yankcrime · April 19, 2021 07:25
diff --git a/rancher2_ad_auth.tf b/rancher2_ad_auth.tf
 resource "rancher2_auth_config_activedirectory" "activedirectory" {
  servers                         = var.ad_server
  tls                             = false
  port                            = 389
  service_account_username        = var.ad_username
  service_account_password        = var.ad_password
  test_username                   = var.ad_username
  test_password                   = var.ad_password
  default_login_domain            = var.ad_default_login_domain
  user_search_base                = var.ad_user_search_base
  group_search_base               = var.ad_group_search_base
  nested_group_membership_enabled = true
  access_mode                     = "unrestricted"
  allowed_principal_ids           = ["local://${data.rancher2_user.admin.id}", "activedirectory_group://CN=SRE,OU=Groups,DC=tetromino,DC=local"]

  count = var.enable_active_directory ? 1 : 0
 }

 resource "rancher2_project" "website" {
  name             = "website"
  cluster_id       = rancher2_cluster.production.id
  wait_for_cluster = true
 }

 resource "rancher2_project" "encoder" {
  name             = "encoder"
  cluster_id       = rancher2_cluster.development.id
  wait_for_cluster = true
 }

 resource "rancher2_global_role_binding" "sre" {
  name               = "sre"
  global_role_id     = "admin"
  group_principal_id = "activedirectory_group://cn=sre,${var.ad_group_search_base}"
 }

 resource "rancher2_global_role_binding" "dev" {
  name               = "dev"
  global_role_id     = "user"
  group_principal_id = "activedirectory_group://cn=Dev,${var.ad_group_search_base}"
 }
diff --git a/terraform.tfvars b/terraform.tfvars
 enable_active_directory = true
 ad_username             = "TETROMINO\\SArancher"
 ad_password             = "abc123changeme"
 ad_server               = ["192.168.1.220"]
 ad_user_search_base     = "dc=tetromino,dc=local"
 ad_group_search_base    = "OU=Groups,DC=tetromino,DC=local"
 ad_default_login_domain = "TETROMINO"
diff --git a/variables.tf b/variables.tf
 variable "enable_active_directory" {
  description = "Whether or not to enable Rancher AD integration"
  default     = false
 }

 variable "ad_server" {
  description = "Active Directory server(s) IP or hostname"
  default     = [""]
 }

 variable "ad_username" {
  description = "Active Directory service account used for lookups"
  default     = ""
 }

 variable "ad_password" {
  description = "Active Directory password"
  default     = ""
 }

 variable "ad_user_search_base" {
  description = "AD user search base"
  default     = ""
 }

 variable "ad_group_search_base" {
  description = "AD group search base"
  default     = ""
 }

 variable "ad_default_login_domain" {
  description = "Default AD login domain"
  default     = ""
 }

 variable "domain" {
  description = "Domain suffix"
  default     = "int.dischord.org"
 }
	resource "rancher2_auth_config_activedirectory" "activedirectory" {
	servers = var.ad_server
	tls = false
	port = 389
	service_account_username = var.ad_username
	service_account_password = var.ad_password
	test_username = var.ad_username
	test_password = var.ad_password
	default_login_domain = var.ad_default_login_domain
	user_search_base = var.ad_user_search_base
	group_search_base = var.ad_group_search_base
	nested_group_membership_enabled = true
	access_mode = "unrestricted"
	allowed_principal_ids = ["local://${data.rancher2_user.admin.id}", "activedirectory_group://CN=SRE,OU=Groups,DC=tetromino,DC=local"]

	count = var.enable_active_directory ? 1 : 0
	}

	resource "rancher2_project" "website" {
	name = "website"
	cluster_id = rancher2_cluster.production.id
	wait_for_cluster = true
	}

	resource "rancher2_project" "encoder" {
	name = "encoder"
	cluster_id = rancher2_cluster.development.id
	wait_for_cluster = true
	}

	resource "rancher2_global_role_binding" "sre" {
	name = "sre"
	global_role_id = "admin"
	group_principal_id = "activedirectory_group://cn=sre,${var.ad_group_search_base}"
	}

	resource "rancher2_global_role_binding" "dev" {
	name = "dev"
	global_role_id = "user"
	group_principal_id = "activedirectory_group://cn=Dev,${var.ad_group_search_base}"
	}
	enable_active_directory = true
	ad_username = "TETROMINO\\SArancher"
	ad_password = "abc123changeme"
	ad_server = ["192.168.1.220"]
	ad_user_search_base = "dc=tetromino,dc=local"
	ad_group_search_base = "OU=Groups,DC=tetromino,DC=local"
	ad_default_login_domain = "TETROMINO"
	variable "enable_active_directory" {
	description = "Whether or not to enable Rancher AD integration"
	default = false
	}

	variable "ad_server" {
	description = "Active Directory server(s) IP or hostname"
	default = [""]
	}

	variable "ad_username" {
	description = "Active Directory service account used for lookups"
	default = ""
	}

	variable "ad_password" {
	description = "Active Directory password"
	default = ""
	}

	variable "ad_user_search_base" {
	description = "AD user search base"
	default = ""
	}

	variable "ad_group_search_base" {
	description = "AD group search base"
	default = ""
	}

	variable "ad_default_login_domain" {
	description = "Default AD login domain"
	default = ""
	}

	variable "domain" {
	description = "Domain suffix"
	default = "int.dischord.org"
	}