com.pulumi.vault.ad.kotlin.SecretBackendArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-vault-kotlin Show documentation
Show all versions of pulumi-vault-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.vault.ad.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.vault.ad.SecretBackendArgs.builder
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.jvm.JvmName
/**
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as vault from "@pulumi/vault";
* const config = new vault.ad.SecretBackend("config", {
* backend: "ad",
* binddn: "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
* bindpass: "SuperSecretPassw0rd",
* url: "ldaps://ad",
* insecureTls: true,
* userdn: "CN=Users,DC=corp,DC=example,DC=net",
* });
* ```
* ```python
* import pulumi
* import pulumi_vault as vault
* config = vault.ad.SecretBackend("config",
* backend="ad",
* binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
* bindpass="SuperSecretPassw0rd",
* url="ldaps://ad",
* insecure_tls=True,
* userdn="CN=Users,DC=corp,DC=example,DC=net")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Vault = Pulumi.Vault;
* return await Deployment.RunAsync(() =>
* {
* var config = new Vault.AD.SecretBackend("config", new()
* {
* Backend = "ad",
* Binddn = "CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
* Bindpass = "SuperSecretPassw0rd",
* Url = "ldaps://ad",
* InsecureTls = true,
* Userdn = "CN=Users,DC=corp,DC=example,DC=net",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-vault/sdk/v6/go/vault/ad"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := ad.NewSecretBackend(ctx, "config", &ad.SecretBackendArgs{
* Backend: pulumi.String("ad"),
* Binddn: pulumi.String("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net"),
* Bindpass: pulumi.String("SuperSecretPassw0rd"),
* Url: pulumi.String("ldaps://ad"),
* InsecureTls: pulumi.Bool(true),
* Userdn: pulumi.String("CN=Users,DC=corp,DC=example,DC=net"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.vault.ad.SecretBackend;
* import com.pulumi.vault.ad.SecretBackendArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var config = new SecretBackend("config", SecretBackendArgs.builder()
* .backend("ad")
* .binddn("CN=Administrator,CN=Users,DC=corp,DC=example,DC=net")
* .bindpass("SuperSecretPassw0rd")
* .url("ldaps://ad")
* .insecureTls("true")
* .userdn("CN=Users,DC=corp,DC=example,DC=net")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* config:
* type: vault:ad:SecretBackend
* properties:
* backend: ad
* binddn: CN=Administrator,CN=Users,DC=corp,DC=example,DC=net
* bindpass: SuperSecretPassw0rd
* url: ldaps://ad
* insecureTls: 'true'
* userdn: CN=Users,DC=corp,DC=example,DC=net
* ```
*
* ## Import
* AD secret backend can be imported using the `backend`, e.g.
* ```sh
* $ pulumi import vault:ad/secretBackend:SecretBackend ad ad
* ```
* @property anonymousGroupSearch Use anonymous binds when performing LDAP group searches
* (if true the initial credentials will still be used for the initial connection test).
* @property backend The unique path this backend should be mounted at. Must
* not begin or end with a `/`. Defaults to `ad`.
* @property binddn Distinguished name of object to bind when performing user and group search.
* @property bindpass Password to use along with binddn when performing user search.
* @property caseSensitiveNames If set, user and group names assigned to policies within the
* backend will be case sensitive. Otherwise, names will be normalized to lower case.
* @property certificate CA certificate to use when verifying LDAP server certificate, must be
* x509 PEM encoded.
* @property clientTlsCert Client certificate to provide to the LDAP server, must be x509 PEM encoded.
* @property clientTlsKey Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
* @property defaultLeaseTtlSeconds Default lease duration for secrets in seconds.
* @property denyNullBind Denies an unauthenticated LDAP bind request if the user's password is empty;
* defaults to true.
* @property description Human-friendly description of the mount for the Active Directory backend.
* @property disableRemount If set, opts out of mount migration on path updates.
* See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
* @property discoverdn Use anonymous bind to discover the bind Distinguished Name of a user.
* @property groupattr LDAP attribute to follow on objects returned by in order to enumerate
* user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
* @property groupdn LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
* @property groupfilter Go template for querying group membership of user (optional) The template can access
* the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
* @property insecureTls Skip LDAP server SSL Certificate verification. This is not recommended for production.
* Defaults to `false`.
* @property lastRotationTolerance The number of seconds after a Vault rotation where, if Active Directory
* shows a later rotation, it should be considered out-of-band
* @property local Mark the secrets engine as local-only. Local engines are not replicated or removed by
* replication.Tolerance duration to use when checking the last rotation time.
* @property maxLeaseTtlSeconds Maximum possible lease duration for secrets in seconds.
* @property maxTtl In seconds, the maximum password time-to-live.
* @property namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
* @property passwordPolicy Name of the password policy to use to generate passwords.
* @property requestTimeout Timeout, in seconds, for the connection when making requests against the server
* before returning back an error.
* @property starttls Issue a StartTLS command after establishing unencrypted connection.
* @property tlsMaxVersion Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
* `tls12` or `tls13`. Defaults to `tls12`.
* @property tlsMinVersion Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
* `tls12` or `tls13`. Defaults to `tls12`.
* @property ttl In seconds, the default password time-to-live.
* @property upndomain Enables userPrincipalDomain login with [username]@UPNDomain.
* @property url LDAP URL to connect to. Multiple URLs can be specified by concatenating
* them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
* @property usePre111GroupCnBehavior In Vault 1.1.1 a fix for handling group CN values of
* different cases unfortunately introduced a regression that could cause previously defined groups
* to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
* matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
* compatibility. It is enabled by default if the config is upgraded but disabled by default on
* new configurations.
* @property useTokenGroups If true, use the Active Directory tokenGroups constructed attribute of the
* user to find the group memberships. This will find all security groups including nested ones.
* @property userattr Attribute used when searching users. Defaults to `cn`.
* @property userdn LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
*/
public data class SecretBackendArgs(
public val anonymousGroupSearch: Output? = null,
public val backend: Output? = null,
public val binddn: Output? = null,
public val bindpass: Output? = null,
public val caseSensitiveNames: Output? = null,
public val certificate: Output? = null,
public val clientTlsCert: Output? = null,
public val clientTlsKey: Output? = null,
public val defaultLeaseTtlSeconds: Output? = null,
public val denyNullBind: Output? = null,
public val description: Output? = null,
public val disableRemount: Output? = null,
public val discoverdn: Output? = null,
public val groupattr: Output? = null,
public val groupdn: Output? = null,
public val groupfilter: Output? = null,
public val insecureTls: Output? = null,
public val lastRotationTolerance: Output? = null,
public val local: Output? = null,
public val maxLeaseTtlSeconds: Output? = null,
public val maxTtl: Output? = null,
public val namespace: Output? = null,
public val passwordPolicy: Output? = null,
public val requestTimeout: Output? = null,
public val starttls: Output? = null,
public val tlsMaxVersion: Output? = null,
public val tlsMinVersion: Output? = null,
public val ttl: Output? = null,
public val upndomain: Output? = null,
public val url: Output? = null,
public val usePre111GroupCnBehavior: Output? = null,
public val useTokenGroups: Output? = null,
public val userattr: Output? = null,
public val userdn: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.vault.ad.SecretBackendArgs =
com.pulumi.vault.ad.SecretBackendArgs.builder()
.anonymousGroupSearch(anonymousGroupSearch?.applyValue({ args0 -> args0 }))
.backend(backend?.applyValue({ args0 -> args0 }))
.binddn(binddn?.applyValue({ args0 -> args0 }))
.bindpass(bindpass?.applyValue({ args0 -> args0 }))
.caseSensitiveNames(caseSensitiveNames?.applyValue({ args0 -> args0 }))
.certificate(certificate?.applyValue({ args0 -> args0 }))
.clientTlsCert(clientTlsCert?.applyValue({ args0 -> args0 }))
.clientTlsKey(clientTlsKey?.applyValue({ args0 -> args0 }))
.defaultLeaseTtlSeconds(defaultLeaseTtlSeconds?.applyValue({ args0 -> args0 }))
.denyNullBind(denyNullBind?.applyValue({ args0 -> args0 }))
.description(description?.applyValue({ args0 -> args0 }))
.disableRemount(disableRemount?.applyValue({ args0 -> args0 }))
.discoverdn(discoverdn?.applyValue({ args0 -> args0 }))
.groupattr(groupattr?.applyValue({ args0 -> args0 }))
.groupdn(groupdn?.applyValue({ args0 -> args0 }))
.groupfilter(groupfilter?.applyValue({ args0 -> args0 }))
.insecureTls(insecureTls?.applyValue({ args0 -> args0 }))
.lastRotationTolerance(lastRotationTolerance?.applyValue({ args0 -> args0 }))
.local(local?.applyValue({ args0 -> args0 }))
.maxLeaseTtlSeconds(maxLeaseTtlSeconds?.applyValue({ args0 -> args0 }))
.maxTtl(maxTtl?.applyValue({ args0 -> args0 }))
.namespace(namespace?.applyValue({ args0 -> args0 }))
.passwordPolicy(passwordPolicy?.applyValue({ args0 -> args0 }))
.requestTimeout(requestTimeout?.applyValue({ args0 -> args0 }))
.starttls(starttls?.applyValue({ args0 -> args0 }))
.tlsMaxVersion(tlsMaxVersion?.applyValue({ args0 -> args0 }))
.tlsMinVersion(tlsMinVersion?.applyValue({ args0 -> args0 }))
.ttl(ttl?.applyValue({ args0 -> args0 }))
.upndomain(upndomain?.applyValue({ args0 -> args0 }))
.url(url?.applyValue({ args0 -> args0 }))
.usePre111GroupCnBehavior(usePre111GroupCnBehavior?.applyValue({ args0 -> args0 }))
.useTokenGroups(useTokenGroups?.applyValue({ args0 -> args0 }))
.userattr(userattr?.applyValue({ args0 -> args0 }))
.userdn(userdn?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [SecretBackendArgs].
*/
@PulumiTagMarker
public class SecretBackendArgsBuilder internal constructor() {
private var anonymousGroupSearch: Output? = null
private var backend: Output? = null
private var binddn: Output? = null
private var bindpass: Output? = null
private var caseSensitiveNames: Output? = null
private var certificate: Output? = null
private var clientTlsCert: Output? = null
private var clientTlsKey: Output? = null
private var defaultLeaseTtlSeconds: Output? = null
private var denyNullBind: Output? = null
private var description: Output? = null
private var disableRemount: Output? = null
private var discoverdn: Output? = null
private var groupattr: Output? = null
private var groupdn: Output? = null
private var groupfilter: Output? = null
private var insecureTls: Output? = null
private var lastRotationTolerance: Output? = null
private var local: Output? = null
private var maxLeaseTtlSeconds: Output? = null
private var maxTtl: Output? = null
private var namespace: Output? = null
private var passwordPolicy: Output? = null
private var requestTimeout: Output? = null
private var starttls: Output? = null
private var tlsMaxVersion: Output? = null
private var tlsMinVersion: Output? = null
private var ttl: Output? = null
private var upndomain: Output? = null
private var url: Output? = null
private var usePre111GroupCnBehavior: Output? = null
private var useTokenGroups: Output? = null
private var userattr: Output? = null
private var userdn: Output? = null
/**
* @param value Use anonymous binds when performing LDAP group searches
* (if true the initial credentials will still be used for the initial connection test).
*/
@JvmName("xwaldpjmnorrguho")
public suspend fun anonymousGroupSearch(`value`: Output) {
this.anonymousGroupSearch = value
}
/**
* @param value The unique path this backend should be mounted at. Must
* not begin or end with a `/`. Defaults to `ad`.
*/
@JvmName("pfnfxwjdiocsloes")
public suspend fun backend(`value`: Output) {
this.backend = value
}
/**
* @param value Distinguished name of object to bind when performing user and group search.
*/
@JvmName("hlkfiycgprdpwncs")
public suspend fun binddn(`value`: Output) {
this.binddn = value
}
/**
* @param value Password to use along with binddn when performing user search.
*/
@JvmName("ahuqqbyyxerlvoha")
public suspend fun bindpass(`value`: Output) {
this.bindpass = value
}
/**
* @param value If set, user and group names assigned to policies within the
* backend will be case sensitive. Otherwise, names will be normalized to lower case.
*/
@JvmName("rjxciquxoijsimma")
public suspend fun caseSensitiveNames(`value`: Output) {
this.caseSensitiveNames = value
}
/**
* @param value CA certificate to use when verifying LDAP server certificate, must be
* x509 PEM encoded.
*/
@JvmName("darjpjhqyjbyjnuc")
public suspend fun certificate(`value`: Output) {
this.certificate = value
}
/**
* @param value Client certificate to provide to the LDAP server, must be x509 PEM encoded.
*/
@JvmName("ftfafocxkainnjac")
public suspend fun clientTlsCert(`value`: Output) {
this.clientTlsCert = value
}
/**
* @param value Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
*/
@JvmName("vqsavspqyraitsxn")
public suspend fun clientTlsKey(`value`: Output) {
this.clientTlsKey = value
}
/**
* @param value Default lease duration for secrets in seconds.
*/
@JvmName("fcrhddewnbcumkpg")
public suspend fun defaultLeaseTtlSeconds(`value`: Output) {
this.defaultLeaseTtlSeconds = value
}
/**
* @param value Denies an unauthenticated LDAP bind request if the user's password is empty;
* defaults to true.
*/
@JvmName("hlkccmeeikfrbijv")
public suspend fun denyNullBind(`value`: Output) {
this.denyNullBind = value
}
/**
* @param value Human-friendly description of the mount for the Active Directory backend.
*/
@JvmName("rcymwckjrxvsilmd")
public suspend fun description(`value`: Output) {
this.description = value
}
/**
* @param value If set, opts out of mount migration on path updates.
* See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
*/
@JvmName("obgjtwnodjtsfplt")
public suspend fun disableRemount(`value`: Output) {
this.disableRemount = value
}
/**
* @param value Use anonymous bind to discover the bind Distinguished Name of a user.
*/
@JvmName("oucfccjoiefuejfl")
public suspend fun discoverdn(`value`: Output) {
this.discoverdn = value
}
/**
* @param value LDAP attribute to follow on objects returned by in order to enumerate
* user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
*/
@JvmName("sjmfrnlamukurbej")
public suspend fun groupattr(`value`: Output) {
this.groupattr = value
}
/**
* @param value LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
*/
@JvmName("agwmedbdotvcnyxl")
public suspend fun groupdn(`value`: Output) {
this.groupdn = value
}
/**
* @param value Go template for querying group membership of user (optional) The template can access
* the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
*/
@JvmName("kpkxmlujddxvuaim")
public suspend fun groupfilter(`value`: Output) {
this.groupfilter = value
}
/**
* @param value Skip LDAP server SSL Certificate verification. This is not recommended for production.
* Defaults to `false`.
*/
@JvmName("qpplegrdyftchnkw")
public suspend fun insecureTls(`value`: Output) {
this.insecureTls = value
}
/**
* @param value The number of seconds after a Vault rotation where, if Active Directory
* shows a later rotation, it should be considered out-of-band
*/
@JvmName("lxvogrokmwpdcqpv")
public suspend fun lastRotationTolerance(`value`: Output) {
this.lastRotationTolerance = value
}
/**
* @param value Mark the secrets engine as local-only. Local engines are not replicated or removed by
* replication.Tolerance duration to use when checking the last rotation time.
*/
@JvmName("gktlmkbwrdjsjlkx")
public suspend fun local(`value`: Output) {
this.local = value
}
/**
* @param value Maximum possible lease duration for secrets in seconds.
*/
@JvmName("uvludnseqshxycvf")
public suspend fun maxLeaseTtlSeconds(`value`: Output) {
this.maxLeaseTtlSeconds = value
}
/**
* @param value In seconds, the maximum password time-to-live.
*/
@JvmName("trhkigsyxeuuybea")
public suspend fun maxTtl(`value`: Output) {
this.maxTtl = value
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("xetptdeblfadldqf")
public suspend fun namespace(`value`: Output) {
this.namespace = value
}
/**
* @param value Name of the password policy to use to generate passwords.
*/
@JvmName("jejymfkycgrtqvnu")
public suspend fun passwordPolicy(`value`: Output) {
this.passwordPolicy = value
}
/**
* @param value Timeout, in seconds, for the connection when making requests against the server
* before returning back an error.
*/
@JvmName("fedjpbshbybxhmny")
public suspend fun requestTimeout(`value`: Output) {
this.requestTimeout = value
}
/**
* @param value Issue a StartTLS command after establishing unencrypted connection.
*/
@JvmName("nhmbhakwviawvjbr")
public suspend fun starttls(`value`: Output) {
this.starttls = value
}
/**
* @param value Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
* `tls12` or `tls13`. Defaults to `tls12`.
*/
@JvmName("skmxuomtedtdxmja")
public suspend fun tlsMaxVersion(`value`: Output) {
this.tlsMaxVersion = value
}
/**
* @param value Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
* `tls12` or `tls13`. Defaults to `tls12`.
*/
@JvmName("ympkqvmfjneqsefb")
public suspend fun tlsMinVersion(`value`: Output) {
this.tlsMinVersion = value
}
/**
* @param value In seconds, the default password time-to-live.
*/
@JvmName("jksacnnmcowdudge")
public suspend fun ttl(`value`: Output) {
this.ttl = value
}
/**
* @param value Enables userPrincipalDomain login with [username]@UPNDomain.
*/
@JvmName("pegqxqhjybogroon")
public suspend fun upndomain(`value`: Output) {
this.upndomain = value
}
/**
* @param value LDAP URL to connect to. Multiple URLs can be specified by concatenating
* them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
*/
@JvmName("ssvmkdpnmbrwpgcn")
public suspend fun url(`value`: Output) {
this.url = value
}
/**
* @param value In Vault 1.1.1 a fix for handling group CN values of
* different cases unfortunately introduced a regression that could cause previously defined groups
* to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
* matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
* compatibility. It is enabled by default if the config is upgraded but disabled by default on
* new configurations.
*/
@JvmName("wuhalkbxfwfjercq")
public suspend fun usePre111GroupCnBehavior(`value`: Output) {
this.usePre111GroupCnBehavior = value
}
/**
* @param value If true, use the Active Directory tokenGroups constructed attribute of the
* user to find the group memberships. This will find all security groups including nested ones.
*/
@JvmName("fwwxngtfmqyeumuc")
public suspend fun useTokenGroups(`value`: Output) {
this.useTokenGroups = value
}
/**
* @param value Attribute used when searching users. Defaults to `cn`.
*/
@JvmName("akxbygpcygwmlonn")
public suspend fun userattr(`value`: Output) {
this.userattr = value
}
/**
* @param value LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
*/
@JvmName("jfltqsqcoulsefnd")
public suspend fun userdn(`value`: Output) {
this.userdn = value
}
/**
* @param value Use anonymous binds when performing LDAP group searches
* (if true the initial credentials will still be used for the initial connection test).
*/
@JvmName("rwselekkmmxqinmj")
public suspend fun anonymousGroupSearch(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.anonymousGroupSearch = mapped
}
/**
* @param value The unique path this backend should be mounted at. Must
* not begin or end with a `/`. Defaults to `ad`.
*/
@JvmName("jwyrmjlnvnsgqpvr")
public suspend fun backend(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.backend = mapped
}
/**
* @param value Distinguished name of object to bind when performing user and group search.
*/
@JvmName("gjrcbgpcpccxtply")
public suspend fun binddn(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.binddn = mapped
}
/**
* @param value Password to use along with binddn when performing user search.
*/
@JvmName("drgwxycicfonuumr")
public suspend fun bindpass(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.bindpass = mapped
}
/**
* @param value If set, user and group names assigned to policies within the
* backend will be case sensitive. Otherwise, names will be normalized to lower case.
*/
@JvmName("iixbtlegrfgyreij")
public suspend fun caseSensitiveNames(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.caseSensitiveNames = mapped
}
/**
* @param value CA certificate to use when verifying LDAP server certificate, must be
* x509 PEM encoded.
*/
@JvmName("lxtehnnlytwkeake")
public suspend fun certificate(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.certificate = mapped
}
/**
* @param value Client certificate to provide to the LDAP server, must be x509 PEM encoded.
*/
@JvmName("whhirkcnlbokoicw")
public suspend fun clientTlsCert(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.clientTlsCert = mapped
}
/**
* @param value Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
*/
@JvmName("dbrwtqmfrmhkoxni")
public suspend fun clientTlsKey(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.clientTlsKey = mapped
}
/**
* @param value Default lease duration for secrets in seconds.
*/
@JvmName("mabnfqtfgljqdddv")
public suspend fun defaultLeaseTtlSeconds(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.defaultLeaseTtlSeconds = mapped
}
/**
* @param value Denies an unauthenticated LDAP bind request if the user's password is empty;
* defaults to true.
*/
@JvmName("fneprwsjcmwjtaew")
public suspend fun denyNullBind(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.denyNullBind = mapped
}
/**
* @param value Human-friendly description of the mount for the Active Directory backend.
*/
@JvmName("uedjwjbattixvdwh")
public suspend fun description(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.description = mapped
}
/**
* @param value If set, opts out of mount migration on path updates.
* See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
*/
@JvmName("qvefmpduhxqgqwyb")
public suspend fun disableRemount(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.disableRemount = mapped
}
/**
* @param value Use anonymous bind to discover the bind Distinguished Name of a user.
*/
@JvmName("dpodeieggmqajvdv")
public suspend fun discoverdn(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.discoverdn = mapped
}
/**
* @param value LDAP attribute to follow on objects returned by in order to enumerate
* user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
*/
@JvmName("ilnywukydaqdxqga")
public suspend fun groupattr(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.groupattr = mapped
}
/**
* @param value LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
*/
@JvmName("uxoatnxclpvlxtvp")
public suspend fun groupdn(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.groupdn = mapped
}
/**
* @param value Go template for querying group membership of user (optional) The template can access
* the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
*/
@JvmName("rptpbohxrpfdecwx")
public suspend fun groupfilter(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.groupfilter = mapped
}
/**
* @param value Skip LDAP server SSL Certificate verification. This is not recommended for production.
* Defaults to `false`.
*/
@JvmName("klrthggtqiybbhed")
public suspend fun insecureTls(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.insecureTls = mapped
}
/**
* @param value The number of seconds after a Vault rotation where, if Active Directory
* shows a later rotation, it should be considered out-of-band
*/
@JvmName("dhjkvvasrnfidgpv")
public suspend fun lastRotationTolerance(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.lastRotationTolerance = mapped
}
/**
* @param value Mark the secrets engine as local-only. Local engines are not replicated or removed by
* replication.Tolerance duration to use when checking the last rotation time.
*/
@JvmName("rlxtjjodsylrtera")
public suspend fun local(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.local = mapped
}
/**
* @param value Maximum possible lease duration for secrets in seconds.
*/
@JvmName("fabseoprbsrheksu")
public suspend fun maxLeaseTtlSeconds(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.maxLeaseTtlSeconds = mapped
}
/**
* @param value In seconds, the maximum password time-to-live.
*/
@JvmName("bdnqlpvlkhwhqrju")
public suspend fun maxTtl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.maxTtl = mapped
}
/**
* @param value The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*/
@JvmName("qvahlcwjfplqqnho")
public suspend fun namespace(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.namespace = mapped
}
/**
* @param value Name of the password policy to use to generate passwords.
*/
@JvmName("pwhescbmaarnrlrg")
public suspend fun passwordPolicy(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.passwordPolicy = mapped
}
/**
* @param value Timeout, in seconds, for the connection when making requests against the server
* before returning back an error.
*/
@JvmName("cdnumilihycamvfn")
public suspend fun requestTimeout(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.requestTimeout = mapped
}
/**
* @param value Issue a StartTLS command after establishing unencrypted connection.
*/
@JvmName("quvnlnlggkihpurx")
public suspend fun starttls(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.starttls = mapped
}
/**
* @param value Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
* `tls12` or `tls13`. Defaults to `tls12`.
*/
@JvmName("injlvpcmmxdffebr")
public suspend fun tlsMaxVersion(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tlsMaxVersion = mapped
}
/**
* @param value Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
* `tls12` or `tls13`. Defaults to `tls12`.
*/
@JvmName("nkxitipjmscifecm")
public suspend fun tlsMinVersion(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tlsMinVersion = mapped
}
/**
* @param value In seconds, the default password time-to-live.
*/
@JvmName("ckqrcnbmdmmgqygl")
public suspend fun ttl(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.ttl = mapped
}
/**
* @param value Enables userPrincipalDomain login with [username]@UPNDomain.
*/
@JvmName("jlqyhgolsucecplb")
public suspend fun upndomain(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.upndomain = mapped
}
/**
* @param value LDAP URL to connect to. Multiple URLs can be specified by concatenating
* them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
*/
@JvmName("waeuwmbxtgiqnujg")
public suspend fun url(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.url = mapped
}
/**
* @param value In Vault 1.1.1 a fix for handling group CN values of
* different cases unfortunately introduced a regression that could cause previously defined groups
* to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
* matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
* compatibility. It is enabled by default if the config is upgraded but disabled by default on
* new configurations.
*/
@JvmName("qtomqqoperxfcmru")
public suspend fun usePre111GroupCnBehavior(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.usePre111GroupCnBehavior = mapped
}
/**
* @param value If true, use the Active Directory tokenGroups constructed attribute of the
* user to find the group memberships. This will find all security groups including nested ones.
*/
@JvmName("ecvxvfqlfyxefjjd")
public suspend fun useTokenGroups(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.useTokenGroups = mapped
}
/**
* @param value Attribute used when searching users. Defaults to `cn`.
*/
@JvmName("hfaysqioltcecloc")
public suspend fun userattr(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.userattr = mapped
}
/**
* @param value LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
*/
@JvmName("brlwujrrhyaysfsn")
public suspend fun userdn(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.userdn = mapped
}
internal fun build(): SecretBackendArgs = SecretBackendArgs(
anonymousGroupSearch = anonymousGroupSearch,
backend = backend,
binddn = binddn,
bindpass = bindpass,
caseSensitiveNames = caseSensitiveNames,
certificate = certificate,
clientTlsCert = clientTlsCert,
clientTlsKey = clientTlsKey,
defaultLeaseTtlSeconds = defaultLeaseTtlSeconds,
denyNullBind = denyNullBind,
description = description,
disableRemount = disableRemount,
discoverdn = discoverdn,
groupattr = groupattr,
groupdn = groupdn,
groupfilter = groupfilter,
insecureTls = insecureTls,
lastRotationTolerance = lastRotationTolerance,
local = local,
maxLeaseTtlSeconds = maxLeaseTtlSeconds,
maxTtl = maxTtl,
namespace = namespace,
passwordPolicy = passwordPolicy,
requestTimeout = requestTimeout,
starttls = starttls,
tlsMaxVersion = tlsMaxVersion,
tlsMinVersion = tlsMinVersion,
ttl = ttl,
upndomain = upndomain,
url = url,
usePre111GroupCnBehavior = usePre111GroupCnBehavior,
useTokenGroups = useTokenGroups,
userattr = userattr,
userdn = userdn,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy