Skip to content

Commit

Permalink
Improve the docs (#35)
Browse files Browse the repository at this point in the history 
Fix the provider example.

Improve the formatting of the provider attribute docs.

Move the new provider docs sections from the generated `docs/index.md`
file into a custom template at `templates/index.md.tmpl` so they don't
get deleted when re-generating the docs.

Restructure and reword the authn section.

Re-generate the docs (`make generate`).
  • Loading branch information
@rlenglet
rlenglet authored Aug 5, 2024
1 parent d24fbd8 commit 8d7d25b
Show file tree
Hide file tree
Showing 4 changed files with 125 additions and 37 deletions.
54 changes: 25 additions & 29 deletions docs/index.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "illumio-cloudsecure Provider"
subcategory: ""
description: |-
Expand All @@ -23,42 +21,40 @@ terraform {
}
}
# Onboard an AWS account
resource "illumio-cloudsecure_aws_account" "example" {
# ...
provider "illumio-cloudsecure" {
client_id = "my-access-id"
client_secret = "my-secret-id"
}
```

## Authentication and Configuration

Illumio CloudSecure provides several methods for configuring the Terraform provider:
## Authentication

1. Parameters in the provider configuration
2. Environment variables
3. Access Token
Illumio CloudSecure follows the OAuth 2 standard protocol for authenticating the Terraform provider.
To generate the necessary OAuth 2 `client_id` and `client_secret` to authenticate the CloudSecure Terraform provider, you will need to create a Service Account from the [console](https://console.illum.io/#/serviceAccounts) and generate a new secret.

Illumio CloudSecure follows the industry-standard protocol for authorization using OAuth 2.0. To generate the necessary client_id and client_secret to use the CloudSecure Terraform provider, you will need to create a Service Account from the [console](https://console.illum.io/#/serviceAccounts) and generate a new secret.
Illumio CloudSecure provides several methods for authenticating the Terraform provider using OAuth 2:

| :warning: WARNING: |
| :------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Hard-coded credentials are not recommended in any Terraform configuration and risks secret leakage should this file ever be committed to a public version control system. |
1. Using the `client_id` and `client_secret`
1. Using an access token

### Parameters in the provider configuration
### Configuring `client_id` and `client_secret` in the Provider Configuration

Credentials can be provided by adding a client_id, client_secret, and optionally token, to the illumio-cloudsecure provider block.

Usage:
Credentials can be provided by adding a `client_id` and client_secret, or an `access_token`, into the `illumio-cloudsecure` provider block.

```terraform
provider "illumio-cloudsecure" {
client_id = "my-access-id"
client_id = "my-access-id"
client_secret = "my-secret-id"
}
```

### Environment Variables
| :warning: WARNING: |
| :------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Hard-coded credentials are not recommended in any Terraform configuration and risks secret leakage should this file ever be committed to a public version control system. |

### Configuring `client_id` and `client_secret` using Environment Variables

Credentials can be provided in input variables.
Preferably, these credentials can be provided via input variables which values are set using environment variables.

```terraform
variable "illumio_cloudsecure_client_id" {
Expand Down Expand Up @@ -86,7 +82,8 @@ provider "illumio-cloudsecure" {

### Access Token

Clients may pass the access `token` instead of using the `client_id` and `client_secret`. You will need to call the OAuth 2 `token` endpoint on their own at `https://cloud.illum.io/api/v1/authenticate` with the `client_id` and `client_secret` to get the access token.
Clients may pass the `access_token` directly instead of using the `client_id` and `client_secret`.
You will need to call the OAuth 2 Token Endpoint at https://cloud.illum.io/api/v1/authenticate on your own with the `client_id` and `client_secret` to obtain the `access_token`.

```terraform
variable "illumio_cloudsecure_access_token" {
Expand All @@ -106,15 +103,14 @@ provider "illumio-cloudsecure" {
```

<!-- schema generated by tfplugindocs -->

## Schema

### Optional

- `access_token` (String, Sensitive) OAuth 2 access token used to authenticate against the CloudSecure Config API. Either client_id+client_secret or access_token must be specified.
- `api_endpoint` (String) CloudSecure Config API endpoint, defaults to dns:///cloud.illum.io:443.
- `client_id` (String) OAuth 2 client identifier used to authenticate against the CloudSecure Config API. Either client_id+client_secret or access_token must be specified.
- `client_secret` (String, Sensitive) OAuth 2 client secret used to authenticate against the CloudSecure Config API. Either client_id+client_secret or access_token must be specified.
- `access_token` (String, Sensitive) OAuth 2 access token used to authenticate against the CloudSecure Config API. Either `client_id`+`client_secret` or `access_token` must be specified.
- `api_endpoint` (String) CloudSecure Config API endpoint, defaults to `dns:///cloud.illum.io:443`.
- `client_id` (String) OAuth 2 client identifier used to authenticate against the CloudSecure Config API. Either `client_id`+`client_secret` or `access_token` must be specified.
- `client_secret` (String, Sensitive) OAuth 2 client secret used to authenticate against the CloudSecure Config API. Either `client_id`+`client_secret` or `access_token` must be specified.
- `insecure_tls` (Boolean) Disables TLS server certificate verification for all requests to the CloudSecure Config API and Token endpoints. Server certificate verification is enabled by default. Should only be used for testing the provider.
- `request_timeout` (String) Maximum duration of each API request, defaults to 10s.
- `token_endpoint` (String) CloudSecure OAuth 2 Token endpoint, defaults to https://cloud.illum.io/api/v1/authenticate.
- `token_endpoint` (String) CloudSecure OAuth 2 Token endpoint, defaults to `https://cloud.illum.io/api/v1/authenticate`.
6 changes: 3 additions & 3 deletions examples/provider/provider.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ terraform {
}
}

# Onboard an AWS account
resource "illumio-cloudsecure_aws_account" "example" {
# ...
provider "illumio-cloudsecure" {
client_id = "my-access-id"
client_secret = "my-secret-id"
}
10 changes: 5 additions & 5 deletions internal/provider/provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,38 +90,38 @@ func (p *Provider) Schema(_ context.Context, _ provider.SchemaRequest, resp *pro
MarkdownDescription: "A Provider for managing Illumio CloudSecure.",
Attributes: map[string]provider_schema.Attribute{
"api_endpoint": provider_schema.StringAttribute{
MarkdownDescription: "CloudSecure Config API endpoint, defaults to " + DefaultAPIEndpoint + ".",
MarkdownDescription: "CloudSecure Config API endpoint, defaults to `" + DefaultAPIEndpoint + "`.",
Optional: true,
Validators: []validator.String{
stringvalidator.LengthBetween(1, 1024),
URL(),
},
},
"token_endpoint": provider_schema.StringAttribute{
MarkdownDescription: "CloudSecure OAuth 2 Token endpoint, defaults to " + DefaultTokenEndpoint + ".",
MarkdownDescription: "CloudSecure OAuth 2 Token endpoint, defaults to `" + DefaultTokenEndpoint + "`.",
Optional: true,
Validators: []validator.String{
stringvalidator.LengthBetween(1, 1024),
URL(),
},
},
"client_id": provider_schema.StringAttribute{
MarkdownDescription: "OAuth 2 client identifier used to authenticate against the CloudSecure Config API. Either client_id+client_secret or access_token must be specified.",
MarkdownDescription: "OAuth 2 client identifier used to authenticate against the CloudSecure Config API. Either `client_id`+`client_secret` or `access_token` must be specified.",
Optional: true,
Validators: []validator.String{
stringvalidator.LengthBetween(1, 1024),
},
},
"client_secret": provider_schema.StringAttribute{
MarkdownDescription: "OAuth 2 client secret used to authenticate against the CloudSecure Config API. Either client_id+client_secret or access_token must be specified.",
MarkdownDescription: "OAuth 2 client secret used to authenticate against the CloudSecure Config API. Either `client_id`+`client_secret` or `access_token` must be specified.",
Optional: true,
Sensitive: true,
Validators: []validator.String{
stringvalidator.LengthBetween(1, 1024),
},
},
"access_token": provider_schema.StringAttribute{
MarkdownDescription: "OAuth 2 access token used to authenticate against the CloudSecure Config API. Either client_id+client_secret or access_token must be specified.",
MarkdownDescription: "OAuth 2 access token used to authenticate against the CloudSecure Config API. Either `client_id`+`client_secret` or `access_token` must be specified.",
Optional: true,
Sensitive: true,
Validators: []validator.String{
Expand Down
92 changes: 92 additions & 0 deletions templates/index.md.tmpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
page_title: "{{.ProviderShortName}} Provider"
subcategory: ""
description: |-
{{ .Description | plainmarkdown | trimspace | prefixlines " " }}
---

# {{.ProviderShortName}} Provider

{{ .Description | trimspace }}

{{ if .HasExample -}}
## Example Usage

{{tffile .ExampleFile }}
{{- end }}

## Authentication

Illumio CloudSecure follows the OAuth 2 standard protocol for authenticating the Terraform provider.
To generate the necessary OAuth 2 `client_id` and `client_secret` to authenticate the CloudSecure Terraform provider, you will need to create a Service Account from the [console](https://console.illum.io/#/serviceAccounts) and generate a new secret.

Illumio CloudSecure provides several methods for authenticating the Terraform provider using OAuth 2:

1. Using the `client_id` and `client_secret`
1. Using an access token

### Configuring `client_id` and `client_secret` in the Provider Configuration

Credentials can be provided by adding a `client_id` and client_secret, or an `access_token`, into the `illumio-cloudsecure` provider block.

```terraform
provider "illumio-cloudsecure" {
client_id = "my-access-id"
client_secret = "my-secret-id"
}
```

| :warning: WARNING: |
| :------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Hard-coded credentials are not recommended in any Terraform configuration and risks secret leakage should this file ever be committed to a public version control system. |

### Configuring `client_id` and `client_secret` using Environment Variables

Preferably, these credentials can be provided via input variables which values are set using environment variables.

```terraform
variable "illumio_cloudsecure_client_id" {
type = string
description = "The OAuth 2 client identifier used to authenticate against the CloudSecure Config API."
}

variable "illumio_cloudsecure_client_secret" {
type = string
sensitive = true
description = "The OAuth 2 client secret used to authenticate against the CloudSecure Config API."
}

provider "illumio-cloudsecure" {
client_id = var.illumio_cloudsecure_client_id
client_secret = var.illumio_cloudsecure_client_secret
}
```

```terraform
% export TF_VAR_illumio_cloudsecure_client_id="my-client-id"
% export TF_VAR_illumio_cloudsecure_client_secret="my-client-secret"
% terraform plan
```

### Access Token

Clients may pass the `access_token` directly instead of using the `client_id` and `client_secret`.
You will need to call the OAuth 2 Token Endpoint at https://cloud.illum.io/api/v1/authenticate on your own with the `client_id` and `client_secret` to obtain the `access_token`.

```terraform
variable "illumio_cloudsecure_access_token" {
type = string
sensitive = true
description = "The OAuth 2 access token used to authenticate against the CloudSecure Config API."
}

provider "illumio-cloudsecure" {
access_token = var.illumio_cloudsecure_access_token
}
```

```terraform
% export TF_VAR_illumio_cloudsecure_access_token="my-access-token"
% terraform plan
```

{{ .SchemaMarkdown | trimspace }}

0 comments on commit 8d7d25b

Please sign in to comment.