forked from hashicorp/terraform-provider-boundary
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feature: add LDAP auth-method, accounts and managed groups support (h…
…ashicorp#325) * chore: point to boundary ldap bits * refactor (test): common auth method test funcs * chore (deps): add gldap for test ldap directory * feature: add LDAP auth-method, accounts and managed groups support
- Loading branch information
1 parent
dd47e7d
commit 55dd80e
Showing
16 changed files
with
1,994 additions
and
184 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "boundary_account_ldap Resource - terraform-provider-boundary" | ||
| subcategory: "" | ||
| description: |- | ||
| The account resource allows you to configure a Boundary account. | ||
| --- | ||
|
|
||
| # boundary_account_ldap (Resource) | ||
|
|
||
| The account resource allows you to configure a Boundary account. | ||
|
|
||
|
|
||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `auth_method_id` (String) The resource ID for the auth method. | ||
| - `type` (String) The resource type. | ||
|
|
||
| ### Optional | ||
|
|
||
| - `description` (String) The account description. | ||
| - `login_name` (String) The login name for this account. | ||
| - `name` (String) The account name. Defaults to the resource name. | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The ID of the account. | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "boundary_auth_method_ldap Resource - terraform-provider-boundary" | ||
| subcategory: "" | ||
| description: |- | ||
| The LDAP auth method resource allows you to configure a Boundary authmethodldap. | ||
| --- | ||
|
|
||
| # boundary_auth_method_ldap (Resource) | ||
|
|
||
| The LDAP auth method resource allows you to configure a Boundary auth_method_ldap. | ||
|
|
||
|
|
||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `scope_id` (String) The scope ID. | ||
|
|
||
| ### Optional | ||
|
|
||
| - `account_attribute_maps` (List of String) Account attribute maps fullname and email. | ||
| - `anon_group_search` (Boolean) Use anon bind when performing LDAP group searches (optional). | ||
| - `bind_dn` (String) The distinguished name of entry to bind when performing user and group searches (optional). | ||
| - `bind_password` (String) The password to use along with bind-dn performing user and group searches (optional). | ||
| - `bind_password_hmac` (String) The HMAC of the bind password returned by the Boundary controller, which is used for comparison after initial setting of the value. | ||
| - `certificates` (List of String) PEM-encoded X.509 CA certificate in ASN.1 DER form that can be used as a trust anchor when connecting to an LDAP server(optional). This may be specified multiple times | ||
| - `client_certificate` (String) PEM-encoded X.509 client certificate in ASN.1 DER form that can be used to authenticate against an LDAP server(optional). | ||
| - `client_certificate_key` (String) PEM-encoded X.509 client certificate key in PKCS #8, ASN.1 DER form used with the client certificate (optional). | ||
| - `client_certificate_key_hmac` (String) The HMAC of the client certificate key returned by the Boundary controller, which is used for comparison after initial setting of the value. | ||
| - `description` (String) The auth method description. | ||
| - `discover_dn` (Boolean) Use anon bind to discover the bind DN of a user (optional). | ||
| - `enable_groups` (Boolean) Find the authenticated user's groups during authentication (optional). | ||
| - `group_attr` (String) The attribute that enumerates a user's group membership from entries returned by a group search (optional). | ||
| - `group_dn` (String) The base DN under which to perform group search. | ||
| - `group_filter` (String) A go template used to construct a LDAP group search filter (optional). | ||
| - `insecure_tls` (Boolean) Skip the LDAP server SSL certificate validation (optional) - insecure and use with caution. | ||
| - `is_primary_for_scope` (Boolean) When true, makes this auth method the primary auth method for the scope in which it resides. The primary auth method for a scope means the the user will be automatically created when they login using an LDAP account. | ||
| - `name` (String) The auth method name. Defaults to the resource name. | ||
| - `start_tls` (Boolean) Issue StartTLS command after connecting (optional). | ||
| - `state` (String) Can be one of 'inactive', 'active-private', or 'active-public'. Defaults to active-public. | ||
| - `type` (String) The type of auth method; hardcoded. | ||
| - `upn_domain` (String) The userPrincipalDomain used to construct the UPN string for the authenticating user (optional). | ||
| - `urls` (List of String) The LDAP URLs that specify LDAP servers to connect to (required). May be specified multiple times. | ||
| - `use_token_groups` (Boolean) Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships (optional). | ||
| - `user_attr` (String) The attribute on user entry matching the username passed when authenticating (optional). | ||
| - `user_dn` (String) The base DN under which to perform user search (optional). | ||
| - `user_filter` (String) A go template used to construct a LDAP user search filter (optional). | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The ID of the auth method. | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "boundary_managed_group_ldap Resource - terraform-provider-boundary" | ||
| subcategory: "" | ||
| description: |- | ||
| The managed group resource allows you to configure a Boundary group. | ||
| --- | ||
|
|
||
| # boundary_managed_group_ldap (Resource) | ||
|
|
||
| The managed group resource allows you to configure a Boundary group. | ||
|
|
||
|
|
||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `auth_method_id` (String) The resource ID for the auth method. | ||
| - `group_names` (List of String) The list of groups that make up the managed group. | ||
|
|
||
| ### Optional | ||
|
|
||
| - `description` (String) The managed group description. | ||
| - `name` (String) The managed group name. Defaults to the resource name. | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The ID of the group. | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.