1. Packages
  2. Pulumi Vault Provider
  3. API Docs
  4. ldap
  5. SecretBackendDynamicRole
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

vault.ldap.SecretBackendDynamicRole

Explore with Pulumi AI

vault logo
HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as vault from "@pulumi/vault";
    
    const config = new vault.ldap.SecretBackend("config", {
        path: "my-custom-ldap",
        binddn: "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
        bindpass: "SuperSecretPassw0rd",
        url: "ldaps://localhost",
        userdn: "CN=Users,DC=corp,DC=example,DC=net",
    });
    const role = new vault.ldap.SecretBackendDynamicRole("role", {
        mount: config.path,
        roleName: "alice",
        creationLdif: `dn: cn={{.Username}},ou=users,dc=learn,dc=example
    objectClass: person
    objectClass: top
    cn: learn
    sn: {{.Password | utf16le | base64}}
    memberOf: cn=dev,ou=groups,dc=learn,dc=example
    userPassword: {{.Password}}
    `,
        deletionLdif: `dn: cn={{.Username}},ou=users,dc=learn,dc=example
    changetype: delete
      rollback_ldif = <<EOT
    dn: cn={{.Username}},ou=users,dc=learn,dc=example
    changetype: delete
    `,
    });
    
    import pulumi
    import pulumi_vault as vault
    
    config = vault.ldap.SecretBackend("config",
        path="my-custom-ldap",
        binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
        bindpass="SuperSecretPassw0rd",
        url="ldaps://localhost",
        userdn="CN=Users,DC=corp,DC=example,DC=net")
    role = vault.ldap.SecretBackendDynamicRole("role",
        mount=config.path,
        role_name="alice",
        creation_ldif="""dn: cn={{.Username}},ou=users,dc=learn,dc=example
    objectClass: person
    objectClass: top
    cn: learn
    sn: {{.Password | utf16le | base64}}
    memberOf: cn=dev,ou=groups,dc=learn,dc=example
    userPassword: {{.Password}}
    """,
        deletion_ldif="""dn: cn={{.Username}},ou=users,dc=learn,dc=example
    changetype: delete
      rollback_ldif = <<EOT
    dn: cn={{.Username}},ou=users,dc=learn,dc=example
    changetype: delete
    """)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
    			Path:     pulumi.String("my-custom-ldap"),
    			Binddn:   pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
    			Bindpass: pulumi.String("SuperSecretPassw0rd"),
    			Url:      pulumi.String("ldaps://localhost"),
    			Userdn:   pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ldap.NewSecretBackendDynamicRole(ctx, "role", &ldap.SecretBackendDynamicRoleArgs{
    			Mount:    config.Path,
    			RoleName: pulumi.String("alice"),
    			CreationLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example
    objectClass: person
    objectClass: top
    cn: learn
    sn: {{.Password | utf16le | base64}}
    memberOf: cn=dev,ou=groups,dc=learn,dc=example
    userPassword: {{.Password}}
    `),
    			DeletionLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example
    changetype: delete
      rollback_ldif = <<EOT
    dn: cn={{.Username}},ou=users,dc=learn,dc=example
    changetype: delete
    `),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Vault = Pulumi.Vault;
    
    return await Deployment.RunAsync(() => 
    {
        var config = new Vault.Ldap.SecretBackend("config", new()
        {
            Path = "my-custom-ldap",
            Binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
            Bindpass = "SuperSecretPassw0rd",
            Url = "ldaps://localhost",
            Userdn = "CN=Users,DC=corp,DC=example,DC=net",
        });
    
        var role = new Vault.Ldap.SecretBackendDynamicRole("role", new()
        {
            Mount = config.Path,
            RoleName = "alice",
            CreationLdif = @"dn: cn={{.Username}},ou=users,dc=learn,dc=example
    objectClass: person
    objectClass: top
    cn: learn
    sn: {{.Password | utf16le | base64}}
    memberOf: cn=dev,ou=groups,dc=learn,dc=example
    userPassword: {{.Password}}
    ",
            DeletionLdif = @"dn: cn={{.Username}},ou=users,dc=learn,dc=example
    changetype: delete
      rollback_ldif = <<EOT
    dn: cn={{.Username}},ou=users,dc=learn,dc=example
    changetype: delete
    ",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.vault.ldap.SecretBackend;
    import com.pulumi.vault.ldap.SecretBackendArgs;
    import com.pulumi.vault.ldap.SecretBackendDynamicRole;
    import com.pulumi.vault.ldap.SecretBackendDynamicRoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var config = new SecretBackend("config", SecretBackendArgs.builder()
                .path("my-custom-ldap")
                .binddn("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net")
                .bindpass("SuperSecretPassw0rd")
                .url("ldaps://localhost")
                .userdn("CN=Users,DC=corp,DC=example,DC=net")
                .build());
    
            var role = new SecretBackendDynamicRole("role", SecretBackendDynamicRoleArgs.builder()
                .mount(config.path())
                .roleName("alice")
                .creationLdif("""
    dn: cn={{.Username}},ou=users,dc=learn,dc=example
    objectClass: person
    objectClass: top
    cn: learn
    sn: {{.Password | utf16le | base64}}
    memberOf: cn=dev,ou=groups,dc=learn,dc=example
    userPassword: {{.Password}}
                """)
                .deletionLdif("""
    dn: cn={{.Username}},ou=users,dc=learn,dc=example
    changetype: delete
      rollback_ldif = <<EOT
    dn: cn={{.Username}},ou=users,dc=learn,dc=example
    changetype: delete
                """)
                .build());
    
        }
    }
    
    resources:
      config:
        type: vault:ldap:SecretBackend
        properties:
          path: my-custom-ldap
          binddn: CN=Administrator,CN=Users,DC=corp,DC=example,DC=net
          bindpass: SuperSecretPassw0rd
          url: ldaps://localhost
          userdn: CN=Users,DC=corp,DC=example,DC=net
      role:
        type: vault:ldap:SecretBackendDynamicRole
        properties:
          mount: ${config.path}
          roleName: alice
          creationLdif: |
            dn: cn={{.Username}},ou=users,dc=learn,dc=example
            objectClass: person
            objectClass: top
            cn: learn
            sn: {{.Password | utf16le | base64}}
            memberOf: cn=dev,ou=groups,dc=learn,dc=example
            userPassword: {{.Password}}        
          deletionLdif: |
            dn: cn={{.Username}},ou=users,dc=learn,dc=example
            changetype: delete
              rollback_ldif = <<EOT
            dn: cn={{.Username}},ou=users,dc=learn,dc=example
            changetype: delete        
    

    Create SecretBackendDynamicRole Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new SecretBackendDynamicRole(name: string, args: SecretBackendDynamicRoleArgs, opts?: CustomResourceOptions);
    @overload
    def SecretBackendDynamicRole(resource_name: str,
                                 args: SecretBackendDynamicRoleArgs,
                                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def SecretBackendDynamicRole(resource_name: str,
                                 opts: Optional[ResourceOptions] = None,
                                 creation_ldif: Optional[str] = None,
                                 deletion_ldif: Optional[str] = None,
                                 role_name: Optional[str] = None,
                                 default_ttl: Optional[int] = None,
                                 max_ttl: Optional[int] = None,
                                 mount: Optional[str] = None,
                                 namespace: Optional[str] = None,
                                 rollback_ldif: Optional[str] = None,
                                 username_template: Optional[str] = None)
    func NewSecretBackendDynamicRole(ctx *Context, name string, args SecretBackendDynamicRoleArgs, opts ...ResourceOption) (*SecretBackendDynamicRole, error)
    public SecretBackendDynamicRole(string name, SecretBackendDynamicRoleArgs args, CustomResourceOptions? opts = null)
    public SecretBackendDynamicRole(String name, SecretBackendDynamicRoleArgs args)
    public SecretBackendDynamicRole(String name, SecretBackendDynamicRoleArgs args, CustomResourceOptions options)
    
    type: vault:ldap:SecretBackendDynamicRole
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SecretBackendDynamicRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecretBackendDynamicRoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecretBackendDynamicRoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecretBackendDynamicRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecretBackendDynamicRoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var secretBackendDynamicRoleResource = new Vault.Ldap.SecretBackendDynamicRole("secretBackendDynamicRoleResource", new()
    {
        CreationLdif = "string",
        DeletionLdif = "string",
        RoleName = "string",
        DefaultTtl = 0,
        MaxTtl = 0,
        Mount = "string",
        Namespace = "string",
        RollbackLdif = "string",
        UsernameTemplate = "string",
    });
    
    example, err := ldap.NewSecretBackendDynamicRole(ctx, "secretBackendDynamicRoleResource", &ldap.SecretBackendDynamicRoleArgs{
    	CreationLdif:     pulumi.String("string"),
    	DeletionLdif:     pulumi.String("string"),
    	RoleName:         pulumi.String("string"),
    	DefaultTtl:       pulumi.Int(0),
    	MaxTtl:           pulumi.Int(0),
    	Mount:            pulumi.String("string"),
    	Namespace:        pulumi.String("string"),
    	RollbackLdif:     pulumi.String("string"),
    	UsernameTemplate: pulumi.String("string"),
    })
    
    var secretBackendDynamicRoleResource = new SecretBackendDynamicRole("secretBackendDynamicRoleResource", SecretBackendDynamicRoleArgs.builder()
        .creationLdif("string")
        .deletionLdif("string")
        .roleName("string")
        .defaultTtl(0)
        .maxTtl(0)
        .mount("string")
        .namespace("string")
        .rollbackLdif("string")
        .usernameTemplate("string")
        .build());
    
    secret_backend_dynamic_role_resource = vault.ldap.SecretBackendDynamicRole("secretBackendDynamicRoleResource",
        creation_ldif="string",
        deletion_ldif="string",
        role_name="string",
        default_ttl=0,
        max_ttl=0,
        mount="string",
        namespace="string",
        rollback_ldif="string",
        username_template="string")
    
    const secretBackendDynamicRoleResource = new vault.ldap.SecretBackendDynamicRole("secretBackendDynamicRoleResource", {
        creationLdif: "string",
        deletionLdif: "string",
        roleName: "string",
        defaultTtl: 0,
        maxTtl: 0,
        mount: "string",
        namespace: "string",
        rollbackLdif: "string",
        usernameTemplate: "string",
    });
    
    type: vault:ldap:SecretBackendDynamicRole
    properties:
        creationLdif: string
        defaultTtl: 0
        deletionLdif: string
        maxTtl: 0
        mount: string
        namespace: string
        roleName: string
        rollbackLdif: string
        usernameTemplate: string
    

    SecretBackendDynamicRole Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The SecretBackendDynamicRole resource accepts the following input properties:

    CreationLdif string
    A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
    DeletionLdif string
    A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    RoleName string
    Name of the role.
    DefaultTtl int
    Specifies the TTL for the leases associated with this role.
    MaxTtl int
    Specifies the maximum TTL for the leases associated with this role.
    Mount string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    RollbackLdif string
    A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    UsernameTemplate string
    A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.
    CreationLdif string
    A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
    DeletionLdif string
    A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    RoleName string
    Name of the role.
    DefaultTtl int
    Specifies the TTL for the leases associated with this role.
    MaxTtl int
    Specifies the maximum TTL for the leases associated with this role.
    Mount string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    RollbackLdif string
    A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    UsernameTemplate string
    A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.
    creationLdif String
    A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
    deletionLdif String
    A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    roleName String
    Name of the role.
    defaultTtl Integer
    Specifies the TTL for the leases associated with this role.
    maxTtl Integer
    Specifies the maximum TTL for the leases associated with this role.
    mount String
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    rollbackLdif String
    A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    usernameTemplate String
    A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.
    creationLdif string
    A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
    deletionLdif string
    A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    roleName string
    Name of the role.
    defaultTtl number
    Specifies the TTL for the leases associated with this role.
    maxTtl number
    Specifies the maximum TTL for the leases associated with this role.
    mount string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    rollbackLdif string
    A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    usernameTemplate string
    A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.
    creation_ldif str
    A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
    deletion_ldif str
    A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    role_name str
    Name of the role.
    default_ttl int
    Specifies the TTL for the leases associated with this role.
    max_ttl int
    Specifies the maximum TTL for the leases associated with this role.
    mount str
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    rollback_ldif str
    A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    username_template str
    A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.
    creationLdif String
    A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
    deletionLdif String
    A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    roleName String
    Name of the role.
    defaultTtl Number
    Specifies the TTL for the leases associated with this role.
    maxTtl Number
    Specifies the maximum TTL for the leases associated with this role.
    mount String
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    rollbackLdif String
    A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    usernameTemplate String
    A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecretBackendDynamicRole resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing SecretBackendDynamicRole Resource

    Get an existing SecretBackendDynamicRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecretBackendDynamicRoleState, opts?: CustomResourceOptions): SecretBackendDynamicRole
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            creation_ldif: Optional[str] = None,
            default_ttl: Optional[int] = None,
            deletion_ldif: Optional[str] = None,
            max_ttl: Optional[int] = None,
            mount: Optional[str] = None,
            namespace: Optional[str] = None,
            role_name: Optional[str] = None,
            rollback_ldif: Optional[str] = None,
            username_template: Optional[str] = None) -> SecretBackendDynamicRole
    func GetSecretBackendDynamicRole(ctx *Context, name string, id IDInput, state *SecretBackendDynamicRoleState, opts ...ResourceOption) (*SecretBackendDynamicRole, error)
    public static SecretBackendDynamicRole Get(string name, Input<string> id, SecretBackendDynamicRoleState? state, CustomResourceOptions? opts = null)
    public static SecretBackendDynamicRole get(String name, Output<String> id, SecretBackendDynamicRoleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CreationLdif string
    A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
    DefaultTtl int
    Specifies the TTL for the leases associated with this role.
    DeletionLdif string
    A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    MaxTtl int
    Specifies the maximum TTL for the leases associated with this role.
    Mount string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    RoleName string
    Name of the role.
    RollbackLdif string
    A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    UsernameTemplate string
    A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.
    CreationLdif string
    A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
    DefaultTtl int
    Specifies the TTL for the leases associated with this role.
    DeletionLdif string
    A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    MaxTtl int
    Specifies the maximum TTL for the leases associated with this role.
    Mount string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
    Namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    RoleName string
    Name of the role.
    RollbackLdif string
    A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    UsernameTemplate string
    A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.
    creationLdif String
    A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
    defaultTtl Integer
    Specifies the TTL for the leases associated with this role.
    deletionLdif String
    A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    maxTtl Integer
    Specifies the maximum TTL for the leases associated with this role.
    mount String
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    roleName String
    Name of the role.
    rollbackLdif String
    A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    usernameTemplate String
    A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.
    creationLdif string
    A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
    defaultTtl number
    Specifies the TTL for the leases associated with this role.
    deletionLdif string
    A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    maxTtl number
    Specifies the maximum TTL for the leases associated with this role.
    mount string
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
    namespace string
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    roleName string
    Name of the role.
    rollbackLdif string
    A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    usernameTemplate string
    A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.
    creation_ldif str
    A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
    default_ttl int
    Specifies the TTL for the leases associated with this role.
    deletion_ldif str
    A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    max_ttl int
    Specifies the maximum TTL for the leases associated with this role.
    mount str
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
    namespace str
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    role_name str
    Name of the role.
    rollback_ldif str
    A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    username_template str
    A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.
    creationLdif String
    A templatized LDIF string used to create a user account. This may contain multiple LDIF entries. The creation_ldif can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing the creation_ldif it will stop at the first error and not execute any remaining LDIF entries. If an error occurs and rollback_ldif is specified, the LDIF entries in rollback_ldif will be executed. See rollback_ldif for more details. This field may optionally be provided as a base64 encoded string.
    defaultTtl Number
    Specifies the TTL for the leases associated with this role.
    deletionLdif String
    A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the deletion_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    maxTtl Number
    Specifies the maximum TTL for the leases associated with this role.
    mount String
    The unique path this backend should be mounted at. Must not begin or end with a /. Defaults to ldap.
    namespace String
    The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.
    roleName String
    Name of the role.
    rollbackLdif String
    A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in the rollback_ldif it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string.
    usernameTemplate String
    A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.

    Import

    LDAP secret backend dynamic role can be imported using the full path to the role of the form: <mount_path>/dynamic-role/<role_name> e.g.

    $ pulumi import vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole role ldap/role/dynamic-role
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Vault pulumi/pulumi-vault
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the vault Terraform Provider.
    vault logo
    HashiCorp Vault v6.4.0 published on Wednesday, Nov 20, 2024 by Pulumi