@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
439 lines (438 loc) • 18.7 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* ActiveDirectory is the public representation of the active directory config.
*
* To get more information about ActiveDirectory, see:
*
* * [API documentation](https://cloud.google.com/netapp/volumes/docs/reference/rest/v1/projects.locations.activeDirectories)
* * How-to Guides
* * [Official Documentation](https://cloud.google.com/netapp/volumes/docs/configure-and-use/active-directory/about-ad)
*
* ## Example Usage
*
* ### Netapp Active Directory Full
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const testActiveDirectoryFull = new gcp.netapp.ActiveDirectory("test_active_directory_full", {
* name: "test-active-directory-full",
* location: "us-central1",
* domain: "ad.internal",
* dns: "172.30.64.3",
* netBiosPrefix: "smbserver",
* username: "user",
* password: "pass",
* aesEncryption: false,
* backupOperators: [
* "test1",
* "test2",
* ],
* administrators: [
* "test1",
* "test2",
* ],
* description: "ActiveDirectory is the public representation of the active directory config.",
* encryptDcConnections: false,
* kdcHostname: "hostname",
* kdcIp: "10.10.0.11",
* labels: {
* foo: "bar",
* },
* ldapSigning: false,
* nfsUsersWithLdap: false,
* organizationalUnit: "CN=Computers",
* securityOperators: [
* "test1",
* "test2",
* ],
* site: "test-site",
* });
* ```
*
* ## Import
*
* ActiveDirectory can be imported using any of these accepted formats:
*
* * `projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}`
*
* * `{{project}}/{{location}}/{{name}}`
*
* * `{{location}}/{{name}}`
*
* When using the `pulumi import` command, ActiveDirectory can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:netapp/activeDirectory:ActiveDirectory default projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:netapp/activeDirectory:ActiveDirectory default {{project}}/{{location}}/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:netapp/activeDirectory:ActiveDirectory default {{location}}/{{name}}
* ```
*/
export declare class ActiveDirectory extends pulumi.CustomResource {
/**
* Get an existing ActiveDirectory resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ActiveDirectoryState, opts?: pulumi.CustomResourceOptions): ActiveDirectory;
/**
* Returns true if the given object is an instance of ActiveDirectory. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is ActiveDirectory;
/**
* Domain user accounts to be added to the local Administrators group of the SMB service. Comma-separated list of domain users or groups. The Domain Admin group is automatically added when the service joins your domain as a hidden group.
*/
readonly administrators: pulumi.Output<string[] | undefined>;
/**
* Enables AES-128 and AES-256 encryption for Kerberos-based communication with Active Directory.
*/
readonly aesEncryption: pulumi.Output<boolean | undefined>;
/**
* Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list.
*/
readonly backupOperators: pulumi.Output<string[] | undefined>;
/**
* Create time of the active directory. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z".
*/
readonly createTime: pulumi.Output<string>;
/**
* An optional description of this resource.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* Comma separated list of DNS server IP addresses for the Active Directory domain.
*/
readonly dns: pulumi.Output<string>;
/**
* Fully qualified domain name for the Active Directory domain.
*/
readonly domain: pulumi.Output<string>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
readonly effectiveLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* If enabled, traffic between the SMB server to Domain Controller (DC) will be encrypted.
*/
readonly encryptDcConnections: pulumi.Output<boolean | undefined>;
/**
* Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only required for volumes using kerberized NFSv4.1
*/
readonly kdcHostname: pulumi.Output<string | undefined>;
/**
* IP address of the Active Directory server used as Kerberos Key Distribution Center.
*/
readonly kdcIp: pulumi.Output<string | undefined>;
/**
* Labels as key value pairs. Example: `{ "owner": "Bob", "department": "finance", "purpose": "testing" }`.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
readonly labels: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* Specifies whether or not the LDAP traffic needs to be signed.
*/
readonly ldapSigning: pulumi.Output<boolean | undefined>;
/**
* Name of the region for the policy to apply to.
*/
readonly location: pulumi.Output<string>;
/**
* The resource name of the Active Directory pool. Needs to be unique per location.
*/
readonly name: pulumi.Output<string>;
/**
* NetBIOS name prefix of the server to be created.
* A five-character random ID is generated automatically, for example, -6f9a, and appended to the prefix. The full UNC share path will have the following format:
* `\\NetBIOS_PREFIX-ABCD.DOMAIN_NAME\SHARE_NAME`
*/
readonly netBiosPrefix: pulumi.Output<string>;
/**
* Local UNIX users on clients without valid user information in Active Directory are blocked from access to LDAP enabled volumes.
* This option can be used to temporarily switch such volumes to AUTH_SYS authentication (user ID + 1-16 groups).
*/
readonly nfsUsersWithLdap: pulumi.Output<boolean | undefined>;
/**
* Name of the Organizational Unit where you intend to create the computer account for NetApp Volumes.
* Defaults to `CN=Computers` if left empty.
*/
readonly organizationalUnit: pulumi.Output<string>;
readonly password: pulumi.Output<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
readonly project: pulumi.Output<string>;
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
readonly pulumiLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* Domain accounts that require elevated privileges such as `SeSecurityPrivilege` to manage security logs. Comma-separated list.
*/
readonly securityOperators: pulumi.Output<string[] | undefined>;
/**
* Specifies an Active Directory site to manage domain controller selection.
* Use when Active Directory domain controllers in multiple regions are configured. Defaults to `Default-First-Site-Name` if left empty.
*/
readonly site: pulumi.Output<string | undefined>;
/**
* The state of the Active Directory policy (not the Active Directory itself).
*/
readonly state: pulumi.Output<string>;
/**
* The state details of the Active Directory.
*/
readonly stateDetails: pulumi.Output<string>;
/**
* Username for the Active Directory account with permissions to create the compute account within the specified organizational unit.
*/
readonly username: pulumi.Output<string>;
/**
* Create a ActiveDirectory resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: ActiveDirectoryArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering ActiveDirectory resources.
*/
export interface ActiveDirectoryState {
/**
* Domain user accounts to be added to the local Administrators group of the SMB service. Comma-separated list of domain users or groups. The Domain Admin group is automatically added when the service joins your domain as a hidden group.
*/
administrators?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Enables AES-128 and AES-256 encryption for Kerberos-based communication with Active Directory.
*/
aesEncryption?: pulumi.Input<boolean>;
/**
* Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list.
*/
backupOperators?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Create time of the active directory. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z".
*/
createTime?: pulumi.Input<string>;
/**
* An optional description of this resource.
*/
description?: pulumi.Input<string>;
/**
* Comma separated list of DNS server IP addresses for the Active Directory domain.
*/
dns?: pulumi.Input<string>;
/**
* Fully qualified domain name for the Active Directory domain.
*/
domain?: pulumi.Input<string>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
effectiveLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* If enabled, traffic between the SMB server to Domain Controller (DC) will be encrypted.
*/
encryptDcConnections?: pulumi.Input<boolean>;
/**
* Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only required for volumes using kerberized NFSv4.1
*/
kdcHostname?: pulumi.Input<string>;
/**
* IP address of the Active Directory server used as Kerberos Key Distribution Center.
*/
kdcIp?: pulumi.Input<string>;
/**
* Labels as key value pairs. Example: `{ "owner": "Bob", "department": "finance", "purpose": "testing" }`.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Specifies whether or not the LDAP traffic needs to be signed.
*/
ldapSigning?: pulumi.Input<boolean>;
/**
* Name of the region for the policy to apply to.
*/
location?: pulumi.Input<string>;
/**
* The resource name of the Active Directory pool. Needs to be unique per location.
*/
name?: pulumi.Input<string>;
/**
* NetBIOS name prefix of the server to be created.
* A five-character random ID is generated automatically, for example, -6f9a, and appended to the prefix. The full UNC share path will have the following format:
* `\\NetBIOS_PREFIX-ABCD.DOMAIN_NAME\SHARE_NAME`
*/
netBiosPrefix?: pulumi.Input<string>;
/**
* Local UNIX users on clients without valid user information in Active Directory are blocked from access to LDAP enabled volumes.
* This option can be used to temporarily switch such volumes to AUTH_SYS authentication (user ID + 1-16 groups).
*/
nfsUsersWithLdap?: pulumi.Input<boolean>;
/**
* Name of the Organizational Unit where you intend to create the computer account for NetApp Volumes.
* Defaults to `CN=Computers` if left empty.
*/
organizationalUnit?: pulumi.Input<string>;
password?: pulumi.Input<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
pulumiLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Domain accounts that require elevated privileges such as `SeSecurityPrivilege` to manage security logs. Comma-separated list.
*/
securityOperators?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Specifies an Active Directory site to manage domain controller selection.
* Use when Active Directory domain controllers in multiple regions are configured. Defaults to `Default-First-Site-Name` if left empty.
*/
site?: pulumi.Input<string>;
/**
* The state of the Active Directory policy (not the Active Directory itself).
*/
state?: pulumi.Input<string>;
/**
* The state details of the Active Directory.
*/
stateDetails?: pulumi.Input<string>;
/**
* Username for the Active Directory account with permissions to create the compute account within the specified organizational unit.
*/
username?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a ActiveDirectory resource.
*/
export interface ActiveDirectoryArgs {
/**
* Domain user accounts to be added to the local Administrators group of the SMB service. Comma-separated list of domain users or groups. The Domain Admin group is automatically added when the service joins your domain as a hidden group.
*/
administrators?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Enables AES-128 and AES-256 encryption for Kerberos-based communication with Active Directory.
*/
aesEncryption?: pulumi.Input<boolean>;
/**
* Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list.
*/
backupOperators?: pulumi.Input<pulumi.Input<string>[]>;
/**
* An optional description of this resource.
*/
description?: pulumi.Input<string>;
/**
* Comma separated list of DNS server IP addresses for the Active Directory domain.
*/
dns: pulumi.Input<string>;
/**
* Fully qualified domain name for the Active Directory domain.
*/
domain: pulumi.Input<string>;
/**
* If enabled, traffic between the SMB server to Domain Controller (DC) will be encrypted.
*/
encryptDcConnections?: pulumi.Input<boolean>;
/**
* Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only required for volumes using kerberized NFSv4.1
*/
kdcHostname?: pulumi.Input<string>;
/**
* IP address of the Active Directory server used as Kerberos Key Distribution Center.
*/
kdcIp?: pulumi.Input<string>;
/**
* Labels as key value pairs. Example: `{ "owner": "Bob", "department": "finance", "purpose": "testing" }`.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Specifies whether or not the LDAP traffic needs to be signed.
*/
ldapSigning?: pulumi.Input<boolean>;
/**
* Name of the region for the policy to apply to.
*/
location: pulumi.Input<string>;
/**
* The resource name of the Active Directory pool. Needs to be unique per location.
*/
name?: pulumi.Input<string>;
/**
* NetBIOS name prefix of the server to be created.
* A five-character random ID is generated automatically, for example, -6f9a, and appended to the prefix. The full UNC share path will have the following format:
* `\\NetBIOS_PREFIX-ABCD.DOMAIN_NAME\SHARE_NAME`
*/
netBiosPrefix: pulumi.Input<string>;
/**
* Local UNIX users on clients without valid user information in Active Directory are blocked from access to LDAP enabled volumes.
* This option can be used to temporarily switch such volumes to AUTH_SYS authentication (user ID + 1-16 groups).
*/
nfsUsersWithLdap?: pulumi.Input<boolean>;
/**
* Name of the Organizational Unit where you intend to create the computer account for NetApp Volumes.
* Defaults to `CN=Computers` if left empty.
*/
organizationalUnit?: pulumi.Input<string>;
password: pulumi.Input<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* Domain accounts that require elevated privileges such as `SeSecurityPrivilege` to manage security logs. Comma-separated list.
*/
securityOperators?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Specifies an Active Directory site to manage domain controller selection.
* Use when Active Directory domain controllers in multiple regions are configured. Defaults to `Default-First-Site-Name` if left empty.
*/
site?: pulumi.Input<string>;
/**
* Username for the Active Directory account with permissions to create the compute account within the specified organizational unit.
*/
username: pulumi.Input<string>;
}