From 421fbcb4112d0490599a98df02562ac393c3b549 Mon Sep 17 00:00:00 2001 From: Noah Stride Date: Wed, 18 Dec 2024 16:20:30 +0000 Subject: [PATCH] Fix generation of docs --- api/client/client.go | 40 +++++++++++ .../data-sources/data-sources.mdx | 1 + .../data-sources/workload_identity.mdx | 69 +++++++++++++++++++ .../resources/resources.mdx | 1 + .../resources/workload_identity.mdx | 69 +++++++++++++++++++ integrations/terraform/gen/main.go | 8 +-- .../data_source_teleport_workload_identity.go | 2 +- .../resource_teleport_workload_identity.go | 18 ++--- 8 files changed, 194 insertions(+), 14 deletions(-) create mode 100644 docs/pages/reference/terraform-provider/data-sources/workload_identity.mdx create mode 100644 docs/pages/reference/terraform-provider/resources/workload_identity.mdx diff --git a/api/client/client.go b/api/client/client.go index e3e1184250572..a484f6618b729 100644 --- a/api/client/client.go +++ b/api/client/client.go @@ -5091,6 +5091,46 @@ func (c *Client) UpsertUserLastSeenNotification(ctx context.Context, req *notifi return rsp, trace.Wrap(err) } +func (c *Client) GetWorkloadIdentity(ctx context.Context, name string) (*workloadidentityv1pb.WorkloadIdentity, error) { + resp, err := c.WorkloadIdentityResourceServiceClient().GetWorkloadIdentity(ctx, &workloadidentityv1pb.GetWorkloadIdentityRequest{ + Name: name, + }) + if err != nil { + return nil, trace.Wrap(err) + } + return resp, nil +} + +func (c *Client) DeleteWorkloadIdentity(ctx context.Context, name string) error { + _, err := c.WorkloadIdentityResourceServiceClient().DeleteWorkloadIdentity(ctx, &workloadidentityv1pb.DeleteWorkloadIdentityRequest{ + Name: name, + }) + if err != nil { + return trace.Wrap(err) + } + return nil +} + +func (c *Client) CreateWorkloadIdentity(ctx context.Context, r *workloadidentityv1pb.WorkloadIdentity) (*workloadidentityv1pb.WorkloadIdentity, error) { + resp, err := c.WorkloadIdentityResourceServiceClient().CreateWorkloadIdentity(ctx, &workloadidentityv1pb.CreateWorkloadIdentityRequest{ + WorkloadIdentity: r, + }) + if err != nil { + return nil, trace.Wrap(err) + } + return resp, nil +} + +func (c *Client) UpsertWorkloadIdentity(ctx context.Context, r *workloadidentityv1pb.WorkloadIdentity) (*workloadidentityv1pb.WorkloadIdentity, error) { + resp, err := c.WorkloadIdentityResourceServiceClient().UpsertWorkloadIdentity(ctx, &workloadidentityv1pb.UpsertWorkloadIdentityRequest{ + WorkloadIdentity: r, + }) + if err != nil { + return nil, trace.Wrap(err) + } + return resp, nil +} + // ResourceUsageClient returns an unadorned Resource Usage service client, // using the underlying Auth gRPC connection. // Clients connecting to non-Enterprise clusters, or older Teleport versions, diff --git a/docs/pages/reference/terraform-provider/data-sources/data-sources.mdx b/docs/pages/reference/terraform-provider/data-sources/data-sources.mdx index 92e37199d2dd6..0e6dfabb1b4d4 100644 --- a/docs/pages/reference/terraform-provider/data-sources/data-sources.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/data-sources.mdx @@ -34,3 +34,4 @@ The Teleport Terraform provider supports the following data-sources: - [`teleport_trusted_cluster`](./trusted_cluster.mdx) - [`teleport_trusted_device`](./trusted_device.mdx) - [`teleport_user`](./user.mdx) + - [`teleport_workload_identity`](./workload_identity.mdx) diff --git a/docs/pages/reference/terraform-provider/data-sources/workload_identity.mdx b/docs/pages/reference/terraform-provider/data-sources/workload_identity.mdx new file mode 100644 index 0000000000000..2298d5363d77c --- /dev/null +++ b/docs/pages/reference/terraform-provider/data-sources/workload_identity.mdx @@ -0,0 +1,69 @@ +--- +title: Reference for the teleport_workload_identity Terraform data-source +sidebar_label: workload_identity +description: This page describes the supported values of the teleport_workload_identity data-source of the Teleport Terraform provider. +--- + +{/*Auto-generated file. Do not edit.*/} +{/*To regenerate, navigate to integrations/terraform and run `make docs`.*/} + + + + + +{/* schema generated by tfplugindocs */} +## Schema + +### Optional + +- `metadata` (Attributes) Common metadata that all resources share. (see [below for nested schema](#nested-schema-for-metadata)) +- `spec` (Attributes) The configured properties of the WorkloadIdentity (see [below for nested schema](#nested-schema-for-spec)) +- `sub_kind` (String) Differentiates variations of the same kind. All resources should contain one, even if it is never populated. +- `version` (String) The version of the resource being represented. + +### Nested Schema for `metadata` + +Optional: + +- `description` (String) description is object description. +- `expires` (String) expires is a global expiry time header can be set on any resource in the system. +- `labels` (Map of String) labels is a set of labels. +- `name` (String) name is an object name. + + +### Nested Schema for `spec` + +Optional: + +- `rules` (Attributes) The rules which are evaluated before the WorkloadIdentity can be issued. (see [below for nested schema](#nested-schema-for-specrules)) +- `spiffe` (Attributes) Configuration pertaining to the issuance of SPIFFE-compatible workload identity credentials. (see [below for nested schema](#nested-schema-for-specspiffe)) + +### Nested Schema for `spec.rules` + +Optional: + +- `allow` (Attributes List) A list of rules used to determine if a WorkloadIdentity can be issued. If none are provided, it will be considered a pass. If any are provided, then at least one must pass for the rules to be considered passed. (see [below for nested schema](#nested-schema-for-specrulesallow)) + +### Nested Schema for `spec.rules.allow` + +Optional: + +- `conditions` (Attributes List) The conditions that must be met for this rule to be considered passed. (see [below for nested schema](#nested-schema-for-specrulesallowconditions)) + +### Nested Schema for `spec.rules.allow.conditions` + +Optional: + +- `attribute` (String) The name of the attribute to evaluate the condition against. +- `equals` (String) An exact string that the attribute must match. + + + + +### Nested Schema for `spec.spiffe` + +Optional: + +- `hint` (String) A freeform text field which is provided to workloads along with a credential produced by this WorkloadIdentity. This can be used to provide additional context that can be used to select between multiple credentials. +- `id` (String) The path of the SPIFFE ID that will be issued to the workload. This should be prefixed with a forward-slash ("/"). This field supports templating using attributes. + diff --git a/docs/pages/reference/terraform-provider/resources/resources.mdx b/docs/pages/reference/terraform-provider/resources/resources.mdx index 51d7bb8d2e3b3..e962f85c38abb 100644 --- a/docs/pages/reference/terraform-provider/resources/resources.mdx +++ b/docs/pages/reference/terraform-provider/resources/resources.mdx @@ -36,3 +36,4 @@ The Teleport Terraform provider supports the following resources: - [`teleport_trusted_cluster`](./trusted_cluster.mdx) - [`teleport_trusted_device`](./trusted_device.mdx) - [`teleport_user`](./user.mdx) + - [`teleport_workload_identity`](./workload_identity.mdx) diff --git a/docs/pages/reference/terraform-provider/resources/workload_identity.mdx b/docs/pages/reference/terraform-provider/resources/workload_identity.mdx new file mode 100644 index 0000000000000..06e39b04bd533 --- /dev/null +++ b/docs/pages/reference/terraform-provider/resources/workload_identity.mdx @@ -0,0 +1,69 @@ +--- +title: Reference for the teleport_workload_identity Terraform resource +sidebar_label: workload_identity +description: This page describes the supported values of the teleport_workload_identity resource of the Teleport Terraform provider. +--- + +{/*Auto-generated file. Do not edit.*/} +{/*To regenerate, navigate to integrations/terraform and run `make docs`.*/} + + + + + +{/* schema generated by tfplugindocs */} +## Schema + +### Optional + +- `metadata` (Attributes) Common metadata that all resources share. (see [below for nested schema](#nested-schema-for-metadata)) +- `spec` (Attributes) The configured properties of the WorkloadIdentity (see [below for nested schema](#nested-schema-for-spec)) +- `sub_kind` (String) Differentiates variations of the same kind. All resources should contain one, even if it is never populated. +- `version` (String) The version of the resource being represented. + +### Nested Schema for `metadata` + +Optional: + +- `description` (String) description is object description. +- `expires` (String) expires is a global expiry time header can be set on any resource in the system. +- `labels` (Map of String) labels is a set of labels. +- `name` (String) name is an object name. + + +### Nested Schema for `spec` + +Optional: + +- `rules` (Attributes) The rules which are evaluated before the WorkloadIdentity can be issued. (see [below for nested schema](#nested-schema-for-specrules)) +- `spiffe` (Attributes) Configuration pertaining to the issuance of SPIFFE-compatible workload identity credentials. (see [below for nested schema](#nested-schema-for-specspiffe)) + +### Nested Schema for `spec.rules` + +Optional: + +- `allow` (Attributes List) A list of rules used to determine if a WorkloadIdentity can be issued. If none are provided, it will be considered a pass. If any are provided, then at least one must pass for the rules to be considered passed. (see [below for nested schema](#nested-schema-for-specrulesallow)) + +### Nested Schema for `spec.rules.allow` + +Optional: + +- `conditions` (Attributes List) The conditions that must be met for this rule to be considered passed. (see [below for nested schema](#nested-schema-for-specrulesallowconditions)) + +### Nested Schema for `spec.rules.allow.conditions` + +Optional: + +- `attribute` (String) The name of the attribute to evaluate the condition against. +- `equals` (String) An exact string that the attribute must match. + + + + +### Nested Schema for `spec.spiffe` + +Optional: + +- `hint` (String) A freeform text field which is provided to workloads along with a credential produced by this WorkloadIdentity. This can be used to provide additional context that can be used to select between multiple credentials. +- `id` (String) The path of the SPIFFE ID that will be issued to the workload. This should be prefixed with a forward-slash ("/"). This field supports templating using attributes. + diff --git a/integrations/terraform/gen/main.go b/integrations/terraform/gen/main.go index 6cfb6119018ce..ca639ac758ac2 100644 --- a/integrations/terraform/gen/main.go +++ b/integrations/terraform/gen/main.go @@ -524,11 +524,11 @@ var ( Name: "WorkloadIdentity", TypeName: "WorkloadIdentity", VarName: "workloadIdentity", - GetMethod: "WorkloadIdentityResourceServiceClient().GetWorkloadIdentity", - CreateMethod: "WorkloadIdentityResourceServiceClient().CreateWorkloadIdentity", + GetMethod: "GetWorkloadIdentity", + CreateMethod: "CreateWorkloadIdentity", UpsertMethodArity: 2, - UpdateMethod: "WorkloadIdentityResourceServiceClient().UpsertWorkloadIdentity", - DeleteMethod: "WorkloadIdentityResourceServiceClient().DeleteWorkloadIdentity", + UpdateMethod: "UpsertWorkloadIdentity", + DeleteMethod: "DeleteWorkloadIdentity", ID: "workloadIdentity.Metadata.Name", Kind: "workload_identity", HasStaticID: false, diff --git a/integrations/terraform/provider/data_source_teleport_workload_identity.go b/integrations/terraform/provider/data_source_teleport_workload_identity.go index d38619175f7d0..1b1d15fb99dcd 100755 --- a/integrations/terraform/provider/data_source_teleport_workload_identity.go +++ b/integrations/terraform/provider/data_source_teleport_workload_identity.go @@ -59,7 +59,7 @@ func (r dataSourceTeleportWorkloadIdentity) Read(ctx context.Context, req tfsdk. return } - workloadIdentityI, err := r.p.Client.WorkloadIdentityResourceServiceClient().GetWorkloadIdentity(ctx, id.Value) + workloadIdentityI, err := r.p.Client.GetWorkloadIdentity(ctx, id.Value) if err != nil { resp.Diagnostics.Append(diagFromWrappedErr("Error reading WorkloadIdentity", trace.Wrap(err), "workload_identity")) return diff --git a/integrations/terraform/provider/resource_teleport_workload_identity.go b/integrations/terraform/provider/resource_teleport_workload_identity.go index d352e9be099f8..e5c59e0993b44 100755 --- a/integrations/terraform/provider/resource_teleport_workload_identity.go +++ b/integrations/terraform/provider/resource_teleport_workload_identity.go @@ -82,7 +82,7 @@ func (r resourceTeleportWorkloadIdentity) Create(ctx context.Context, req tfsdk. id := workloadIdentityResource.Metadata.Name - _, err = r.p.Client.WorkloadIdentityResourceServiceClient().GetWorkloadIdentity(ctx, id) + _, err = r.p.Client.GetWorkloadIdentity(ctx, id) if !trace.IsNotFound(err) { if err == nil { existErr := fmt.Sprintf("WorkloadIdentity exists in Teleport. Either remove it (tctl rm workload_identity/%v)"+ @@ -96,7 +96,7 @@ func (r resourceTeleportWorkloadIdentity) Create(ctx context.Context, req tfsdk. return } - _, err = r.p.Client.WorkloadIdentityResourceServiceClient().CreateWorkloadIdentity(ctx, workloadIdentityResource) + _, err = r.p.Client.CreateWorkloadIdentity(ctx, workloadIdentityResource) if err != nil { resp.Diagnostics.Append(diagFromWrappedErr("Error creating WorkloadIdentity", trace.Wrap(err), "workload_identity")) return @@ -106,7 +106,7 @@ func (r resourceTeleportWorkloadIdentity) Create(ctx context.Context, req tfsdk. backoff := backoff.NewDecorr(r.p.RetryConfig.Base, r.p.RetryConfig.Cap, clockwork.NewRealClock()) for { tries = tries + 1 - workloadIdentityI, err = r.p.Client.WorkloadIdentityResourceServiceClient().GetWorkloadIdentity(ctx, id) + workloadIdentityI, err = r.p.Client.GetWorkloadIdentity(ctx, id) if trace.IsNotFound(err) { if bErr := backoff.Do(ctx); bErr != nil { resp.Diagnostics.Append(diagFromWrappedErr("Error reading WorkloadIdentity", trace.Wrap(bErr), "workload_identity")) @@ -161,7 +161,7 @@ func (r resourceTeleportWorkloadIdentity) Read(ctx context.Context, req tfsdk.Re return } - workloadIdentityI, err := r.p.Client.WorkloadIdentityResourceServiceClient().GetWorkloadIdentity(ctx, id.Value) + workloadIdentityI, err := r.p.Client.GetWorkloadIdentity(ctx, id.Value) if trace.IsNotFound(err) { resp.State.RemoveResource(ctx) return @@ -211,13 +211,13 @@ func (r resourceTeleportWorkloadIdentity) Update(ctx context.Context, req tfsdk. name := workloadIdentityResource.Metadata.Name - workloadIdentityBefore, err := r.p.Client.WorkloadIdentityResourceServiceClient().GetWorkloadIdentity(ctx, name) + workloadIdentityBefore, err := r.p.Client.GetWorkloadIdentity(ctx, name) if err != nil { resp.Diagnostics.Append(diagFromWrappedErr("Error reading WorkloadIdentity", err, "workload_identity")) return } - _, err = r.p.Client.WorkloadIdentityResourceServiceClient().UpsertWorkloadIdentity(ctx, workloadIdentityResource) + _, err = r.p.Client.UpsertWorkloadIdentity(ctx, workloadIdentityResource) if err != nil { resp.Diagnostics.Append(diagFromWrappedErr("Error updating WorkloadIdentity", err, "workload_identity")) return @@ -228,7 +228,7 @@ func (r resourceTeleportWorkloadIdentity) Update(ctx context.Context, req tfsdk. backoff := backoff.NewDecorr(r.p.RetryConfig.Base, r.p.RetryConfig.Cap, clockwork.NewRealClock()) for { tries = tries + 1 - workloadIdentityI, err = r.p.Client.WorkloadIdentityResourceServiceClient().GetWorkloadIdentity(ctx, name) + workloadIdentityI, err = r.p.Client.GetWorkloadIdentity(ctx, name) if err != nil { resp.Diagnostics.Append(diagFromWrappedErr("Error reading WorkloadIdentity", err, "workload_identity")) return @@ -272,7 +272,7 @@ func (r resourceTeleportWorkloadIdentity) Delete(ctx context.Context, req tfsdk. return } - err := r.p.Client.WorkloadIdentityResourceServiceClient().DeleteWorkloadIdentity(ctx, id.Value) + err := r.p.Client.DeleteWorkloadIdentity(ctx, id.Value) if err != nil { resp.Diagnostics.Append(diagFromWrappedErr("Error deleting WorkloadIdentity", trace.Wrap(err), "workload_identity")) return @@ -283,7 +283,7 @@ func (r resourceTeleportWorkloadIdentity) Delete(ctx context.Context, req tfsdk. // ImportState imports WorkloadIdentity state func (r resourceTeleportWorkloadIdentity) ImportState(ctx context.Context, req tfsdk.ImportResourceStateRequest, resp *tfsdk.ImportResourceStateResponse) { - workloadIdentity, err := r.p.Client.WorkloadIdentityResourceServiceClient().GetWorkloadIdentity(ctx, req.ID) + workloadIdentity, err := r.p.Client.GetWorkloadIdentity(ctx, req.ID) if err != nil { resp.Diagnostics.Append(diagFromWrappedErr("Error reading WorkloadIdentity", trace.Wrap(err), "workload_identity")) return