pulumi-vault-kotlin/com.pulumi.vault.ldap.kotlin/SecretBackendDynamicRole

SecretBackendDynamicRole

class SecretBackendDynamicRole : KotlinCustomResource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const config = new vault.ldap.SecretBackend("config", {
    path: "my-custom-ldap",
    binddn: "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass: "SuperSecretPassw0rd",
    url: "ldaps://localhost",
    userdn: "CN=Users,DC=corp,DC=example,DC=net",
});
const role = new vault.ldap.SecretBackendDynamicRole("role", {
    mount: config.path,
    roleName: "alice",
    creationLdif: `dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
`,
    deletionLdif: `dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
  rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
`,
});
Content copied to clipboard
import pulumi
import pulumi_vault as vault
config = vault.ldap.SecretBackend("config",
    path="my-custom-ldap",
    binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
    bindpass="SuperSecretPassw0rd",
    url="ldaps://localhost",
    userdn="CN=Users,DC=corp,DC=example,DC=net")
role = vault.ldap.SecretBackendDynamicRole("role",
    mount=config.path,
    role_name="alice",
    creation_ldif="""dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
""",
    deletion_ldif="""dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
  rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
""")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var config = new Vault.Ldap.SecretBackend("config", new()
    {
        Path = "my-custom-ldap",
        Binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
        Bindpass = "SuperSecretPassw0rd",
        Url = "ldaps://localhost",
        Userdn = "CN=Users,DC=corp,DC=example,DC=net",
    });
    var role = new Vault.Ldap.SecretBackendDynamicRole("role", new()
    {
        Mount = config.Path,
        RoleName = "alice",
        CreationLdif = @"dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
",
        DeletionLdif = @"dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
  rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
			Path:     pulumi.String("my-custom-ldap"),
			Binddn:   pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
			Bindpass: pulumi.String("SuperSecretPassw0rd"),
			Url:      pulumi.String("ldaps://localhost"),
			Userdn:   pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewSecretBackendDynamicRole(ctx, "role", &ldap.SecretBackendDynamicRoleArgs{
			Mount:    config.Path,
			RoleName: pulumi.String("alice"),
			CreationLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
`),
			DeletionLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
  rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
`),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ldap.SecretBackend;
import com.pulumi.vault.ldap.SecretBackendArgs;
import com.pulumi.vault.ldap.SecretBackendDynamicRole;
import com.pulumi.vault.ldap.SecretBackendDynamicRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var config = new SecretBackend("config", SecretBackendArgs.builder()
            .path("my-custom-ldap")
            .binddn("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net")
            .bindpass("SuperSecretPassw0rd")
            .url("ldaps://localhost")
            .userdn("CN=Users,DC=corp,DC=example,DC=net")
            .build());
        var role = new SecretBackendDynamicRole("role", SecretBackendDynamicRoleArgs.builder()
            .mount(config.path())
            .roleName("alice")
            .creationLdif("""
dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
            """)
            .deletionLdif("""
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
  rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
            """)
            .build());
    }
}
Content copied to clipboard
resources:
  config:
    type: vault:ldap:SecretBackend
    properties:
      path: my-custom-ldap
      binddn: CN=Administrator,CN=Users,DC=corp,DC=example,DC=net
      bindpass: SuperSecretPassw0rd
      url: ldaps://localhost
      userdn: CN=Users,DC=corp,DC=example,DC=net
  role:
    type: vault:ldap:SecretBackendDynamicRole
    properties:
      mount: ${config.path}
      roleName: alice
      creationLdif: |
        dn: cn={{.Username}},ou=users,dc=learn,dc=example
        objectClass: person
        objectClass: top
        cn: learn
        sn: {{.Password | utf16le | base64}}
        memberOf: cn=dev,ou=groups,dc=learn,dc=example
        userPassword: {{.Password}}
      deletionLdif: |
        dn: cn={{.Username}},ou=users,dc=learn,dc=example
        changetype: delete
          rollback_ldif = <<EOT
        dn: cn={{.Username}},ou=users,dc=learn,dc=example
        changetype: delete
Content copied to clipboard

Import

LDAP secret backend dynamic role can be imported using the full path to the role of the form: <mount_path>/dynamic-role/<role_name> e.g.

$ pulumi import vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole role ldap/role/dynamic-role
Content copied to clipboard

Properties

Link copied to clipboard
val creationLdif: Output<String>

A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.

Link copied to clipboard
val defaultTtl: Output<Int>?

Specifies the TTL for the leases associated with this role.

Link copied to clipboard
val deletionLdif: Output<String>

A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val maxTtl: Output<Int>?

Specifies the maximum TTL for the leases associated with this role.

Link copied to clipboard
val mount: Output<String>?

The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.

Link copied to clipboard
val namespace: Output<String>?

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val roleName: Output<String>

Name of the role.

Link copied to clipboard
val rollbackLdif: Output<String>?

A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.

Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val usernameTemplate: Output<String>?

A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.