Skip to content

Commit

Permalink
[v9] Update Terraform reference (retries and provider source) (#13842)
Browse files Browse the repository at this point in the history 
Update Terraform reference (retries and provider source) (#13292)

This PR updates the Terraform provider's source to match our registry
It also update some syntax changes when Terraform version reached 0.12

There are some fields missing, mostly new ones
As a follow up for this one, I created the following issue:
gravitational/teleport-plugins#576

Fixes #13256
  • Loading branch information
@marcoandredinis
marcoandredinis authored Jun 24, 2022
1 parent 55592d5 commit 535f448
Showing 1 changed file with 59 additions and 39 deletions.
98 changes: 59 additions & 39 deletions docs/pages/setup/reference/terraform-provider.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,30 +23,42 @@ terraform {
required_providers {
teleport = {
version = ">= (=teleport.version=)"
source = "gravitational.com/teleport/teleport"
source = "terraform.releases.teleport.dev/gravitational/teleport"
}
}
}
```

The provider supports the following options:

| Name | Type | Description | Environment Variable |
|-------------------------|------------|-------------------------------------------------------|----------------------------------|
| `addr`| string | Teleport auth or proxy address in "host:port" format. | `TF_TELEPORT_ADDR` |
| `cert_path`| string | Path to Teleport certificate file. | `TF_TELEPORT_CERT` |
| `identity_file_path`| string | Path to Teleport identity file. | `TF_TELEPORT_IDENTITY_FILE_PATH` |
| `key_path`| string | Path to Teleport key file. | `TF_TELEPORT_KEY` |
| `profile_dir`| string | Teleport profile path. | `TF_TELEPORT_PROFILE_PATH` |
| `profile_name`| string | Teleport profile name. | `TF_TELEPORT_PROFILE_NAME` |
| `root_ca_path`| string | Path to Teleport CA file. | `TF_TELEPORT_ROOT_CA` |

You need to specify either:
| Name | Type | Description | Environment Variable |
|-----------------------|--------|---------------------------------------------------------------------------------|-----------------------------------|
| `addr` | string | Teleport auth or proxy address in "host:port" format. | `TF_TELEPORT_ADDR` |
| `cert_path` | string | Path to Teleport certificate file. | `TF_TELEPORT_CERT` |
| `cert_base64` | string | Teleport certificate as base64. | `TF_TELEPORT_CERT_BASE64` |
| `identity_file_path` | string | Path to Teleport identity file. | `TF_TELEPORT_IDENTITY_FILE_PATH` |
| `key_path` | string | Path to Teleport key file. | `TF_TELEPORT_KEY` |
| `key_base64` | string | Teleport key as base64. | `TF_TELEPORT_KEY_BASE64` |
| `profile_dir` | string | Teleport profile path. | `TF_TELEPORT_PROFILE_PATH` |
| `profile_name` | string | Teleport profile name. | `TF_TELEPORT_PROFILE_NAME` |
| `root_ca_path` | string | Path to Teleport CA file. | `TF_TELEPORT_ROOT_CA` |
| `root_ca_base64` | string | Teleport CA as base64. | `TF_TELEPORT_ROOT_CA_BASE64` |
| `retry_base_duration` | string | Base durantion between retries. [Format](https://pkg.go.dev/time#ParseDuration) | `TF_TELEPORT_RETRY_BASE_DURATION` |
| `retry_cap_duration` | string | Max duration between retries. [Format](https://pkg.go.dev/time#ParseDuration) | `TF_TELEPORT_RETRY_CAP_DURATION` |
| `retry_max_tries` | string | Max number of retries. | `TF_TELEPORT_RETRY_MAX_TRIES` |


You need to specify at least one of:

- `cert_path`, `key_path`,`root_ca_path` and `addr` to connect using key files.
- `cert_base64`, `key_base64`,`root_ca_base64` and `addr` to connect using a base64-encoded key.
- `identity_file_path` and `addr` to connect using identity file.
- `profile_name` and `profile_dir` (both can be empty) and Teleport will try to connect using current profile from `~/.tsh`

The `retry_*` values are used to retry the API calls to Teleport when the cache is stale.

If more than one are provided, they will be tried in the order above until one succeeds.

Example:

```
Expand Down Expand Up @@ -79,7 +91,7 @@ Example:

```
resource "teleport_user" "example" {
metadata {
metadata = {
name = "example"
description = "Example Teleport User"
expires = "2022-10-12T07:20:50.3Z"
Expand Down Expand Up @@ -114,38 +126,46 @@ Example:

```
resource "teleport_user" "example" {
spec {
metadata = {
name = "example"
}
spec = {
roles = ["example"]
oidc_identities {
connector_id = "oidc1.example.com"
username = "example"
}
oidc_identities {
connector_id = "oidc2.example.com"
username = "example"
}
traits {
key = "trait1"
oidc_identities = [
{
connector_id = "oidc1.example.com"
username = "example"
},
{
connector_id = "oidc2.example.com"
username = "example"
}
]
traits = {
key = ["trait1"]
value = ["example", "test"]
}
traits {
key = "trait2"
traits = {
key = ["trait2"]
value = ["foo", "bar"]
}
github_identities {
connector_id = "github.com"
username = "example"
}
saml_identities {
connector_id = "saml.example.com"
username = "example"
}
github_identities = [
{
connector_id = "github.com"
username = "example"
}
]
saml_identities = [
{
connector_id = "saml.example.com"
username = "example"
}
]
}
}
```
Expand Down Expand Up @@ -307,7 +327,7 @@ Spec contains parameters of a resource.
| `client_secret` | string | GitHub OAuth app client secret |
| `display` | string | Connector display name |
| `redirect_url` | string | Authorization callback URL |
| `teams_to_logins` | set | Maps GitHub team memberships onto allowed logins/roles.
| `teams_to_logins` | set | Maps GitHub team memberships onto allowed logins/roles. |
| `teams_to_logins.kubernetes_groups` | string list | List of allowed kubernetes groups for this org/team |
| `teams_to_logins.kubernetes_users` | string list | List of allowed kubernetes users to impersonate for this org/team |
| `teams_to_logins.logins` | string list | List of allowed logins for this org/team |
Expand Down Expand Up @@ -459,4 +479,4 @@ Spec contains parameters of a resource.
| `u2f.device_attestation_cas` | string list | Trusted attestation CAs for U2F devices |
| `require_session_mfa` | bool | Causes all sessions in this cluster to require MFA checks |
| `disconnect_expired_cert` | bool | If true, connections with expired client certificates will get disconnected |
| `allow_local_auth` | bool | If true, local authentication is enabled |
| `allow_local_auth` | bool | If true, local authentication is enabled |

0 comments on commit 535f448

Please sign in to comment.