From fdd20751d11fb65917f4358ac8f66e420812bf7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Andr=C3=A9=20Dinis?= Date: Wed, 8 Jun 2022 17:44:24 +0100 Subject: [PATCH] Update Terraform reference (retries and provider source) (#13292) This PR updates the Terraform provider's source to match our registry It also update some syntax changes when Terraform version reached 0.12 There are some fields missing, mostly new ones As a follow up for this one, I created the following issue: https://github.com/gravitational/teleport-plugins/issues/576 Fixes #13256 --- .../setup/reference/terraform-provider.mdx | 98 +++++++++++-------- 1 file changed, 59 insertions(+), 39 deletions(-) diff --git a/docs/pages/setup/reference/terraform-provider.mdx b/docs/pages/setup/reference/terraform-provider.mdx index aa4ec2adc3cbe..3e20c3ab6d10c 100644 --- a/docs/pages/setup/reference/terraform-provider.mdx +++ b/docs/pages/setup/reference/terraform-provider.mdx @@ -23,7 +23,7 @@ terraform { required_providers { teleport = { version = ">= (=teleport.version=)" - source = "gravitational.com/teleport/teleport" + source = "terraform.releases.teleport.dev/gravitational/teleport" } } } @@ -31,22 +31,34 @@ terraform { The provider supports the following options: -| Name | Type | Description | Environment Variable | -|-------------------------|------------|-------------------------------------------------------|----------------------------------| -| `addr`| string | Teleport auth or proxy address in "host:port" format. | `TF_TELEPORT_ADDR` | -| `cert_path`| string | Path to Teleport certificate file. | `TF_TELEPORT_CERT` | -| `identity_file_path`| string | Path to Teleport identity file. | `TF_TELEPORT_IDENTITY_FILE_PATH` | -| `key_path`| string | Path to Teleport key file. | `TF_TELEPORT_KEY` | -| `profile_dir`| string | Teleport profile path. | `TF_TELEPORT_PROFILE_PATH` | -| `profile_name`| string | Teleport profile name. | `TF_TELEPORT_PROFILE_NAME` | -| `root_ca_path`| string | Path to Teleport CA file. | `TF_TELEPORT_ROOT_CA` | - -You need to specify either: +| Name | Type | Description | Environment Variable | +|-----------------------|--------|---------------------------------------------------------------------------------|-----------------------------------| +| `addr` | string | Teleport auth or proxy address in "host:port" format. | `TF_TELEPORT_ADDR` | +| `cert_path` | string | Path to Teleport certificate file. | `TF_TELEPORT_CERT` | +| `cert_base64` | string | Teleport certificate as base64. | `TF_TELEPORT_CERT_BASE64` | +| `identity_file_path` | string | Path to Teleport identity file. | `TF_TELEPORT_IDENTITY_FILE_PATH` | +| `key_path` | string | Path to Teleport key file. | `TF_TELEPORT_KEY` | +| `key_base64` | string | Teleport key as base64. | `TF_TELEPORT_KEY_BASE64` | +| `profile_dir` | string | Teleport profile path. | `TF_TELEPORT_PROFILE_PATH` | +| `profile_name` | string | Teleport profile name. | `TF_TELEPORT_PROFILE_NAME` | +| `root_ca_path` | string | Path to Teleport CA file. | `TF_TELEPORT_ROOT_CA` | +| `root_ca_base64` | string | Teleport CA as base64. | `TF_TELEPORT_ROOT_CA_BASE64` | +| `retry_base_duration` | string | Base durantion between retries. [Format](https://pkg.go.dev/time#ParseDuration) | `TF_TELEPORT_RETRY_BASE_DURATION` | +| `retry_cap_duration` | string | Max duration between retries. [Format](https://pkg.go.dev/time#ParseDuration) | `TF_TELEPORT_RETRY_CAP_DURATION` | +| `retry_max_tries` | string | Max number of retries. | `TF_TELEPORT_RETRY_MAX_TRIES` | + + +You need to specify at least one of: - `cert_path`, `key_path`,`root_ca_path` and `addr` to connect using key files. +- `cert_base64`, `key_base64`,`root_ca_base64` and `addr` to connect using a base64-encoded key. - `identity_file_path` and `addr` to connect using identity file. - `profile_name` and `profile_dir` (both can be empty) and Teleport will try to connect using current profile from `~/.tsh` +The `retry_*` values are used to retry the API calls to Teleport when the cache is stale. + +If more than one are provided, they will be tried in the order above until one succeeds. + Example: ``` @@ -79,7 +91,7 @@ Example: ``` resource "teleport_user" "example" { - metadata { + metadata = { name = "example" description = "Example Teleport User" expires = "2022-10-12T07:20:50.3Z" @@ -114,38 +126,46 @@ Example: ``` resource "teleport_user" "example" { - spec { + metadata = { + name = "example" + } + spec = { roles = ["example"] - oidc_identities { - connector_id = "oidc1.example.com" - username = "example" - } - - oidc_identities { - connector_id = "oidc2.example.com" - username = "example" - } - - traits { - key = "trait1" + oidc_identities = [ + { + connector_id = "oidc1.example.com" + username = "example" + }, + { + connector_id = "oidc2.example.com" + username = "example" + } + ] + + traits = { + key = ["trait1"] value = ["example", "test"] } - traits { - key = "trait2" + traits = { + key = ["trait2"] value = ["foo", "bar"] } - github_identities { - connector_id = "github.com" - username = "example" - } - - saml_identities { - connector_id = "saml.example.com" - username = "example" - } + github_identities = [ + { + connector_id = "github.com" + username = "example" + } + ] + + saml_identities = [ + { + connector_id = "saml.example.com" + username = "example" + } + ] } } ``` @@ -307,7 +327,7 @@ Spec contains parameters of a resource. | `client_secret` | string | GitHub OAuth app client secret | | `display` | string | Connector display name | | `redirect_url` | string | Authorization callback URL | -| `teams_to_logins` | set | Maps GitHub team memberships onto allowed logins/roles. +| `teams_to_logins` | set | Maps GitHub team memberships onto allowed logins/roles. | | `teams_to_logins.kubernetes_groups` | string list | List of allowed kubernetes groups for this org/team | | `teams_to_logins.kubernetes_users` | string list | List of allowed kubernetes users to impersonate for this org/team | | `teams_to_logins.logins` | string list | List of allowed logins for this org/team | @@ -459,4 +479,4 @@ Spec contains parameters of a resource. | `u2f.device_attestation_cas` | string list | Trusted attestation CAs for U2F devices | | `require_session_mfa` | bool | Causes all sessions in this cluster to require MFA checks | | `disconnect_expired_cert` | bool | If true, connections with expired client certificates will get disconnected | -| `allow_local_auth` | bool | If true, local authentication is enabled | +| `allow_local_auth` | bool | If true, local authentication is enabled | \ No newline at end of file