Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / 7018e2f3f116fdacfd66c03551fbf0c3db62170a / . / v5.18.0 / website / docs / r / netapp_active_directory.html.markdown
blob: 53dda2a4b6d0a2c70379038962b08029a22767b9 [file] [log] [blame]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Google Cloud NetApp Volumes"
description: |-
ActiveDirectory is the public representation of the active directory config.
---
# google\_netapp\_active\_directory
ActiveDirectory is the public representation of the active directory config.
To get more information about activeDirectory, see:
* [API documentation](https://cloud.google.com/netapp/volumes/docs/reference/rest/v1/projects.locations.activeDirectories)
* How-to Guides
* [Official Documentation](https://cloud.google.com/netapp/volumes/docs/configure-and-use/active-directory/about-ad)
~> **Warning:** All arguments including the following potentially sensitive
values will be stored in the raw state as plain text: `password`.
[Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data).
## Example Usage - Netapp Active Directory Full
```hcl
resource "google_netapp_active_directory" "test_active_directory_full" {
name = "test-active-directory-full"
location = "us-central1"
domain = "ad.internal"
dns = "172.30.64.3"
net_bios_prefix = "smbserver"
username = "user"
password = "pass"
aes_encryption = false
backup_operators = ["test1", "test2"]
description = "ActiveDirectory is the public representation of the active directory config."
encrypt_dc_connections = false
kdc_hostname = "hostname"
kdc_ip = "10.10.0.11"
labels = {
"foo": "bar"
}
ldap_signing = false
nfs_users_with_ldap = false
organizational_unit = "CN=Computers"
security_operators = ["test1", "test2"]
site = "test-site"
}
```
## Argument Reference
The following arguments are supported:
* `domain` -
(Required)
Fully qualified domain name for the Active Directory domain.
* `dns` -
(Required)
Comma separated list of DNS server IP addresses for the Active Directory domain.
* `net_bios_prefix` -
(Required)
NetBIOS name prefix of the server to be created.
A five-character random ID is generated automatically, for example, -6f9a, and appended to the prefix. The full UNC share path will have the following format:
`\\NetBIOS_PREFIX-ABCD.DOMAIN_NAME\SHARE_NAME`
* `username` -
(Required)
Username for the Active Directory account with permissions to create the compute account within the specified organizational unit.
* `password` -
(Required)
Password for specified username. Note - Manual changes done to the password will not be detected. Terraform will not re-apply the password, unless you use a new password in Terraform.
**Note**: This property is sensitive and will not be displayed in the plan.
* `location` -
(Required)
Name of the region for the policy to apply to.
* `name` -
(Required)
The resource name of the Active Directory pool. Needs to be unique per location.
- - -
* `site` -
(Optional)
Specifies an Active Directory site to manage domain controller selection.
Use when Active Directory domain controllers in multiple regions are configured. Defaults to `Default-First-Site-Name` if left empty.
* `organizational_unit` -
(Optional)
Name of the Organizational Unit where you intend to create the computer account for NetApp Volumes.
Defaults to `CN=Computers` if left empty.
* `aes_encryption` -
(Optional)
Enables AES-128 and AES-256 encryption for Kerberos-based communication with Active Directory.
* `backup_operators` -
(Optional)
Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list.
* `security_operators` -
(Optional)
Domain accounts that require elevated privileges such as `SeSecurityPrivilege` to manage security logs. Comma-separated list.
* `kdc_hostname` -
(Optional)
Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only requried for volumes using kerberized NFSv4.1
* `kdc_ip` -
(Optional)
IP address of the Active Directory server used as Kerberos Key Distribution Center.
* `nfs_users_with_ldap` -
(Optional)
Local UNIX users on clients without valid user information in Active Directory are blocked from access to LDAP enabled volumes.
This option can be used to temporarily switch such volumes to AUTH_SYS authentication (user ID + 1-16 groups).
* `description` -
(Optional)
An optional description of this resource.
* `ldap_signing` -
(Optional)
Specifies whether or not the LDAP traffic needs to be signed.
* `encrypt_dc_connections` -
(Optional)
If enabled, traffic between the SMB server to Domain Controller (DC) will be encrypted.
* `labels` -
(Optional)
Labels as key value pairs. Example: `{ "owner": "Bob", "department": "finance", "purpose": "testing" }`.
**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field `effective_labels` for all of the labels present on the resource.
* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}`
* `create_time` -
Create time of the active directory. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z".
* `state` -
The state of the Active Directory policy (not the Active Directory itself).
* `state_details` -
The state details of the Active Directory.
* `terraform_labels` -
The combination of labels configured directly on the resource
and default labels configured on the provider.
* `effective_labels` -
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.
## Import
activeDirectory can be imported using any of these accepted formats:
* `projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}`
* `{{project}}/{{location}}/{{name}}`
* `{{location}}/{{name}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import activeDirectory using one of the formats above. For example:
```tf
import {
id = "projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}"
to = google_netapp_active_directory.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), activeDirectory can be imported using one of the formats above. For example:
```
$ terraform import google_netapp_active_directory.default projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}
$ terraform import google_netapp_active_directory.default {{project}}/{{location}}/{{name}}
$ terraform import google_netapp_active_directory.default {{location}}/{{name}}
```
## User Project Overrides
This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).