Fix generation of docs

api/client/client.go

@@ -5091,6 +5091,46 @@ func (c *Client) UpsertUserLastSeenNotification(ctx context.Context, req *notifi
 	return rsp, trace.Wrap(err)
 }
 
+func (c *Client) GetWorkloadIdentity(ctx context.Context, name string) (*workloadidentityv1pb.WorkloadIdentity, error) {
+	resp, err := c.WorkloadIdentityResourceServiceClient().GetWorkloadIdentity(ctx, &workloadidentityv1pb.GetWorkloadIdentityRequest{
+		Name: name,
+	})
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return resp, nil
+}
+
+func (c *Client) DeleteWorkloadIdentity(ctx context.Context, name string) error {
+	_, err := c.WorkloadIdentityResourceServiceClient().DeleteWorkloadIdentity(ctx, &workloadidentityv1pb.DeleteWorkloadIdentityRequest{
+		Name: name,
+	})
+	if err != nil {
+		return trace.Wrap(err)
+	}
+	return nil
+}
+
+func (c *Client) CreateWorkloadIdentity(ctx context.Context, r *workloadidentityv1pb.WorkloadIdentity) (*workloadidentityv1pb.WorkloadIdentity, error) {
+	resp, err := c.WorkloadIdentityResourceServiceClient().CreateWorkloadIdentity(ctx, &workloadidentityv1pb.CreateWorkloadIdentityRequest{
+		WorkloadIdentity: r,
+	})
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return resp, nil
+}
+
+func (c *Client) UpsertWorkloadIdentity(ctx context.Context, r *workloadidentityv1pb.WorkloadIdentity) (*workloadidentityv1pb.WorkloadIdentity, error) {
+	resp, err := c.WorkloadIdentityResourceServiceClient().UpsertWorkloadIdentity(ctx, &workloadidentityv1pb.UpsertWorkloadIdentityRequest{
+		WorkloadIdentity: r,
+	})
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return resp, nil
+}
+
 // ResourceUsageClient returns an unadorned Resource Usage service client,
 // using the underlying Auth gRPC connection.
 // Clients connecting to non-Enterprise clusters, or older Teleport versions,

docs/pages/reference/terraform-provider/data-sources/data-sources.mdx

@@ -34,3 +34,4 @@ The Teleport Terraform provider supports the following data-sources:
   - [`teleport_trusted_cluster`](./trusted_cluster.mdx)
   - [`teleport_trusted_device`](./trusted_device.mdx)
   - [`teleport_user`](./user.mdx)
+  - [`teleport_workload_identity`](./workload_identity.mdx)

docs/pages/reference/terraform-provider/data-sources/workload_identity.mdx

@@ -0,0 +1,69 @@
+---
+title: Reference for the teleport_workload_identity Terraform data-source
+sidebar_label: workload_identity
+description: This page describes the supported values of the teleport_workload_identity data-source of the Teleport Terraform provider.
+---
+
+{/*Auto-generated file. Do not edit.*/}
+{/*To regenerate, navigate to integrations/terraform and run `make docs`.*/}
+
+
+
+
+
+{/*  schema generated by tfplugindocs */}
+## Schema
+
+### Optional
+
+- `metadata` (Attributes) Common metadata that all resources share. (see [below for nested schema](#nested-schema-for-metadata))
+- `spec` (Attributes) The configured properties of the WorkloadIdentity (see [below for nested schema](#nested-schema-for-spec))
+- `sub_kind` (String) Differentiates variations of the same kind. All resources should contain one, even if it is never populated.
+- `version` (String) The version of the resource being represented.
+
+### Nested Schema for `metadata`
+
+Optional:
+
+- `description` (String) description is object description.
+- `expires` (String) expires is a global expiry time header can be set on any resource in the system.
+- `labels` (Map of String) labels is a set of labels.
+- `name` (String) name is an object name.
+
+
+### Nested Schema for `spec`
+
+Optional:
+
+- `rules` (Attributes) The rules which are evaluated before the WorkloadIdentity can be issued. (see [below for nested schema](#nested-schema-for-specrules))
+- `spiffe` (Attributes) Configuration pertaining to the issuance of SPIFFE-compatible workload identity credentials. (see [below for nested schema](#nested-schema-for-specspiffe))
+
+### Nested Schema for `spec.rules`
+
+Optional:
+
+- `allow` (Attributes List) A list of rules used to determine if a WorkloadIdentity can be issued. If none are provided, it will be considered a pass. If any are provided, then at least one must pass for the rules to be considered passed. (see [below for nested schema](#nested-schema-for-specrulesallow))
+
+### Nested Schema for `spec.rules.allow`
+
+Optional:
+
+- `conditions` (Attributes List) The conditions that must be met for this rule to be considered passed. (see [below for nested schema](#nested-schema-for-specrulesallowconditions))
+
+### Nested Schema for `spec.rules.allow.conditions`
+
+Optional:
+
+- `attribute` (String) The name of the attribute to evaluate the condition against.
+- `equals` (String) An exact string that the attribute must match.
+
+
+
+
+### Nested Schema for `spec.spiffe`
+
+Optional:
+
+- `hint` (String) A freeform text field which is provided to workloads along with a credential produced by this WorkloadIdentity. This can be used to provide additional context that can be used to select between multiple credentials.
+- `id` (String) The path of the SPIFFE ID that will be issued to the workload.  This should be prefixed with a forward-slash ("/").  This field supports templating using attributes.
+

docs/pages/reference/terraform-provider/resources/resources.mdx

@@ -36,3 +36,4 @@ The Teleport Terraform provider supports the following resources:
   - [`teleport_trusted_cluster`](./trusted_cluster.mdx)
   - [`teleport_trusted_device`](./trusted_device.mdx)
   - [`teleport_user`](./user.mdx)
+  - [`teleport_workload_identity`](./workload_identity.mdx)

docs/pages/reference/terraform-provider/resources/workload_identity.mdx

@@ -0,0 +1,69 @@
+---
+title: Reference for the teleport_workload_identity Terraform resource
+sidebar_label: workload_identity
+description: This page describes the supported values of the teleport_workload_identity resource of the Teleport Terraform provider.
+---
+
+{/*Auto-generated file. Do not edit.*/}
+{/*To regenerate, navigate to integrations/terraform and run `make docs`.*/}
+
+
+
+
+
+{/*  schema generated by tfplugindocs */}
+## Schema
+
+### Optional
+
+- `metadata` (Attributes) Common metadata that all resources share. (see [below for nested schema](#nested-schema-for-metadata))
+- `spec` (Attributes) The configured properties of the WorkloadIdentity (see [below for nested schema](#nested-schema-for-spec))
+- `sub_kind` (String) Differentiates variations of the same kind. All resources should contain one, even if it is never populated.
+- `version` (String) The version of the resource being represented.
+
+### Nested Schema for `metadata`
+
+Optional:
+
+- `description` (String) description is object description.
+- `expires` (String) expires is a global expiry time header can be set on any resource in the system.
+- `labels` (Map of String) labels is a set of labels.
+- `name` (String) name is an object name.
+
+
+### Nested Schema for `spec`
+
+Optional:
+
+- `rules` (Attributes) The rules which are evaluated before the WorkloadIdentity can be issued. (see [below for nested schema](#nested-schema-for-specrules))
+- `spiffe` (Attributes) Configuration pertaining to the issuance of SPIFFE-compatible workload identity credentials. (see [below for nested schema](#nested-schema-for-specspiffe))
+
+### Nested Schema for `spec.rules`
+
+Optional:
+
+- `allow` (Attributes List) A list of rules used to determine if a WorkloadIdentity can be issued. If none are provided, it will be considered a pass. If any are provided, then at least one must pass for the rules to be considered passed. (see [below for nested schema](#nested-schema-for-specrulesallow))
+
+### Nested Schema for `spec.rules.allow`
+
+Optional:
+
+- `conditions` (Attributes List) The conditions that must be met for this rule to be considered passed. (see [below for nested schema](#nested-schema-for-specrulesallowconditions))
+
+### Nested Schema for `spec.rules.allow.conditions`
+
+Optional:
+
+- `attribute` (String) The name of the attribute to evaluate the condition against.
+- `equals` (String) An exact string that the attribute must match.
+
+
+
+
+### Nested Schema for `spec.spiffe`
+
+Optional:
+
+- `hint` (String) A freeform text field which is provided to workloads along with a credential produced by this WorkloadIdentity. This can be used to provide additional context that can be used to select between multiple credentials.
+- `id` (String) The path of the SPIFFE ID that will be issued to the workload.  This should be prefixed with a forward-slash ("/").  This field supports templating using attributes.
+

integrations/terraform/gen/main.go

@@ -524,11 +524,11 @@ var (
 		Name:                  "WorkloadIdentity",
 		TypeName:              "WorkloadIdentity",
 		VarName:               "workloadIdentity",
-		GetMethod:             "WorkloadIdentityResourceServiceClient().GetWorkloadIdentity",
-		CreateMethod:          "WorkloadIdentityResourceServiceClient().CreateWorkloadIdentity",
+		GetMethod:             "GetWorkloadIdentity",
+		CreateMethod:          "CreateWorkloadIdentity",
 		UpsertMethodArity:     2,
-		UpdateMethod:          "WorkloadIdentityResourceServiceClient().UpsertWorkloadIdentity",
-		DeleteMethod:          "WorkloadIdentityResourceServiceClient().DeleteWorkloadIdentity",
+		UpdateMethod:          "UpsertWorkloadIdentity",
+		DeleteMethod:          "DeleteWorkloadIdentity",
 		ID:                    "workloadIdentity.Metadata.Name",
 		Kind:                  "workload_identity",
 		HasStaticID:           false,