Skip to content

Commit

Permalink
Add active directory join point resource and data source (#31)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kuba-mazurkiewicz
kuba-mazurkiewicz authored Jan 22, 2024
1 parent 5a9b0b4 commit 3ad92ae
Show file tree
Hide file tree
Showing 12 changed files with 2,618 additions and 0 deletions.
92 changes: 92 additions & 0 deletions docs/data-sources/active_directory_join_point.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "ise_active_directory_join_point Data Source - terraform-provider-ise"
subcategory: "Identity Management"
description: |-
This data source can read the Active Directory Join Point.
---

# ise_active_directory_join_point (Data Source)

This data source can read the Active Directory Join Point.

## Example Usage

```terraform
data "ise_active_directory_join_point" "example" {
id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `id` (String) The id of the object

### Read-Only

- `ad_scopes_names` (String) String that contains the names of the scopes that the active directory belongs to. Names are separated by comm
- `aging_time` (Number) Aging Time
- `attributes` (Attributes List) List of AD Attributes (see [below for nested schema](#nestedatt--attributes))
- `auth_protection_type` (String) Enable prevent AD account lockout for WIRELESS/WIRED/BOTH
- `country` (String) User info attribute
- `department` (String) User info attribute
- `description` (String) Join point Description
- `domain` (String) AD domain associated with the join point
- `email` (String) User info attribute
- `enable_callback_for_dialin_client` (Boolean) Enable Callback For Dial In Client
- `enable_dialin_permission_check` (Boolean) Enable Dial In Permission Check
- `enable_domain_allowed_list` (Boolean)
- `enable_failed_auth_protection` (Boolean) Enable prevent AD account lockout due to too many bad password attempts
- `enable_machine_access` (Boolean) Enable Machine Access
- `enable_machine_auth` (Boolean) Enable Machin Authentication
- `enable_pass_change` (Boolean) Enable Password Change
- `enable_rewrites` (Boolean) Enable Rewrites
- `failed_auth_threshold` (Number) Number of bad password attempts
- `first_name` (String) User info attribute
- `groups` (Attributes List) List of AD Groups (see [below for nested schema](#nestedatt--groups))
- `identity_not_in_ad_behaviour` (String) Identity Not In AD Behaviour
- `job_title` (String) User info attribute
- `last_name` (String) User info attribute
- `locality` (String) User info attribute
- `name` (String) The name of the active directory join point
- `organizational_unit` (String) User info attribute
- `plaintext_auth` (Boolean) Plain Text Authentication
- `rewrite_rules` (Attributes List) List of Rewrite rules (see [below for nested schema](#nestedatt--rewrite_rules))
- `schema` (String) Schema
- `state_or_province` (String) User info attribute
- `street_address` (String) User info attribute
- `telephone` (String) User info attribute
- `unreachable_domains_behaviour` (String) Unreachable Domains Behaviour

<a id="nestedatt--attributes"></a>
### Nested Schema for `attributes`

Read-Only:

- `default_value` (String) Required for each attribute in the attribute list. Can contain an empty string
- `internal_name` (String) Required for each attribute in the attribute list
- `name` (String) Required for each attribute in the attribute list with no duplication between attributes
- `type` (String) Required for each group in the group list


<a id="nestedatt--groups"></a>
### Nested Schema for `groups`

Read-Only:

- `name` (String) Required for each group in the group list with no duplication between groups
- `sid` (String) Required for each group in the group list with no duplication between groups
- `type` (String)


<a id="nestedatt--rewrite_rules"></a>
### Nested Schema for `rewrite_rules`

Read-Only:

- `rewrite_match` (String) Required for each rule in the list with no duplication between rules
- `rewrite_result` (String) Required for each rule in the list
- `row_id` (String) Required for each rule in the list in serial order
173 changes: 173 additions & 0 deletions docs/resources/active_directory_join_point.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "ise_active_directory_join_point Resource - terraform-provider-ise"
subcategory: "Identity Management"
description: |-
This resource can manage an Active Directory Join Point.
---

# ise_active_directory_join_point (Resource)

This resource can manage an Active Directory Join Point.

## Example Usage

```terraform
resource "ise_active_directory_join_point" "example" {
name = "cisco.local"
description = "My AD join point"
domain = "cisco.local"
ad_scopes_names = "Default_Scope"
enable_domain_allowed_list = true
groups = [
{
name = "cisco.local/operators"
sid = "S-1-5-32-548"
type = "GLOBAL"
}
]
attributes = [
{
name = "Attribute_1"
type = "STRING"
internal_name = "internal_name"
default_value = "default_string"
}
]
rewrite_rules = [
{
row_id = "0"
rewrite_match = "rewrite_match"
rewrite_result = "rewrite_result"
}
]
enable_rewrites = false
enable_pass_change = true
enable_machine_auth = true
enable_machine_access = true
enable_dialin_permission_check = false
plaintext_auth = false
aging_time = 5
enable_callback_for_dialin_client = false
identity_not_in_ad_behaviour = "SEARCH_JOINED_FOREST"
unreachable_domains_behaviour = "PROCEED"
schema = "ACTIVE_DIRECTORY"
first_name = "givenName"
department = "department"
last_name = "sn"
organizational_unit = "company"
job_title = "title"
locality = "l"
email = "mail"
state_or_province = "st"
telephone = "telephoneNumber"
country = "co"
street_address = "streetAddress"
enable_failed_auth_protection = false
failed_auth_threshold = 5
auth_protection_type = "WIRELESS"
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `domain` (String) AD domain associated with the join point
- `name` (String) The name of the active directory join point

### Optional

- `ad_scopes_names` (String) String that contains the names of the scopes that the active directory belongs to. Names are separated by comm
- Default value: `Default_Scope`
- `aging_time` (Number) Aging Time
- Default value: `5`
- `attributes` (Attributes List) List of AD Attributes (see [below for nested schema](#nestedatt--attributes))
- `auth_protection_type` (String) Enable prevent AD account lockout for WIRELESS/WIRED/BOTH
- Choices: `WIRELESS`, `WIRED`, `BOTH`
- `country` (String) User info attribute
- `department` (String) User info attribute
- `description` (String) Join point Description
- `email` (String) User info attribute
- `enable_callback_for_dialin_client` (Boolean) Enable Callback For Dial In Client
- Default value: `false`
- `enable_dialin_permission_check` (Boolean) Enable Dial In Permission Check
- Default value: `false`
- `enable_domain_allowed_list` (Boolean) - Default value: `true`
- `enable_failed_auth_protection` (Boolean) Enable prevent AD account lockout due to too many bad password attempts
- Default value: `false`
- `enable_machine_access` (Boolean) Enable Machine Access
- Default value: `true`
- `enable_machine_auth` (Boolean) Enable Machin Authentication
- Default value: `true`
- `enable_pass_change` (Boolean) Enable Password Change
- Default value: `true`
- `enable_rewrites` (Boolean) Enable Rewrites
- Default value: `false`
- `failed_auth_threshold` (Number) Number of bad password attempts
- Default value: `5`
- `first_name` (String) User info attribute
- `groups` (Attributes List) List of AD Groups (see [below for nested schema](#nestedatt--groups))
- `identity_not_in_ad_behaviour` (String) Identity Not In AD Behaviour
- Choices: `REJECT`, `SEARCH_JOINED_FOREST`, `SEARCH_ALL`
- `job_title` (String) User info attribute
- `last_name` (String) User info attribute
- `locality` (String) User info attribute
- `organizational_unit` (String) User info attribute
- `plaintext_auth` (Boolean) Plain Text Authentication
- Default value: `false`
- `rewrite_rules` (Attributes List) List of Rewrite rules (see [below for nested schema](#nestedatt--rewrite_rules))
- `schema` (String) Schema
- Choices: `ACTIVE_DIRECTORY`, `CUSTOM`
- `state_or_province` (String) User info attribute
- `street_address` (String) User info attribute
- `telephone` (String) User info attribute
- `unreachable_domains_behaviour` (String) Unreachable Domains Behaviour
- Choices: `PROCEED`, `DROP`

### Read-Only

- `id` (String) The id of the object

<a id="nestedatt--attributes"></a>
### Nested Schema for `attributes`

Required:

- `default_value` (String) Required for each attribute in the attribute list. Can contain an empty string
- `internal_name` (String) Required for each attribute in the attribute list
- `name` (String) Required for each attribute in the attribute list with no duplication between attributes
- `type` (String) Required for each group in the group list
- Choices: `STRING`, `IP`, `BOOLEAN`, `INT`, `OCTET_STRING`


<a id="nestedatt--groups"></a>
### Nested Schema for `groups`

Required:

- `name` (String) Required for each group in the group list with no duplication between groups
- `sid` (String) Required for each group in the group list with no duplication between groups

Optional:

- `type` (String)


<a id="nestedatt--rewrite_rules"></a>
### Nested Schema for `rewrite_rules`

Required:

- `rewrite_match` (String) Required for each rule in the list with no duplication between rules
- `rewrite_result` (String) Required for each rule in the list
- `row_id` (String) Required for each rule in the list in serial order

## Import

Import is supported using the following syntax:

```shell
terraform import ise_active_directory_join_point.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
```
3 changes: 3 additions & 0 deletions examples/data-sources/ise_active_directory_join_point/data-source.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
data "ise_active_directory_join_point" "example" {
id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
}
1 change: 1 addition & 0 deletions examples/resources/ise_active_directory_join_point/import.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
terraform import ise_active_directory_join_point.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
54 changes: 54 additions & 0 deletions examples/resources/ise_active_directory_join_point/resource.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
resource "ise_active_directory_join_point" "example" {
name = "cisco.local"
description = "My AD join point"
domain = "cisco.local"
ad_scopes_names = "Default_Scope"
enable_domain_allowed_list = true
groups = [
{
name = "cisco.local/operators"
sid = "S-1-5-32-548"
type = "GLOBAL"
}
]
attributes = [
{
name = "Attribute_1"
type = "STRING"
internal_name = "internal_name"
default_value = "default_string"
}
]
rewrite_rules = [
{
row_id = "0"
rewrite_match = "rewrite_match"
rewrite_result = "rewrite_result"
}
]
enable_rewrites = false
enable_pass_change = true
enable_machine_auth = true
enable_machine_access = true
enable_dialin_permission_check = false
plaintext_auth = false
aging_time = 5
enable_callback_for_dialin_client = false
identity_not_in_ad_behaviour = "SEARCH_JOINED_FOREST"
unreachable_domains_behaviour = "PROCEED"
schema = "ACTIVE_DIRECTORY"
first_name = "givenName"
department = "department"
last_name = "sn"
organizational_unit = "company"
job_title = "title"
locality = "l"
email = "mail"
state_or_province = "st"
telephone = "telephoneNumber"
country = "co"
street_address = "streetAddress"
enable_failed_auth_protection = false
failed_auth_threshold = 5
auth_protection_type = "WIRELESS"
}
Loading

0 comments on commit 3ad92ae

Please sign in to comment.