@muhlba91/pulumi-proxmoxve
Version:
A Pulumi package for creating and managing Proxmox Virtual Environment cloud resources.
257 lines • 10.8 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Ldap = void 0;
const pulumi = __importStar(require("@pulumi/pulumi"));
const utilities = __importStar(require("../utilities"));
/**
* Manages an LDAP authentication realm in Proxmox VE.
*
* LDAP realms allow Proxmox to authenticate users against an LDAP directory service.
*
* ## Privileges Required
*
* | Path | Attribute |
* |-----------------|----------------|
* | /access/domains | Realm.Allocate |
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
*
* const example = new proxmoxve.realm.Ldap("example", {
* realm: "example-ldap",
* server1: "ldap.example.com",
* port: 389,
* baseDn: "ou=people,dc=example,dc=com",
* userAttr: "uid",
* bindDn: "cn=admin,dc=example,dc=com",
* bindPassword: ldapBindPassword,
* mode: "ldap+starttls",
* verify: true,
* groupDn: "ou=groups,dc=example,dc=com",
* groupFilter: "(objectClass=groupOfNames)",
* comment: "Example LDAP realm managed by Terraform",
* });
* ```
*
* ## Notes
*
* ### Password Security
*
* The `bindPassword` is sent to Proxmox and stored securely, but it's never returned by the API. This means:
* - Terraform cannot detect if the password was changed outside of Terraform
* - You must maintain the password in your Terraform configuration or use a variable
* - The password will be marked as sensitive in Terraform state
*
* ### LDAP vs LDAPS
*
* - **LDAP (port 389)**: Unencrypted connection. Not recommended for production.
* - **LDAPS (port 636)**: Encrypted connection using SSL/TLS. Recommended for production.
* - **LDAP+StartTLS**: Upgrades plain LDAP connection to TLS. Alternative to LDAPS.
*
* ### User Synchronization
*
* To trigger synchronization, use the `proxmoxve.realm.Sync` resource.
*
* ### Common Configuration Scenarios
*
* #### Anonymous Binding
* For testing or public LDAP servers, omit `bindDn` and `bindPassword` to use anonymous binding:
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
*
* const anonymous = new proxmoxve.realm.Ldap("anonymous", {
* realm: "public-ldap",
* server1: "ldap.example.com",
* baseDn: "ou=users,dc=example,dc=com",
* userAttr: "uid",
* });
* ```
*
* #### Secure LDAPS with Failover
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
*
* const secure = new proxmoxve.realm.Ldap("secure", {
* realm: "secure-ldap",
* server1: "ldap1.example.com",
* server2: "ldap2.example.com",
* port: 636,
* baseDn: "ou=users,dc=example,dc=com",
* bindDn: "cn=readonly,dc=example,dc=com",
* bindPassword: ldapPassword,
* mode: "ldaps",
* verify: true,
* caPath: "/etc/pve/priv/ca.crt",
* });
* ```
*
* #### With Group Synchronization
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
*
* const withGroups = new proxmoxve.realm.Ldap("with_groups", {
* realm: "corporate-ldap",
* server1: "ldap.corp.example.com",
* baseDn: "ou=users,dc=corp,dc=example,dc=com",
* bindDn: "cn=svc_ldap,ou=services,dc=corp,dc=example,dc=com",
* bindPassword: ldapPassword,
* mode: "ldap+starttls",
* groupDn: "ou=groups,dc=corp,dc=example,dc=com",
* groupFilter: "(objectClass=groupOfNames)",
* groupNameAttr: "cn",
* syncAttributes: "email=mail,firstname=givenName,lastname=sn",
* syncDefaultsOptions: "scope=both,enable-new=1",
* });
* ```
*
* ## See Also
*
* - [Proxmox VE User Management](https://pve.proxmox.com/wiki/User_Management)
* - [Proxmox VE LDAP Authentication](https://pve.proxmox.com/wiki/User_Management#pveum_ldap)
* - [Proxmox API: /access/domains](https://pve.proxmox.com/pve-docs/api-viewer/index.html#/access/domains)
*
* ## Import
*
* !/usr/bin/env sh
* LDAP realms can be imported using the realm identifier, e.g.:
*
* ```sh
* $ pulumi import proxmoxve:realm/ldap:Ldap example example.com
* ```
*
* > When importing, the `bindPassword` attribute cannot be imported since it's not returned by the Proxmox API. You'll need to set this attribute in your Terraform configuration after the import to manage it with Terraform.
*/
class Ldap extends pulumi.CustomResource {
/**
* Get an existing Ldap resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new Ldap(name, state, { ...opts, id: id });
}
/** @internal */
static __pulumiType = 'proxmoxve:realm/ldap:Ldap';
/**
* Returns true if the given object is an instance of Ldap. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === Ldap.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["baseDn"] = state?.baseDn;
resourceInputs["bindDn"] = state?.bindDn;
resourceInputs["bindPassword"] = state?.bindPassword;
resourceInputs["caPath"] = state?.caPath;
resourceInputs["caseSensitive"] = state?.caseSensitive;
resourceInputs["certKeyPath"] = state?.certKeyPath;
resourceInputs["certPath"] = state?.certPath;
resourceInputs["comment"] = state?.comment;
resourceInputs["default"] = state?.default;
resourceInputs["filter"] = state?.filter;
resourceInputs["groupClasses"] = state?.groupClasses;
resourceInputs["groupDn"] = state?.groupDn;
resourceInputs["groupFilter"] = state?.groupFilter;
resourceInputs["groupNameAttr"] = state?.groupNameAttr;
resourceInputs["mode"] = state?.mode;
resourceInputs["port"] = state?.port;
resourceInputs["realm"] = state?.realm;
resourceInputs["secure"] = state?.secure;
resourceInputs["server1"] = state?.server1;
resourceInputs["server2"] = state?.server2;
resourceInputs["sslVersion"] = state?.sslVersion;
resourceInputs["syncAttributes"] = state?.syncAttributes;
resourceInputs["syncDefaultsOptions"] = state?.syncDefaultsOptions;
resourceInputs["userAttr"] = state?.userAttr;
resourceInputs["userClasses"] = state?.userClasses;
resourceInputs["verify"] = state?.verify;
}
else {
const args = argsOrState;
if (args?.baseDn === undefined && !opts.urn) {
throw new Error("Missing required property 'baseDn'");
}
if (args?.realm === undefined && !opts.urn) {
throw new Error("Missing required property 'realm'");
}
if (args?.server1 === undefined && !opts.urn) {
throw new Error("Missing required property 'server1'");
}
resourceInputs["baseDn"] = args?.baseDn;
resourceInputs["bindDn"] = args?.bindDn;
resourceInputs["bindPassword"] = args?.bindPassword ? pulumi.secret(args.bindPassword) : undefined;
resourceInputs["caPath"] = args?.caPath;
resourceInputs["caseSensitive"] = args?.caseSensitive;
resourceInputs["certKeyPath"] = args?.certKeyPath;
resourceInputs["certPath"] = args?.certPath;
resourceInputs["comment"] = args?.comment;
resourceInputs["default"] = args?.default;
resourceInputs["filter"] = args?.filter;
resourceInputs["groupClasses"] = args?.groupClasses;
resourceInputs["groupDn"] = args?.groupDn;
resourceInputs["groupFilter"] = args?.groupFilter;
resourceInputs["groupNameAttr"] = args?.groupNameAttr;
resourceInputs["mode"] = args?.mode;
resourceInputs["port"] = args?.port;
resourceInputs["realm"] = args?.realm;
resourceInputs["secure"] = args?.secure;
resourceInputs["server1"] = args?.server1;
resourceInputs["server2"] = args?.server2;
resourceInputs["sslVersion"] = args?.sslVersion;
resourceInputs["syncAttributes"] = args?.syncAttributes;
resourceInputs["syncDefaultsOptions"] = args?.syncDefaultsOptions;
resourceInputs["userAttr"] = args?.userAttr;
resourceInputs["userClasses"] = args?.userClasses;
resourceInputs["verify"] = args?.verify;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
const secretOpts = { additionalSecretOutputs: ["bindPassword"] };
opts = pulumi.mergeOptions(opts, secretOpts);
super(Ldap.__pulumiType, name, resourceInputs, opts);
}
}
exports.Ldap = Ldap;
//# sourceMappingURL=ldap.js.map