Skip to content

Commit

Permalink
Directory Service Auth Provider Resource Implementation (#254)
Browse files Browse the repository at this point in the history 
Director Service Auth Provider Resource Implementation

updating docs and removed unused lines

updating requested changes

adding docs
  • Loading branch information
@sapana05
sapana05 authored Oct 14, 2024
1 parent 1b2f14d commit d757792
Show file tree
Hide file tree
Showing 13 changed files with 3,799 additions and 0 deletions.
287 changes: 287 additions & 0 deletions docs/resources/directory_service_auth_provider.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,287 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "redfish_directory_service_auth_provider Resource - terraform-provider-redfish"
subcategory: ""
description: |-
This Terraform resource is used to configure Directory Service Auth Provider Active Directory and LDAP Service We can Read the existing configurations or modify them using this resource.
---

# redfish_directory_service_auth_provider (Resource)

This Terraform resource is used to configure Directory Service Auth Provider Active Directory and LDAP Service We can Read the existing configurations or modify them using this resource.

## Example Usage

```terraform
/*
Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.
Licensed under the Mozilla Public License Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://mozilla.org/MPL/2.0/
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
data "local_file" "kerberos" {
# this is the path to the kerberos keytab file that we want to upload.
# this file must be base64 encoded format
filename = "/root/directoryservice/new/terraform-provider-redfish/test-data/kerberos_file.txt"
}
# redfish_directory_service_auth_provider Terraform resource is used to configure Directory Service Auth Provider Active Directory and LDAP Service
# Available action: Create, Update (Active Directory, LDAP)
# Active Directory (Create, Update): remote_role_mapping, service_addresses, service_enabled,authentication, active_directory_attributes
# LDAP (Create, Update): remote_role_mapping, service_addresses, service_enabled,ldap_service, ldap_attributes
resource "redfish_directory_service_auth_provider" "ds_auth" {
for_each = var.rack1
redfish_server {
user = each.value.user
password = each.value.password
endpoint = each.value.endpoint
ssl_insecure = each.value.ssl_insecure
}
#Note: `active_directory` is mutually inclusive with `active_directory_attributes`.
#Note: `ldap` is mutually inclusive with `ldap_attributes`.
#Note: `active_directory` is mutually exclusive with `ldap`.
#Note: `active_directory_attributes` is mutually exclusive with `ldap_attributes`.
active_directory = {
directory = {
# remote_role_mapping = [
# {
# local_role = "None",
# remote_group = "idracgroup"
# }
# ],
# service_addresses = [
# "yulanadhost11.yulan.pie.lab.emc.com"
# ],
service_enabled = true,
authentication = {
kerberos_key_tab_file = data.local_file.kerberos.content
}
}
}
active_directory_attributes = {
"ActiveDirectory.1.AuthTimeout" = "120",
"ActiveDirectory.1.CertValidationEnable" = "Enabled",
"ActiveDirectory.1.DCLookupEnable" = "Enabled",
# RacName and RacDomain can be configured when Schema is Extended Schema
"ActiveDirectory.1.RacDomain" = "test",
"ActiveDirectory.1.RacName" = "test",
# if SSOEnable is Enabled make sure ActiveDirectory Service is enabled and valid kerberos_key_tab_file is provided
"ActiveDirectory.1.SSOEnable" = "Disabled",
# Schema can be Extended Schema or Standard Schema
"ActiveDirectory.1.Schema" = "Extended Schema",
"UserDomain.1.Name" = "yulan.pie.lab.emc.com",
# DCLookupByUserDomain must be configured when DCLookupEnable is enabled
"ActiveDirectory.1.DCLookupByUserDomain" : "Enabled",
# DCLookupDomainName must be configured when DCLookupByUserDomain is Disabled and DCLookupEnable is Enabled
#"ActiveDirectory.1.DCLookupDomainName"="test",
#"ActiveDirectory.1.GCLookupEnable" = "Disabled"
# at least any one from GlobalCatalog1,GlobalCatalog2,GlobalCatalog3 must be configured when Schema is Standard and GCLookupEnable is Disabled
# "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost11.yulan.pie.lab.emc.com",
# "ActiveDirectory.1.GlobalCatalog2" = "yulanadhost11.yulan.pie.lab.emc.com",
# "ActiveDirectory.1.GlobalCatalog3" = "yulanadhost11.yulan.pie.lab.emc.com",
# GCRootDomain can be configured when GCLookupEnable is Enabled
#"ActiveDirectory.1.GCRootDomain" = "test"
# RSA Secure configuration required Datacenter license
#"LDAP.1.RSASecurID2FALDAP":"Enabled",
#"RSASecurID2FA.1.RSASecurIDAccessKey": "●●1",
#"RSASecurID2FA.1.RSASecurIDClientID": "●●1",
#"RSASecurID2FA.1.RSASecurIDAuthenticationServer": "",
}
# ldap = {
# directory = {
# remote_role_mapping = [
# {
# local_role = "Administrator",
# remote_group = "cn = idracgroup,cn = users,dc = yulan,dc = pie,dc = lab,dc = emc,dc = com"
# }
# ],
# service_addresses = [
# "yulanadhost12.yulan.pie.lab.emc.com"
# ],
# service_enabled = false
# },
# ldap_service = {
# search_settings = {
# base_distinguished_names = [
# "dc = yulan,dc = pie,dc = lab,dc = emc,dc = com"
# ],
# group_name_attribute = "name",
# user_name_attribute = "member"
# }
# }
# }
#
# ldap_attributes = {
# "LDAP.1.GroupAttributeIsDN" = "Enabled"
# "LDAP.1.Port" = "636",
# "LDAP.1.BindDN" = "cn = adtester,cn = users,dc = yulan,dc = pie,dc = lab,dc = emc,dc = com",
# "LDAP.1.BindPassword" = "",
# "LDAP.1.SearchFilter" = "(objectclass = *)",
#
# #"LDAP.1.RSASecurID2FALDAP":"Enabled",
# #"RSASecurID2FA.1.RSASecurIDAccessKey": "●●1",
# #"RSASecurID2FA.1.RSASecurIDClientID": "●●1",
# #"RSASecurID2FA.1.RSASecurIDAuthenticationServer": "",
# }
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Optional

- `active_directory` (Attributes) Active DirectoryNote: `active_directory` is mutually inclusive with `active_directory_attributes`. , Note: `active_directory` is mutually exclusive with `ldap`. (see [below for nested schema](#nestedatt--active_directory))
- `active_directory_attributes` (Map of String) ActiveDirectory.* attributes in Dell iDRAC attributes.Note: `active_directory` is mutually inclusive with `active_directory_attributes`. , Note: `active_directory_attributes` is mutually exclusive with `ldap_attributes`.
- `ldap` (Attributes) LDAPNote: `ldap` is mutually inclusive with `ldap_attributes`. , Note: `active_directory` is mutually exclusive with `ldap`. (see [below for nested schema](#nestedatt--ldap))
- `ldap_attributes` (Map of String) LDAP.* attributes in Dell iDRAC attributes.Note: `ldap` is mutually inclusive with `ldap_attributes`. , Note: `active_directory_attributes` is mutually exclusive with `ldap_attributes`.
- `redfish_server` (Block List) List of server BMCs and their respective user credentials (see [below for nested schema](#nestedblock--redfish_server))

### Read-Only

- `id` (String) ID of the Directory Service Auth Provider resource

<a id="nestedatt--active_directory"></a>
### Nested Schema for `active_directory`

Optional:

- `authentication` (Attributes) Authentication information for the account provider. (see [below for nested schema](#nestedatt--active_directory--authentication))
- `directory` (Attributes) Directory for Active Directory . (see [below for nested schema](#nestedatt--active_directory--directory))

<a id="nestedatt--active_directory--authentication"></a>
### Nested Schema for `active_directory.authentication`

Optional:

- `kerberos_key_tab_file` (String) KerberosKeytab is a Base64-encoded version of the Kerberos keytab for this Service


<a id="nestedatt--active_directory--directory"></a>
### Nested Schema for `active_directory.directory`

Optional:

- `remote_role_mapping` (Attributes List) Mapping rules that are used to convert the account providers account information to the local Redfish role (see [below for nested schema](#nestedatt--active_directory--directory--remote_role_mapping))
- `service_addresses` (List of String) ServiceAddresses of the account providers
- `service_enabled` (Boolean) ServiceEnabled indicate whether this service is enabled.

<a id="nestedatt--active_directory--directory--remote_role_mapping"></a>
### Nested Schema for `active_directory.directory.remote_role_mapping`

Optional:

- `local_role` (String) Role Assigned to the Group.
- `remote_group` (String) Name of the remote group.




<a id="nestedatt--ldap"></a>
### Nested Schema for `ldap`

Optional:

- `directory` (Attributes) Directory for LDAP. (see [below for nested schema](#nestedatt--ldap--directory))
- `ldap_service` (Attributes) LDAPService is any additional mapping information needed to parse a generic LDAP service. (see [below for nested schema](#nestedatt--ldap--ldap_service))

<a id="nestedatt--ldap--directory"></a>
### Nested Schema for `ldap.directory`

Optional:

- `remote_role_mapping` (Attributes List) Mapping rules that are used to convert the account providers account information to the local Redfish role (see [below for nested schema](#nestedatt--ldap--directory--remote_role_mapping))
- `service_addresses` (List of String) ServiceAddresses of the account providers
- `service_enabled` (Boolean) ServiceEnabled indicate whether this service is enabled.

<a id="nestedatt--ldap--directory--remote_role_mapping"></a>
### Nested Schema for `ldap.directory.remote_role_mapping`

Optional:

- `local_role` (String) Role Assigned to the Group.
- `remote_group` (String) Name of the remote group.



<a id="nestedatt--ldap--ldap_service"></a>
### Nested Schema for `ldap.ldap_service`

Optional:

- `search_settings` (Attributes) SearchSettings is the required settings to search an external LDAP service. (see [below for nested schema](#nestedatt--ldap--ldap_service--search_settings))

<a id="nestedatt--ldap--ldap_service--search_settings"></a>
### Nested Schema for `ldap.ldap_service.search_settings`

Optional:

- `base_distinguished_names` (List of String) BaseDistinguishedNames is an array of base distinguished names to use to search an external LDAP service.
- `group_name_attribute` (String) GroupNameAttribute is the attribute name that contains the LDAP group name.
- `user_name_attribute` (String) UsernameAttribute is the attribute name that contains the LDAP user name.




<a id="nestedblock--redfish_server"></a>
### Nested Schema for `redfish_server`

Optional:

- `endpoint` (String) Server BMC IP address or hostname
- `password` (String, Sensitive) User password for login
- `redfish_alias` (String) Alias name for server BMCs. The key in provider's `redfish_servers` map
- `ssl_insecure` (Boolean) This field indicates whether the SSL/TLS certificate must be verified or not
- `user` (String) User name for login

## Import

Import is supported using the following syntax:

```shell
/*
Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.

Licensed under the Mozilla Public License Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://mozilla.org/MPL/2.0/


Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

terraform import redfish_directory_service_auth_provider.ds_auth '{"username":"<username>","password":"<password>","endpoint":"<endpoint>","ssl_insecure":<true/false>}'
```
18 changes: 18 additions & 0 deletions examples/resources/redfish_directory_service_auth_provider/import.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
/*
Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.

Licensed under the Mozilla Public License Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://mozilla.org/MPL/2.0/


Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

terraform import redfish_directory_service_auth_provider.ds_auth '{"username":"<username>","password":"<password>","endpoint":"<endpoint>","ssl_insecure":<true/false>}'
25 changes: 25 additions & 0 deletions examples/resources/redfish_directory_service_auth_provider/provider.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
/*
Copyright (c) 2024 Dell Inc., or its subsidiaries. All Rights Reserved.
Licensed under the Mozilla Public License Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://mozilla.org/MPL/2.0/
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

terraform {
required_providers {
redfish = {
version = "1.5.0"
source = "registry.terraform.io/dell/redfish"
}
}
}
Loading

0 comments on commit d757792

Please sign in to comment.