Skip to content

Latest commit

 

History

History
112 lines (93 loc) · 7.18 KB

index.md

File metadata and controls

112 lines (93 loc) · 7.18 KB

Centrify Provider

The Centrify provider is used to interact with the resources in Centrify Platform. It also allows other Terraform providers to retrieve vaulted password or secret from Centrify Platform.

Use the navigation to the left to read about the available resources.

Using The Provider

Specifying Provider Requirements

Use special terraform configuration block type to configure some behaviors of Terraform itself, such as provider source and minimum version.

terraform {
  required_providers {
    centrify = {
      source  = "marcozj/centrify"
    }
  }
}

Configure Provider Credential

The provider needs to be configured with the proper credentials before it can be used.

Example Usage (OAuth client id and credential authentication)

# Configure Centrify Provider to use OAuth client id and credential authentication
provider "centrify" {
    url = "https://<tenantid>.my.centrify.net"
    appid = "<YOUR APPLICATION ID>"
    scope = "<YOUR OAUTH2 SCOPE>"
    username = "<YOUR OAUTH2 CLIENT ID>"
    password = "<YOUR OAUTH2 CLIENT CREDENTIAL>"
}

Example Usage (OAuth2 token authentication)

# Configure Centrify Provider to use OAuth2 token authentication
provider "centrify" {
    url = "https://<tenantid>.my.centrify.net"
    appid = "<YOUR APPLICATION ID>"
    scope = "<YOUR OAUTH2 SCOPE>"
    token = "<YOUR OAUTH2 TOKEN>"
}

Example Usage (DMC authentication)

# Configure Centrify Provider to use DMC authentication
# The host on which terraform is run must have Centrify Client installed and enrolled into Centrify Platform
provider "centrify" {
    url = "https://<tenantid>.my.centrify.net"
    scope = "<YOUR DMC SCOPE>"
    use_dmc = true
}

Provider Argument Reference

The Provider supports OAuth2 and DMC authentication methods.

  • url - (Required) This is the cloud tenant or on-prem PAS URL, for example https://abc1234.my.centrify.net. It must be provided, but it can also be sourced from the CENTRIFY_URL environment variable.
  • appid - (Optional) This is the OAuth application ID configured in Centrify Platform. It must be provided if use_dmc isn't set to true. It can also be sourced from the CENTRIFY_APPID environment variable.
  • scope - (Required) This is either the OAuth or DMC scope. It must be provided, but it can also be sourced from the CENTRIFY_SCOPE environment variable.
  • token - (Optional) This is the Oauth token. It can also be sourced from the CENTRIFY_TOKEN environment variable.
  • username - (Optional) Authorized user to retrieve Oauth token. It can also be sourced from the CENTRIFY_USERNAME environment variable. If token is provided, this argument is ignored.
  • password - (Optional) Authorized user's password for retrieving Oauth token. It can also be sourced from the CENTRIFY_PASSWORD environment variable. If token is provided, this argument is ignored.
  • use_dmc - (Optional) Whether to use DMC authentication. It can also be sourced from the CENTRIFY_USEDMC environment variable. The default is false. If this is set to true, appid, token, username and password arguments are ingored.
  • skip_cert_verify - (Optional) Whether to skip certificate validation. It is used for testing against on-prem PAS deployment which uses self-signed certificate. It can also be sourced from the CENTRIFY_SKIPCERTVERIFY environment variable. The default is false.
  • log_level - (Optional) Log level. Can be set to fatal, error, info, or debug. It can also be sourced from CENTRIFY_LOGLEVEL environment variable. Default is error.
  • logpath - (Optional) If specified, logging information is written to the file. It can also be sourced from CENTRIFY_LOGPATH environment variable.

Supported Resources and Data Sources

Entity Resource Data Source
Directory Service centrify_directoryservice
Directory Object centrify_directoryobject
Global Group Mapping centrify_globalgroupmappings
Federated Group centrify_federatedgroup centrify_federatedgroup
Centrify Directory User centrify_user centrify_user
Centrify Directory User Password centrify_userpassword
Role centrify_role centrify_role
Role Membership centrify_role_membership
Authentication Profile centrify_authenticationprofile centrify_authenticationprofile
Password Profile centrify_passwordprofile centrify_passwordprofile
Connector centrify_connector
System centrify_system centrify_system
Database centrify_database centrify_database
Domain centrify_domain centrify_domain
Domain Configuration centrify_domainconfiguration
Cloud Provider centrify_cloudprovider centrify_cloudprovider
Account centrify_account centrify_account
Multiplexed Account centrify_multiplexedaccount centrify_multiplexedaccount
Secret centrify_secret centrify_secret
Secret Folder centrify_secretfolder centrify_secretfolder
SSH Key centrify_sshkey centrify_sshkey
Windows Service centrify_service centrify_service
Generic Web App centrify_webapp_generic centrify_webapp_generic
SAML Web App centrify_webapp_saml centrify_webapp_saml
Oauth Web App centrify_webapp_oauth centrify_webapp_oauth
OpenID Connect Web App centrify_webapp_oidc centrify_webapp_oidc
Desktop App centrify_desktopapp centrify_desktopapp
Policy Order centrify_policyorder
Policy centrify_policy centrify_policy
Global Workflow centrify_globalworkflow