generated from hashicorp/terraform-provider-scaffolding
-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Create a new resource for storage bucket - Add examples and docs for how to use new resource - Tests added but they do not run on purpose and have not been validated yet because we cannot run tests for enterprise features yet. That will be addressed separately ## Considerations - Even though only AWS can be supported today, still added the `pluginID` & `pluginName` fields so it's easy to extend once other plugin types are supported - There is some logic around handling secrets sent to Boundary and validating secret HMAC changes that exist from `boundary_host_catalog_plugin` that was introduced in [PR-159](#159). Used the same logic we've been using for that
- Loading branch information
Showing
7 changed files
with
1,039 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,82 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "boundary_storage_bucket Resource - terraform-provider-boundary" | ||
| subcategory: "" | ||
| description: |- | ||
| The storage bucket resource allows you to configure a Boundary storage bucket. A storage bucket can only belong to the Global scope or an Org scope. | ||
| --- | ||
|
|
||
| # boundary_storage_bucket (Resource) | ||
|
|
||
| The storage bucket resource allows you to configure a Boundary storage bucket. A storage bucket can only belong to the Global scope or an Org scope. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```terraform | ||
| resource "boundary_scope" "org" { | ||
| name = "organization_one" | ||
| description = "My first scope!" | ||
| scope_id = boundary_scope.global.id | ||
| auto_create_admin_role = true | ||
| auto_create_default_role = true | ||
| } | ||
| resource "boundary_scope" "project" { | ||
| name = "project_one" | ||
| description = "My first scope!" | ||
| scope_id = boundary_scope.org.id | ||
| auto_create_admin_role = true | ||
| } | ||
| resource "boundary_storage_bucket" "aws_example" { | ||
| name = "My aws catalog" | ||
| description = "My first host catalog!" | ||
| scope_id = boundary_scope.project.id | ||
| plugin_name = "aws" | ||
| bucket_name = "mybucket" | ||
| attributes_json = jsonencode({ "region" = "us-east-1" }) | ||
| # recommended to pass in aws secrets using a file() or using environment variables | ||
| # the secrets below must be generated in aws by creating a aws iam user with programmatic access | ||
| secrets_json = jsonencode({ | ||
| "access_key_id" = "aws_access_key_id_value", | ||
| "secret_access_key" = "aws_secret_access_key_value" | ||
| }) | ||
| worker_filter = "\"pki\" in \"/tags/type\"" | ||
| } | ||
| ``` | ||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `bucket_name` (String) The name of the bucket within the external object store service. | ||
| - `scope_id` (String) The scope for this storage bucket. | ||
| - `secrets_json` (String, Sensitive) The secrets for the storage bucket. Either values encoded with the "jsonencode" function, pre-escaped JSON string, or a file:// or env:// path. Set to a string "null" to clear any existing values. NOTE: Unlike "attributes_json", removing this block will NOT clear secrets from the storage bucket; this allows injecting secrets for one call, then removing them for storage. | ||
| - `worker_filter` (String) Filters to the worker(s) that can handle requests for this storage bucket. | ||
|
|
||
| ### Optional | ||
|
|
||
| - `attributes_json` (String) The attributes for the storage bucket. Either values encoded with the "jsonencode" function, pre-escaped JSON string, or a file:// or env:// path. Set to a string "null" or remove the block to clear all attributes in the storage bucket. | ||
| - `bucket_prefix` (String) The prefix used to organize the data held within the external object store. | ||
| - `description` (String) The storage bucket description. | ||
| - `internal_force_update` (String) Internal only. Used to force update so that we can always check the value of secrets. | ||
| - `internal_hmac_used_for_secrets_config_hmac` (String) Internal only. The Boundary-provided HMAC used to calculate the current value of the HMAC'd config. Used for drift detection. | ||
| - `internal_secrets_config_hmac` (String) Internal only. HMAC of (serverSecretsHmac + config secrets). Used for proper secrets handling. | ||
| - `name` (String) The storage bucket name. Defaults to the resource name. | ||
| - `plugin_id` (String) The ID of the plugin that should back the resource. This or plugin_name must be defined. | ||
| - `plugin_name` (String) The name of the plugin that should back the resource. This or plugin_id must be defined. | ||
| - `secrets_hmac` (String) The HMAC'd secrets value returned from the server. | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The ID of the storage bucket. | ||
|
|
||
| ## Import | ||
|
|
||
| Import is supported using the following syntax: | ||
|
|
||
| ```shell | ||
| terraform import boundary_storage_bucket.foo <my-id> | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| terraform import boundary_storage_bucket.foo <my-id> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| resource "boundary_scope" "org" { | ||
| name = "organization_one" | ||
| description = "My first scope!" | ||
| scope_id = boundary_scope.global.id | ||
| auto_create_admin_role = true | ||
| auto_create_default_role = true | ||
| } | ||
|
|
||
| resource "boundary_scope" "project" { | ||
| name = "project_one" | ||
| description = "My first scope!" | ||
| scope_id = boundary_scope.org.id | ||
| auto_create_admin_role = true | ||
| } | ||
|
|
||
| resource "boundary_storage_bucket" "aws_example" { | ||
| name = "My aws catalog" | ||
| description = "My first host catalog!" | ||
| scope_id = boundary_scope.project.id | ||
| plugin_name = "aws" | ||
| bucket_name = "mybucket" | ||
| attributes_json = jsonencode({ "region" = "us-east-1" }) | ||
|
|
||
| # recommended to pass in aws secrets using a file() or using environment variables | ||
| # the secrets below must be generated in aws by creating a aws iam user with programmatic access | ||
| secrets_json = jsonencode({ | ||
| "access_key_id" = "aws_access_key_id_value", | ||
| "secret_access_key" = "aws_secret_access_key_value" | ||
| }) | ||
| worker_filter = "\"pki\" in \"/tags/type\"" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.