Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add static host users to Terraform provider #46826

Merged
merged 1 commit into from
Sep 26, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/pages/reference/terraform-provider/data-sources.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ The Teleport Terraform provider supports the following data-sources:
- [`teleport_role`](./data-sources/role.mdx)
- [`teleport_saml_connector`](./data-sources/saml_connector.mdx)
- [`teleport_session_recording_config`](./data-sources/session_recording_config.mdx)
- [`teleport_static_host_user`](./data-sources/static_host_user.mdx)
- [`teleport_trusted_cluster`](./data-sources/trusted_cluster.mdx)
- [`teleport_trusted_device`](./data-sources/trusted_device.mdx)
- [`teleport_user`](./data-sources/user.mdx)
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
---
title: Reference for the teleport_static_host_user Terraform data-source
description: This page describes the supported values of the teleport_static_host_user data-source of the Teleport Terraform provider.
---

{/*Auto-generated file. Do not edit.*/}
{/*To regenerate, navigate to integrations/terraform and run `make docs`.*/}





{/* schema generated by tfplugindocs */}
## Schema

### Required

- `metadata` (Attributes) metadata is resource metadata. (see [below for nested schema](#nested-schema-for-metadata))
- `spec` (Attributes) spec is the static host user spec. (see [below for nested schema](#nested-schema-for-spec))
- `version` (String) version is the resource version. It must be specified. Supported values are: `v2`.

### Optional

- `sub_kind` (String) sub_kind is an optional resource sub kind, used in some resources.

### Nested Schema for `metadata`

Required:

- `name` (String) name is an object name.
rosstimothy marked this conversation as resolved.
Show resolved Hide resolved

Optional:

- `description` (String) description is object description.
- `expires` (String)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not related but we should update expires description with the correct format

- `labels` (Map of String) labels is a set of labels.


### Nested Schema for `spec`

Required:

- `matchers` (Attributes List) (see [below for nested schema](#nested-schema-for-specmatchers))

### Nested Schema for `spec.matchers`

Optional:

- `default_shell` (String) default_shell is the new user's default shell
- `gid` (Number) gid is the new user's gid.
- `groups` (List of String) groups is a list of additional groups to add the user to.
- `node_labels` (Attributes List) node_labels is a map of node labels that will create a user from this resource. (see [below for nested schema](#nested-schema-for-specmatchersnode_labels))
- `node_labels_expression` (String) node_labels_expression is a predicate expression to create a user from this resource.
- `sudoers` (List of String) sudoers is a list of sudoer entries to add.
- `take_ownership_if_user_exists` (Boolean) take_ownership_if_user_exists will take ownership of existing, unmanaged users
- `uid` (Number) uid is the new user's uid.

### Nested Schema for `spec.matchers.node_labels`

Required:

- `name` (String) The name of the label.
- `values` (List of String) The values associated with the label.

1 change: 1 addition & 0 deletions docs/pages/reference/terraform-provider/resources.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ The Teleport Terraform provider supports the following resources:
- [`teleport_saml_connector`](./resources/saml_connector.mdx)
- [`teleport_server`](./resources/server.mdx)
- [`teleport_session_recording_config`](./resources/session_recording_config.mdx)
- [`teleport_static_host_user`](./resources/static_host_user.mdx)
- [`teleport_trusted_cluster`](./resources/trusted_cluster.mdx)
- [`teleport_trusted_device`](./resources/trusted_device.mdx)
- [`teleport_user`](./resources/user.mdx)
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
---
title: Reference for the teleport_static_host_user Terraform resource
description: This page describes the supported values of the teleport_static_host_user resource of the Teleport Terraform provider.
---

{/*Auto-generated file. Do not edit.*/}
{/*To regenerate, navigate to integrations/terraform and run `make docs`.*/}



## Example Usage

```hcl
resource "teleport_static_host_user" "test" {
version = "v2"
metadata = {
name = "test"
}
spec = {
matchers = [
{
node_labels = [
{
name = "foo"
values = ["bar"]
}
]
node_labels_expression = "labels.foo == \"bar\""
groups = ["foo", "bar"]
sudoers = ["abcd1234"]
uid = 1234
gid = 1234
default_shell = "/bin/bash"
}
]
}
}
```

{/* schema generated by tfplugindocs */}
## Schema

### Required

- `metadata` (Attributes) metadata is resource metadata. (see [below for nested schema](#nested-schema-for-metadata))
- `spec` (Attributes) spec is the static host user spec. (see [below for nested schema](#nested-schema-for-spec))
- `version` (String) version is the resource version. It must be specified. Supported values are: `v2`.

### Optional

- `sub_kind` (String) sub_kind is an optional resource sub kind, used in some resources.

### Nested Schema for `metadata`

Required:

- `name` (String) name is an object name.

Optional:

- `description` (String) description is object description.
- `expires` (String)
- `labels` (Map of String) labels is a set of labels.


### Nested Schema for `spec`

Required:

- `matchers` (Attributes List) (see [below for nested schema](#nested-schema-for-specmatchers))

### Nested Schema for `spec.matchers`

Optional:

- `default_shell` (String) default_shell is the new user's default shell
- `gid` (Number) gid is the new user's gid.
- `groups` (List of String) groups is a list of additional groups to add the user to.
- `node_labels` (Attributes List) node_labels is a map of node labels that will create a user from this resource. (see [below for nested schema](#nested-schema-for-specmatchersnode_labels))
- `node_labels_expression` (String) node_labels_expression is a predicate expression to create a user from this resource.
- `sudoers` (List of String) sudoers is a list of sudoer entries to add.
- `take_ownership_if_user_exists` (Boolean) take_ownership_if_user_exists will take ownership of existing, unmanaged users
- `uid` (Number) uid is the new user's uid.

### Nested Schema for `spec.matchers.node_labels`

Required:

- `name` (String) The name of the label.
- `values` (List of String) The values associated with the label.

8 changes: 8 additions & 0 deletions integrations/terraform/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -106,9 +106,17 @@ endif
--terraform_out=config=protoc-gen-terraform-accessmonitoringrules.yaml:./tfschema \
teleport/accessmonitoringrules/v1/access_monitoring_rules.proto

@protoc \
-I=../../api/proto \
-I=$(PROTOBUF_MOD_PATH) \
--plugin=$(GENTERRAFORMPATH)/protoc-gen-terraform \
--terraform_out=config=protoc-gen-terraform-statichostuser.yaml:./tfschema \
teleport/userprovisioning/v2/statichostuser.proto

mv ./tfschema/github.com/gravitational/teleport/api/gen/proto/go/teleport/loginrule/v1/loginrule_terraform.go ./tfschema/loginrule/v1/
mv ./tfschema/github.com/gravitational/teleport/api/gen/proto/go/teleport/accesslist/v1/accesslist_terraform.go ./tfschema/accesslist/v1/
mv ./tfschema/github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1/access_monitoring_rules_terraform.go ./tfschema/accessmonitoringrules/v1/
mv ./tfschema/github.com/gravitational/teleport/api/gen/proto/go/teleport/userprovisioning/v2/statichostuser_terraform.go ./tfschema/userprovisioning/v2/
mv ./tfschema/github.com/gravitational/teleport/api/types/device_terraform.go ./tfschema/devicetrust/v1/
rm -r ./tfschema/github.com/
@go run ./gen/main.go
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
resource "teleport_static_host_user" "test" {
version = "v2"
metadata = {
name = "test"
}
spec = {
matchers = [
{
node_labels = [
{
name = "foo"
values = ["bar"]
}
]
node_labels_expression = "labels.foo == \"bar\""
groups = ["foo", "bar"]
sudoers = ["abcd1234"]
uid = 1234
gid = 1234
default_shell = "/bin/bash"
}
]
}
}
28 changes: 28 additions & 0 deletions integrations/terraform/gen/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -476,6 +476,32 @@ var (
ExtraImports: []string{"apitypes \"github.com/gravitational/teleport/api/types\""},
ForceSetKind: "apitypes.KindAccessMonitoringRule",
}

staticHostUser = payload{
Name: "StaticHostUser",
TypeName: "StaticHostUser",
VarName: "staticHostUser",
GetMethod: "StaticHostUserClient().GetStaticHostUser",
CreateMethod: "StaticHostUserClient().CreateStaticHostUser",
UpsertMethodArity: 2,
UpdateMethod: "StaticHostUserClient().UpsertStaticHostUser",
DeleteMethod: "StaticHostUserClient().DeleteStaticHostUser",
ID: "staticHostUser.Metadata.Name",
Kind: "static_host_user",
HasStaticID: false,
ProtoPackage: "userprovisioningv2",
ProtoPackagePath: "github.com/gravitational/teleport/api/gen/proto/go/teleport/userprovisioning/v2",
SchemaPackage: "schemav1",
SchemaPackagePath: "github.com/gravitational/teleport/integrations/terraform/tfschema/userprovisioning/v2",
TerraformResourceType: "teleport_static_host_user",
// Since [RFD 153](https://github.com/gravitational/teleport/blob/master/rfd/0153-resource-guidelines.md)
// resources are plain structs
IsPlainStruct: true,
// As 153-style resources don't have CheckAndSetDefaults, we must set the Kind manually.
// We import the package containing kinds, then use ForceSetKind.
ExtraImports: []string{"apitypes \"github.com/gravitational/teleport/api/types\""},
ForceSetKind: "apitypes.KindStaticHostUser",
}
)

func main() {
Expand Down Expand Up @@ -523,6 +549,8 @@ func genTFSchema() {
generateDataSource(installer, pluralDataSource)
generateResource(accessMonitoringRule, pluralResource)
generateDataSource(accessMonitoringRule, pluralDataSource)
generateResource(staticHostUser, pluralResource)
generateDataSource(staticHostUser, pluralDataSource)
}

func generateResource(p payload, tpl string) {
Expand Down
72 changes: 72 additions & 0 deletions integrations/terraform/protoc-gen-terraform-statichostuser.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
---
target_package_name: "v2"
default_package_name: "github.com/gravitational/teleport/api/gen/proto/go/teleport/userprovisioning/v2"
duration_custom_type: Duration
use_state_for_unknown_by_default: true

# Top-level type names to export
types:
- "StaticHostUser"

# These import paths were not being automatically picked up by
# protoc-gen-terraform without these overrides
import_path_overrides:
"types": "github.com/gravitational/teleport/api/types"
"wrappers": "github.com/gravitational/teleport/api/types/wrappers"
"durationpb": "google.golang.org/protobuf/types/known/durationpb"
"timestamppb": "google.golang.org/protobuf/types/known/timestamppb"
"v1": "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1"
"v11": "github.com/gravitational/teleport/api/gen/proto/go/teleport/label/v1"


# id field is required for integration tests. It is not used by provider.
# We have to add it manually (might be removed in the future versions).
injected_fields:
StaticHostUser:
- name: id
type: github.com/hashicorp/terraform-plugin-framework/types.StringType
computed: true
plan_modifiers:
- "github.com/hashicorp/terraform-plugin-framework/tfsdk.UseStateForUnknown()"

# These fields will be excluded
exclude_fields:
# Metadata (we id resources by name on our side)
- "StaticHostUser.metadata.id"

# These fields will be marked as Computed: true
computed_fields:
# Metadata
- "StaticHostUser.metadata.namespace"
- "StaticHostUser.kind"

# These fields will be marked as Required: true
required_fields:
- "StaticHostUser.version"
- "StaticHostUser.metadata"
- "StaticHostUser.metadata.name"
- "StaticHostUser.spec"
- "StaticHostUser.spec.matchers"
- "StaticHostUser.spec.matchers.node_labels.name"
- "StaticHostUser.spec.matchers.node_labels.values"

plan_modifiers:
# Force to recreate resource if it's name changes
Metadata.name:
- "github.com/hashicorp/terraform-plugin-framework/tfsdk.RequiresReplace()"

# This must be defined for the generator to be happy, but in reality all time
# fields are overridden (because the protobuf timestamps contain locks and the
# linter gets mad if we use raw structs instead of pointers).
time_type:
type: "PlaceholderType"
duration_type:
type: "PlaceholderType"

validators:
# Expires must be in the future
Metadata.expires:
- github_com_gravitational_teleport_integrations_terraform_tfschema.MustTimeBeInFuture()

custom_types:
"StaticHostUser.metadata.expires": Timestamp
Loading
Loading