-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathauthentication_pc.yml
123 lines (113 loc) · 3.19 KB
/
authentication_pc.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
pc_ip: valid-pc-ip
# Specify a user with permission to make API calls.
pc_credential: pc_user # credential reference from "vaults" in global.yml file
#Create
pc_directory_services:
directory_type: ACTIVE_DIRECTORY # only ACTIVE_DIRECTORY is supported, port 389 will be used for LDAP
ad_name: name
ad_domain: eng.company.com
ad_directory_url: valid-ad-directory-url # e.g., ldap://10.1.4.111:389
service_account_credential: service_account_credential # credential reference from "vaults" in global.yml file
role_mappings:
- role_type: ROLE_USER_ADMIN # one of 'ROLE_CLUSTER_ADMIN', 'ROLE_USER_ADMIN', 'ROLE_CLUSTER_VIEWER', 'ROLE_BACKUP_ADMIN'
entity_type: GROUP # one of GROUP, OU, USER
values:
- john_doe
- john_smith
#Delete
pc_directory_services:
ad_name: name
role_mappings:
- role_type: ROLE_USER_ADMIN # one of 'ROLE_CLUSTER_ADMIN', 'ROLE_USER_ADMIN', 'ROLE_CLUSTER_VIEWER', 'ROLE_BACKUP_ADMIN'
entity_type: GROUP # one of GROUP, OU, USER
######################################## SCHEMA DOCUMENTATION ########################################
### ---CREATE SCHEMA --- ###
# directory_services:
# type: dict
# required: false
# schema:
# directory_type:
# type: string
# required: true
# allowed:
# - ACTIVE_DIRECTORY
# empty: false
# ad_name:
# type: string
# required: true
# empty: false
# ad_domain:
# type: string
# required: true
# empty: false
# ad_directory_url:
# type: string
# required: true
# empty: false
# service_account_credential:
# type: string
# required: true
# empty: false
# role_mappings:
# type: list
# required: false
# dependencies:
# - ad_name
# schema:
# type: dict
# schema:
# role_type:
# required: true
# type: string
# allowed:
# - ROLE_CLUSTER_ADMIN
# - ROLE_USER_ADMIN
# - ROLE_CLUSTER_VIEWER
# - ROLE_BACKUP_ADMIN
# entity_type:
# required: true
# type: string
# allowed:
# - GROUP
# - OU
# - USER
# values:
# required: true
# type: list
# schema:
# type: string
#
### ---DELETE SCHEMA --- ###
# directory_services:
# type: dict
# required: false
# schema:
# ad_name:
# type: string
# required: true
# empty: false
# role_mappings:
# type: list
# required: false
# dependencies:
# - directory_services.ad_name
# schema:
# type: dict
# schema:
# role_type:
# required: true
# type: string
# allowed:
# - ROLE_CLUSTER_ADMIN
# - ROLE_USER_ADMIN
# - ROLE_CLUSTER_VIEWER
# - ROLE_BACKUP_ADMIN
# entity_type:
# required: true
# type: string
# allowed:
# - GROUP
# - OU
# - USER
#
####################################################################################################