pulumi-vault-kotlin/com.pulumi.vault.ldap.kotlin/SecretBackendArgs

SecretBackendArgs

data class SecretBackendArgs(val allowedManagedKeys: Output<List<String>>? = null, val auditNonHmacRequestKeys: Output<List<String>>? = null, val auditNonHmacResponseKeys: Output<List<String>>? = null, val binddn: Output<String>? = null, val bindpass: Output<String>? = null, val certificate: Output<String>? = null, val clientTlsCert: Output<String>? = null, val clientTlsKey: Output<String>? = null, val connectionTimeout: Output<Int>? = null, val defaultLeaseTtlSeconds: Output<Int>? = null, val description: Output<String>? = null, val disableRemount: Output<Boolean>? = null, val externalEntropyAccess: Output<Boolean>? = null, val insecureTls: Output<Boolean>? = null, val local: Output<Boolean>? = null, val maxLeaseTtlSeconds: Output<Int>? = null, val namespace: Output<String>? = null, val options: Output<Map<String, Any>>? = null, val passwordPolicy: Output<String>? = null, val path: Output<String>? = null, val requestTimeout: Output<Int>? = null, val schema: Output<String>? = null, val sealWrap: Output<Boolean>? = null, val skipStaticRoleImportRotation: Output<Boolean>? = null, val starttls: Output<Boolean>? = null, val upndomain: Output<String>? = null, val url: Output<String>? = null, val userattr: Output<String>? = null, val userdn: Output<String>? = null) : ConvertibleToJava<SecretBackendArgs>

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const config = new vault.ldap.SecretBackend("config", {
    path: "my-custom-ldap",
    binddn: "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass: "SuperSecretPassw0rd",
    url: "ldaps://localhost",
    insecureTls: true,
    userdn: "CN=Users,DC=corp,DC=example,DC=net",
});

import pulumi
import pulumi_vault as vault
config = vault.ldap.SecretBackend("config",
    path="my-custom-ldap",
    binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass="SuperSecretPassw0rd",
    url="ldaps://localhost",
    insecure_tls=True,
    userdn="CN=Users,DC=corp,DC=example,DC=net")

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var config = new Vault.Ldap.SecretBackend("config", new()
    {
        Path = "my-custom-ldap",
        Binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
        Bindpass = "SuperSecretPassw0rd",
        Url = "ldaps://localhost",
        InsecureTls = true,
        Userdn = "CN=Users,DC=corp,DC=example,DC=net",
    });
});

package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Path:        pulumi.String("my-custom-ldap"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://localhost"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ldap.SecretBackend;
import com.pulumi.vault.ldap.SecretBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var config = new SecretBackend("config", SecretBackendArgs.builder()
            .path("my-custom-ldap")
            .binddn("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net")
            .bindpass("SuperSecretPassw0rd")
            .url("ldaps://localhost")
            .insecureTls("true")
            .userdn("CN=Users,DC=corp,DC=example,DC=net")
            .build());
    }
}

resources:
  config:
    type: vault:ldap:SecretBackend
    properties:
      path: my-custom-ldap
      binddn: CN=Administrator,CN=Users,DC=corp,DC=example,DC=net
      bindpass: SuperSecretPassw0rd
      url: ldaps://localhost
      insecureTls: 'true'
      userdn: CN=Users,DC=corp,DC=example,DC=net

Import

LDAP secret backend can be imported using the ${mount}/config, e.g.

$ pulumi import vault:ldap/secretBackend:SecretBackend config ldap/config

Constructors

SecretBackendArgs

constructor(allowedManagedKeys: Output<List<String>>? = null, auditNonHmacRequestKeys: Output<List<String>>? = null, auditNonHmacResponseKeys: Output<List<String>>? = null, binddn: Output<String>? = null, bindpass: Output<String>? = null, certificate: Output<String>? = null, clientTlsCert: Output<String>? = null, clientTlsKey: Output<String>? = null, connectionTimeout: Output<Int>? = null, defaultLeaseTtlSeconds: Output<Int>? = null, description: Output<String>? = null, disableRemount: Output<Boolean>? = null, externalEntropyAccess: Output<Boolean>? = null, insecureTls: Output<Boolean>? = null, local: Output<Boolean>? = null, maxLeaseTtlSeconds: Output<Int>? = null, namespace: Output<String>? = null, options: Output<Map<String, Any>>? = null, passwordPolicy: Output<String>? = null, path: Output<String>? = null, requestTimeout: Output<Int>? = null, schema: Output<String>? = null, sealWrap: Output<Boolean>? = null, skipStaticRoleImportRotation: Output<Boolean>? = null, starttls: Output<Boolean>? = null, upndomain: Output<String>? = null, url: Output<String>? = null, userattr: Output<String>? = null, userdn: Output<String>? = null)

Properties

allowedManagedKeys

val allowedManagedKeys: Output<List<String>>? = null

List of managed key registry entry names that the mount in question is allowed to access

auditNonHmacRequestKeys

val auditNonHmacRequestKeys: Output<List<String>>? = null

Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.

auditNonHmacResponseKeys

val auditNonHmacResponseKeys: Output<List<String>>? = null

Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.

binddn

val binddn: Output<String>? = null

Distinguished name of object to bind when performing user and group search.

bindpass

val bindpass: Output<String>? = null

Password to use along with binddn when performing user search.

certificate

val certificate: Output<String>? = null

CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.

clientTlsCert

val clientTlsCert: Output<String>? = null

Client certificate to provide to the LDAP server, must be x509 PEM encoded.

clientTlsKey

val clientTlsKey: Output<String>? = null

Client certificate key to provide to the LDAP server, must be x509 PEM encoded.

connectionTimeout

val connectionTimeout: Output<Int>? = null

Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.

defaultLeaseTtlSeconds

val defaultLeaseTtlSeconds: Output<Int>? = null

Default lease duration for secrets in seconds.

description

val description: Output<String>? = null

Human-friendly description of the mount for the Active Directory backend.

disableRemount

val disableRemount: Output<Boolean>? = null

If set, opts out of mount migration on path updates.

externalEntropyAccess

val externalEntropyAccess: Output<Boolean>? = null

Enable the secrets engine to access Vault's external entropy source

insecureTls

val insecureTls: Output<Boolean>? = null

Skip LDAP server SSL Certificate verification. This is not recommended for production. Defaults to false.

local

val local: Output<Boolean>? = null

Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.

maxLeaseTtlSeconds

val maxLeaseTtlSeconds: Output<Int>? = null

Maximum possible lease duration for secrets in seconds.

namespace

val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

options

val options: Output<Map<String, Any>>? = null

Specifies mount type specific options that are passed to the backend

passwordPolicy

val passwordPolicy: Output<String>? = null

Name of the password policy to use to generate passwords.

path

val path: Output<String>? = null

The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.

requestTimeout

val requestTimeout: Output<Int>? = null

Timeout, in seconds, for the connection when making requests against the server before returning back an error.

schema

val schema: Output<String>? = null

The LDAP schema to use when storing entry passwords. Valid schemas include openldap, ad, and racf. Default is openldap.

sealWrap

val sealWrap: Output<Boolean>? = null

Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability

skipStaticRoleImportRotation

val skipStaticRoleImportRotation: Output<Boolean>? = null

If set to true, static roles will not be rotated during import. Defaults to false. Requires Vault 1.16 or above.

starttls

val starttls: Output<Boolean>? = null

Issue a StartTLS command after establishing unencrypted connection.

upndomain

val upndomain: Output<String>? = null

Enables userPrincipalDomain login with username@UPNDomain.

url

val url: Output<String>? = null

LDAP URL to connect to. Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1.

userattr

val userattr: Output<String>? = null

Attribute used when searching users. Defaults to cn.

userdn

val userdn: Output<String>? = null

LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.

Functions

toJava

open override fun toJava(): SecretBackendArgs