) Name() pulumi.StringOutput

The name to identify this set of service accounts. Must be unique within the backend.

func (SecretBackendLibrarySetOutput) Namespace 

func (o SecretBackendLibrarySetOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (SecretBackendLibrarySetOutput) ServiceAccountNames 

func (o SecretBackendLibrarySetOutput) ServiceAccountNames() pulumi.StringArrayOutput

Specifies the slice of service accounts mapped to this set.

func (SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutput 

func (o SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutput() SecretBackendLibrarySetOutput

func (SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutputWithContext 

func (o SecretBackendLibrarySetOutput) ToSecretBackendLibrarySetOutputWithContext(ctx context.Context) SecretBackendLibrarySetOutput

func (SecretBackendLibrarySetOutput) Ttl 

func (o SecretBackendLibrarySetOutput) Ttl() pulumi.IntOutput

The password time-to-live in seconds. Defaults to the configuration ttl if not provided.

type SecretBackendLibrarySetState 

type SecretBackendLibrarySetState struct {
	// Disable enforcing that service
	// accounts must be checked in by the entity or client token that checked them
	// out. Defaults to false.
	DisableCheckInEnforcement pulumi.BoolPtrInput
	// The maximum password time-to-live in seconds. Defaults
	// to the configuration maxTtl if not provided.
	MaxTtl pulumi.IntPtrInput
	// The path where the LDAP secrets backend is mounted.
	Mount pulumi.StringPtrInput
	// The name to identify this set of service accounts.
	// Must be unique within the backend.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies the slice of service accounts mapped to this set.
	ServiceAccountNames pulumi.StringArrayInput
	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	Ttl pulumi.IntPtrInput
}

func (SecretBackendLibrarySetState) ElementType 

func (SecretBackendLibrarySetState) ElementType() reflect.Type

type SecretBackendMap 

type SecretBackendMap map[string]SecretBackendInput

func (SecretBackendMap) ElementType 

func (SecretBackendMap) ElementType() reflect.Type

func (SecretBackendMap) ToSecretBackendMapOutput 

func (i SecretBackendMap) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMap) ToSecretBackendMapOutputWithContext 

func (i SecretBackendMap) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendMapInput 

type SecretBackendMapInput interface {
	pulumi.Input

	ToSecretBackendMapOutput() SecretBackendMapOutput
	ToSecretBackendMapOutputWithContext(context.Context) SecretBackendMapOutput
}

SecretBackendMapInput is an input type that accepts SecretBackendMap and SecretBackendMapOutput values. You can construct a concrete instance of `SecretBackendMapInput` via: 

SecretBackendMap{ "key": SecretBackendArgs{...} }

type SecretBackendMapOutput 

type SecretBackendMapOutput struct{ *pulumi.OutputState }

func (SecretBackendMapOutput) ElementType 

func (SecretBackendMapOutput) ElementType() reflect.Type

func (SecretBackendMapOutput) MapIndex 

func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutput 

func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutputWithContext 

func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendOutput 

type SecretBackendOutput struct{ *pulumi.OutputState }

func (SecretBackendOutput) Accessor 

func (o SecretBackendOutput) Accessor() pulumi.StringOutput

Accessor of the mount

func (SecretBackendOutput) AllowedManagedKeys 

func (o SecretBackendOutput) AllowedManagedKeys() pulumi.StringArrayOutput

List of managed key registry entry names that the mount in question is allowed to access

func (SecretBackendOutput) AllowedResponseHeaders added in v6.2.0 

func (o SecretBackendOutput) AllowedResponseHeaders() pulumi.StringArrayOutput

List of headers to allow and pass from the request to the plugin

func (SecretBackendOutput) AuditNonHmacRequestKeys 

func (o SecretBackendOutput) AuditNonHmacRequestKeys() pulumi.StringArrayOutput

Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.

func (SecretBackendOutput) AuditNonHmacResponseKeys 

func (o SecretBackendOutput) AuditNonHmacResponseKeys() pulumi.StringArrayOutput

Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.

func (SecretBackendOutput) Binddn 

func (o SecretBackendOutput) Binddn() pulumi.StringOutput

Distinguished name of object to bind when performing user and group search.

func (SecretBackendOutput) Bindpass 

func (o SecretBackendOutput) Bindpass() pulumi.StringOutput

Password to use along with binddn when performing user search.

func (SecretBackendOutput) Certificate 

func (o SecretBackendOutput) Certificate() pulumi.StringPtrOutput

CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.

func (SecretBackendOutput) ClientTlsCert 

func (o SecretBackendOutput) ClientTlsCert() pulumi.StringPtrOutput

Client certificate to provide to the LDAP server, must be x509 PEM encoded.

func (SecretBackendOutput) ClientTlsKey 

func (o SecretBackendOutput) ClientTlsKey() pulumi.StringPtrOutput

Client certificate key to provide to the LDAP server, must be x509 PEM encoded.

func (SecretBackendOutput) ConnectionTimeout 

func (o SecretBackendOutput) ConnectionTimeout() pulumi.IntPtrOutput

Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.

func (SecretBackendOutput) DefaultLeaseTtlSeconds 

func (o SecretBackendOutput) DefaultLeaseTtlSeconds() pulumi.IntOutput

Default lease duration for secrets in seconds.

func (SecretBackendOutput) DelegatedAuthAccessors added in v6.2.0 

func (o SecretBackendOutput) DelegatedAuthAccessors() pulumi.StringArrayOutput

List of headers to allow and pass from the request to the plugin

func (SecretBackendOutput) Description 

func (o SecretBackendOutput) Description() pulumi.StringPtrOutput

Human-friendly description of the mount for the Active Directory backend.

func (SecretBackendOutput) DisableRemount 

func (o SecretBackendOutput) DisableRemount() pulumi.BoolPtrOutput

If set, opts out of mount migration on path updates.

func (SecretBackendOutput) ElementType 

func (SecretBackendOutput) ElementType() reflect.Type

func (SecretBackendOutput) ExternalEntropyAccess 

func (o SecretBackendOutput) ExternalEntropyAccess() pulumi.BoolPtrOutput

Enable the secrets engine to access Vault's external entropy source

func (SecretBackendOutput) IdentityTokenKey added in v6.2.0 

func (o SecretBackendOutput) IdentityTokenKey() pulumi.StringPtrOutput

The key to use for signing plugin workload identity tokens

func (SecretBackendOutput) InsecureTls 

func (o SecretBackendOutput) InsecureTls() pulumi.BoolPtrOutput

Skip LDAP server SSL Certificate verification. This is not recommended for production. Defaults to `false`.

func (SecretBackendOutput) ListingVisibility added in v6.2.0 

func (o SecretBackendOutput) ListingVisibility() pulumi.StringPtrOutput

Specifies whether to show this mount in the UI-specific listing endpoint

func (SecretBackendOutput) Local 

func (o SecretBackendOutput) Local() pulumi.BoolPtrOutput

Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.

func (SecretBackendOutput) MaxLeaseTtlSeconds 

func (o SecretBackendOutput) MaxLeaseTtlSeconds() pulumi.IntOutput

Maximum possible lease duration for secrets in seconds.

func (SecretBackendOutput) Namespace 

func (o SecretBackendOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (SecretBackendOutput) Options 

func (o SecretBackendOutput) Options() pulumi.StringMapOutput

Specifies mount type specific options that are passed to the backend

func (SecretBackendOutput) PassthroughRequestHeaders added in v6.2.0 

func (o SecretBackendOutput) PassthroughRequestHeaders() pulumi.StringArrayOutput

List of headers to allow and pass from the request to the plugin

func (SecretBackendOutput) PasswordPolicy 

func (o SecretBackendOutput) PasswordPolicy() pulumi.StringPtrOutput

Name of the password policy to use to generate passwords.

func (SecretBackendOutput) Path 

func (o SecretBackendOutput) Path() pulumi.StringPtrOutput

The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `ldap`.

func (SecretBackendOutput) PluginVersion added in v6.2.0 

func (o SecretBackendOutput) PluginVersion() pulumi.StringPtrOutput

Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'

func (SecretBackendOutput) RequestTimeout 

func (o SecretBackendOutput) RequestTimeout() pulumi.IntOutput

Timeout, in seconds, for the connection when making requests against the server before returning back an error.

func (SecretBackendOutput) Schema 

func (o SecretBackendOutput) Schema() pulumi.StringOutput

The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.

func (SecretBackendOutput) SealWrap 

func (o SecretBackendOutput) SealWrap() pulumi.BoolOutput

Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability

func (SecretBackendOutput) SkipStaticRoleImportRotation 

func (o SecretBackendOutput) SkipStaticRoleImportRotation() pulumi.BoolPtrOutput

If set to true, static roles will not be rotated during import. Defaults to false. Requires Vault 1.16 or above.

func (SecretBackendOutput) Starttls 

func (o SecretBackendOutput) Starttls() pulumi.BoolOutput

Issue a StartTLS command after establishing unencrypted connection.

func (SecretBackendOutput) ToSecretBackendOutput 

func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendOutputWithContext 

func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

func (SecretBackendOutput) Upndomain 

func (o SecretBackendOutput) Upndomain() pulumi.StringOutput

Enables userPrincipalDomain login with [username]@UPNDomain.

func (SecretBackendOutput) Url 

func (o SecretBackendOutput) Url() pulumi.StringOutput

LDAP URL to connect to. Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.

func (SecretBackendOutput) Userattr 

func (o SecretBackendOutput) Userattr() pulumi.StringOutput

Attribute used when searching users. Defaults to `cn`.

func (SecretBackendOutput) Userdn 

func (o SecretBackendOutput) Userdn() pulumi.StringPtrOutput

LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.

type SecretBackendState 

type SecretBackendState struct {
	// Accessor of the mount
	Accessor pulumi.StringPtrInput
	// List of managed key registry entry names that the mount in question is allowed to access
	AllowedManagedKeys pulumi.StringArrayInput
	// List of headers to allow and pass from the request to the plugin
	AllowedResponseHeaders pulumi.StringArrayInput
	// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
	AuditNonHmacRequestKeys pulumi.StringArrayInput
	// Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
	AuditNonHmacResponseKeys pulumi.StringArrayInput
	// Distinguished name of object to bind when performing user and group search.
	Binddn pulumi.StringPtrInput
	// Password to use along with binddn when performing user search.
	Bindpass pulumi.StringPtrInput
	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	Certificate pulumi.StringPtrInput
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsCert pulumi.StringPtrInput
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	ClientTlsKey pulumi.StringPtrInput
	// Timeout, in seconds, when attempting to connect to the LDAP server before trying
	// the next URL in the configuration.
	ConnectionTimeout pulumi.IntPtrInput
	// Default lease duration for secrets in seconds.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// List of headers to allow and pass from the request to the plugin
	DelegatedAuthAccessors pulumi.StringArrayInput
	// Human-friendly description of the mount for the Active Directory backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	DisableRemount pulumi.BoolPtrInput
	// Enable the secrets engine to access Vault's external entropy source
	ExternalEntropyAccess pulumi.BoolPtrInput
	// The key to use for signing plugin workload identity tokens
	IdentityTokenKey pulumi.StringPtrInput
	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to `false`.
	InsecureTls pulumi.BoolPtrInput
	// Specifies whether to show this mount in the UI-specific listing endpoint
	ListingVisibility pulumi.StringPtrInput
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	Local pulumi.BoolPtrInput
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Specifies mount type specific options that are passed to the backend
	Options pulumi.StringMapInput
	// List of headers to allow and pass from the request to the plugin
	PassthroughRequestHeaders pulumi.StringArrayInput
	// Name of the password policy to use to generate passwords.
	PasswordPolicy pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Path pulumi.StringPtrInput
	// Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
	PluginVersion pulumi.StringPtrInput
	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	RequestTimeout pulumi.IntPtrInput
	// The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
	Schema pulumi.StringPtrInput
	// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
	SealWrap pulumi.BoolPtrInput
	// If set to true, static roles will not be rotated during import.
	// Defaults to false. Requires Vault 1.16 or above.
	SkipStaticRoleImportRotation pulumi.BoolPtrInput
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls pulumi.BoolPtrInput
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain pulumi.StringPtrInput
	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
	Url pulumi.StringPtrInput
	// Attribute used when searching users. Defaults to `cn`.
	Userattr pulumi.StringPtrInput
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	Userdn pulumi.StringPtrInput
}

func (SecretBackendState) ElementType 

func (SecretBackendState) ElementType() reflect.Type

type SecretBackendStaticRole 

type SecretBackendStaticRole struct {
	pulumi.CustomResourceState

	// Distinguished name (DN) of the existing LDAP entry to manage
	// password rotation for. If given, it will take precedence over `username` for the LDAP
	// search performed during password rotation. Cannot be modified after creation.
	Dn pulumi.StringPtrOutput `pulumi:"dn"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Mount pulumi.StringPtrOutput `pulumi:"mount"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Name of the role.
	RoleName pulumi.StringOutput `pulumi:"roleName"`
	// How often Vault should rotate the password of the user entry.
	RotationPeriod pulumi.IntOutput `pulumi:"rotationPeriod"`
	// Causes vault to skip the initial secret rotation on import. Not applicable to updates.
	// Requires Vault 1.16 or above.
	SkipImportRotation pulumi.BoolPtrOutput `pulumi:"skipImportRotation"`
	// The username of the existing LDAP entry to manage password rotation for.
	Username pulumi.StringOutput `pulumi:"username"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Path:        pulumi.String("my-custom-ldap"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://localhost"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewSecretBackendStaticRole(ctx, "role", &ldap.SecretBackendStaticRoleArgs{
			Mount:          config.Path,
			Username:       pulumi.String("alice"),
			Dn:             pulumi.String("cn=alice,ou=Users,DC=corp,DC=example,DC=net"),
			RoleName:       pulumi.String("alice"),
			RotationPeriod: pulumi.Int(60),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

LDAP secret backend static role can be imported using the full path to the role of the form: `<mount_path>/static-role/<role_name>` e.g.

```sh $ pulumi import vault:ldap/secretBackendStaticRole:SecretBackendStaticRole role ldap/static-role/example-role ```

func GetSecretBackendStaticRole 

func GetSecretBackendStaticRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendStaticRoleState, opts ...pulumi.ResourceOption) (*SecretBackendStaticRole, error)

GetSecretBackendStaticRole gets an existing SecretBackendStaticRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendStaticRole 

func NewSecretBackendStaticRole(ctx *pulumi.Context,
	name string, args *SecretBackendStaticRoleArgs, opts ...pulumi.ResourceOption) (*SecretBackendStaticRole, error)

NewSecretBackendStaticRole registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendStaticRole) ElementType 

func (*SecretBackendStaticRole) ElementType() reflect.Type

func (*SecretBackendStaticRole) ToSecretBackendStaticRoleOutput 

func (i *SecretBackendStaticRole) ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput

func (*SecretBackendStaticRole) ToSecretBackendStaticRoleOutputWithContext 

func (i *SecretBackendStaticRole) ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput

type SecretBackendStaticRoleArgs 

type SecretBackendStaticRoleArgs struct {
	// Distinguished name (DN) of the existing LDAP entry to manage
	// password rotation for. If given, it will take precedence over `username` for the LDAP
	// search performed during password rotation. Cannot be modified after creation.
	Dn pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Mount pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Name of the role.
	RoleName pulumi.StringInput
	// How often Vault should rotate the password of the user entry.
	RotationPeriod pulumi.IntInput
	// Causes vault to skip the initial secret rotation on import. Not applicable to updates.
	// Requires Vault 1.16 or above.
	SkipImportRotation pulumi.BoolPtrInput
	// The username of the existing LDAP entry to manage password rotation for.
	Username pulumi.StringInput
}

The set of arguments for constructing a SecretBackendStaticRole resource.

func (SecretBackendStaticRoleArgs) ElementType 

func (SecretBackendStaticRoleArgs) ElementType() reflect.Type

type SecretBackendStaticRoleArray 

type SecretBackendStaticRoleArray []SecretBackendStaticRoleInput

func (SecretBackendStaticRoleArray) ElementType 

func (SecretBackendStaticRoleArray) ElementType() reflect.Type

func (SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutput 

func (i SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput

func (SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutputWithContext 

func (i SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutputWithContext(ctx context.Context) SecretBackendStaticRoleArrayOutput

type SecretBackendStaticRoleArrayInput 

type SecretBackendStaticRoleArrayInput interface {
	pulumi.Input

	ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput
	ToSecretBackendStaticRoleArrayOutputWithContext(context.Context) SecretBackendStaticRoleArrayOutput
}

SecretBackendStaticRoleArrayInput is an input type that accepts SecretBackendStaticRoleArray and SecretBackendStaticRoleArrayOutput values. You can construct a concrete instance of `SecretBackendStaticRoleArrayInput` via: 

SecretBackendStaticRoleArray{ SecretBackendStaticRoleArgs{...} }

type SecretBackendStaticRoleArrayOutput 

type SecretBackendStaticRoleArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendStaticRoleArrayOutput) ElementType 

func (SecretBackendStaticRoleArrayOutput) ElementType() reflect.Type

func (SecretBackendStaticRoleArrayOutput) Index 

func (o SecretBackendStaticRoleArrayOutput) Index(i pulumi.IntInput) SecretBackendStaticRoleOutput

func (SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutput 

func (o SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput

func (SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutputWithContext 

func (o SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutputWithContext(ctx context.Context) SecretBackendStaticRoleArrayOutput

type SecretBackendStaticRoleInput 

type SecretBackendStaticRoleInput interface {
	pulumi.Input

	ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput
	ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput
}

type SecretBackendStaticRoleMap 

type SecretBackendStaticRoleMap map[string]SecretBackendStaticRoleInput

func (SecretBackendStaticRoleMap) ElementType 

func (SecretBackendStaticRoleMap) ElementType() reflect.Type

func (SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutput 

func (i SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput

func (SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutputWithContext 

func (i SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutputWithContext(ctx context.Context) SecretBackendStaticRoleMapOutput

type SecretBackendStaticRoleMapInput 

type SecretBackendStaticRoleMapInput interface {
	pulumi.Input

	ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput
	ToSecretBackendStaticRoleMapOutputWithContext(context.Context) SecretBackendStaticRoleMapOutput
}

SecretBackendStaticRoleMapInput is an input type that accepts SecretBackendStaticRoleMap and SecretBackendStaticRoleMapOutput values. You can construct a concrete instance of `SecretBackendStaticRoleMapInput` via: 

SecretBackendStaticRoleMap{ "key": SecretBackendStaticRoleArgs{...} }

type SecretBackendStaticRoleMapOutput 

type SecretBackendStaticRoleMapOutput struct{ *pulumi.OutputState }

func (SecretBackendStaticRoleMapOutput) ElementType 

func (SecretBackendStaticRoleMapOutput) ElementType() reflect.Type

func (SecretBackendStaticRoleMapOutput) MapIndex 

func (o SecretBackendStaticRoleMapOutput) MapIndex(k pulumi.StringInput) SecretBackendStaticRoleOutput

func (SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutput 

func (o SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput

func (SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutputWithContext 

func (o SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutputWithContext(ctx context.Context) SecretBackendStaticRoleMapOutput

type SecretBackendStaticRoleOutput 

type SecretBackendStaticRoleOutput struct{ *pulumi.OutputState }

func (SecretBackendStaticRoleOutput) Dn 

func (o SecretBackendStaticRoleOutput) Dn() pulumi.StringPtrOutput

Distinguished name (DN) of the existing LDAP entry to manage password rotation for. If given, it will take precedence over `username` for the LDAP search performed during password rotation. Cannot be modified after creation.

func (SecretBackendStaticRoleOutput) ElementType 

func (SecretBackendStaticRoleOutput) ElementType() reflect.Type

func (SecretBackendStaticRoleOutput) Mount 

func (o SecretBackendStaticRoleOutput) Mount() pulumi.StringPtrOutput

The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `ldap`.

func (SecretBackendStaticRoleOutput) Namespace 

func (o SecretBackendStaticRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (SecretBackendStaticRoleOutput) RoleName 

func (o SecretBackendStaticRoleOutput) RoleName() pulumi.StringOutput

Name of the role.

func (SecretBackendStaticRoleOutput) RotationPeriod 

func (o SecretBackendStaticRoleOutput) RotationPeriod() pulumi.IntOutput

How often Vault should rotate the password of the user entry.

func (SecretBackendStaticRoleOutput) SkipImportRotation 

func (o SecretBackendStaticRoleOutput) SkipImportRotation() pulumi.BoolPtrOutput

Causes vault to skip the initial secret rotation on import. Not applicable to updates. Requires Vault 1.16 or above.

func (SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutput 

func (o SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput

func (SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutputWithContext 

func (o SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput

func (SecretBackendStaticRoleOutput) Username 

func (o SecretBackendStaticRoleOutput) Username() pulumi.StringOutput

The username of the existing LDAP entry to manage password rotation for.

type SecretBackendStaticRoleState 

type SecretBackendStaticRoleState struct {
	// Distinguished name (DN) of the existing LDAP entry to manage
	// password rotation for. If given, it will take precedence over `username` for the LDAP
	// search performed during password rotation. Cannot be modified after creation.
	Dn pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `ldap`.
	Mount pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Name of the role.
	RoleName pulumi.StringPtrInput
	// How often Vault should rotate the password of the user entry.
	RotationPeriod pulumi.IntPtrInput
	// Causes vault to skip the initial secret rotation on import. Not applicable to updates.
	// Requires Vault 1.16 or above.
	SkipImportRotation pulumi.BoolPtrInput
	// The username of the existing LDAP entry to manage password rotation for.
	Username pulumi.StringPtrInput
}

func (SecretBackendStaticRoleState) ElementType 

func (SecretBackendStaticRoleState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.