Add authentication and configuration docs

docs/index.md

@@ -18,7 +18,7 @@ terraform {
   required_providers {
     illumio-cloudsecure = {
       source  = "illumio/illumio-cloudsecure"
-      version = "~> 0.1"
+      version = "~> 1.0.0"
     }
   }
 }
@@ -29,7 +29,84 @@ resource "illumio-cloudsecure_aws_account" "example" {
 }
 ```
 
+## Authentication and Configuration
+
+Illumio CloudSecure provides several methods for configuring the Terraform provider:
+
+1. Parameters in the provider configuration
+2. Environment variables
+3. Access Token
+
+Illumio CloudSecure follows the industry-standard protocol for authorization using OAuth 2.0. To generate the necessary client_id and client_secret to use the CloudSecure Terraform provider, you will need to create a Service Account from the [console](https://console.illum.io/#/serviceAccounts) and generate a new secret.
+
+| :warning: WARNING:                                                                                                                                                        |
+| :------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Hard-coded credentials are not recommended in any Terraform configuration and risks secret leakage should this file ever be committed to a public version control system. |
+
+### Parameters in the provider configuration
+
+Credentials can be provided by adding a client_id, client_secret, and optionally token, to the illumio-cloudsecure provider block.
+
+Usage:
+
+```terraform
+provider "illumio-cloudsecure" {
+  client_id = "my-access-id"
+  client_secret = "my-secret-id"
+}
+```
+
+### Environment Variables
+
+Credentials can be provided in input variables.
+
+```terraform
+variable "illumio_cloudsecure_client_id" {
+  type        = string
+  description = "The OAuth 2 client identifier used to authenticate against the CloudSecure Config API."
+}
+
+variable "illumio_cloudsecure_client_secret" {
+  type        = string
+  sensitive   = true
+  description = "The OAuth 2 client secret used to authenticate against the CloudSecure Config API."
+}
+
+provider "illumio-cloudsecure" {
+  client_id     = var.illumio_cloudsecure_client_id
+  client_secret = var.illumio_cloudsecure_client_secret
+}
+```
+
+```terraform
+% export TF_VAR_illumio_cloudsecure_client_id="my-client-id"
+% export TF_VAR_illumio_cloudsecure_client_secret="my-client-secret"
+% terraform plan
+```
+
+### Access Token
+
+Clients may pass the access `token` instead of using the `client_id` and `client_secret`. You will need to call the OAuth 2 `token` endpoint on their own at `https://cloud.illum.io/api/v1/authenticate` with the `client_id` and `client_secret` to get the access token.
+
+```terraform
+variable "illumio_cloudsecure_access_token" {  
+  type        = string  
+  sensitive   = true  
+  description = "The OAuth 2 access token used to authenticate against the CloudSecure Config API."  
+}  
+
+provider "illumio-cloudsecure" {  
+  access_token = var.illumio_cloudsecure_access_token  
+}
+```
+
+```terraform
+% export TF_VAR_illumio_cloudsecure_access_token="my-access-token"  
+% terraform plan  
+```
+
 <!-- schema generated by tfplugindocs -->
+
 ## Schema
 
 ### Optional