UNPKG

@pulumiverse/fortios

Version:

A Pulumi package for creating and managing Fortios resources. Based on terraform-provider-fortios: version v1.16.0

github.com/pulumiverse/pulumi-fortios

pulumiverse/pulumi-fortios

588 lines (587 loc) 20.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
import * as pulumi from "@pulumi/pulumi"; /** * Configure LDAP server entries. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as fortios from "@pulumiverse/fortios"; * * const trname = new fortios.user.Ldap("trname", { * accountKeyFilter: "(&(userPrincipalName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))", * accountKeyProcessing: "same", * cnid: "cn", * dn: "EIWNCIEW", * groupMemberCheck: "user-attr", * groupObjectFilter: "(&(objectcategory=group)(member=*))", * memberAttr: "memberOf", * passwordExpiryWarning: "disable", * passwordRenewal: "disable", * port: 389, * secure: "disable", * server: "1.1.1.1", * serverIdentityCheck: "disable", * sourceIp: "0.0.0.0", * sslMinProtoVersion: "default", * type: "simple", * }); * ``` * * ## Import * * User Ldap can be imported using any of these accepted formats: * * ```sh * $ pulumi import fortios:user/ldap:Ldap labelname {{name}} * ``` * * If you do not want to import arguments of block: * * $ export "FORTIOS_IMPORT_TABLE"="false" * * ```sh * $ pulumi import fortios:user/ldap:Ldap labelname {{name}} * ``` * * $ unset "FORTIOS_IMPORT_TABLE" */ export declare class Ldap extends pulumi.CustomResource { /** * Get an existing Ldap resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LdapState, opts?: pulumi.CustomResourceOptions): Ldap; /** * Returns true if the given object is an instance of Ldap. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Ldap; /** * Define subject identity field in certificate for user access right checking. */ readonly accountKeyCertField: pulumi.Output<string>; /** * Account key filter, using the UPN as the search filter. */ readonly accountKeyFilter: pulumi.Output<string>; /** * Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: `same`, `strip`. */ readonly accountKeyProcessing: pulumi.Output<string>; /** * Define SAN in certificate for user principle name matching. Valid values: `othername`, `rfc822name`, `dnsname`. */ readonly accountKeyUpnSan: pulumi.Output<string>; /** * Enable/disable AntiPhishing credential backend. Valid values: `enable`, `disable`. */ readonly antiphish: pulumi.Output<string>; /** * CA certificate name. */ readonly caCert: pulumi.Output<string>; /** * Client certificate name. */ readonly clientCert: pulumi.Output<string>; /** * Enable/disable using client certificate for TLS authentication. Valid values: `enable`, `disable`. */ readonly clientCertAuth: pulumi.Output<string>; /** * Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn". */ readonly cnid: pulumi.Output<string>; /** * Distinguished name used to look up entries on the LDAP server. */ readonly dn: pulumi.Output<string>; /** * Filter used for group matching. */ readonly groupFilter: pulumi.Output<string>; /** * Group member checking methods. Valid values: `user-attr`, `group-object`, `posix-group-object`. */ readonly groupMemberCheck: pulumi.Output<string>; /** * Filter used for group searching. */ readonly groupObjectFilter: pulumi.Output<string>; /** * Search base used for group searching. */ readonly groupSearchBase: pulumi.Output<string>; /** * Specify outgoing interface to reach server. */ readonly interface: pulumi.Output<string>; /** * Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. */ readonly interfaceSelectMethod: pulumi.Output<string>; /** * Name of attribute from which to get group membership. */ readonly memberAttr: pulumi.Output<string>; /** * LDAP server entry name. */ readonly name: pulumi.Output<string>; /** * Enable/disable obtaining of user information. Valid values: `enable`, `disable`. */ readonly obtainUserInfo: pulumi.Output<string>; /** * Password for initial binding. */ readonly password: pulumi.Output<string | undefined>; /** * Name of attribute to get password hash. */ readonly passwordAttr: pulumi.Output<string>; /** * Enable/disable password expiry warnings. Valid values: `enable`, `disable`. */ readonly passwordExpiryWarning: pulumi.Output<string>; /** * Enable/disable online password renewal. Valid values: `enable`, `disable`. */ readonly passwordRenewal: pulumi.Output<string>; /** * Port to be used for communication with the LDAP server (default = 389). */ readonly port: pulumi.Output<number>; /** * Search type. Valid values: `recursive`. */ readonly searchType: pulumi.Output<string>; /** * Secondary LDAP server CN domain name or IP. */ readonly secondaryServer: pulumi.Output<string>; /** * Port to be used for authentication. Valid values: `disable`, `starttls`, `ldaps`. */ readonly secure: pulumi.Output<string>; /** * LDAP server CN domain name or IP. */ readonly server: pulumi.Output<string>; /** * Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: `enable`, `disable`. */ readonly serverIdentityCheck: pulumi.Output<string>; /** * Source IP for communications to LDAP server. */ readonly sourceIp: pulumi.Output<string>; /** * Source port to be used for communication with the LDAP server. */ readonly sourcePort: pulumi.Output<number>; /** * Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). */ readonly sslMinProtoVersion: pulumi.Output<string>; /** * Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300). */ readonly statusTtl: pulumi.Output<number>; /** * Tertiary LDAP server CN domain name or IP. */ readonly tertiaryServer: pulumi.Output<string>; /** * Enable/disable two-factor authentication. Valid values: `disable`, `fortitoken-cloud`. */ readonly twoFactor: pulumi.Output<string>; /** * Authentication method by FortiToken Cloud. Valid values: `fortitoken`, `email`, `sms`. */ readonly twoFactorAuthentication: pulumi.Output<string>; /** * Filter used to synchronize users to FortiToken Cloud. */ readonly twoFactorFilter: pulumi.Output<string>; /** * Notification method for user activation by FortiToken Cloud. Valid values: `email`, `sms`. */ readonly twoFactorNotification: pulumi.Output<string>; /** * Authentication type for LDAP searches. Valid values: `simple`, `anonymous`, `regular`. */ readonly type: pulumi.Output<string>; /** * MS Exchange server from which to fetch user information. */ readonly userInfoExchangeServer: pulumi.Output<string>; /** * Username (full DN) for initial binding. */ readonly username: pulumi.Output<string>; /** * Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. */ readonly vdomparam: pulumi.Output<string>; /** * Create a Ldap resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: LdapArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Ldap resources. */ export interface LdapState { /** * Define subject identity field in certificate for user access right checking. */ accountKeyCertField?: pulumi.Input<string>; /** * Account key filter, using the UPN as the search filter. */ accountKeyFilter?: pulumi.Input<string>; /** * Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: `same`, `strip`. */ accountKeyProcessing?: pulumi.Input<string>; /** * Define SAN in certificate for user principle name matching. Valid values: `othername`, `rfc822name`, `dnsname`. */ accountKeyUpnSan?: pulumi.Input<string>; /** * Enable/disable AntiPhishing credential backend. Valid values: `enable`, `disable`. */ antiphish?: pulumi.Input<string>; /** * CA certificate name. */ caCert?: pulumi.Input<string>; /** * Client certificate name. */ clientCert?: pulumi.Input<string>; /** * Enable/disable using client certificate for TLS authentication. Valid values: `enable`, `disable`. */ clientCertAuth?: pulumi.Input<string>; /** * Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn". */ cnid?: pulumi.Input<string>; /** * Distinguished name used to look up entries on the LDAP server. */ dn?: pulumi.Input<string>; /** * Filter used for group matching. */ groupFilter?: pulumi.Input<string>; /** * Group member checking methods. Valid values: `user-attr`, `group-object`, `posix-group-object`. */ groupMemberCheck?: pulumi.Input<string>; /** * Filter used for group searching. */ groupObjectFilter?: pulumi.Input<string>; /** * Search base used for group searching. */ groupSearchBase?: pulumi.Input<string>; /** * Specify outgoing interface to reach server. */ interface?: pulumi.Input<string>; /** * Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. */ interfaceSelectMethod?: pulumi.Input<string>; /** * Name of attribute from which to get group membership. */ memberAttr?: pulumi.Input<string>; /** * LDAP server entry name. */ name?: pulumi.Input<string>; /** * Enable/disable obtaining of user information. Valid values: `enable`, `disable`. */ obtainUserInfo?: pulumi.Input<string>; /** * Password for initial binding. */ password?: pulumi.Input<string>; /** * Name of attribute to get password hash. */ passwordAttr?: pulumi.Input<string>; /** * Enable/disable password expiry warnings. Valid values: `enable`, `disable`. */ passwordExpiryWarning?: pulumi.Input<string>; /** * Enable/disable online password renewal. Valid values: `enable`, `disable`. */ passwordRenewal?: pulumi.Input<string>; /** * Port to be used for communication with the LDAP server (default = 389). */ port?: pulumi.Input<number>; /** * Search type. Valid values: `recursive`. */ searchType?: pulumi.Input<string>; /** * Secondary LDAP server CN domain name or IP. */ secondaryServer?: pulumi.Input<string>; /** * Port to be used for authentication. Valid values: `disable`, `starttls`, `ldaps`. */ secure?: pulumi.Input<string>; /** * LDAP server CN domain name or IP. */ server?: pulumi.Input<string>; /** * Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: `enable`, `disable`. */ serverIdentityCheck?: pulumi.Input<string>; /** * Source IP for communications to LDAP server. */ sourceIp?: pulumi.Input<string>; /** * Source port to be used for communication with the LDAP server. */ sourcePort?: pulumi.Input<number>; /** * Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). */ sslMinProtoVersion?: pulumi.Input<string>; /** * Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300). */ statusTtl?: pulumi.Input<number>; /** * Tertiary LDAP server CN domain name or IP. */ tertiaryServer?: pulumi.Input<string>; /** * Enable/disable two-factor authentication. Valid values: `disable`, `fortitoken-cloud`. */ twoFactor?: pulumi.Input<string>; /** * Authentication method by FortiToken Cloud. Valid values: `fortitoken`, `email`, `sms`. */ twoFactorAuthentication?: pulumi.Input<string>; /** * Filter used to synchronize users to FortiToken Cloud. */ twoFactorFilter?: pulumi.Input<string>; /** * Notification method for user activation by FortiToken Cloud. Valid values: `email`, `sms`. */ twoFactorNotification?: pulumi.Input<string>; /** * Authentication type for LDAP searches. Valid values: `simple`, `anonymous`, `regular`. */ type?: pulumi.Input<string>; /** * MS Exchange server from which to fetch user information. */ userInfoExchangeServer?: pulumi.Input<string>; /** * Username (full DN) for initial binding. */ username?: pulumi.Input<string>; /** * Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. */ vdomparam?: pulumi.Input<string>; } /** * The set of arguments for constructing a Ldap resource. */ export interface LdapArgs { /** * Define subject identity field in certificate for user access right checking. */ accountKeyCertField?: pulumi.Input<string>; /** * Account key filter, using the UPN as the search filter. */ accountKeyFilter?: pulumi.Input<string>; /** * Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: `same`, `strip`. */ accountKeyProcessing?: pulumi.Input<string>; /** * Define SAN in certificate for user principle name matching. Valid values: `othername`, `rfc822name`, `dnsname`. */ accountKeyUpnSan?: pulumi.Input<string>; /** * Enable/disable AntiPhishing credential backend. Valid values: `enable`, `disable`. */ antiphish?: pulumi.Input<string>; /** * CA certificate name. */ caCert?: pulumi.Input<string>; /** * Client certificate name. */ clientCert?: pulumi.Input<string>; /** * Enable/disable using client certificate for TLS authentication. Valid values: `enable`, `disable`. */ clientCertAuth?: pulumi.Input<string>; /** * Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn". */ cnid?: pulumi.Input<string>; /** * Distinguished name used to look up entries on the LDAP server. */ dn: pulumi.Input<string>; /** * Filter used for group matching. */ groupFilter?: pulumi.Input<string>; /** * Group member checking methods. Valid values: `user-attr`, `group-object`, `posix-group-object`. */ groupMemberCheck?: pulumi.Input<string>; /** * Filter used for group searching. */ groupObjectFilter?: pulumi.Input<string>; /** * Search base used for group searching. */ groupSearchBase?: pulumi.Input<string>; /** * Specify outgoing interface to reach server. */ interface?: pulumi.Input<string>; /** * Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. */ interfaceSelectMethod?: pulumi.Input<string>; /** * Name of attribute from which to get group membership. */ memberAttr?: pulumi.Input<string>; /** * LDAP server entry name. */ name?: pulumi.Input<string>; /** * Enable/disable obtaining of user information. Valid values: `enable`, `disable`. */ obtainUserInfo?: pulumi.Input<string>; /** * Password for initial binding. */ password?: pulumi.Input<string>; /** * Name of attribute to get password hash. */ passwordAttr?: pulumi.Input<string>; /** * Enable/disable password expiry warnings. Valid values: `enable`, `disable`. */ passwordExpiryWarning?: pulumi.Input<string>; /** * Enable/disable online password renewal. Valid values: `enable`, `disable`. */ passwordRenewal?: pulumi.Input<string>; /** * Port to be used for communication with the LDAP server (default = 389). */ port?: pulumi.Input<number>; /** * Search type. Valid values: `recursive`. */ searchType?: pulumi.Input<string>; /** * Secondary LDAP server CN domain name or IP. */ secondaryServer?: pulumi.Input<string>; /** * Port to be used for authentication. Valid values: `disable`, `starttls`, `ldaps`. */ secure?: pulumi.Input<string>; /** * LDAP server CN domain name or IP. */ server: pulumi.Input<string>; /** * Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: `enable`, `disable`. */ serverIdentityCheck?: pulumi.Input<string>; /** * Source IP for communications to LDAP server. */ sourceIp?: pulumi.Input<string>; /** * Source port to be used for communication with the LDAP server. */ sourcePort?: pulumi.Input<number>; /** * Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). */ sslMinProtoVersion?: pulumi.Input<string>; /** * Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300). */ statusTtl?: pulumi.Input<number>; /** * Tertiary LDAP server CN domain name or IP. */ tertiaryServer?: pulumi.Input<string>; /** * Enable/disable two-factor authentication. Valid values: `disable`, `fortitoken-cloud`. */ twoFactor?: pulumi.Input<string>; /** * Authentication method by FortiToken Cloud. Valid values: `fortitoken`, `email`, `sms`. */ twoFactorAuthentication?: pulumi.Input<string>; /** * Filter used to synchronize users to FortiToken Cloud. */ twoFactorFilter?: pulumi.Input<string>; /** * Notification method for user activation by FortiToken Cloud. Valid values: `email`, `sms`. */ twoFactorNotification?: pulumi.Input<string>; /** * Authentication type for LDAP searches. Valid values: `simple`, `anonymous`, `regular`. */ type?: pulumi.Input<string>; /** * MS Exchange server from which to fetch user information. */ userInfoExchangeServer?: pulumi.Input<string>; /** * Username (full DN) for initial binding. */ username?: pulumi.Input<string>; /** * Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. */ vdomparam?: pulumi.Input<string>; }