@pulumiverse/fortios
Version:
A Pulumi package for creating and managing Fortios resources. Based on terraform-provider-fortios: version v1.16.0
385 lines (384 loc) • 17.8 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Configure user authentication setting.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fortios from "@pulumiverse/fortios";
*
* const trname = new fortios.user.Setting("trname", {
* authBlackoutTime: 0,
* authCert: "Fortinet_Factory",
* authHttpBasic: "disable",
* authInvalidMax: 5,
* authLockoutDuration: 0,
* authLockoutThreshold: 3,
* authOnDemand: "implicitly",
* authPortalTimeout: 3,
* authSecureHttp: "disable",
* authSrcMac: "enable",
* authSslAllowRenegotiation: "disable",
* authTimeout: 5,
* authTimeoutType: "idle-timeout",
* authType: "http https ftp telnet",
* radiusSesTimeoutAct: "hard-timeout",
* });
* ```
*
* ## Import
*
* User Setting can be imported using any of these accepted formats:
*
* ```sh
* $ pulumi import fortios:user/setting:Setting labelname UserSetting
* ```
*
* If you do not want to import arguments of block:
*
* $ export "FORTIOS_IMPORT_TABLE"="false"
*
* ```sh
* $ pulumi import fortios:user/setting:Setting labelname UserSetting
* ```
*
* $ unset "FORTIOS_IMPORT_TABLE"
*/
export declare class Setting extends pulumi.CustomResource {
/**
* Get an existing Setting resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SettingState, opts?: pulumi.CustomResourceOptions): Setting;
/**
* Returns true if the given object is an instance of Setting. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Setting;
/**
* Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
*/
readonly authBlackoutTime: pulumi.Output<number>;
/**
* HTTPS CA certificate for policy authentication.
*/
readonly authCaCert: pulumi.Output<string>;
/**
* HTTPS server certificate for policy authentication.
*/
readonly authCert: pulumi.Output<string>;
/**
* Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values: `enable`, `disable`.
*/
readonly authHttpBasic: pulumi.Output<string>;
/**
* Maximum number of failed authentication attempts before the user is blocked.
*/
readonly authInvalidMax: pulumi.Output<number>;
/**
* Lockout period in seconds after too many login failures.
*/
readonly authLockoutDuration: pulumi.Output<number>;
/**
* Maximum number of failed login attempts before login lockout is triggered.
*/
readonly authLockoutThreshold: pulumi.Output<number>;
/**
* Always/implicitly trigger firewall authentication on demand. Valid values: `always`, `implicitly`.
*/
readonly authOnDemand: pulumi.Output<string>;
/**
* Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
*/
readonly authPortalTimeout: pulumi.Output<number>;
/**
* Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of `authPorts` block is documented below.
*/
readonly authPorts: pulumi.Output<outputs.user.SettingAuthPort[] | undefined>;
/**
* Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values: `enable`, `disable`.
*/
readonly authSecureHttp: pulumi.Output<string>;
/**
* Enable/disable source MAC for user identity. Valid values: `enable`, `disable`.
*/
readonly authSrcMac: pulumi.Output<string>;
/**
* Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values: `enable`, `disable`.
*/
readonly authSslAllowRenegotiation: pulumi.Output<string>;
/**
* Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values: `sslv3`, `tlsv1`, `tlsv1-1`, `tlsv1-2`, `tlsv1-3`.
*/
readonly authSslMaxProtoVersion: pulumi.Output<string>;
/**
* Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
*/
readonly authSslMinProtoVersion: pulumi.Output<string>;
/**
* Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values: `no-rsa-pss`, `all`.
*/
readonly authSslSigalgs: pulumi.Output<string>;
/**
* Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
*/
readonly authTimeout: pulumi.Output<number>;
/**
* Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values: `idle-timeout`, `hard-timeout`, `new-session`.
*/
readonly authTimeoutType: pulumi.Output<string>;
/**
* Supported firewall policy authentication protocols/methods. Valid values: `http`, `https`, `ftp`, `telnet`.
*/
readonly authType: pulumi.Output<string>;
/**
* Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
*/
readonly defaultUserPasswordPolicy: pulumi.Output<string>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
readonly dynamicSortSubtable: pulumi.Output<string | undefined>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
readonly getAllTables: pulumi.Output<string | undefined>;
/**
* Enable/disable per policy disclaimer. Valid values: `enable`, `disable`.
*/
readonly perPolicyDisclaimer: pulumi.Output<string>;
/**
* Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values: `hard-timeout`, `ignore-timeout`.
*/
readonly radiusSesTimeoutAct: pulumi.Output<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
readonly vdomparam: pulumi.Output<string>;
/**
* Create a Setting resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args?: SettingArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Setting resources.
*/
export interface SettingState {
/**
* Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
*/
authBlackoutTime?: pulumi.Input<number>;
/**
* HTTPS CA certificate for policy authentication.
*/
authCaCert?: pulumi.Input<string>;
/**
* HTTPS server certificate for policy authentication.
*/
authCert?: pulumi.Input<string>;
/**
* Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values: `enable`, `disable`.
*/
authHttpBasic?: pulumi.Input<string>;
/**
* Maximum number of failed authentication attempts before the user is blocked.
*/
authInvalidMax?: pulumi.Input<number>;
/**
* Lockout period in seconds after too many login failures.
*/
authLockoutDuration?: pulumi.Input<number>;
/**
* Maximum number of failed login attempts before login lockout is triggered.
*/
authLockoutThreshold?: pulumi.Input<number>;
/**
* Always/implicitly trigger firewall authentication on demand. Valid values: `always`, `implicitly`.
*/
authOnDemand?: pulumi.Input<string>;
/**
* Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
*/
authPortalTimeout?: pulumi.Input<number>;
/**
* Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of `authPorts` block is documented below.
*/
authPorts?: pulumi.Input<pulumi.Input<inputs.user.SettingAuthPort>[]>;
/**
* Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values: `enable`, `disable`.
*/
authSecureHttp?: pulumi.Input<string>;
/**
* Enable/disable source MAC for user identity. Valid values: `enable`, `disable`.
*/
authSrcMac?: pulumi.Input<string>;
/**
* Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values: `enable`, `disable`.
*/
authSslAllowRenegotiation?: pulumi.Input<string>;
/**
* Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values: `sslv3`, `tlsv1`, `tlsv1-1`, `tlsv1-2`, `tlsv1-3`.
*/
authSslMaxProtoVersion?: pulumi.Input<string>;
/**
* Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
*/
authSslMinProtoVersion?: pulumi.Input<string>;
/**
* Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values: `no-rsa-pss`, `all`.
*/
authSslSigalgs?: pulumi.Input<string>;
/**
* Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
*/
authTimeout?: pulumi.Input<number>;
/**
* Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values: `idle-timeout`, `hard-timeout`, `new-session`.
*/
authTimeoutType?: pulumi.Input<string>;
/**
* Supported firewall policy authentication protocols/methods. Valid values: `http`, `https`, `ftp`, `telnet`.
*/
authType?: pulumi.Input<string>;
/**
* Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
*/
defaultUserPasswordPolicy?: pulumi.Input<string>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
dynamicSortSubtable?: pulumi.Input<string>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Enable/disable per policy disclaimer. Valid values: `enable`, `disable`.
*/
perPolicyDisclaimer?: pulumi.Input<string>;
/**
* Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values: `hard-timeout`, `ignore-timeout`.
*/
radiusSesTimeoutAct?: pulumi.Input<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Setting resource.
*/
export interface SettingArgs {
/**
* Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
*/
authBlackoutTime?: pulumi.Input<number>;
/**
* HTTPS CA certificate for policy authentication.
*/
authCaCert?: pulumi.Input<string>;
/**
* HTTPS server certificate for policy authentication.
*/
authCert?: pulumi.Input<string>;
/**
* Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values: `enable`, `disable`.
*/
authHttpBasic?: pulumi.Input<string>;
/**
* Maximum number of failed authentication attempts before the user is blocked.
*/
authInvalidMax?: pulumi.Input<number>;
/**
* Lockout period in seconds after too many login failures.
*/
authLockoutDuration?: pulumi.Input<number>;
/**
* Maximum number of failed login attempts before login lockout is triggered.
*/
authLockoutThreshold?: pulumi.Input<number>;
/**
* Always/implicitly trigger firewall authentication on demand. Valid values: `always`, `implicitly`.
*/
authOnDemand?: pulumi.Input<string>;
/**
* Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
*/
authPortalTimeout?: pulumi.Input<number>;
/**
* Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of `authPorts` block is documented below.
*/
authPorts?: pulumi.Input<pulumi.Input<inputs.user.SettingAuthPort>[]>;
/**
* Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values: `enable`, `disable`.
*/
authSecureHttp?: pulumi.Input<string>;
/**
* Enable/disable source MAC for user identity. Valid values: `enable`, `disable`.
*/
authSrcMac?: pulumi.Input<string>;
/**
* Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values: `enable`, `disable`.
*/
authSslAllowRenegotiation?: pulumi.Input<string>;
/**
* Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values: `sslv3`, `tlsv1`, `tlsv1-1`, `tlsv1-2`, `tlsv1-3`.
*/
authSslMaxProtoVersion?: pulumi.Input<string>;
/**
* Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
*/
authSslMinProtoVersion?: pulumi.Input<string>;
/**
* Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values: `no-rsa-pss`, `all`.
*/
authSslSigalgs?: pulumi.Input<string>;
/**
* Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
*/
authTimeout?: pulumi.Input<number>;
/**
* Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values: `idle-timeout`, `hard-timeout`, `new-session`.
*/
authTimeoutType?: pulumi.Input<string>;
/**
* Supported firewall policy authentication protocols/methods. Valid values: `http`, `https`, `ftp`, `telnet`.
*/
authType?: pulumi.Input<string>;
/**
* Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
*/
defaultUserPasswordPolicy?: pulumi.Input<string>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
dynamicSortSubtable?: pulumi.Input<string>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Enable/disable per policy disclaimer. Valid values: `enable`, `disable`.
*/
perPolicyDisclaimer?: pulumi.Input<string>;
/**
* Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values: `hard-timeout`, `ignore-timeout`.
*/
radiusSesTimeoutAct?: pulumi.Input<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
}