| subcategory |
|---|
Resources |
This resource allows you to create/update/delete domain.
resource "centrify_domain" "example_lab" {
name = "example.lab"
description = "example.lab domain"
// Policy menu
checkout_lifetime = 90
// Advanced -> Security Settings
allow_multiple_checkouts = true
enable_password_rotation = true
password_rotate_interval = 90
enable_password_rotation_after_checkin = true
minimum_password_age = 120
// Advanced -> Maintenance Settings
enable_password_history_cleanup = true
password_historycleanup_duration = 100
// Advanced -> Domain/Zone Tasks
enable_zone_joined_check = true
zone_joined_check_interval = 90
enable_zonerole_cleanup = true
zonerole_cleanup_interval = 6
}More examples can be found here
name- (String) The domain name.
- Settings
description- (String) Description of the domain.verify_domain- (Boolean) Whether to verify the Domain upon creation. Default istrue.forest_id- (String) Object ID of the forest. (experiment)parent_id- (String) Object ID of parent domain. (experiment)
- Policy
checkout_lifetime- (Number) Checkout lifetime (minutes). Specifies the number of minutes that a checked out password is valid. Range between15to2147483647.
- Advanced -> Account Reconciliation and Zone Role workflow settings
Domain reconciliation and Zone Role workflow configurations require vaulted domain account or domain account directly from AD. Vaulted domain account can only be added after the domain creation therefore reconciliation configurations can't be set during domain creation. It is handled separately by
centrify_domainconfigurationresource. - Advanced -> Security Settings
allow_multiple_checkouts- (Boolean) Allow multiple password checkouts per AD account added for this domain.enable_password_rotation- (Boolean) Enable periodic password rotation.password_rotate_interval- (Number) Password rotation interval (days).enable_password_rotation_after_checkin- (Boolean) Enable password rotation after checkin.minimum_password_age- (Number) Minimum Password Age (days). Range between0to2147483647.password_profile_id- (String) Password complexity profile id.
- Advanced -> Maintenance Settings
enable_password_history_cleanup- (Boolean) Enable periodic password history cleanup.password_historycleanup_duration- (Number) Password history cleanup (days). Range between90to2147483647.
- Advanced -> Domain/Zone Tasks
enable_zone_joined_check- (Boolean) Enable periodic domain/zone joined checkzone_joined_check_interval- (Number) Domain/zone joined check interval (minutes). Range between1to2147483647. Default is1440.enable_zonerole_cleanup- (Boolean) Enable periodic removal of expired zone role assignments.zonerole_cleanup_interval- (Number) Expired zone role assignment removal interval (hours). Range between1to2147483647. Default is6.
- Zone Role Workflow
enable_zonerole_workflow- (Boolean) Enable zone role requests for systems in this domain.assigned_zonerole- (Block Set) List of zone Role. Windows and Unix/Linux only. Applicable only ifuse_domainadmin_for_zonerole_workflowistrueandenable_zonerole_workflowistrueanduse_domain_assignment_for_zonerolesisfalse. Refer to assigned_zonerole attribute for details.assigned_zonerole_approver- (Block List) List of approvers for Zone Role request. Windows and Unix/Linux only. Applicable only ifuse_domainadmin_for_zonerole_workflowistrueandenable_zonerole_workflowistrueanduse_domain_assignment_for_zonerole_approversisfalse. Refer to workflow_approver and assigned_zonerole_approver for details.
connector_list(Set of String) List of Connector IDs. Refer to connector_list attribute for details.permission- (Block Set) Domain permissions. Refer to permission attribute for details.sets(Set of String) List of Set IDs the resource belongs to. Refer to sets attribute for details.
Domain can be imported using the resource id, e.g.
terraform import centrify_domain.example xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxLimitation: permission and set aren't supported in import process.