ActiveDirectory is the public representation of the active directory config.
To get more information about activeDirectory, see:
resource "google_netapp_active_directory" "test_active_directory_full" {
name = "test-active-directory-full"
location = "us-central1"
domain = "ad.internal"
dns = "172.30.64.3"
net_bios_prefix = "smbserver"
username = "user"
password = "pass"
aes_encryption = false
backup_operators = ["test1", "test2"]
description = "ActiveDirectory is the public representation of the active directory config."
encrypt_dc_connections = false
kdc_hostname = "hostname"
kdc_ip = "10.10.0.11"
labels = {
"foo": "bar"
}
ldap_signing = false
nfs_users_with_ldap = false
organizational_unit = "CN=Computers"
security_operators = ["test1", "test2"]
site = "test-site"
}
The following arguments are supported:
domain
-
(Required)
Fully qualified domain name for the Active Directory domain.
dns
-
(Required)
Comma separated list of DNS server IP addresses for the Active Directory domain.
net_bios_prefix
-
(Required)
NetBIOS name prefix of the server to be created.
A five-character random ID is generated automatically, for example, -6f9a, and appended to the prefix. The full UNC share path will have the following format:
\\NetBIOS_PREFIX-ABCD.DOMAIN_NAME\SHARE_NAME
username
-
(Required)
Username for the Active Directory account with permissions to create the compute account within the specified organizational unit.
password
-
(Required)
Password for specified username. Note - Manual changes done to the password will not be detected. Terraform will not re-apply the password, unless you use a new password in Terraform.
Note: This property is sensitive and will not be displayed in the plan.
location
-
(Required)
Name of the region for the policy to apply to.
name
-
(Required)
The resource name of the Active Directory pool. Needs to be unique per location.
site
-
(Optional)
Specifies an Active Directory site to manage domain controller selection.
Use when Active Directory domain controllers in multiple regions are configured. Defaults to Default-First-Site-Name
if left empty.
organizational_unit
-
(Optional)
Name of the Organizational Unit where you intend to create the computer account for NetApp Volumes.
Defaults to CN=Computers
if left empty.
aes_encryption
-
(Optional)
Enables AES-128 and AES-256 encryption for Kerberos-based communication with Active Directory.
backup_operators
-
(Optional)
Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list.
security_operators
-
(Optional)
Domain accounts that require elevated privileges such as SeSecurityPrivilege
to manage security logs. Comma-separated list.
kdc_hostname
-
(Optional)
Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only requried for volumes using kerberized NFSv4.1
kdc_ip
-
(Optional)
IP address of the Active Directory server used as Kerberos Key Distribution Center.
nfs_users_with_ldap
-
(Optional)
Local UNIX users on clients without valid user information in Active Directory are blocked from access to LDAP enabled volumes.
This option can be used to temporarily switch such volumes to AUTH_SYS authentication (user ID + 1-16 groups).
description
-
(Optional)
An optional description of this resource.
ldap_signing
-
(Optional)
Specifies whether or not the LDAP traffic needs to be signed.
encrypt_dc_connections
-
(Optional)
If enabled, traffic between the SMB server to Domain Controller (DC) will be encrypted.
labels
-
(Optional)
Labels as key value pairs. Example: { "owner": "Bob", "department": "finance", "purpose": "testing" }
.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}
create_time
-
Create time of the active directory. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z".
state
-
The state of the Active Directory policy (not the Active Directory itself).
state_details
-
The state details of the Active Directory.
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.activeDirectory can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}
{{project}}/{{location}}/{{name}}
{{location}}/{{name}}
In Terraform v1.5.0 and later, use an import
block to import activeDirectory using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}"
to = google_netapp_active_directory.default
}
When using the terraform import
command, activeDirectory can be imported using one of the formats above. For example:
$ terraform import google_netapp_active_directory.default projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}
$ terraform import google_netapp_active_directory.default {{project}}/{{location}}/{{name}}
$ terraform import google_netapp_active_directory.default {{location}}/{{name}}
This resource supports User Project Overrides.