From 30da153c08c742586c12a2e1b0f3b50febd13565 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Fri, 12 Jan 2024 23:14:45 +0400 Subject: [PATCH 1/9] Example update --- .../infisical_secrets/data-source.tf | 16 ++++++---- examples/provider/provider.tf | 6 ++-- .../resources/infisical_secret/resource.tf | 32 +++++++++++-------- 3 files changed, 32 insertions(+), 22 deletions(-) diff --git a/examples/data-sources/infisical_secrets/data-source.tf b/examples/data-sources/infisical_secrets/data-source.tf index 1215c92..93114a9 100644 --- a/examples/data-sources/infisical_secrets/data-source.tf +++ b/examples/data-sources/infisical_secrets/data-source.tf @@ -2,24 +2,28 @@ terraform { required_providers { infisical = { # version = - source = "infisical/infisical" + source = "hashicorp.com/edu/infisical" + } } } provider "infisical" { host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com - service_token = "<>" + client_id = "<>" + client_secret = "<>" } data "infisical_secrets" "common-secrets" { - env_slug = "dev" - folder_path = "/some-folder/another-folder" + env_slug = "dev" + workspace_id = "PROJECT_ID" + folder_path = "/some-folder/another-folder" } data "infisical_secrets" "backend-secrets" { - env_slug = "prod" - folder_path = "/" + env_slug = "prod" + workspace_id = "PROJECT_ID" + folder_path = "/" } output "all-project-secrets" { diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf index 48a23e2..4000154 100644 --- a/examples/provider/provider.tf +++ b/examples/provider/provider.tf @@ -2,12 +2,14 @@ terraform { required_providers { infisical = { # version = - source = "infisical/infisical" + source = "hashicorp.com/edu/infisical" + } } } provider "infisical" { host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com - service_token = "<>" + client_id = "<>" + client_secret = "<>" } diff --git a/examples/resources/infisical_secret/resource.tf b/examples/resources/infisical_secret/resource.tf index 7856dab..144ee73 100644 --- a/examples/resources/infisical_secret/resource.tf +++ b/examples/resources/infisical_secret/resource.tf @@ -2,33 +2,37 @@ terraform { required_providers { infisical = { # version = - source = "infisical/infisical" + source = "hashicorp.com/edu/infisical" } } } provider "infisical" { host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com - service_token = "<>" + client_id = "<>" + client_secret = "<>" } resource "infisical_secret" "mongo_secret" { - name = "MONGO_DB" - value = "" - env_slug = "dev" - folder_path = "/" + name = "MONGO_DB" + value = "" + env_slug = "dev" + workspace_id = "PROJECT_ID" + folder_path = "/" } resource "infisical_secret" "smtp_secret" { - name = "SMTP" - value = "" - env_slug = "dev" - folder_path = "/mail-service" + name = "SMTP" + value = "" + env_slug = "dev" + workspace_id = "PROJECT_ID" + folder_path = "/mail-service" } resource "infisical_secret" "github_action_secret" { - name = "GITHUB_ACTION" - value = "" - env_slug = "dev" - folder_path = "/" + name = "GITHUB_ACTION" + value = "" + env_slug = "dev" + workspace_id = "PROJECT_ID" + folder_path = "/" } From 4d9886d0cb369f1213eece731bcdaf14cb7cf799 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Tue, 23 Jan 2024 05:07:37 +0400 Subject: [PATCH 2/9] Docs --- docs/data-sources/secrets.md | 20 ++++++++++++++------ docs/index.md | 8 ++++++-- docs/resources/secret.md | 34 +++++++++++++++++++--------------- 3 files changed, 39 insertions(+), 23 deletions(-) diff --git a/docs/data-sources/secrets.md b/docs/data-sources/secrets.md index 1db1c9d..e80cb46 100644 --- a/docs/data-sources/secrets.md +++ b/docs/data-sources/secrets.md @@ -17,24 +17,28 @@ terraform { required_providers { infisical = { # version = - source = "infisical/infisical" + source = "hashicorp.com/edu/infisical" + } } } provider "infisical" { host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com - service_token = "<>" + client_id = "<>" + client_secret = "<>" } data "infisical_secrets" "common-secrets" { - env_slug = "dev" - folder_path = "/some-folder/another-folder" + env_slug = "dev" + workspace_id = "PROJECT_ID" + folder_path = "/some-folder/another-folder" } data "infisical_secrets" "backend-secrets" { - env_slug = "prod" - folder_path = "/" + env_slug = "prod" + workspace_id = "PROJECT_ID" + folder_path = "/" } output "all-project-secrets" { @@ -54,6 +58,10 @@ output "single-secret" { - `env_slug` (String) The environment from where secrets should be fetched from - `folder_path` (String) The path to the folder from where secrets should be fetched from +### Optional + +- `workspace_id` (String) The Infisical project ID (Required for Machine Identity auth) + ### Read-Only - `secrets` (Attributes Map) (see [below for nested schema](#nestedatt--secrets)) diff --git a/docs/index.md b/docs/index.md index 02ebbbe..90605b8 100644 --- a/docs/index.md +++ b/docs/index.md @@ -17,14 +17,16 @@ terraform { required_providers { infisical = { # version = - source = "infisical/infisical" + source = "hashicorp.com/edu/infisical" + } } } provider "infisical" { host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com - service_token = "<>" + client_id = "<>" + client_secret = "<>" } ``` @@ -33,5 +35,7 @@ provider "infisical" { ### Optional +- `client_id` (String, Sensitive) Machine identity client ID. Used to fetch/modify secrets for a given project +- `client_secret` (String, Sensitive) Machine identity client secret. Used to fetch/modify secrets for a given project - `host` (String) Used to point the client to fetch secrets from your self hosted instance of Infisical. If not host is provided, https://app.infisical.com is the default host. - `service_token` (String, Sensitive) Used to fetch/modify secrets for a given project diff --git a/docs/resources/secret.md b/docs/resources/secret.md index 2a6ace4..41967ee 100644 --- a/docs/resources/secret.md +++ b/docs/resources/secret.md @@ -17,35 +17,39 @@ terraform { required_providers { infisical = { # version = - source = "infisical/infisical" + source = "hashicorp.com/edu/infisical" } } } provider "infisical" { host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com - service_token = "<>" + client_id = "<>" + client_secret = "<>" } resource "infisical_secret" "mongo_secret" { - name = "MONGO_DB" - value = "" - env_slug = "dev" - folder_path = "/" + name = "MONGO_DB" + value = "" + env_slug = "dev" + workspace_id = "PROJECT_ID" + folder_path = "/" } resource "infisical_secret" "smtp_secret" { - name = "SMTP" - value = "" - env_slug = "dev" - folder_path = "/mail-service" + name = "SMTP" + value = "" + env_slug = "dev" + workspace_id = "PROJECT_ID" + folder_path = "/mail-service" } resource "infisical_secret" "github_action_secret" { - name = "GITHUB_ACTION" - value = "" - env_slug = "dev" - folder_path = "/" + name = "GITHUB_ACTION" + value = "" + env_slug = "dev" + workspace_id = "PROJECT_ID" + folder_path = "/" } ``` @@ -61,7 +65,7 @@ resource "infisical_secret" "github_action_secret" { ### Optional -- `workspace_id` (String) The Infisical project ID +- `workspace_id` (String) The Infisical project ID (Required for Machine Identity auth) ### Read-Only From 91fe52c056cab04b090e7c1529efee74b9d2d5ee Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Tue, 23 Jan 2024 05:08:40 +0400 Subject: [PATCH 3/9] Update README.md --- README.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index fe575ea..5086146 100644 --- a/README.md +++ b/README.md @@ -7,24 +7,28 @@ terraform { required_providers { infisical = { # version = - source = "infisical/infisical" + source = "hashicorp.com/edu/infisical" + } } } provider "infisical" { host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com - service_token = "<>" # Get token https://infisical.com/docs/documentation/platform/token + client_id = "<>" + client_secret = "<>" } data "infisical_secrets" "common-secrets" { - env_slug = "dev" - folder_path = "/some-folder/another-folder" + env_slug = "dev" + workspace_id = "PROJECT_ID" + folder_path = "/some-folder/another-folder" } data "infisical_secrets" "backend-secrets" { - env_slug = "prod" - folder_path = "/" + env_slug = "prod" + workspace_id = "PROJECT_ID" + folder_path = "/" } output "all-project-secrets" { @@ -34,7 +38,6 @@ output "all-project-secrets" { output "single-secret" { value = data.infisical_secrets.backend-secrets.secrets["SECRET-NAME"] } - ``` # Development From 0c05d5cb6db1f0116b2fa2d0d62118a3a505f86f Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Tue, 23 Jan 2024 05:08:54 +0400 Subject: [PATCH 4/9] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 5086146..e500d2f 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,6 @@ terraform { infisical = { # version = source = "hashicorp.com/edu/infisical" - } } } From 2a781a40942dfbe24c79dc5ce89c1675c1d73698 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Tue, 23 Jan 2024 05:10:41 +0400 Subject: [PATCH 5/9] Docs --- docs/index.md | 2 +- infisical/provider/provider.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/index.md b/docs/index.md index 90605b8..f8bcc2f 100644 --- a/docs/index.md +++ b/docs/index.md @@ -38,4 +38,4 @@ provider "infisical" { - `client_id` (String, Sensitive) Machine identity client ID. Used to fetch/modify secrets for a given project - `client_secret` (String, Sensitive) Machine identity client secret. Used to fetch/modify secrets for a given project - `host` (String) Used to point the client to fetch secrets from your self hosted instance of Infisical. If not host is provided, https://app.infisical.com is the default host. -- `service_token` (String, Sensitive) Used to fetch/modify secrets for a given project +- `service_token` (String, Sensitive) (DEPRECATED, USE MACHINE IDENTITY), Used to fetch/modify secrets for a given project diff --git a/infisical/provider/provider.go b/infisical/provider/provider.go index 73243a6..37e3258 100644 --- a/infisical/provider/provider.go +++ b/infisical/provider/provider.go @@ -62,7 +62,7 @@ func (p *infisicalProvider) Schema(ctx context.Context, _ provider.SchemaRequest "service_token": schema.StringAttribute{ Optional: true, Sensitive: true, - Description: "Used to fetch/modify secrets for a given project", + Description: " (DEPRECATED, USE MACHINE IDENTITY), Used to fetch/modify secrets for a given project", }, "client_id": schema.StringAttribute{ From 955e54f9f844953c60b6c295b928441fc6172c72 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Tue, 23 Jan 2024 05:23:15 +0400 Subject: [PATCH 6/9] Requested changes --- docs/data-sources/secrets.md | 2 +- docs/resources/secret.md | 2 +- infisical/provider/secret_resource.go | 2 +- infisical/provider/secrets_data_source.go | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/data-sources/secrets.md b/docs/data-sources/secrets.md index e80cb46..bab374d 100644 --- a/docs/data-sources/secrets.md +++ b/docs/data-sources/secrets.md @@ -60,7 +60,7 @@ output "single-secret" { ### Optional -- `workspace_id` (String) The Infisical project ID (Required for Machine Identity auth) +- `workspace_id` (String) The Infisical project ID (Required for Machine Identity auth, and service tokens with multiple scopes) ### Read-Only diff --git a/docs/resources/secret.md b/docs/resources/secret.md index 41967ee..f7346d2 100644 --- a/docs/resources/secret.md +++ b/docs/resources/secret.md @@ -65,7 +65,7 @@ resource "infisical_secret" "github_action_secret" { ### Optional -- `workspace_id` (String) The Infisical project ID (Required for Machine Identity auth) +- `workspace_id` (String) The Infisical project ID (Required for Machine Identity auth, and service tokens with multiple scopes) ### Read-Only diff --git a/infisical/provider/secret_resource.go b/infisical/provider/secret_resource.go index 11b8bb8..2bf1081 100644 --- a/infisical/provider/secret_resource.go +++ b/infisical/provider/secret_resource.go @@ -68,7 +68,7 @@ func (r *secretResource) Schema(_ context.Context, _ resource.SchemaRequest, res Computed: false, }, "workspace_id": schema.StringAttribute{ - Description: "The Infisical project ID (Required for Machine Identity auth)", + Description: "The Infisical project ID (Required for Machine Identity auth, and service tokens with multiple scopes)", Optional: true, Computed: true, }, diff --git a/infisical/provider/secrets_data_source.go b/infisical/provider/secrets_data_source.go index 513dcbb..9efaebf 100644 --- a/infisical/provider/secrets_data_source.go +++ b/infisical/provider/secrets_data_source.go @@ -61,7 +61,7 @@ func (d *SecretsDataSource) Schema(ctx context.Context, req datasource.SchemaReq }, "workspace_id": schema.StringAttribute{ - Description: "The Infisical project ID (Required for Machine Identity auth)", + Description: "The Infisical project ID (Required for Machine Identity auth, and service tokens with multiple scopes)", Optional: true, Computed: true, }, From d10d9d4e08dcbcc09ec60738d5f2d6532e5ec7d7 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Tue, 23 Jan 2024 05:32:42 +0400 Subject: [PATCH 7/9] Provider import --- README.md | 2 +- examples/data-sources/infisical_secrets/data-source.tf | 2 +- examples/provider/provider.tf | 2 +- examples/resources/infisical_secret/resource.tf | 2 +- provider-install-verification/main.tf | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e500d2f..e0f53c1 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ terraform { required_providers { infisical = { # version = - source = "hashicorp.com/edu/infisical" + source = "infisical/infisical" } } } diff --git a/examples/data-sources/infisical_secrets/data-source.tf b/examples/data-sources/infisical_secrets/data-source.tf index 93114a9..c6b7a74 100644 --- a/examples/data-sources/infisical_secrets/data-source.tf +++ b/examples/data-sources/infisical_secrets/data-source.tf @@ -2,7 +2,7 @@ terraform { required_providers { infisical = { # version = - source = "hashicorp.com/edu/infisical" + source = "infisical/infisical" } } diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf index 4000154..acd06a1 100644 --- a/examples/provider/provider.tf +++ b/examples/provider/provider.tf @@ -2,7 +2,7 @@ terraform { required_providers { infisical = { # version = - source = "hashicorp.com/edu/infisical" + source = "infisical/infisical" } } diff --git a/examples/resources/infisical_secret/resource.tf b/examples/resources/infisical_secret/resource.tf index 144ee73..40f804f 100644 --- a/examples/resources/infisical_secret/resource.tf +++ b/examples/resources/infisical_secret/resource.tf @@ -2,7 +2,7 @@ terraform { required_providers { infisical = { # version = - source = "hashicorp.com/edu/infisical" + source = "infisical/infisical" } } } diff --git a/provider-install-verification/main.tf b/provider-install-verification/main.tf index 6cf011a..499e367 100644 --- a/provider-install-verification/main.tf +++ b/provider-install-verification/main.tf @@ -1,7 +1,7 @@ terraform { required_providers { infisical = { - source = "hashicorp.com/edu/infisical" + source = "infisical/infisical" } } } From 96dbd54ff2e5baecc5590e3772b6c2a34ea3eee8 Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Tue, 23 Jan 2024 05:33:04 +0400 Subject: [PATCH 8/9] Provider import docs --- docs/data-sources/secrets.md | 2 +- docs/index.md | 2 +- docs/resources/secret.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/data-sources/secrets.md b/docs/data-sources/secrets.md index bab374d..64e5534 100644 --- a/docs/data-sources/secrets.md +++ b/docs/data-sources/secrets.md @@ -17,7 +17,7 @@ terraform { required_providers { infisical = { # version = - source = "hashicorp.com/edu/infisical" + source = "infisical/infisical" } } diff --git a/docs/index.md b/docs/index.md index f8bcc2f..27dd9ac 100644 --- a/docs/index.md +++ b/docs/index.md @@ -17,7 +17,7 @@ terraform { required_providers { infisical = { # version = - source = "hashicorp.com/edu/infisical" + source = "infisical/infisical" } } diff --git a/docs/resources/secret.md b/docs/resources/secret.md index f7346d2..378ba5e 100644 --- a/docs/resources/secret.md +++ b/docs/resources/secret.md @@ -17,7 +17,7 @@ terraform { required_providers { infisical = { # version = - source = "hashicorp.com/edu/infisical" + source = "infisical/infisical" } } } From 2ccaeac880c3cecc8f80cd3ced2dc1914b750c5e Mon Sep 17 00:00:00 2001 From: Daniel Hougaard <62331820+DanielHougaard@users.noreply.github.com> Date: Tue, 23 Jan 2024 05:34:41 +0400 Subject: [PATCH 9/9] Empty spaces --- examples/data-sources/infisical_secrets/data-source.tf | 1 - examples/provider/provider.tf | 1 - 2 files changed, 2 deletions(-) diff --git a/examples/data-sources/infisical_secrets/data-source.tf b/examples/data-sources/infisical_secrets/data-source.tf index c6b7a74..32a9226 100644 --- a/examples/data-sources/infisical_secrets/data-source.tf +++ b/examples/data-sources/infisical_secrets/data-source.tf @@ -3,7 +3,6 @@ terraform { infisical = { # version = source = "infisical/infisical" - } } } diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf index acd06a1..95616cd 100644 --- a/examples/provider/provider.tf +++ b/examples/provider/provider.tf @@ -3,7 +3,6 @@ terraform { infisical = { # version = source = "infisical/infisical" - } } }