vault.ldap.SecretBackendDynamicRole
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const config = new vault.ldap.SecretBackend("config", {
path: "my-custom-ldap",
binddn: "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
bindpass: "SuperSecretPassw0rd",
url: "ldaps://localhost",
userdn: "CN=Users,DC=corp,DC=example,DC=net",
});
const role = new vault.ldap.SecretBackendDynamicRole("role", {
mount: config.path,
roleName: "alice",
creationLdif: `dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
`,
deletionLdif: `dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
`,
});
import pulumi
import pulumi_vault as vault
config = vault.ldap.SecretBackend("config",
path="my-custom-ldap",
binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
bindpass="SuperSecretPassw0rd",
url="ldaps://localhost",
userdn="CN=Users,DC=corp,DC=example,DC=net")
role = vault.ldap.SecretBackendDynamicRole("role",
mount=config.path,
role_name="alice",
creation_ldif="""dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
""",
deletion_ldif="""dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
""")
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
config, err := ldap.NewSecretBackend(ctx, "config", &ldap.SecretBackendArgs{
Path: pulumi.String("my-custom-ldap"),
Binddn: pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
Bindpass: pulumi.String("SuperSecretPassw0rd"),
Url: pulumi.String("ldaps://localhost"),
Userdn: pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
})
if err != nil {
return err
}
_, err = ldap.NewSecretBackendDynamicRole(ctx, "role", &ldap.SecretBackendDynamicRoleArgs{
Mount: config.Path,
RoleName: pulumi.String("alice"),
CreationLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
`),
DeletionLdif: pulumi.String(`dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
`),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var config = new Vault.Ldap.SecretBackend("config", new()
{
Path = "my-custom-ldap",
Binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
Bindpass = "SuperSecretPassw0rd",
Url = "ldaps://localhost",
Userdn = "CN=Users,DC=corp,DC=example,DC=net",
});
var role = new Vault.Ldap.SecretBackendDynamicRole("role", new()
{
Mount = config.Path,
RoleName = "alice",
CreationLdif = @"dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
",
DeletionLdif = @"dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.ldap.SecretBackend;
import com.pulumi.vault.ldap.SecretBackendArgs;
import com.pulumi.vault.ldap.SecretBackendDynamicRole;
import com.pulumi.vault.ldap.SecretBackendDynamicRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var config = new SecretBackend("config", SecretBackendArgs.builder()
.path("my-custom-ldap")
.binddn("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net")
.bindpass("SuperSecretPassw0rd")
.url("ldaps://localhost")
.userdn("CN=Users,DC=corp,DC=example,DC=net")
.build());
var role = new SecretBackendDynamicRole("role", SecretBackendDynamicRoleArgs.builder()
.mount(config.path())
.roleName("alice")
.creationLdif("""
dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
""")
.deletionLdif("""
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
""")
.build());
}
}
resources:
config:
type: vault:ldap:SecretBackend
properties:
path: my-custom-ldap
binddn: CN=Administrator,CN=Users,DC=corp,DC=example,DC=net
bindpass: SuperSecretPassw0rd
url: ldaps://localhost
userdn: CN=Users,DC=corp,DC=example,DC=net
role:
type: vault:ldap:SecretBackendDynamicRole
properties:
mount: ${config.path}
roleName: alice
creationLdif: |
dn: cn={{.Username}},ou=users,dc=learn,dc=example
objectClass: person
objectClass: top
cn: learn
sn: {{.Password | utf16le | base64}}
memberOf: cn=dev,ou=groups,dc=learn,dc=example
userPassword: {{.Password}}
deletionLdif: |
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
rollback_ldif = <<EOT
dn: cn={{.Username}},ou=users,dc=learn,dc=example
changetype: delete
Create SecretBackendDynamicRole Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecretBackendDynamicRole(name: string, args: SecretBackendDynamicRoleArgs, opts?: CustomResourceOptions);
@overload
def SecretBackendDynamicRole(resource_name: str,
args: SecretBackendDynamicRoleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecretBackendDynamicRole(resource_name: str,
opts: Optional[ResourceOptions] = None,
creation_ldif: Optional[str] = None,
deletion_ldif: Optional[str] = None,
role_name: Optional[str] = None,
default_ttl: Optional[int] = None,
max_ttl: Optional[int] = None,
mount: Optional[str] = None,
namespace: Optional[str] = None,
rollback_ldif: Optional[str] = None,
username_template: Optional[str] = None)
func NewSecretBackendDynamicRole(ctx *Context, name string, args SecretBackendDynamicRoleArgs, opts ...ResourceOption) (*SecretBackendDynamicRole, error)
public SecretBackendDynamicRole(string name, SecretBackendDynamicRoleArgs args, CustomResourceOptions? opts = null)
public SecretBackendDynamicRole(String name, SecretBackendDynamicRoleArgs args)
public SecretBackendDynamicRole(String name, SecretBackendDynamicRoleArgs args, CustomResourceOptions options)
type: vault:ldap:SecretBackendDynamicRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecretBackendDynamicRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecretBackendDynamicRoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecretBackendDynamicRoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecretBackendDynamicRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecretBackendDynamicRoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secretBackendDynamicRoleResource = new Vault.Ldap.SecretBackendDynamicRole("secretBackendDynamicRoleResource", new()
{
CreationLdif = "string",
DeletionLdif = "string",
RoleName = "string",
DefaultTtl = 0,
MaxTtl = 0,
Mount = "string",
Namespace = "string",
RollbackLdif = "string",
UsernameTemplate = "string",
});
example, err := ldap.NewSecretBackendDynamicRole(ctx, "secretBackendDynamicRoleResource", &ldap.SecretBackendDynamicRoleArgs{
CreationLdif: pulumi.String("string"),
DeletionLdif: pulumi.String("string"),
RoleName: pulumi.String("string"),
DefaultTtl: pulumi.Int(0),
MaxTtl: pulumi.Int(0),
Mount: pulumi.String("string"),
Namespace: pulumi.String("string"),
RollbackLdif: pulumi.String("string"),
UsernameTemplate: pulumi.String("string"),
})
var secretBackendDynamicRoleResource = new SecretBackendDynamicRole("secretBackendDynamicRoleResource", SecretBackendDynamicRoleArgs.builder()
.creationLdif("string")
.deletionLdif("string")
.roleName("string")
.defaultTtl(0)
.maxTtl(0)
.mount("string")
.namespace("string")
.rollbackLdif("string")
.usernameTemplate("string")
.build());
secret_backend_dynamic_role_resource = vault.ldap.SecretBackendDynamicRole("secretBackendDynamicRoleResource",
creation_ldif="string",
deletion_ldif="string",
role_name="string",
default_ttl=0,
max_ttl=0,
mount="string",
namespace="string",
rollback_ldif="string",
username_template="string")
const secretBackendDynamicRoleResource = new vault.ldap.SecretBackendDynamicRole("secretBackendDynamicRoleResource", {
creationLdif: "string",
deletionLdif: "string",
roleName: "string",
defaultTtl: 0,
maxTtl: 0,
mount: "string",
namespace: "string",
rollbackLdif: "string",
usernameTemplate: "string",
});
type: vault:ldap:SecretBackendDynamicRole
properties:
creationLdif: string
defaultTtl: 0
deletionLdif: string
maxTtl: 0
mount: string
namespace: string
roleName: string
rollbackLdif: string
usernameTemplate: string
SecretBackendDynamicRole Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecretBackendDynamicRole resource accepts the following input properties:
- Creation
Ldif string - A templatized LDIF string used to create a user
account. This may contain multiple LDIF entries. The
creation_ldif
can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing thecreation_ldif
it will stop at the first error and not execute any remaining LDIF entries. If an error occurs androllback_ldif
is specified, the LDIF entries inrollback_ldif
will be executed. Seerollback_ldif
for more details. This field may optionally be provided as a base64 encoded string. - Deletion
Ldif string - A templatized LDIF string used to delete the
user account once its TTL has expired. This may contain multiple LDIF
entries. All LDIF entries are performed in order. If Vault encounters an
error while executing an entry in the
deletion_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - Role
Name string - Name of the role.
- Default
Ttl int - Specifies the TTL for the leases associated with this role.
- Max
Ttl int - Specifies the maximum TTL for the leases associated with this role.
- Mount string
- The unique path this backend should be mounted at. Must
not begin or end with a
/
. Defaults toldap
. - Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Rollback
Ldif string - A templatized LDIF string used to attempt to
rollback any changes in the event that execution of the
creation_ldif
results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in therollback_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - Username
Template string - A template used to generate a dynamic
username. This will be used to fill in the
.Username
field within thecreation_ldif
string.
- Creation
Ldif string - A templatized LDIF string used to create a user
account. This may contain multiple LDIF entries. The
creation_ldif
can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing thecreation_ldif
it will stop at the first error and not execute any remaining LDIF entries. If an error occurs androllback_ldif
is specified, the LDIF entries inrollback_ldif
will be executed. Seerollback_ldif
for more details. This field may optionally be provided as a base64 encoded string. - Deletion
Ldif string - A templatized LDIF string used to delete the
user account once its TTL has expired. This may contain multiple LDIF
entries. All LDIF entries are performed in order. If Vault encounters an
error while executing an entry in the
deletion_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - Role
Name string - Name of the role.
- Default
Ttl int - Specifies the TTL for the leases associated with this role.
- Max
Ttl int - Specifies the maximum TTL for the leases associated with this role.
- Mount string
- The unique path this backend should be mounted at. Must
not begin or end with a
/
. Defaults toldap
. - Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Rollback
Ldif string - A templatized LDIF string used to attempt to
rollback any changes in the event that execution of the
creation_ldif
results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in therollback_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - Username
Template string - A template used to generate a dynamic
username. This will be used to fill in the
.Username
field within thecreation_ldif
string.
- creation
Ldif String - A templatized LDIF string used to create a user
account. This may contain multiple LDIF entries. The
creation_ldif
can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing thecreation_ldif
it will stop at the first error and not execute any remaining LDIF entries. If an error occurs androllback_ldif
is specified, the LDIF entries inrollback_ldif
will be executed. Seerollback_ldif
for more details. This field may optionally be provided as a base64 encoded string. - deletion
Ldif String - A templatized LDIF string used to delete the
user account once its TTL has expired. This may contain multiple LDIF
entries. All LDIF entries are performed in order. If Vault encounters an
error while executing an entry in the
deletion_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - role
Name String - Name of the role.
- default
Ttl Integer - Specifies the TTL for the leases associated with this role.
- max
Ttl Integer - Specifies the maximum TTL for the leases associated with this role.
- mount String
- The unique path this backend should be mounted at. Must
not begin or end with a
/
. Defaults toldap
. - namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - rollback
Ldif String - A templatized LDIF string used to attempt to
rollback any changes in the event that execution of the
creation_ldif
results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in therollback_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - username
Template String - A template used to generate a dynamic
username. This will be used to fill in the
.Username
field within thecreation_ldif
string.
- creation
Ldif string - A templatized LDIF string used to create a user
account. This may contain multiple LDIF entries. The
creation_ldif
can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing thecreation_ldif
it will stop at the first error and not execute any remaining LDIF entries. If an error occurs androllback_ldif
is specified, the LDIF entries inrollback_ldif
will be executed. Seerollback_ldif
for more details. This field may optionally be provided as a base64 encoded string. - deletion
Ldif string - A templatized LDIF string used to delete the
user account once its TTL has expired. This may contain multiple LDIF
entries. All LDIF entries are performed in order. If Vault encounters an
error while executing an entry in the
deletion_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - role
Name string - Name of the role.
- default
Ttl number - Specifies the TTL for the leases associated with this role.
- max
Ttl number - Specifies the maximum TTL for the leases associated with this role.
- mount string
- The unique path this backend should be mounted at. Must
not begin or end with a
/
. Defaults toldap
. - namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - rollback
Ldif string - A templatized LDIF string used to attempt to
rollback any changes in the event that execution of the
creation_ldif
results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in therollback_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - username
Template string - A template used to generate a dynamic
username. This will be used to fill in the
.Username
field within thecreation_ldif
string.
- creation_
ldif str - A templatized LDIF string used to create a user
account. This may contain multiple LDIF entries. The
creation_ldif
can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing thecreation_ldif
it will stop at the first error and not execute any remaining LDIF entries. If an error occurs androllback_ldif
is specified, the LDIF entries inrollback_ldif
will be executed. Seerollback_ldif
for more details. This field may optionally be provided as a base64 encoded string. - deletion_
ldif str - A templatized LDIF string used to delete the
user account once its TTL has expired. This may contain multiple LDIF
entries. All LDIF entries are performed in order. If Vault encounters an
error while executing an entry in the
deletion_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - role_
name str - Name of the role.
- default_
ttl int - Specifies the TTL for the leases associated with this role.
- max_
ttl int - Specifies the maximum TTL for the leases associated with this role.
- mount str
- The unique path this backend should be mounted at. Must
not begin or end with a
/
. Defaults toldap
. - namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - rollback_
ldif str - A templatized LDIF string used to attempt to
rollback any changes in the event that execution of the
creation_ldif
results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in therollback_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - username_
template str - A template used to generate a dynamic
username. This will be used to fill in the
.Username
field within thecreation_ldif
string.
- creation
Ldif String - A templatized LDIF string used to create a user
account. This may contain multiple LDIF entries. The
creation_ldif
can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing thecreation_ldif
it will stop at the first error and not execute any remaining LDIF entries. If an error occurs androllback_ldif
is specified, the LDIF entries inrollback_ldif
will be executed. Seerollback_ldif
for more details. This field may optionally be provided as a base64 encoded string. - deletion
Ldif String - A templatized LDIF string used to delete the
user account once its TTL has expired. This may contain multiple LDIF
entries. All LDIF entries are performed in order. If Vault encounters an
error while executing an entry in the
deletion_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - role
Name String - Name of the role.
- default
Ttl Number - Specifies the TTL for the leases associated with this role.
- max
Ttl Number - Specifies the maximum TTL for the leases associated with this role.
- mount String
- The unique path this backend should be mounted at. Must
not begin or end with a
/
. Defaults toldap
. - namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - rollback
Ldif String - A templatized LDIF string used to attempt to
rollback any changes in the event that execution of the
creation_ldif
results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in therollback_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - username
Template String - A template used to generate a dynamic
username. This will be used to fill in the
.Username
field within thecreation_ldif
string.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecretBackendDynamicRole resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SecretBackendDynamicRole Resource
Get an existing SecretBackendDynamicRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecretBackendDynamicRoleState, opts?: CustomResourceOptions): SecretBackendDynamicRole
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
creation_ldif: Optional[str] = None,
default_ttl: Optional[int] = None,
deletion_ldif: Optional[str] = None,
max_ttl: Optional[int] = None,
mount: Optional[str] = None,
namespace: Optional[str] = None,
role_name: Optional[str] = None,
rollback_ldif: Optional[str] = None,
username_template: Optional[str] = None) -> SecretBackendDynamicRole
func GetSecretBackendDynamicRole(ctx *Context, name string, id IDInput, state *SecretBackendDynamicRoleState, opts ...ResourceOption) (*SecretBackendDynamicRole, error)
public static SecretBackendDynamicRole Get(string name, Input<string> id, SecretBackendDynamicRoleState? state, CustomResourceOptions? opts = null)
public static SecretBackendDynamicRole get(String name, Output<String> id, SecretBackendDynamicRoleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Creation
Ldif string - A templatized LDIF string used to create a user
account. This may contain multiple LDIF entries. The
creation_ldif
can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing thecreation_ldif
it will stop at the first error and not execute any remaining LDIF entries. If an error occurs androllback_ldif
is specified, the LDIF entries inrollback_ldif
will be executed. Seerollback_ldif
for more details. This field may optionally be provided as a base64 encoded string. - Default
Ttl int - Specifies the TTL for the leases associated with this role.
- Deletion
Ldif string - A templatized LDIF string used to delete the
user account once its TTL has expired. This may contain multiple LDIF
entries. All LDIF entries are performed in order. If Vault encounters an
error while executing an entry in the
deletion_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - Max
Ttl int - Specifies the maximum TTL for the leases associated with this role.
- Mount string
- The unique path this backend should be mounted at. Must
not begin or end with a
/
. Defaults toldap
. - Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Role
Name string - Name of the role.
- Rollback
Ldif string - A templatized LDIF string used to attempt to
rollback any changes in the event that execution of the
creation_ldif
results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in therollback_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - Username
Template string - A template used to generate a dynamic
username. This will be used to fill in the
.Username
field within thecreation_ldif
string.
- Creation
Ldif string - A templatized LDIF string used to create a user
account. This may contain multiple LDIF entries. The
creation_ldif
can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing thecreation_ldif
it will stop at the first error and not execute any remaining LDIF entries. If an error occurs androllback_ldif
is specified, the LDIF entries inrollback_ldif
will be executed. Seerollback_ldif
for more details. This field may optionally be provided as a base64 encoded string. - Default
Ttl int - Specifies the TTL for the leases associated with this role.
- Deletion
Ldif string - A templatized LDIF string used to delete the
user account once its TTL has expired. This may contain multiple LDIF
entries. All LDIF entries are performed in order. If Vault encounters an
error while executing an entry in the
deletion_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - Max
Ttl int - Specifies the maximum TTL for the leases associated with this role.
- Mount string
- The unique path this backend should be mounted at. Must
not begin or end with a
/
. Defaults toldap
. - Namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - Role
Name string - Name of the role.
- Rollback
Ldif string - A templatized LDIF string used to attempt to
rollback any changes in the event that execution of the
creation_ldif
results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in therollback_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - Username
Template string - A template used to generate a dynamic
username. This will be used to fill in the
.Username
field within thecreation_ldif
string.
- creation
Ldif String - A templatized LDIF string used to create a user
account. This may contain multiple LDIF entries. The
creation_ldif
can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing thecreation_ldif
it will stop at the first error and not execute any remaining LDIF entries. If an error occurs androllback_ldif
is specified, the LDIF entries inrollback_ldif
will be executed. Seerollback_ldif
for more details. This field may optionally be provided as a base64 encoded string. - default
Ttl Integer - Specifies the TTL for the leases associated with this role.
- deletion
Ldif String - A templatized LDIF string used to delete the
user account once its TTL has expired. This may contain multiple LDIF
entries. All LDIF entries are performed in order. If Vault encounters an
error while executing an entry in the
deletion_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - max
Ttl Integer - Specifies the maximum TTL for the leases associated with this role.
- mount String
- The unique path this backend should be mounted at. Must
not begin or end with a
/
. Defaults toldap
. - namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - role
Name String - Name of the role.
- rollback
Ldif String - A templatized LDIF string used to attempt to
rollback any changes in the event that execution of the
creation_ldif
results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in therollback_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - username
Template String - A template used to generate a dynamic
username. This will be used to fill in the
.Username
field within thecreation_ldif
string.
- creation
Ldif string - A templatized LDIF string used to create a user
account. This may contain multiple LDIF entries. The
creation_ldif
can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing thecreation_ldif
it will stop at the first error and not execute any remaining LDIF entries. If an error occurs androllback_ldif
is specified, the LDIF entries inrollback_ldif
will be executed. Seerollback_ldif
for more details. This field may optionally be provided as a base64 encoded string. - default
Ttl number - Specifies the TTL for the leases associated with this role.
- deletion
Ldif string - A templatized LDIF string used to delete the
user account once its TTL has expired. This may contain multiple LDIF
entries. All LDIF entries are performed in order. If Vault encounters an
error while executing an entry in the
deletion_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - max
Ttl number - Specifies the maximum TTL for the leases associated with this role.
- mount string
- The unique path this backend should be mounted at. Must
not begin or end with a
/
. Defaults toldap
. - namespace string
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - role
Name string - Name of the role.
- rollback
Ldif string - A templatized LDIF string used to attempt to
rollback any changes in the event that execution of the
creation_ldif
results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in therollback_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - username
Template string - A template used to generate a dynamic
username. This will be used to fill in the
.Username
field within thecreation_ldif
string.
- creation_
ldif str - A templatized LDIF string used to create a user
account. This may contain multiple LDIF entries. The
creation_ldif
can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing thecreation_ldif
it will stop at the first error and not execute any remaining LDIF entries. If an error occurs androllback_ldif
is specified, the LDIF entries inrollback_ldif
will be executed. Seerollback_ldif
for more details. This field may optionally be provided as a base64 encoded string. - default_
ttl int - Specifies the TTL for the leases associated with this role.
- deletion_
ldif str - A templatized LDIF string used to delete the
user account once its TTL has expired. This may contain multiple LDIF
entries. All LDIF entries are performed in order. If Vault encounters an
error while executing an entry in the
deletion_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - max_
ttl int - Specifies the maximum TTL for the leases associated with this role.
- mount str
- The unique path this backend should be mounted at. Must
not begin or end with a
/
. Defaults toldap
. - namespace str
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - role_
name str - Name of the role.
- rollback_
ldif str - A templatized LDIF string used to attempt to
rollback any changes in the event that execution of the
creation_ldif
results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in therollback_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - username_
template str - A template used to generate a dynamic
username. This will be used to fill in the
.Username
field within thecreation_ldif
string.
- creation
Ldif String - A templatized LDIF string used to create a user
account. This may contain multiple LDIF entries. The
creation_ldif
can also be used to add the user account to an existing group. All LDIF entries are performed in order. If Vault encounters an error while executing thecreation_ldif
it will stop at the first error and not execute any remaining LDIF entries. If an error occurs androllback_ldif
is specified, the LDIF entries inrollback_ldif
will be executed. Seerollback_ldif
for more details. This field may optionally be provided as a base64 encoded string. - default
Ttl Number - Specifies the TTL for the leases associated with this role.
- deletion
Ldif String - A templatized LDIF string used to delete the
user account once its TTL has expired. This may contain multiple LDIF
entries. All LDIF entries are performed in order. If Vault encounters an
error while executing an entry in the
deletion_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - max
Ttl Number - Specifies the maximum TTL for the leases associated with this role.
- mount String
- The unique path this backend should be mounted at. Must
not begin or end with a
/
. Defaults toldap
. - namespace String
- The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise. - role
Name String - Name of the role.
- rollback
Ldif String - A templatized LDIF string used to attempt to
rollback any changes in the event that execution of the
creation_ldif
results in an error. This may contain multiple LDIF entries. All LDIF entries are performed in order. If Vault encounters an error while executing an entry in therollback_ldif
it will attempt to continue executing any remaining entries. This field may optionally be provided as a base64 encoded string. - username
Template String - A template used to generate a dynamic
username. This will be used to fill in the
.Username
field within thecreation_ldif
string.
Import
LDAP secret backend dynamic role can be imported using the full path to the role
of the form: <mount_path>/dynamic-role/<role_name>
e.g.
$ pulumi import vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole role ldap/role/dynamic-role
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
vault
Terraform Provider.