powerscale_adsprovider (Resource)
This resource is used to manage the ADS provider entity of PowerScale Array. We can Create, Update and Delete the ADS provider using this resource. We can also import an existing ADS provider from PowerScale array.
Example Usage
/*
Copyright (c) 2023-2024 Dell Inc., or its subsidiaries. All Rights Reserved.
Licensed under the Mozilla Public License Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://mozilla.org/MPL/2.0/
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
# Available actions: Create, Update, Delete and Import
# After `terraform apply` of this example file for the first time, you will create an ADS provider on the PowerScale
# PowerScale ADS provider allows you to authenticate users and groups
resource "powerscale_adsprovider" "ads_test" {
# Required
# Name should be a fully qualified domain name of an existing AD
name = "ADS.PROVIDER.EXAMPLE.COM"
# User should have join permission
user = "admin"
password = "password"
# Optional query parameters
# scope = "effective"
# check_duplicates = true
# Optional fields ONLY for creating
# dns_domain = "testDNSDomain"
# groupnet = "testGroupNet"
# instance = "testInstance"
# kerberos_hdfs_spn = true
# kerberos_nfs_spn = true
# machine_account = "testMachineAccount"
# organizational_unit = "testOrganizationalUnit"
# Optional fields ONLY for updating
# domain_controller = "testDomainController"
# reset_schannel = true
# spns = ["testSPN"]
# Optional fields both for creating and updating
# allocate_gids = true
# allocate_uids = true
# assume_default_domain = true
# authentication = true
# check_online_interval = 310
# controller_time = 1692087697
# create_home_directory = true
# domain_offline_alerts = true
# extra_expected_spns = ["testExtraExpectedSPN"]
# findable_groups = ["testFindableGroup"]
# findable_users = ["testFindableUser"]
# home_directory_template = "testHomeDirectoryTemplate"
# ignore_all_trusts = true
# ignored_trusted_domains = ["testIgnoredTrustedDomain"]
# include_trusted_domains = ["testIncludeTrustedDomain"]
# ldap_sign_and_seal = true
# login_shell = "testLoginShell"
# lookup_domains = ["testLookupDomains"]
# lookup_groups = true
# lookup_normalize_groups = true
# lookup_normalize_users = true
# lookup_users = true
# machine_password_changes = true
# machine_password_lifespan = 2591000
# node_dc_affinity = "testNodeDcAffinity"
# node_dc_affinity_timeout = 1000000
# nss_enumeration = true
# restrict_findable = true
# rpc_call_timeout = 70
# server_retry_limit = 4
# sfu_support = "testSfuSupport"
# store_sfu_mappings = true
# unfindable_groups = ["testUnfindableGroup"]
# unfindable_users = ["testUnfindableUser"]
}
# After the execution of above resource block, ADS Provider would have been created on the PowerScale array.
# For more information, Please check the terraform state file.
Schema
Required
name(String) Specifies the Active Directory provider name.password(String, Sensitive) Specifies the password used during domain join.user(String) Specifies the user name that has permission to join a machine to the given domain.
Optional
allocate_gids(Boolean) Allocates an ID for an unmapped Active Directory (ADS) group. ADS groups without GIDs can be proactively assigned a GID by the ID mapper. If the ID mapper option is disabled, GIDs are not proactively assigned, and when a primary group for a user does not include a GID, the system may allocate one.allocate_uids(Boolean) Allocates a user ID for an unmapped Active Directory (ADS) user. ADS users without UIDs can be proactively assigned a UID by the ID mapper. IF the ID mapper option is disabled, UIDs are not proactively assigned, and when an identify for a user does not include a UID, the system may allocate one.assume_default_domain(Boolean) Enables lookup of unqualified user names in the primary domain.authentication(Boolean) Enables authentication and identity management through the authentication provider.check_duplicates(Boolean) Check for duplicate SPNs registered in Active Directory.check_online_interval(Number) Specifies the time in seconds between provider online checks.controller_time(Number) Specifies the current time for the domain controllers.create_home_directory(Boolean) Automatically creates a home directory on the first login.dns_domain(String) Specifies the DNS search domain. Set this parameter if the DNS search domain has a unique name or address.domain_controller(String) Specifies the domain controller to which the authentication service should send requestsdomain_offline_alerts(Boolean) Sends an alert if the domain goes offline.extra_expected_spns(List of String) List of additional SPNs to expect beyond what automatic checking routines might findfindable_groups(List of String) Sets list of groups that can be resolved.findable_users(List of String) Sets list of users that can be resolved.groupnet(String) Groupnet identifier.home_directory_template(String) Specifies the path to the home directory template.id(String) Specifies the ID of the Active Directory provider instance.ignore_all_trusts(Boolean) If set to true, ignores all trusted domains.ignored_trusted_domains(List of String) Includes trusted domains when ‘ignore_all_trusts’ is set to false.include_trusted_domains(List of String) Includes trusted domains when ‘ignore_all_trusts’ is set to true.instance(String) Specifies Active Directory provider instance.kerberos_hdfs_spn(Boolean) Determines if connecting through HDFS with Kerberos.kerberos_nfs_spn(Boolean) Determines if connecting through NFS with Kerberos.ldap_sign_and_seal(Boolean) Enables encryption and signing on LDAP requests.login_shell(String) Specifies the login shell path.lookup_domains(List of String) Limits user and group lookups to the specified domains.lookup_groups(Boolean) Looks up AD groups in other providers before allocating a group ID.lookup_normalize_groups(Boolean) Normalizes AD group names to lowercase before look up.lookup_normalize_users(Boolean) Normalize AD user names to lowercase before look up.lookup_users(Boolean) Looks up AD users in other providers before allocating a user ID.machine_account(String) Specifies the machine account name when creating a SAM account with Active Directory.machine_password_changes(Boolean) Enables periodic changes of the machine password for security.machine_password_lifespan(Number) Sets maximum age of a password in seconds.node_dc_affinity(String) Specifies the domain controller for which the node has affinity.node_dc_affinity_timeout(Number) Specifies the timeout for the domain controller for which the local node has affinity.nss_enumeration(Boolean) Enables the Active Directory provider to respond to ‘getpwent’ and ‘getgrent’ requests.organizational_unit(String) Specifies the organizational unit.reset_schannel(Boolean) Resets the secure channel to the primary domain.restrict_findable(Boolean) Check the provider for filtered lists of findable and unfindable users and groups.rpc_call_timeout(Number) The maximum amount of time (in seconds) an RPC call to Active Directory is allowed to take.scope(String) When specified as ’effective’, or not specified, all fields are returned. When specified as ‘user’, only fields with non-default values are shown. When specified as ‘default’, the original values are returned.server_retry_limit(Number) The number of retries attempted when a call to Active Directory fails due to network error.sfu_support(String) Specifies whether to support RFC 2307 attributes on ADS domain controllers.spns(List of String) Currently configured SPNs.store_sfu_mappings(Boolean) Stores SFU mappings permanently in the ID mapper.unfindable_groups(List of String) Specifies groups that cannot be resolved by the provider.unfindable_users(List of String) Specifies users that cannot be resolved by the provider.
Read-Only
dup_spns(List of String) Get duplicate SPNs in the provider domainforest(String) Specifies the Active Directory forest.hostname(String) Specifies the fully qualified hostname stored in the machine account.netbios_domain(String) Specifies the NetBIOS domain name associated with the machine account.primary_domain(String) Specifies the AD domain to which the provider is joined.recommended_spns(List of String) Configuration recommended SPNs.site(String) Specifies the site for the Active Directory.status(String) Specifies the status of the provider.system(Boolean) If set to true, indicates that this provider instance was created by OneFS and cannot be removed.zone_name(String) Specifies the name of the access zone in which this provider was created.
Import
Import is supported using the following syntax:
# Copyright (c) 2023-2024 Dell Inc., or its subsidiaries. All Rights Reserved.
# Licensed under the Mozilla Public License Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://mozilla.org/MPL/2.0/
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# The command is
# terraform import powerscale_adsprovider.ads_test <name>
# Example:
terraform import powerscale_adsprovider.ads_test ads_id
# after running this command, populate the name field and other required parameters in the config file to start managing this resource.
# Note: running "terraform show" after importing shows the current config/state of the resource. You can copy/paste that config to make it easier to manage the resource.