Basic configuration and usage

• Provider configuration
• API Endpoint
• Authentication
• Usage Example

Core resources

• Resource: luminate_site
• Resource: luminate_connector

Application Resources

• Resource: luminate_web_application
• Resource: luminate_ssh_application
• Resource: luminate_rdp_application
• Resource: luminate_tcp_application
• Resource: luminate_ssh_gw_application
• Resource: luminate_segment_application

Policy resources

• Resource: luminate_rdp_access_policy
• Resource: luminate_ssh_access_policy
• Resource: luminate_web_access_policy
• Resource: luminate_tcp_access_policy

Collection resources

• Resource: luminate_collection
• Resource: luminate_collection_site_link
• Resource: luminate_tenant_role
• Resource: luminate_collection_role
• Resource: luminate_site_role

Identities resources

• Resource: luminate_group_user

Data sources

• [Data Source: luminate_identity_provider](#data-Source: luminate_identity_provider)
• [Data Source: luminate_user](#data-Source: luminate_user)
• [Data Source: luminate_group](#data-Source: luminate_group)
• [Data Source: luminate_aws_integration](#data-Source: luminate_aws_integration)
• [Data Source: luminate_ssh_client](#data-Source: luminate_ssh_client)

Broadcom secure access cloud terraform provider is used to create and manage resources supported by Secure access cloud platform.

To use the provider it must first be configured to access Secure access cloud management API.

provider "luminate" {         
    api_endpoint = "api.example.luminatesec.com"
}

The API endpoint address is based on the tenant name in Secure access cloud

The format is as follows:

api.<tenant_name>.luminatesec.com

For example:
If the tenant name is "mycompany" the API endpoint address would be "api.mycompany.luminatesec.com"

Authentication is done using an API Client credentials

shell

$ export LUMINATE_API_CLIENT_ID=123456789  
$ export LUMINATE_API_CLIENT_SECRET=abcdefghijk

main.tf

provider "luminate" {|
    api_endpoint = "api.example.luminatesec.com"
}

provider "luminate" {
  api_endpoint = "api.example.luminatesec.com"
  api_client_id = "123456789"
  api_client_secret = "abcdefghijk"
}

Warning: storing credentials in terraform files is not recommended and may lead to a secret leak in case the file is committed to a public repository

This will create a site with one connector, web application and access policy

#Configure the provider
provider "luminate" {
  api_endpoint = "api.example.luminatesec.com"
}

#Create site
resource "luminate_site" "site" {
  name = "my-new-site"
}

#Create connector and bind to site "my-new-site"
resource "luminate_connector" "connector" {
  name = "connector-${luminate_site.site.name}"
  site_id = "${luminate_site.site.id}"
  type = "linux"
}

#Create web application
resource "luminate_web_application" "nginx-app" {
  name = "nginx"
  site_id = "${luminate_site.site.id}"
  internal_address = "http://127.0.0.1:8080"
}

#Retrieve the id of local IDP
data "luminate_identity_provider" "idp" {
  identity_provider_name = "local"
}

#Retrieve users from IDP
data "luminate_user" "users" {
  identity_provider_id = "${data.luminate_identity_provider.idp.identity_provider_id}"
  users = ["local-user"]
}

#Create access policy and attach to application
resource "luminate_web_access_policy" "nginx-access-policy" {
  name = "nginx-access-policy"
  identity_provider_id = "${data.luminate_identity_provider.idp.identity_provider_id}"
  user_ids = [${data.luminate_user.users.user_ids}]
  applications = [${luminate_web_application.nginx-app.id}]
}

#One time command to start the created connector
output "run-command" {
  value = "${luminate_connector.connector.command}"
}

Due to changes to HCL terraform code written for previous versions has to be converted to new language version.

Terraform provides a built-in command to make the required changes.

For more information and detailed instructions refer to: https://www.terraform.io/upgrade-guides/0-12.html

cd /terraform-repo
terraform 0.12upgrade

NOTE: 0.12upgrade sub command will change code in-place overwriting existing files.

Provides secure access cloud site resource

­­­

resource "luminate_site" "new-site" {
  name = "my-new-site"
}

The following arguments are supported:

• name (Required) The name of the site

• region (Optional) Connectivity region. If not specified, the default region will be used

• mute_health_notification (Optional) Don't send notification if the site is down

• kubernetes_persistent_volume_name (Optional) Kubernetes persistent volume name - only relevant if running on top kubernetes

• kerberos - (Optional)

  • domain (Required) - Active Directory domain name you want to SSO with.

  • kdc_address - (Required) - The hostname of the primary domain controller.

  • keytab_pair - (Required) - The absolute path of the keytab file

  NOTE: kerberos block is optional, but if specified all nested fields are required

In addition to arguments above, the following attributes are exported:

• id - id of the site

$ terraform import luminate_site.new-site site-id

Provides secure access cloud connector resource

­­­

resource "luminate_connector" "connector" {
  name = "connector-name"
  site_id = "site-id"
  type = "linux"
}

The following arguments are supported:

• name - (Required) name of the connector

• site_id - (Required) site id to attach the connector

• type - (Required) type of the connector. Valid types: linux | kubernetes | windows | docker-compose

NOTE: Connector resource is immutable. Changing any of the arguments will trigger recreation

In addition to arguments above, the following attributes are exported:

• id - id of the connector

• command - command for deploying Luminate connector

• otp - one time password for running Luminate connector

$ terraform import luminate_connector.connector connector_id

Provides Secure access cloud web application

resource "luminate_web_application" "new-web-application" {
  name = "web-application"
  site_id = "site_id"
  internal_address = "http://127.0.0.1:8080"
}

The following arguments are supported:

• name - (Required) name of the applications

• site_id - (Required) Site ID to which the application will be bound

• icon - (Optional) Base64 representation of 40x40 icon

• visible - (Optional) Indicates whether to show this application in the applications portal.

• notification_enabled - (Optional) Indicates whether notifications are enabled for this application.

• subdomain - (Optional) The application DNS subdomain.

• custom_external_address - (Optional) The application custom DNS address that exposes the application.

• internal_address - (Required) Internal address of the application, accessible by connector

• custom_root_path - (Optional) Requests coming into the external address root path '/', will be redirected to this custom path instead.

• health_url - (Optional) Health check path. The URI is relative to the external address.

• health_method - (Optional) HTTP method to validate application health. Valid methods: GET | HEAD

• default_content_rewrite_rules_enabled - (Optional) Indicates whether to enable automatic translation of all occurrences of the application internal address to its external address on most prominent content types and relevant headers.

• default_header_rewrite_rules_enabled - (Optional) Indicates whether to enable automatic translation of all occurrences of the application internal address to its external address on relevant headers.

• use_external_address_for_host_and_sni - (Optional) Indicates whether to use external address for host header and SNI.

• linked_applications - (Optional) This property should be set in a scenario where the defined application contains resources that reference additional web applications by their internal domain name.

• header_customization - (Optional) Custom headers key:value pairs to be added to all requests.

• collection_id - (Optional) Collection id to be linked to app, if empty will be assigned to default collection

In addition to arguments above, the following attributes are exported:

• id - id of the application

• external_address

• luminate_address

$ terraform import luminate_web_application.new-web-application application_id

Provides Secure access cloud SSH application

­­­

resource "luminate_ssh_application" "new-ssh-application" {  
    site_id = "site_id"
    name = "ssh-applications"
    internal_address = "tcp://127.0.0.1:22"
}                                                   

The following arguments are supported:

• name - (Required) name of the applications

• site_id - (Required) Site ID to which the application will be bound

• icon - (Optional) Base64 representation of 40x40 icon

• visible - (Optional) Indicates whether to show this application in the applications portal.

• notification_enabled - (Optional) Indicates whether notifications are enabled for this application.

• subdomain - (Optional) The application DNS subdomain.

• custom_external_address - (Optional) The application custom DNS address that exposes the application.

• internal_address - (Required) Internal address of the application, accessible by connector

• collection_id - (Optional) Collection id to be linked to app, if empty will be assigned to default collection

In addition to arguments above, the following attributes are exported:

• id - id of the application

• external_address

• luminate_address

$ terraform import luminate_ssh_application.new-ssh-application  application_id

Provides Secure access cloud RDP application

­­

resource "luminate_rdp_application" "new-rdp-application" {
  site_id = "site_id"
  name = "rdp-application"
  internal_address = "tcp://127.0.0.1"
}

The following arguments are supported:

• name - (Required) name of the applications

• site_id - (Required) Site ID to which the application will be bound

• icon - (Optional) Base64 representation of 40x40 icon

• visible - (Optional) Indicates whether to show this application in the applications portal.

• notification_enabled - (Optional) Indicates whether notifications are enabled for this application.

• subdomain - (Optional) The application DNS subdomain.

• custom_external_address - (Optional) The application custom DNS address that exposes the application.

• internal_address - (Required) Internal address of the application, accessible by connector

• collection_id - (Optional) Collection id to be linked to app, if empty will be assigned to default collection

In addition to arguments above, the following attributes are exported:

• id - id of the application

• external_address

• luminate_address

$ terraform import luminate_rdp_application.new-rdp-application application_id

Provides Secure access cloud TCP application

­­­

resource "luminate_tcp_application" "new-tcp-application" {
  name = "tcp-application"
  site_id = "site-id"
  target {
    address = "127.0.0.1"
    ports = ["8080"]
  }
}

The following arguments are supported:

• name - (Required) name of the applications

• site_id - (Required) Site ID to which the application will be bound

• icon - (Optional) Base64 representation of 40x40 icon

• visible - (Optional) Indicates whether to show this application in the applications portal.

• notification_enabled - (Optional) Indicates whether notifications are enabled for this application.

• subdomain - (Optional) The application DNS subdomain.

• custom_external_address - (Optional) The application custom DNS address that exposes the application.

• target - (Required) - list of TCP application targets

  • address - (Required) application target address.

  • ports - (Required) list of forwarded ports.

  • collection_id - (Optional) Collection id to be linked to app, if empty will be assigned to default collection

In addition to arguments above, the following attributes are exported:

• id - id of the application

• external_address

• luminate_address

$ terraform import luminate_tcp_application.new-tcp-application  application_id

Provides Secure access cloud SSH GW application

­­­

resource "luminate_ssh_gw_application" "new-sshgw-access" {  
  site_id = "site_id"
  name = "sshgw-application"

  integration_id = "integration_id",

  tags {
    Type = "ssh-gw-demo"
  }

  vpc {
    region = "eu-west-1"
    cidr_block = "172.31.0.0/16"
    vpc_id = "vpc-123456789"
  }
}

The following arguments are supported:

• name - (Required) name of the applications

• site_id - (Required) Site ID to which the application will be bound

• icon - (Optional) Base64 representation of 40x40 icon

• visible - (Optional) Indicates whether to show this application in the applications portal.

• notification_enabled - (Optional) Indicates whether notifications are enabled for this application.

• subdomain - (Optional) The application DNS subdomain.

• custom_external_address - (Optional) The application custom DNS address that exposes the application.

• internal_address - (Required) Internal address of the application, accessible by connector

• integration_id - (Required) integration id used to set up the ssh gw application

• tags - (Required) a map of tags used to determine which machines is included as part of this ssh gw

• vpc - (Required) A list of vpc definitions used to determine the target group to include as part of the ssh gw application

  • vpc_id - (Required) - the vpc id of the vpc containing target machines

  • region - (Required) - the region containing the target machines

  • cidr_block - (Required) - the cidr block of the machines to include

In addition to arguments above, the following attributes are exported:

• id - id of the application

• segment_id

• external_address

• luminate_address

$ terraform import luminate_ssh_gw_application.new-sshgw-access  application_id

Provides Secure access cloud Segment application

resource "luminate_segment_application" "nginx-app" {
  name = "nginx"
  site_id = "${luminate_site.site.id}"
  segment_settings {
	original_ip = "10.60.30.0/24"
	}
}

Or using multiple_segment_settings

resource "luminate_segment_application" "new-segment-application" {
	name = "ngnix"
	sub_type = "SEGMENT_SPECIFIC_IPS"
	site_id = "${luminate_site.new-site.id}"
  	multiple_segment_settings {
            original_ip = ["192.168.1.1", "192.168.1.2"]
  	}
}

The following arguments are supported:

• name - (Required) name of the applications

• site_id - (Required) Site ID to which the application will be bound

• segment settings - The segment application settings. This field will be deprecated, please use multiple segment settings instead.

  • original_ip - (Required) The internal resource IP address which is used by the connector for access to the application.

• multiple segment settings - (Required) The segment application settings

  • original_ip - (Required) The internal resource IPs addresses which is used by the connector for access to the application.

Provides Secure access cloud RDP access policy

­­­

resource "luminate_rdp_access_policy" "new-rdp-access-policy" {
  name =  "my-rdp-access-policy"

  identity_provider_id = "identity_provider_id"
  user_ids = ["user1_id", "user2_id"]
  group_ids = ["group1_id", "group2_id"]

  applications = ["application1_id","application2_id"]

  validators = {
    web_verification = true
  }

  conditions = {
    source_ip = ["127.0.0.1/24", "1.1.1.1/16"]
    location = ["Wallis and Futuna"]
  }
}

The following arguments are supported:

• name - (Required) name of the policy

• enabled - (Optional) Indicates whether this policy is enabled.

• identity_provider_id - (Optional) The identity provider id

• user_ids - (Optional) The user entities to which this policy applies.

• group_ids - (Optional) The group entities to which this policy applies.

• applications - (Required) The applications to which this policy applies.

• validators - (Optional)

  • web_verification - (Optional) Indicate whatever to perform web verification validation. not compatible for HTTP applications

• conditions - (Optional)

  • location - (Optional) - location based condition, specify the list of accepted locations.

  • source_ip - (Optional) - source ip based condition, specify the allowed CIDR for this policy.

• allow_long_term_password - (Optional) Indicates whether to allow long term password.

In addition to arguments above, the following attributes are exported:

• id - id of the policy

$ terraform import luminate_rdp_access_policy.new-rdp-access-policy  policy_id

Provides Secure access cloud SSH access policy

­­­

resource "luminate_ssh_access_policy" "new-ssh-access-policy" {
  name =  "my-ssh-access-policy"

  identity_provider_id = "identity_provider_id"
  user_ids = ["user1_id", "user2_id"]
  group_ids = ["group1_id", "group2_id"]

  applications = ["application1_id","application2_id"]
  accounts = ["ubuntu", "ec2-user"]
  allow_temporary_token = true
}

The following arguments are supported:

• name - (Required) name of the policy

• enabled - (Optional) Indicates whether this policy is enabled.

• identity_provider_id - (Optional) The identity provider id

• user_ids - (Optional) The user entities to which this policy applies.

• group_ids - (Optional) The group entities to which this policy applies.

• applications - (Required) The applications to which this policy applies.

• accounts - (Required) SSH/Unix accounts with which IDP entities and/or Luminate local users can access the SSH Server

• use_auto_mapping - (Optional) Determine the strategy for mapping IDP entities to SSH/Unix accounts, and specifically indicate whether automatic mapping based on the logged-in IDP entity username is allowed. In case this property is set to TRUE, manually entered SSH accounts are ignored. This property is relevant for SSH applications only

• allow_agent_forwarding - (Optional) Indicates whether SSH agent forwarding is allowed for transparent secure access to all corporate SSH Servers via this SSH application that acts a Bastion. This property is relevant for SSH applications only.

• allow_temporary_token - (Optional) Indication whether authentication using a temporary token is allowed.

• allow_public_key - (Optional) Indication whether authentication using long term secret is allowed.

• validators - (Optional)

  • web_verification - (Optional) Indicate whatever to perform web verification validation. not compatible for HTTP applications

• conditions - (Optional)

  • location - (Optional) - location based condition, specify the list of accepted locations.

  • source_ip - (Optional) - source ip based condition, specify the allowed CIDR for this policy.

In addition to arguments above, the following attributes are exported:

• id - id of the policy

$ terraform import luminate_ssh_access_policy.new-ssh-access-policy  policy_id

Provides Secure access cloud SSH access policy

­­­

resource "luminate_web_access_policy" "new-web-access-policy" {
  name =  "my-web-access-policy"

  identity_provider_id = "identity_provider_id"
  user_ids = ["user1_id", "user2_id"]
  group_ids = ["group1_id", "group2_id"]

  applications = ["application1_id","application2_id"]
  
  conditions = {
    source_ip = ["127.0.0.1/24", "1.1.1.1/16", "8.8.8.8/24"]
    location = ["Wallis and Futuna"]

    managed_device = {
      symantec_cloudsoc = true
      symantec_web_security_service = false
    }
    validators {
        mfa = true
    }
  }
}

The following arguments are supported:

• name - (Required) name of the policy

• enabled - (Optional) Indicates whether this policy is enabled.

• identity_provider_id - (Optional) The identity provider id

• user_ids - (Optional) The user entities to which this policy applies.

• group_ids - (Optional) The group entities to which this policy applies.

• applications - (Required) The applications to which this policy applies.

• accounts - (Required) SSH/Unix accounts with which IDP entities and/or Luminate local users can access the SSH Server

• validators - (Optional)

  • mfa - (Optional) Specifies whether to carry out mfa (multi-factor authentication) validation.

• conditions - (Optional)

  • location - (Optional) - location based condition, specify the list of accepted locations.

  • source_ip - (Optional) - source ip based condition, specify the allowed CIDR for this policy.

  • managed_device - (Optional) Indicate whatever to restrict access to managed devices only

    • opswat - (Optional) Indicate whatever to restrict access to Opswat MetaAccess

    • symantec_cloudsoc - (Optional) Indicate whatever to restrict access to symantec cloudsoc

    • symantec_web_security_service - (Optional) Indicate whatever to restrict access to symantec web security service

  • unmanaged_device - (Optional) Indicate whatever to restrict access to unmanaged devices only

In addition to arguments above, the following attributes are exported:

• id - id of the policy

$ terraform import luminate_web_access_policy.new-web-access-policy  policy_id

Provides Secure access cloud TCP access policy

­­­

resource "luminate_tcp_access_policy" "new-tcp-access-policy" {
  name =  "my-tcp-access-policy"

  identity_provider_id = "identity_provider_id"
  user_ids = ["user1_id", "user2_id"]
  group_ids = ["group1_id", "group2_id"]

  applications = ["application1_id","application2_id"]
  accounts = ["ubuntu", "ec2-user"]
  allow_temporary_token = true
}

The following arguments are supported:

• name - (Required) name of the policy

• enabled - (Optional) Indicates whether this policy is enabled.

• identity_provider_id - (Optional) The identity provider id

• user_ids - (Optional) The user entities to which this policy applies.

• group_ids - (Optional) The group entities to which this policy applies.

• applications - (Required) The applications to which this policy applies.

• allow_temporary_token - (Optional) Indication whether authentication using a temporary token is allowed.

• allow_public_key - (Optional) Indication whether authentication using long term secret is allowed.

• validators - (Optional)

  • web_verification - (Optional) Indicate whatever to perform web verification validation. not compatible for HTTP applications

• conditions - (Optional)

  • location - (Optional) - location based condition, specify the list of accepted locations.

  • source_ip - (Optional) - source ip based condition, specify the allowed CIDR for this policy.

In addition to arguments above, the following attributes are exported:

• id - id of the policy

$ terraform import luminate_tcp_access_policy.new-tcp-access-policy  policy_id

Provides Secure access cloud collection resource

resource "luminate_collection" "new-collection" {
  name = "my-collection"
}

The following arguments are supported:

• name - (Required) name of the collection

Provides Secure access cloud link between site and collection

resource "luminate_collection_site_link" "new-collection-site-link" {
      site_id = "c11e4576-53c8-4617-a408-5d31a9c9e954"
	  collection_ids = sort(["8d945145-0d0a-4b76-b6a7-8f7af4fc8dc3"])
	}

The following arguments are supported:

• site_id - (Required) Site id
• collection_ids - (Required) Collection ids to be linked to site must be sorted

Provides Secure access cloud assign entity to tenant role

	resource "luminate_tenant_role" "tenant-admin" {
		role_type = "TenantAdmin"
		identity_provider_id =  "local"
		entity_id = "a8a48219-835f-4183-a2a9-bbba8cad8eb8"
		entity_type = "User"
	}

The following arguments are supported:

• role_type - (Required) the role to assign TenantAdmin | TenantViewer
• identity_provider_id - (Required) The identity provider id
• entity_id - (Required) The entity id in idp
• entity_type - (Required) the entity type User | Group | ApiClient

Provides Secure access cloud assign entity to collection role

    resource "luminate_collection_role" "policy-owner" {
		role_type = "PolicyOwner"
		identity_provider_id =  "local"
		entity_id = "a8a48219-835f-4183-a2a9-bbba8cad8eb8"
		entity_type = "User"
		collection_id = "${luminate_collection.collection.id}"
	}   

The following arguments are supported:

• role_type - (Required) the role to assign PolicyOwner | ApplicationOwner
• identity_provider_id - (Required) The identity provider id
• entity_id - (Required) The entity id in idp
• entity_type - (Required) the entity type User | Group | ApiClient
• collection_id - (Required) Collection id to be assigned

Provides Secure access cloud assign entity to site role

	resource "luminate_site_role" "site-editor" {
		role_type = "SiteEditor"
		identity_provider_id =  "local"
		entity_id = "a8a48219-835f-4183-a2a9-bbba8cad8eb8"
		entity_type = "User"
		site_id = "${luminate_site.site.id}"
	}

The following arguments are supported:

• role_type - (Required) the role to assign SiteEditor | SiteConnectorDeployer
• identity_provider_id - (Required) The identity provider id
• entity_id - (Required) The entity id in idp
• entity_type - (Required) the entity type User | Group | ApiClient
• site_id - (Required) Site id to be assigned

Provides secure access cloud group_user resource

­­­

data "luminate_group" "my-groups" {
	identity_provider_id = "local"
	groups = ["group1"]
}

data "luminate_user" "my-users" {
	identity_provider_id = "local"
	users = ["user1"]
}

resource "luminate_group_user" "new_group_membership" {
	group_id = "${data.luminate_group.my-groups.group_ids.0}"
	user_id = "${data.luminate_user.my-users.user_ids.0}"
}

The following arguments are supported:

• group_id - (Required) Group id
• user_id - (Required) User id to be assigned to group

Provides secure access cloud aws_integration resource

­

resource "luminate_aws_integration" "new-integration" {
	integration_name = "exampleIntegration"
}

The following arguments are supported:

• integration_name - (Required) name for the AWS integration

In addition to arguments above, the following attributes are exported:

• integration_id - new integration id
• luminate_aws_account_id - luminate AWS account ID
• aws_external_id - the integration AWS external ID

Provides secure access cloud aws_integration resource

­

resource "luminate_aws_integration" "new-integration" {
	integration_name = "exampleIntegrationBind"
}

//create and bind IAMrole and policy with new integration external ID and luminate account ID
resource "aws_iam_role" "test_role" {
  name = "exampleIntegrationBind"
  assume_role_policy = jsonencode({
	 Version= "2012-10-17"
        Statement = [
            {
                Effect = "Allow"
                Action = "sts:AssumeRole"
                Condition = {
                    StringEquals = {
                        "sts:ExternalId": [
                            "${luminate_aws_integration.new-integration.aws_external_id}"
                        ]
                    }
                },
                Principal = {
                    "AWS" = [
                        "${luminate_aws_integration.new-integration.luminate_aws_account_id}"
                    ]
                }
            }
        ]
	})
}

resource "aws_iam_policy" "policy" {
  name        = "test_policy"
  path        = "/"
  description = "My test policy"

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
	  Sid = "VisualEditor0"
        Effect   = "Allow"
        Action = [
           "ec2:DescribeInstances",
           "ec2:DescribeVpcs",
           "ec2:DescribeRegions",
           "ec2:DescribeTags"
        ]
        Resource = "*"
      },
    ]
  })
}

resource "aws_iam_role_policy_attachment" "test-attach" {
  role       = aws_iam_role. test_role.name
  policy_arn = aws_iam_policy.policy.arn
}

resource "luminate_aws_integration_bind" "new-integration-bind" {
	integration_name = "${luminate_aws_integration.new-integration.integration_name}"
	integration_id= "${luminate_aws_integration.new-integration.integration_id}"
	aws_role_arn= "aws_iam_role_policy_attachment.test-attach.arn"
	luminate_aws_account_id= "${luminate_aws_integration.new-integration.luminate_aws_account_id}"	
	aws_external_id= "${luminate_aws_integration.new-integration.aws_external_id}"
	regions = ["us-west-1"]
}

The following arguments are supported:

• integration_name - (Required) name of the AWS integration
• integration_id - (Required) ID of the AWS integration
• aws_role_arn - (Required) AWS arn
• luminate_aws_account_id - (Required) luminate AWS account ID
• aws_external_id - (Required) integration AWS external ID
• regions - (Required) regions to add

Provides secure access cloud DNS server

resource "luminate_site" "new-site" {
	name = "tfAccSite"
}
resource "luminate_dns_server" "new-dns" {
	site_id = "${luminate_site.new-site.id}"
	name = "testDNS"
	internal_address = "udp://10.0.0.1:53"
	dns_settings {
		domain_suffixes = ["company.com"]
	}
}

The following arguments are supported:

• name - (Required) name of the connector

• site_id - (Required) site id to attach the connector

• internal_address - (Required) Internal address of the application, accessible by connector

• dns_settings [domain_suffixes] - (Required) The domain suffix

Use this resource to get an existing identity provider

­­­

data "luminate_identity_provider" "my-identity-provider" {
  identity_provider_name = "local"
}

The following arguments are supported:

• identity_provider_name - (Required) name of the identity provider

In addition to arguments above, the following attributes are exported:

• identity_provider_id - id of the identity provider

Use this resource to get one or more existing users

­­­

data "luminate_user" "my-users" {
  identity_provider_id = "identity_provider_id"
  users = ["user1@example.com", "user2@example.com"]
}

The following arguments are supported:

• identity_provider_id - (Required) id of the identity provider

• users - (Required) List of usernames to retrieve

In addition to arguments above, the following attributes are exported:

• user_ids - list of retrieved users ids

Use this resource to get one or more existing groups

­­­

data "luminate_group" "my-groups" {
  identity_provider_id = "identity_provider_id"
  groups = ["group1", "group2"]
}

The following arguments are supported:

• identity_provider_id - (Required) id of the identity provider

• groups - (Required) List of group names to retrieve

In addition to arguments above, the following attributes are exported:

• group_ids - list of retrieved groups ids

Use this resource to retrieve an existing AWS integration

­­­

data "luminate_aws_integration" "my-integration" {
  integration_name = "integration_name"
}

The following arguments are supported:

• integration_name - (Required) name of an existing AWS integration

In addition to arguments above, the following attributes are exported:

• integration_id - id of retrieved AWS integration

Use this resource to retrieve an existing ssh-client

data "luminate_ssh_client" "my-ssh-client" {
  name = "test"
}

• name (String) ssh-client to retrieve

In addition to arguments above, the following attributes are exported:

• id (String)
• description (String)
• key_size (Number)
• expires (String)
• last_accessed (String)
• created_on (String)
• modified_on (String)