Terraform with OneFuse: Active Directory

Terraform

In this article, we are going to walk through using OneFuse to create a machine record within an Active Directory OU within a Terraform configuration.  To do this we will create a new Terraform configuration that uses the OneFuse provider data source and resource for the Active Directory policy we created as part of “Creating a OneFuse Active Directory Policy”.

By the end of this article, we will have created a Terraform configuration that calls OneFuse and creates a machine record within the appropriate OU.  The Active Directory module also supports the use of build OU’s as well as placing computer objects into Active Directory Security Groups.  While this will be a simple example, we will build upon this in later articles to showcase the advanced capabilities offered by OneFuse as a platform.

Terraform with OneFuse: Active Directory

Before we begin, there are prerequisites you will want to have ready.

Prerequisites

Creating the Terraform Configuration

To begin, we will need to initialize the OneFuse Terraform provider.  To do this we will need the following statement:

Provider Declaration

terraform {
  required_providers {
    onefuse = {
      source  = "CloudBoltSoftware/onefuse"
      version = ">= 1.20.0"
   }
  }
  required_version = ">= 0.13"
}
provider "onefuse" {
  scheme     = "https"
  address    = "onefuse_fqdn"
  port       = "443"
  user       = "admin"
  password   = "admin"
  verify_ssl = "false"
}

The OneFuse Terraform provider is available in the Terraform Registry.  By pointing to the source “CloudBoltSoftware/onefuse”,  Terraform will automatically download the OneFuse provider based on the required_version specified.  In the example above, that will be v1.20.0 or higher.

Data Source

Next, we need to leverage the OneFuse provider Data Source to lookup the AD policy we would like to use.  This will allow us to determine which policy we will be using by its name.

// OneFuse Data Source for AD Policy to lookup policy ID
data "onefuse_ad_policy" "policy" {
  name = "default"
}

In the above example, I am using the “data” source type “onefuse_ad_policy” to lookup the policy by the name “default” and store it as “policy”  We will then be able to refer to the results as data.onefuse_ad_policy.policy.

Resource

Next, we need to create a resource that will trigger Terraform to contact OneFuse to create the computer object within Active Directory.  To do this we will need the following declaration:

// OneFuse Resource for AD Computer Account
resource "onefuse_microsoft_ad_computer_account" "computer" {
    name = var.hostname
    policy_id = data.onefuse_ad_policy.policy.id
    template_properties = {
      "ouEnvironment"       = "production"
      "ouApplication"       = "pwordpress"
      "ouLocation"          = "Atlanta"
    }
}

Here, we are creating a resource that uses “onefuse_ad” with the name “computer”.  We need to tell the resource the id for the policy we want to use.  To do this, we simply reference the data source we looked up to get the id we reference “data.onefuse_ad_policy.policy.id”  We also need to tell it the computer name and pass in the values that are needed for the variables in the OU path.

In the article “Creating a OneFuse Active Directory Policy”, we created an Active Directory policy that contains all the OU placement logic.  The final OU path we crated is:

OU={{ouApplication}},OU={{ouLocation}},OU={{ouEnvironment}},OU=final,DC=2k19ad,DC=example,DC=com.

Output

// Output Result for AD OU Placement
output "ad_ou" {
  value = onefuse_microsoft_ad_computer_account.computer.final_ou
}

Putting it all together

terraform {
  required_providers {
    onefuse = {
      source  = "CloudBoltSoftware/onefuse"
      version = ">= 1.20.0"
   }
  }
  required_version = ">= 0.13"
}
 
// Inititalize OneFuse Provider
provider "onefuse" {
 
  scheme     = "https"
  address    = "onefuse12bp.example.com"
  port       = "443"
  user       = "admin"
  password   = "admin"
  verify_ssl = "false"
}
 
// OneFuse Data Source for AD Policy to lookup policy ID
data "onefuse_ad_policy" "policy" {
  name = var.policy
}
 
// OneFuse Resource for AD Computer Account
resource "onefuse_microsoft_ad_computer_account" "computer" {
    
    name = var.hostname
    policy_id = data.onefuse_ad_policy.policy.id
    template_properties = {
      "ouEnvironment"       = "production"
      "ouApplication"       = "wordpress"
      "ouLocation"          = "Atlanta"
    }
}
 
// Output Result for AD OU Placement
output "ad_ou" {
  value = onefuse_microsoft_ad_computer_account.computer.final_ou
}

Applying the configuration

  1. Init
    • terraform init
  2. Plan
    • terraform plan
  3. Apply
    • terraform apply
    • If you log in to the OneFuse UI, navigate to Modules > Active Directory and scroll down to Managed Active Directory Computers. You will see your newly created computer record in the list.
  4. Destroy
    • terraform destroy

Questions or comments? Visit our

Comments are closed.

Skip to toolbar