permalink |
---|
/ldap_secret_backend/ |
ldap_secret_backend
represents the vault_ldap_secret_backend
Terraform resource.
This package contains functions and utilities for setting up the resource using Jsonnet code.
fn new()
fn newAttrs()
fn withAllowedManagedKeys()
fn withAuditNonHmacRequestKeys()
fn withAuditNonHmacResponseKeys()
fn withBinddn()
fn withBindpass()
fn withCertificate()
fn withClientTlsCert()
fn withClientTlsKey()
fn withConnectionTimeout()
fn withDefaultLeaseTtlSeconds()
fn withDescription()
fn withDisableRemount()
fn withExternalEntropyAccess()
fn withInsecureTls()
fn withLength()
fn withLocal()
fn withMaxLeaseTtlSeconds()
fn withNamespace()
fn withOptions()
fn withPasswordPolicy()
fn withPath()
fn withRequestTimeout()
fn withSchema()
fn withSealWrap()
fn withStarttls()
fn withUpndomain()
fn withUrl()
fn withUserattr()
fn withUserdn()
new()
vault.ldap_secret_backend.new
injects a new vault_ldap_secret_backend
Terraform resource
block into the root module document.
Additionally, this inserts a private function into the _ref
attribute that generates references to attributes of the
resource. For example, if you added a new instance to the root using:
# arguments omitted for brevity
vault.ldap_secret_backend.new('some_id')
You can get the reference to the id
field of the created vault.ldap_secret_backend
using the reference:
$._ref.vault_ldap_secret_backend.some_id.get('id')
This is the same as directly entering "${ vault_ldap_secret_backend.some_id.id }"
as the value.
NOTE: if you are chaining multiple resources together in a merge operation, you may not be able to use super
, self
,
or $
to refer to the root object. Instead, make an explicit outer object using local
.
Args:
resourceLabel
(string
): The name label of the block.allowed_managed_keys
(list
): List of managed key registry entry names that the mount in question is allowed to access Whennull
, theallowed_managed_keys
field will be omitted from the resulting object.audit_non_hmac_request_keys
(list
): Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. Whennull
, theaudit_non_hmac_request_keys
field will be omitted from the resulting object.audit_non_hmac_response_keys
(list
): Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. Whennull
, theaudit_non_hmac_response_keys
field will be omitted from the resulting object.binddn
(string
): Distinguished name of object to bind when performing user and group search.bindpass
(string
): LDAP password for searching for the user DN.certificate
(string
): CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded. Whennull
, thecertificate
field will be omitted from the resulting object.client_tls_cert
(string
): Client certificate to provide to the LDAP server, must be x509 PEM encoded. Whennull
, theclient_tls_cert
field will be omitted from the resulting object.client_tls_key
(string
): Client certificate key to provide to the LDAP server, must be x509 PEM encoded. Whennull
, theclient_tls_key
field will be omitted from the resulting object.connection_timeout
(number
): Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration. Whennull
, theconnection_timeout
field will be omitted from the resulting object.default_lease_ttl_seconds
(number
): Default lease duration for tokens and secrets in seconds Whennull
, thedefault_lease_ttl_seconds
field will be omitted from the resulting object.description
(string
): Human-friendly description of the mount Whennull
, thedescription
field will be omitted from the resulting object.disable_remount
(bool
): If set, opts out of mount migration on path updates. Whennull
, thedisable_remount
field will be omitted from the resulting object.external_entropy_access
(bool
): Enable the secrets engine to access Vault's external entropy source Whennull
, theexternal_entropy_access
field will be omitted from the resulting object.insecure_tls
(bool
): Skip LDAP server SSL Certificate verification - insecure and not recommended for production use. Whennull
, theinsecure_tls
field will be omitted from the resulting object.length
(number
): The desired length of passwords that Vault generates. Whennull
, thelength
field will be omitted from the resulting object.local_
(bool
): Local mount flag that can be explicitly set to true to enforce local mount in HA environment Whennull
, thelocal_
field will be omitted from the resulting object.max_lease_ttl_seconds
(number
): Maximum possible lease duration for tokens and secrets in seconds Whennull
, themax_lease_ttl_seconds
field will be omitted from the resulting object.namespace
(string
): Target namespace. (requires Enterprise) Whennull
, thenamespace
field will be omitted from the resulting object.options
(obj
): Specifies mount type specific options that are passed to the backend Whennull
, theoptions
field will be omitted from the resulting object.password_policy
(string
): Name of the password policy to use to generate passwords. Whennull
, thepassword_policy
field will be omitted from the resulting object.path
(string
): The path where the LDAP secrets backend is mounted. Whennull
, thepath
field will be omitted from the resulting object.request_timeout
(number
): Timeout, in seconds, for the connection when making requests against the server before returning back an error. Whennull
, therequest_timeout
field will be omitted from the resulting object.schema
(string
): The LDAP schema to use when storing entry passwords. Valid schemas include openldap, ad, and racf. Whennull
, theschema
field will be omitted from the resulting object.seal_wrap
(bool
): Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability Whennull
, theseal_wrap
field will be omitted from the resulting object.starttls
(bool
): Issue a StartTLS command after establishing unencrypted connection. Whennull
, thestarttls
field will be omitted from the resulting object.upndomain
(string
): Enables userPrincipalDomain login with [username]@UPNDomain. Whennull
, theupndomain
field will be omitted from the resulting object.url
(string
): LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. Whennull
, theurl
field will be omitted from the resulting object.userattr
(string
): Attribute used for users (default: cn) Whennull
, theuserattr
field will be omitted from the resulting object.userdn
(string
): LDAP domain to use for users (eg: ou=People,dc=example,dc=org) Whennull
, theuserdn
field will be omitted from the resulting object.
Returns:
- A mixin object that injects the new resource into the root Terraform configuration.
newAttrs()
vault.ldap_secret_backend.newAttrs
constructs a new object with attributes and blocks configured for the ldap_secret_backend
Terraform resource.
Unlike vault.ldap_secret_backend.new, this function will not inject the resource
block into the root Terraform document. Instead, this must be passed in as the attrs
argument for the
tf.withResource function to build a complete block.
This is most useful when you need to preprocess the attributes with functions, conditional, or looping logic prior to injecting into a complete block.
Args:
allowed_managed_keys
(list
): List of managed key registry entry names that the mount in question is allowed to access Whennull
, theallowed_managed_keys
field will be omitted from the resulting object.audit_non_hmac_request_keys
(list
): Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. Whennull
, theaudit_non_hmac_request_keys
field will be omitted from the resulting object.audit_non_hmac_response_keys
(list
): Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. Whennull
, theaudit_non_hmac_response_keys
field will be omitted from the resulting object.binddn
(string
): Distinguished name of object to bind when performing user and group search.bindpass
(string
): LDAP password for searching for the user DN.certificate
(string
): CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded. Whennull
, thecertificate
field will be omitted from the resulting object.client_tls_cert
(string
): Client certificate to provide to the LDAP server, must be x509 PEM encoded. Whennull
, theclient_tls_cert
field will be omitted from the resulting object.client_tls_key
(string
): Client certificate key to provide to the LDAP server, must be x509 PEM encoded. Whennull
, theclient_tls_key
field will be omitted from the resulting object.connection_timeout
(number
): Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration. Whennull
, theconnection_timeout
field will be omitted from the resulting object.default_lease_ttl_seconds
(number
): Default lease duration for tokens and secrets in seconds Whennull
, thedefault_lease_ttl_seconds
field will be omitted from the resulting object.description
(string
): Human-friendly description of the mount Whennull
, thedescription
field will be omitted from the resulting object.disable_remount
(bool
): If set, opts out of mount migration on path updates. Whennull
, thedisable_remount
field will be omitted from the resulting object.external_entropy_access
(bool
): Enable the secrets engine to access Vault's external entropy source Whennull
, theexternal_entropy_access
field will be omitted from the resulting object.insecure_tls
(bool
): Skip LDAP server SSL Certificate verification - insecure and not recommended for production use. Whennull
, theinsecure_tls
field will be omitted from the resulting object.length
(number
): The desired length of passwords that Vault generates. Whennull
, thelength
field will be omitted from the resulting object.local_
(bool
): Local mount flag that can be explicitly set to true to enforce local mount in HA environment Whennull
, thelocal_
field will be omitted from the resulting object.max_lease_ttl_seconds
(number
): Maximum possible lease duration for tokens and secrets in seconds Whennull
, themax_lease_ttl_seconds
field will be omitted from the resulting object.namespace
(string
): Target namespace. (requires Enterprise) Whennull
, thenamespace
field will be omitted from the resulting object.options
(obj
): Specifies mount type specific options that are passed to the backend Whennull
, theoptions
field will be omitted from the resulting object.password_policy
(string
): Name of the password policy to use to generate passwords. Whennull
, thepassword_policy
field will be omitted from the resulting object.path
(string
): The path where the LDAP secrets backend is mounted. Whennull
, thepath
field will be omitted from the resulting object.request_timeout
(number
): Timeout, in seconds, for the connection when making requests against the server before returning back an error. Whennull
, therequest_timeout
field will be omitted from the resulting object.schema
(string
): The LDAP schema to use when storing entry passwords. Valid schemas include openldap, ad, and racf. Whennull
, theschema
field will be omitted from the resulting object.seal_wrap
(bool
): Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability Whennull
, theseal_wrap
field will be omitted from the resulting object.starttls
(bool
): Issue a StartTLS command after establishing unencrypted connection. Whennull
, thestarttls
field will be omitted from the resulting object.upndomain
(string
): Enables userPrincipalDomain login with [username]@UPNDomain. Whennull
, theupndomain
field will be omitted from the resulting object.url
(string
): LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. Whennull
, theurl
field will be omitted from the resulting object.userattr
(string
): Attribute used for users (default: cn) Whennull
, theuserattr
field will be omitted from the resulting object.userdn
(string
): LDAP domain to use for users (eg: ou=People,dc=example,dc=org) Whennull
, theuserdn
field will be omitted from the resulting object.
Returns:
- An attribute object that can be used with tf.withResource to construct a new
ldap_secret_backend
resource into the root Terraform configuration.
withAllowedManagedKeys()
vault.list.withAllowedManagedKeys
constructs a mixin object that can be merged into the list
Terraform resource block to set or update the allowed_managed_keys field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(list
): The value to set for theallowed_managed_keys
field.
withAuditNonHmacRequestKeys()
vault.list.withAuditNonHmacRequestKeys
constructs a mixin object that can be merged into the list
Terraform resource block to set or update the audit_non_hmac_request_keys field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(list
): The value to set for theaudit_non_hmac_request_keys
field.
withAuditNonHmacResponseKeys()
vault.list.withAuditNonHmacResponseKeys
constructs a mixin object that can be merged into the list
Terraform resource block to set or update the audit_non_hmac_response_keys field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(list
): The value to set for theaudit_non_hmac_response_keys
field.
withBinddn()
vault.string.withBinddn
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the binddn field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for thebinddn
field.
withBindpass()
vault.string.withBindpass
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the bindpass field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for thebindpass
field.
withCertificate()
vault.string.withCertificate
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the certificate field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for thecertificate
field.
withClientTlsCert()
vault.string.withClientTlsCert
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the client_tls_cert field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for theclient_tls_cert
field.
withClientTlsKey()
vault.string.withClientTlsKey
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the client_tls_key field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for theclient_tls_key
field.
withConnectionTimeout()
vault.number.withConnectionTimeout
constructs a mixin object that can be merged into the number
Terraform resource block to set or update the connection_timeout field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(number
): The value to set for theconnection_timeout
field.
withDefaultLeaseTtlSeconds()
vault.number.withDefaultLeaseTtlSeconds
constructs a mixin object that can be merged into the number
Terraform resource block to set or update the default_lease_ttl_seconds field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(number
): The value to set for thedefault_lease_ttl_seconds
field.
withDescription()
vault.string.withDescription
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the description field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for thedescription
field.
withDisableRemount()
vault.bool.withDisableRemount
constructs a mixin object that can be merged into the bool
Terraform resource block to set or update the disable_remount field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(bool
): The value to set for thedisable_remount
field.
withExternalEntropyAccess()
vault.bool.withExternalEntropyAccess
constructs a mixin object that can be merged into the bool
Terraform resource block to set or update the external_entropy_access field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(bool
): The value to set for theexternal_entropy_access
field.
withInsecureTls()
vault.bool.withInsecureTls
constructs a mixin object that can be merged into the bool
Terraform resource block to set or update the insecure_tls field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(bool
): The value to set for theinsecure_tls
field.
withLength()
vault.number.withLength
constructs a mixin object that can be merged into the number
Terraform resource block to set or update the length field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(number
): The value to set for thelength
field.
withLocal()
vault.bool.withLocal
constructs a mixin object that can be merged into the bool
Terraform resource block to set or update the local field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(bool
): The value to set for thelocal
field.
withMaxLeaseTtlSeconds()
vault.number.withMaxLeaseTtlSeconds
constructs a mixin object that can be merged into the number
Terraform resource block to set or update the max_lease_ttl_seconds field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(number
): The value to set for themax_lease_ttl_seconds
field.
withNamespace()
vault.string.withNamespace
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the namespace field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for thenamespace
field.
withOptions()
vault.obj.withOptions
constructs a mixin object that can be merged into the obj
Terraform resource block to set or update the options field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(obj
): The value to set for theoptions
field.
withPasswordPolicy()
vault.string.withPasswordPolicy
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the password_policy field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for thepassword_policy
field.
withPath()
vault.string.withPath
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the path field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for thepath
field.
withRequestTimeout()
vault.number.withRequestTimeout
constructs a mixin object that can be merged into the number
Terraform resource block to set or update the request_timeout field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(number
): The value to set for therequest_timeout
field.
withSchema()
vault.string.withSchema
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the schema field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for theschema
field.
withSealWrap()
vault.bool.withSealWrap
constructs a mixin object that can be merged into the bool
Terraform resource block to set or update the seal_wrap field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(bool
): The value to set for theseal_wrap
field.
withStarttls()
vault.bool.withStarttls
constructs a mixin object that can be merged into the bool
Terraform resource block to set or update the starttls field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(bool
): The value to set for thestarttls
field.
withUpndomain()
vault.string.withUpndomain
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the upndomain field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for theupndomain
field.
withUrl()
vault.string.withUrl
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the url field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for theurl
field.
withUserattr()
vault.string.withUserattr
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the userattr field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for theuserattr
field.
withUserdn()
vault.string.withUserdn
constructs a mixin object that can be merged into the string
Terraform resource block to set or update the userdn field.
Args:
resourceLabel
(string
): The name label of the block to update.value
(string
): The value to set for theuserdn
field.