diff --git a/docs/pages/setup/reference/terraform-provider.mdx b/docs/pages/setup/reference/terraform-provider.mdx index aa4ec2adc3cbe..3e20c3ab6d10c 100644 --- a/docs/pages/setup/reference/terraform-provider.mdx +++ b/docs/pages/setup/reference/terraform-provider.mdx @@ -23,7 +23,7 @@ terraform { required_providers { teleport = { version = ">= (=teleport.version=)" - source = "gravitational.com/teleport/teleport" + source = "terraform.releases.teleport.dev/gravitational/teleport" } } } @@ -31,22 +31,34 @@ terraform { The provider supports the following options: -| Name | Type | Description | Environment Variable | -|-------------------------|------------|-------------------------------------------------------|----------------------------------| -| `addr`| string | Teleport auth or proxy address in "host:port" format. | `TF_TELEPORT_ADDR` | -| `cert_path`| string | Path to Teleport certificate file. | `TF_TELEPORT_CERT` | -| `identity_file_path`| string | Path to Teleport identity file. | `TF_TELEPORT_IDENTITY_FILE_PATH` | -| `key_path`| string | Path to Teleport key file. | `TF_TELEPORT_KEY` | -| `profile_dir`| string | Teleport profile path. | `TF_TELEPORT_PROFILE_PATH` | -| `profile_name`| string | Teleport profile name. | `TF_TELEPORT_PROFILE_NAME` | -| `root_ca_path`| string | Path to Teleport CA file. | `TF_TELEPORT_ROOT_CA` | - -You need to specify either: +| Name | Type | Description | Environment Variable | +|-----------------------|--------|---------------------------------------------------------------------------------|-----------------------------------| +| `addr` | string | Teleport auth or proxy address in "host:port" format. | `TF_TELEPORT_ADDR` | +| `cert_path` | string | Path to Teleport certificate file. | `TF_TELEPORT_CERT` | +| `cert_base64` | string | Teleport certificate as base64. | `TF_TELEPORT_CERT_BASE64` | +| `identity_file_path` | string | Path to Teleport identity file. | `TF_TELEPORT_IDENTITY_FILE_PATH` | +| `key_path` | string | Path to Teleport key file. | `TF_TELEPORT_KEY` | +| `key_base64` | string | Teleport key as base64. | `TF_TELEPORT_KEY_BASE64` | +| `profile_dir` | string | Teleport profile path. | `TF_TELEPORT_PROFILE_PATH` | +| `profile_name` | string | Teleport profile name. | `TF_TELEPORT_PROFILE_NAME` | +| `root_ca_path` | string | Path to Teleport CA file. | `TF_TELEPORT_ROOT_CA` | +| `root_ca_base64` | string | Teleport CA as base64. | `TF_TELEPORT_ROOT_CA_BASE64` | +| `retry_base_duration` | string | Base durantion between retries. [Format](https://pkg.go.dev/time#ParseDuration) | `TF_TELEPORT_RETRY_BASE_DURATION` | +| `retry_cap_duration` | string | Max duration between retries. [Format](https://pkg.go.dev/time#ParseDuration) | `TF_TELEPORT_RETRY_CAP_DURATION` | +| `retry_max_tries` | string | Max number of retries. | `TF_TELEPORT_RETRY_MAX_TRIES` | + + +You need to specify at least one of: - `cert_path`, `key_path`,`root_ca_path` and `addr` to connect using key files. +- `cert_base64`, `key_base64`,`root_ca_base64` and `addr` to connect using a base64-encoded key. - `identity_file_path` and `addr` to connect using identity file. - `profile_name` and `profile_dir` (both can be empty) and Teleport will try to connect using current profile from `~/.tsh` +The `retry_*` values are used to retry the API calls to Teleport when the cache is stale. + +If more than one are provided, they will be tried in the order above until one succeeds. + Example: ``` @@ -79,7 +91,7 @@ Example: ``` resource "teleport_user" "example" { - metadata { + metadata = { name = "example" description = "Example Teleport User" expires = "2022-10-12T07:20:50.3Z" @@ -114,38 +126,46 @@ Example: ``` resource "teleport_user" "example" { - spec { + metadata = { + name = "example" + } + spec = { roles = ["example"] - oidc_identities { - connector_id = "oidc1.example.com" - username = "example" - } - - oidc_identities { - connector_id = "oidc2.example.com" - username = "example" - } - - traits { - key = "trait1" + oidc_identities = [ + { + connector_id = "oidc1.example.com" + username = "example" + }, + { + connector_id = "oidc2.example.com" + username = "example" + } + ] + + traits = { + key = ["trait1"] value = ["example", "test"] } - traits { - key = "trait2" + traits = { + key = ["trait2"] value = ["foo", "bar"] } - github_identities { - connector_id = "github.com" - username = "example" - } - - saml_identities { - connector_id = "saml.example.com" - username = "example" - } + github_identities = [ + { + connector_id = "github.com" + username = "example" + } + ] + + saml_identities = [ + { + connector_id = "saml.example.com" + username = "example" + } + ] } } ``` @@ -307,7 +327,7 @@ Spec contains parameters of a resource. | `client_secret` | string | GitHub OAuth app client secret | | `display` | string | Connector display name | | `redirect_url` | string | Authorization callback URL | -| `teams_to_logins` | set | Maps GitHub team memberships onto allowed logins/roles. +| `teams_to_logins` | set | Maps GitHub team memberships onto allowed logins/roles. | | `teams_to_logins.kubernetes_groups` | string list | List of allowed kubernetes groups for this org/team | | `teams_to_logins.kubernetes_users` | string list | List of allowed kubernetes users to impersonate for this org/team | | `teams_to_logins.logins` | string list | List of allowed logins for this org/team | @@ -459,4 +479,4 @@ Spec contains parameters of a resource. | `u2f.device_attestation_cas` | string list | Trusted attestation CAs for U2F devices | | `require_session_mfa` | bool | Causes all sessions in this cluster to require MFA checks | | `disconnect_expired_cert` | bool | If true, connections with expired client certificates will get disconnected | -| `allow_local_auth` | bool | If true, local authentication is enabled | +| `allow_local_auth` | bool | If true, local authentication is enabled | \ No newline at end of file