pulumi-vault-kotlin/com.pulumi.vault.ad.kotlin/SecretBackendArgs

SecretBackendArgs

data class SecretBackendArgs(val anonymousGroupSearch: Output<Boolean>? = null, val backend: Output<String>? = null, val binddn: Output<String>? = null, val bindpass: Output<String>? = null, val caseSensitiveNames: Output<Boolean>? = null, val certificate: Output<String>? = null, val clientTlsCert: Output<String>? = null, val clientTlsKey: Output<String>? = null, val defaultLeaseTtlSeconds: Output<Int>? = null, val denyNullBind: Output<Boolean>? = null, val description: Output<String>? = null, val disableRemount: Output<Boolean>? = null, val discoverdn: Output<Boolean>? = null, val groupattr: Output<String>? = null, val groupdn: Output<String>? = null, val groupfilter: Output<String>? = null, val insecureTls: Output<Boolean>? = null, val lastRotationTolerance: Output<Int>? = null, val local: Output<Boolean>? = null, val maxLeaseTtlSeconds: Output<Int>? = null, val maxTtl: Output<Int>? = null, val namespace: Output<String>? = null, val passwordPolicy: Output<String>? = null, val requestTimeout: Output<Int>? = null, val starttls: Output<Boolean>? = null, val tlsMaxVersion: Output<String>? = null, val tlsMinVersion: Output<String>? = null, val ttl: Output<Int>? = null, val upndomain: Output<String>? = null, val url: Output<String>? = null, val usePre111GroupCnBehavior: Output<Boolean>? = null, val useTokenGroups: Output<Boolean>? = null, val userattr: Output<String>? = null, val userdn: Output<String>? = null) : ConvertibleToJava<SecretBackendArgs>

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const config = new vault.ad.SecretBackend("config", {
    backend: "ad",
    binddn: "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass: "SuperSecretPassw0rd",
    url: "ldaps://ad",
    insecureTls: true,
    userdn: "CN=Users,DC=corp,DC=example,DC=net",
});
Content copied to clipboard
import pulumi
import pulumi_vault as vault
config = vault.ad.SecretBackend("config",
    backend="ad",
    binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass="SuperSecretPassw0rd",
    url="ldaps://ad",
    insecure_tls=True,
    userdn="CN=Users,DC=corp,DC=example,DC=net")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var config = new Vault.AD.SecretBackend("config", new()
    {
        Backend = "ad",
        Binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
        Bindpass = "SuperSecretPassw0rd",
        Url = "ldaps://ad",
        InsecureTls = true,
        Userdn = "CN=Users,DC=corp,DC=example,DC=net",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ad"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ad.NewSecretBackend(ctx, "config", &ad.SecretBackendArgs{
			Backend:     pulumi.String("ad"),
			Binddn:      pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass:    pulumi.String("SuperSecretPassw0rd"),
			Url:         pulumi.String("ldaps://ad"),
			InsecureTls: pulumi.Bool(true),
			Userdn:      pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ad.SecretBackend;
import com.pulumi.vault.ad.SecretBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var config = new SecretBackend("config", SecretBackendArgs.builder()
            .backend("ad")
            .binddn("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net")
            .bindpass("SuperSecretPassw0rd")
            .url("ldaps://ad")
            .insecureTls("true")
            .userdn("CN=Users,DC=corp,DC=example,DC=net")
            .build());
    }
}
Content copied to clipboard
resources:
  config:
    type: vault:ad:SecretBackend
    properties:
      backend: ad
      binddn: CN=Administrator,CN=Users,DC=corp,DC=example,DC=net
      bindpass: SuperSecretPassw0rd
      url: ldaps://ad
      insecureTls: 'true'
      userdn: CN=Users,DC=corp,DC=example,DC=net
Content copied to clipboard

Import

AD secret backend can be imported using the backend, e.g.

$ pulumi import vault:ad/secretBackend:SecretBackend ad ad
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(anonymousGroupSearch: Output<Boolean>? = null, backend: Output<String>? = null, binddn: Output<String>? = null, bindpass: Output<String>? = null, caseSensitiveNames: Output<Boolean>? = null, certificate: Output<String>? = null, clientTlsCert: Output<String>? = null, clientTlsKey: Output<String>? = null, defaultLeaseTtlSeconds: Output<Int>? = null, denyNullBind: Output<Boolean>? = null, description: Output<String>? = null, disableRemount: Output<Boolean>? = null, discoverdn: Output<Boolean>? = null, groupattr: Output<String>? = null, groupdn: Output<String>? = null, groupfilter: Output<String>? = null, insecureTls: Output<Boolean>? = null, lastRotationTolerance: Output<Int>? = null, local: Output<Boolean>? = null, maxLeaseTtlSeconds: Output<Int>? = null, maxTtl: Output<Int>? = null, namespace: Output<String>? = null, passwordPolicy: Output<String>? = null, requestTimeout: Output<Int>? = null, starttls: Output<Boolean>? = null, tlsMaxVersion: Output<String>? = null, tlsMinVersion: Output<String>? = null, ttl: Output<Int>? = null, upndomain: Output<String>? = null, url: Output<String>? = null, usePre111GroupCnBehavior: Output<Boolean>? = null, useTokenGroups: Output<Boolean>? = null, userattr: Output<String>? = null, userdn: Output<String>? = null)

Properties

Link copied to clipboard
val anonymousGroupSearch: Output<Boolean>? = null

Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).

Link copied to clipboard
val backend: Output<String>? = null

The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ad.

Link copied to clipboard
val binddn: Output<String>? = null

Distinguished name of object to bind when performing user and group search.

Link copied to clipboard
val bindpass: Output<String>? = null

Password to use along with binddn when performing user search.

Link copied to clipboard
val caseSensitiveNames: Output<Boolean>? = null

If set, user and group names assigned to policies within the backend will be case sensitive. Otherwise, names will be normalized to lower case.

Link copied to clipboard
val certificate: Output<String>? = null

CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.

Link copied to clipboard
val clientTlsCert: Output<String>? = null

Client certificate to provide to the LDAP server, must be x509 PEM encoded.

Link copied to clipboard
val clientTlsKey: Output<String>? = null

Client certificate key to provide to the LDAP server, must be x509 PEM encoded.

Link copied to clipboard
val defaultLeaseTtlSeconds: Output<Int>? = null

Default lease duration for secrets in seconds.

Link copied to clipboard
val denyNullBind: Output<Boolean>? = null

Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true.

Link copied to clipboard
val description: Output<String>? = null

Human-friendly description of the mount for the Active Directory backend.

Link copied to clipboard
val disableRemount: Output<Boolean>? = null

If set, opts out of mount migration on path updates. See here for more info on Mount Migration

Link copied to clipboard
val discoverdn: Output<Boolean>? = null

Use anonymous bind to discover the bind Distinguished Name of a user.

Link copied to clipboard
val groupattr: Output<String>? = null

LDAP attribute to follow on objects returned by in order to enumerate user group membership. Examples: cn or memberOf, etc. Defaults to cn.

Link copied to clipboard
val groupdn: Output<String>? = null

LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).

Link copied to clipboard
val groupfilter: Output<String>? = null

Go template for querying group membership of user (optional) The template can access the following context variables: UserDN, Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))

Link copied to clipboard
val insecureTls: Output<Boolean>? = null

Skip LDAP server SSL Certificate verification. This is not recommended for production. Defaults to false.

Link copied to clipboard
val lastRotationTolerance: Output<Int>? = null

The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band

Link copied to clipboard
val local: Output<Boolean>? = null

Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.

Link copied to clipboard
val maxLeaseTtlSeconds: Output<Int>? = null

Maximum possible lease duration for secrets in seconds.

Link copied to clipboard
val maxTtl: Output<Int>? = null

In seconds, the maximum password time-to-live.

Link copied to clipboard
val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val passwordPolicy: Output<String>? = null

Name of the password policy to use to generate passwords.

Link copied to clipboard
val requestTimeout: Output<Int>? = null

Timeout, in seconds, for the connection when making requests against the server before returning back an error.

Link copied to clipboard
val starttls: Output<Boolean>? = null

Issue a StartTLS command after establishing unencrypted connection.

Link copied to clipboard
val tlsMaxVersion: Output<String>? = null

Maximum TLS version to use. Accepted values are tls10, tls11, tls12 or tls13. Defaults to tls12.

Link copied to clipboard
val tlsMinVersion: Output<String>? = null

Minimum TLS version to use. Accepted values are tls10, tls11, tls12 or tls13. Defaults to tls12.

Link copied to clipboard
val ttl: Output<Int>? = null

In seconds, the default password time-to-live.

Link copied to clipboard
val upndomain: Output<String>? = null

Enables userPrincipalDomain login with username@UPNDomain.

Link copied to clipboard
val url: Output<String>? = null

LDAP URL to connect to. Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1.

Link copied to clipboard
val usePre111GroupCnBehavior: Output<Boolean>? = null

In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.

Link copied to clipboard
val userattr: Output<String>? = null

Attribute used when searching users. Defaults to cn.

Link copied to clipboard
val userdn: Output<String>? = null

LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.

Link copied to clipboard
val useTokenGroups: Output<Boolean>? = null

If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.

Functions

Link copied to clipboard
open override fun toJava(): SecretBackendArgs