@pulumi/juniper-mist/org/nacidp.js

A Pulumi package for creating and managing Juniper Mist resources.

"use strict";
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.Nacidp = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
 * This resource manages NAC IDPs (Identity Providers).
 *
 * The NAC IDPs are used to validate NAC client accounts against an IDP with OAuth2.0, LDAP/LDAPS, or a local Mist Edge.\
 * Mist Access Assurance can also retrieve group membership from the IDP, and use this information in the NAC Rules (`junipermist.org.Nacrule` resource)
 *
 * IMPORTANT:
 * * Once created, the NAC IDP must be registered in the `junipermist.org.Setting` resource (full path: `mist_org_setting.mist_nac.idps`).
 * * The associated REALMS are configured under `mist_org_setting.mist_nac.idps`
 * * To make the IDP the Default IDP, set the IDP ID under `mist_org_setting.mist_nac.default_idp_id`
 *
 * For SAML IDP, the NAC IDP Metadata can be retrieved with the `junipermist.org.getNacidpMetadata` data source.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as junipermist from "@pulumi/juniper-mist";
 *
 * // OAuth with Azure Example
 * const idpAzure = new junipermist.org.Nacidp("idp_azure", {
 *     orgId: terraformTest.id,
 *     name: "idp_azure",
 *     idpType: "oauth",
 *     oauthCcClientId: "client_id",
 *     oauthCcClientSecret: "-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----",
 *     oauthRopcClientId: "ropc_client_id",
 *     oauthRopcClientSecret: "ropc_client_secret",
 *     oauthTenantId: "tenant_id",
 *     oauthType: "azure",
 * });
 * // Custom LDAP Example
 * const idpLdap = new junipermist.org.Nacidp("idp_ldap", {
 *     orgId: terraformTest.id,
 *     name: "idp_ldap",
 *     idpType: "ldap",
 *     ldapType: "custom",
 *     groupFilter: "memberOf",
 *     memberFilter: "memberOf",
 *     ldapUserFilter: "(mail=%s)",
 *     ldapServerHosts: [
 *         "ldap.mycorp.com",
 *         "1.2.3.4",
 *     ],
 *     ldapBaseDn: "DC=abc,DC=com",
 *     ldapBindDn: "CN=admin,CN=users,DC=abc,DC=com",
 *     ldapBindPassword: "secret!password",
 *     ldapCacerts: [
 *         `-----BEGIN CERTIFICATE-----
 * MIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE
 * -----END CERTIFICATE-----`,
 *         `-----BEGIN CERTIFICATE-----
 * BhMCRVMxFDASBgNVBAoMC1N0YXJ0Q29tIENBMSwwKgYDVn-----END CERTIFICATE-----`,
 *     ],
 *     ldapClientCert: `-----BEGIN CERTIFICATE-----
 * MIIFZjCCA06gAwIBAgIIP61/1qm/uDowDQYJKoZIhvcNAQELBQE
 * -----END CERTIFICATE-----`,
 *     ldapClientKey: "-----BEGIN PRI...",
 * });
 * ```
 *
 * ## Import
 *
 * Using `pulumi import`, import `mist_org_nacidp` with:
 *
 * Org PSK can be imported by specifying the org_id and the nacidp_id
 *
 * ```sh
 * $ pulumi import junipermist:org/nacidp:Nacidp idp_azure 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
 * ```
 */
class Nacidp extends pulumi.CustomResource {
    /**
     * Get an existing Nacidp resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name, id, state, opts) {
        return new Nacidp(name, state, Object.assign(Object.assign({}, opts), { id: id }));
    }
    /**
     * Returns true if the given object is an instance of Nacidp.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj) {
        if (obj === undefined || obj === null) {
            return false;
        }
        return obj['__pulumiType'] === Nacidp.__pulumiType;
    }
    constructor(name, argsOrState, opts) {
        let resourceInputs = {};
        opts = opts || {};
        if (opts.id) {
            const state = argsOrState;
            resourceInputs["groupFilter"] = state ? state.groupFilter : undefined;
            resourceInputs["idpType"] = state ? state.idpType : undefined;
            resourceInputs["ldapBaseDn"] = state ? state.ldapBaseDn : undefined;
            resourceInputs["ldapBindDn"] = state ? state.ldapBindDn : undefined;
            resourceInputs["ldapBindPassword"] = state ? state.ldapBindPassword : undefined;
            resourceInputs["ldapCacerts"] = state ? state.ldapCacerts : undefined;
            resourceInputs["ldapClientCert"] = state ? state.ldapClientCert : undefined;
            resourceInputs["ldapClientKey"] = state ? state.ldapClientKey : undefined;
            resourceInputs["ldapGroupAttr"] = state ? state.ldapGroupAttr : undefined;
            resourceInputs["ldapGroupDn"] = state ? state.ldapGroupDn : undefined;
            resourceInputs["ldapResolveGroups"] = state ? state.ldapResolveGroups : undefined;
            resourceInputs["ldapServerHosts"] = state ? state.ldapServerHosts : undefined;
            resourceInputs["ldapType"] = state ? state.ldapType : undefined;
            resourceInputs["ldapUserFilter"] = state ? state.ldapUserFilter : undefined;
            resourceInputs["memberFilter"] = state ? state.memberFilter : undefined;
            resourceInputs["name"] = state ? state.name : undefined;
            resourceInputs["oauthCcClientId"] = state ? state.oauthCcClientId : undefined;
            resourceInputs["oauthCcClientSecret"] = state ? state.oauthCcClientSecret : undefined;
            resourceInputs["oauthDiscoveryUrl"] = state ? state.oauthDiscoveryUrl : undefined;
            resourceInputs["oauthPingIdentityRegion"] = state ? state.oauthPingIdentityRegion : undefined;
            resourceInputs["oauthRopcClientId"] = state ? state.oauthRopcClientId : undefined;
            resourceInputs["oauthRopcClientSecret"] = state ? state.oauthRopcClientSecret : undefined;
            resourceInputs["oauthTenantId"] = state ? state.oauthTenantId : undefined;
            resourceInputs["oauthType"] = state ? state.oauthType : undefined;
            resourceInputs["orgId"] = state ? state.orgId : undefined;
            resourceInputs["scimEnabled"] = state ? state.scimEnabled : undefined;
            resourceInputs["scimSecretToken"] = state ? state.scimSecretToken : undefined;
        }
        else {
            const args = argsOrState;
            if ((!args || args.idpType === undefined) && !opts.urn) {
                throw new Error("Missing required property 'idpType'");
            }
            if ((!args || args.orgId === undefined) && !opts.urn) {
                throw new Error("Missing required property 'orgId'");
            }
            resourceInputs["groupFilter"] = args ? args.groupFilter : undefined;
            resourceInputs["idpType"] = args ? args.idpType : undefined;
            resourceInputs["ldapBaseDn"] = args ? args.ldapBaseDn : undefined;
            resourceInputs["ldapBindDn"] = args ? args.ldapBindDn : undefined;
            resourceInputs["ldapBindPassword"] = args ? args.ldapBindPassword : undefined;
            resourceInputs["ldapCacerts"] = args ? args.ldapCacerts : undefined;
            resourceInputs["ldapClientCert"] = args ? args.ldapClientCert : undefined;
            resourceInputs["ldapClientKey"] = args ? args.ldapClientKey : undefined;
            resourceInputs["ldapGroupAttr"] = args ? args.ldapGroupAttr : undefined;
            resourceInputs["ldapGroupDn"] = args ? args.ldapGroupDn : undefined;
            resourceInputs["ldapResolveGroups"] = args ? args.ldapResolveGroups : undefined;
            resourceInputs["ldapServerHosts"] = args ? args.ldapServerHosts : undefined;
            resourceInputs["ldapType"] = args ? args.ldapType : undefined;
            resourceInputs["ldapUserFilter"] = args ? args.ldapUserFilter : undefined;
            resourceInputs["memberFilter"] = args ? args.memberFilter : undefined;
            resourceInputs["name"] = args ? args.name : undefined;
            resourceInputs["oauthCcClientId"] = args ? args.oauthCcClientId : undefined;
            resourceInputs["oauthCcClientSecret"] = args ? args.oauthCcClientSecret : undefined;
            resourceInputs["oauthDiscoveryUrl"] = args ? args.oauthDiscoveryUrl : undefined;
            resourceInputs["oauthPingIdentityRegion"] = args ? args.oauthPingIdentityRegion : undefined;
            resourceInputs["oauthRopcClientId"] = args ? args.oauthRopcClientId : undefined;
            resourceInputs["oauthRopcClientSecret"] = args ? args.oauthRopcClientSecret : undefined;
            resourceInputs["oauthTenantId"] = args ? args.oauthTenantId : undefined;
            resourceInputs["oauthType"] = args ? args.oauthType : undefined;
            resourceInputs["orgId"] = args ? args.orgId : undefined;
            resourceInputs["scimEnabled"] = args ? args.scimEnabled : undefined;
            resourceInputs["scimSecretToken"] = args ? args.scimSecretToken : undefined;
        }
        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
        super(Nacidp.__pulumiType, name, resourceInputs, opts);
    }
}
exports.Nacidp = Nacidp;
/** @internal */
Nacidp.__pulumiType = 'junipermist:org/nacidp:Nacidp';
//# sourceMappingURL=nacidp.js.map