stackit-dev-tools/terraform-provider-stackitprivatepreview
2
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Documentation update (#524)

Browse source 
* Update Auth guide

* Update docs
This commit is contained in:
Vicente Pinto 2024-09-03 16:50:18 +01:00 committed by GitHub
parent fc5f63bc86
commit 75b1ede38b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 71 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/data-sources/postgresql_credential.md
View file

@ -4,7 +4,7 @@ page_title: "stackit_postgresql_credential Data Source - stackit"
subcategory: ""
description: |-
PostgreSQL credential data source schema. Must have a region specified in the provider configuration.
!> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackitpostgresflexuser instead. For more details, check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html
!> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackit_postgresflex_user instead. For more details, check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html
---
# stackit_postgresql_credential (Data Source)

2
docs/data-sources/postgresql_instance.md
View file

@ -4,7 +4,7 @@ page_title: "stackit_postgresql_instance Data Source - stackit"
subcategory: ""
description: |-
PostgreSQL instance data source schema. Must have a region specified in the provider configuration.
!> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackitpostgresflexinstance instead. For more details, check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html
!> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackit_postgresflex_instance instead. For more details, check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html
---
# stackit_postgresql_instance (Data Source)

35
docs/index.md
View file

@ -59,20 +59,23 @@ When setting up authentication, the provider will always try to use the key flow
### Key flow
To use the key flow, you need to have a service account key and an RSA key-pair.
To configure it, follow this steps:
The following instructions assume that you have created a service account and assigned the necessary permissions to it, e.g. `project.owner`.
The following instructions assume that you have created a service account and assigned it the necessary permissions, e.g. project.owner.
To use the key flow, you need to have a service account key, which must have an RSA key-pair attached to it.
1. In the Portal, go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key.
When creating the service account key, a new pair can be created automatically, which will be included in the service account key. This will make it much easier to configure the key flow authentication in the [STACKIT Terraform Provider](https://github.com/stackitcloud/terraform-provider-stackit), by just providing the service account key.
- You can create your own RSA key-pair or have the Portal generate one for you.
**Optionally**, you can provide your own private key when creating the service account key, which will then require you to also provide it explicitly to the [STACKIT Terraform Provider](https://github.com/stackitcloud/terraform-provider-stackit), additionally to the service account key. Check the STACKIT Knowledge Base for an [example of how to create your own key-pair](https://docs.stackit.cloud/stackit/en/usage-of-the-service-account-keys-in-stackit-175112464.html#UsageoftheserviceaccountkeysinSTACKIT-CreatinganRSAkey-pair).
2. Save the content of the service account key and the corresponding private key by copying them or saving them in a file.
To configure the key flow, follow this steps:
**Hint:** If you have generated the RSA key-pair using the Portal, you can save the private key in a PEM encoded file by downloading the service account key as a PEM file and using `openssl storeutl -keys <path/to/sa_key_pem_file> > private.key` to extract the private key from the service account key.
1. Create a service account key:
The expected format of the service account key is a **json** with the following structure:
- Use the [STACKIT Portal](https://portal.stackit.cloud/): go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key. For more details, see [Create a service account key](https://docs.stackit.cloud/stackit/en/create-a-service-account-key-175112456.html)
2. Save the content of the service account key by copying it and saving it in a JSON file.
The expected format of the service account key is a **JSON** with the following structure:
```json
{
@ -94,10 +97,18 @@ The expected format of the service account key is a **json** with the following
}
```
3. Configure the service account key and private key for authentication in the provider by following one of the alternatives below:
- setting the fiels in the provider block: `service_account_key` or `service_account_key_path`, `private_key` or `private_key_path`
- setting environment variables: `STACKIT_SERVICE_ACCOUNT_KEY_PATH` and `STACKIT_PRIVATE_KEY_PATH`
- setting `STACKIT_SERVICE_ACCOUNT_KEY_PATH` and `STACKIT_PRIVATE_KEY_PATH` in the credentials file (see above)
3. Configure the service account key for authentication in the provider by following one of the alternatives below:
- setting the fields in the provider block: `service_account_key` or `service_account_key_path`
- setting the environment variable: `STACKIT_SERVICE_ACCOUNT_KEY_PATH`
- setting `STACKIT_SERVICE_ACCOUNT_KEY_PATH` in the credentials file (see above)
> **Optionally, only if you have provided your own RSA key-pair when creating the service account key**, you also need to configure your private key (takes precedence over the one included in the service account key, if present). **The private key must be PEM encoded** and can be provided using one of the options below:
>
> - setting the field in the provider block: `private_key` or `private_key_path`
> - setting the environment variable: `STACKIT_PRIVATE_KEY_PATH`
> - setting `STACKIT_PRIVATE_KEY_PATH` in the credentials file (see above)
### Token flow

28
docs/resources/loadbalancer.md
View file

@ -8,23 +8,25 @@ description: |-
To automate the creation of load balancers, OpenStack can be used to setup the supporting infrastructure.
To set up the OpenStack provider, you can create a token through the STACKIT Portal, in your project's Infrastructure API page.
There, the OpenStack user domain name, username, and password are generated and can be obtained. The provider can then be configured as follows:
```terraform
terraform {
required_providers {
(...)
openstack = {
source = "terraform-provider-openstack/openstack"
}
}
required_providers {
(...)
openstack = {
source = "terraform-provider-openstack/openstack"
}
}
}
provider "openstack" {
userdomainname = "{OpenStack user domain name}"
username = "{OpenStack username}"
password = "{OpenStack password}"
region = "RegionOne"
authurl = "https://keystone.api.iaas.eu01.stackit.cloud/v3"
user_domain_name = "{OpenStack user domain name}"
user_name = "{OpenStack username}"
password = "{OpenStack password}"
region = "RegionOne"
auth_url = "https://keystone.api.iaas.eu01.stackit.cloud/v3"
}
```
Configuring the supporting infrastructure
The example below uses OpenStack to create the network, router, a public IP address and a compute instance.
---

2
docs/resources/postgresql_credential.md
View file

@ -4,7 +4,7 @@ page_title: "stackit_postgresql_credential Resource - stackit"
subcategory: ""
description: |-
PostgreSQL credential resource schema. Must have a region specified in the provider configuration.
!> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackitpostgresflexuser instead. For more details, check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html
!> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackit_postgresflex_user instead. For more details, check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html
---
# stackit_postgresql_credential (Resource)

2
docs/resources/postgresql_instance.md
View file

@ -4,7 +4,7 @@ page_title: "stackit_postgresql_instance Resource - stackit"
subcategory: ""
description: |-
PostgreSQL instance resource schema. Must have a region specified in the provider configuration.
!> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackitpostgresflexinstance instead. Check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html on how to backup and restore an instance from PostgreSQL to PostgreSQL Flex, then import the resource to Terraform using an "import" block (https://developer.hashicorp.com/terraform/language/import)
!> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackit_postgresflex_instance instead. Check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html on how to backup and restore an instance from PostgreSQL to PostgreSQL Flex, then import the resource to Terraform using an "import" block (https://developer.hashicorp.com/terraform/language/import)
---
# stackit_postgresql_instance (Resource)

4
go.mod
View file

@ -46,7 +46,7 @@ require (
github.com/fatih/color v1.16.0 // indirect
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/hashicorp/errwrap v1.0.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-checkpoint v0.5.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
@ -73,7 +73,7 @@ require (
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/oklog/run v1.1.0 // indirect
github.com/rogpeppe/go-internal v1.11.0 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
github.com/stackitcloud/stackit-sdk-go/services/authorization v0.3.0
github.com/stretchr/testify v1.8.4 // indirect
github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect

7
go.sum
View file

@ -49,8 +49,9 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
@ -140,8 +141,8 @@ github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsK
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=

35
templates/index.md.tmpl
View file

@ -33,20 +33,23 @@ When setting up authentication, the provider will always try to use the key flow
### Key flow
To use the key flow, you need to have a service account key and an RSA key-pair.
To configure it, follow this steps:
The following instructions assume that you have created a service account and assigned the necessary permissions to it, e.g. `project.owner`.
The following instructions assume that you have created a service account and assigned it the necessary permissions, e.g. project.owner.
To use the key flow, you need to have a service account key, which must have an RSA key-pair attached to it.
1. In the Portal, go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key.
When creating the service account key, a new pair can be created automatically, which will be included in the service account key. This will make it much easier to configure the key flow authentication in the [STACKIT Terraform Provider](https://github.com/stackitcloud/terraform-provider-stackit), by just providing the service account key.
- You can create your own RSA key-pair or have the Portal generate one for you.
**Optionally**, you can provide your own private key when creating the service account key, which will then require you to also provide it explicitly to the [STACKIT Terraform Provider](https://github.com/stackitcloud/terraform-provider-stackit), additionally to the service account key. Check the STACKIT Knowledge Base for an [example of how to create your own key-pair](https://docs.stackit.cloud/stackit/en/usage-of-the-service-account-keys-in-stackit-175112464.html#UsageoftheserviceaccountkeysinSTACKIT-CreatinganRSAkey-pair).
2. Save the content of the service account key and the corresponding private key by copying them or saving them in a file.
To configure the key flow, follow this steps:
**Hint:** If you have generated the RSA key-pair using the Portal, you can save the private key in a PEM encoded file by downloading the service account key as a PEM file and using `openssl storeutl -keys <path/to/sa_key_pem_file> > private.key` to extract the private key from the service account key.
1. Create a service account key:
The expected format of the service account key is a **json** with the following structure:
- Use the [STACKIT Portal](https://portal.stackit.cloud/): go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key. For more details, see [Create a service account key](https://docs.stackit.cloud/stackit/en/create-a-service-account-key-175112456.html)
2. Save the content of the service account key by copying it and saving it in a JSON file.
The expected format of the service account key is a **JSON** with the following structure:
```json
{
@ -68,10 +71,18 @@ The expected format of the service account key is a **json** with the following
}
```
3. Configure the service account key and private key for authentication in the provider by following one of the alternatives below:
- setting the fiels in the provider block: `service_account_key` or `service_account_key_path`, `private_key` or `private_key_path`
- setting environment variables: `STACKIT_SERVICE_ACCOUNT_KEY_PATH` and `STACKIT_PRIVATE_KEY_PATH`
- setting `STACKIT_SERVICE_ACCOUNT_KEY_PATH` and `STACKIT_PRIVATE_KEY_PATH` in the credentials file (see above)
3. Configure the service account key for authentication in the provider by following one of the alternatives below:
- setting the fields in the provider block: `service_account_key` or `service_account_key_path`
- setting the environment variable: `STACKIT_SERVICE_ACCOUNT_KEY_PATH`
- setting `STACKIT_SERVICE_ACCOUNT_KEY_PATH` in the credentials file (see above)
> **Optionally, only if you have provided your own RSA key-pair when creating the service account key**, you also need to configure your private key (takes precedence over the one included in the service account key, if present). **The private key must be PEM encoded** and can be provided using one of the options below:
>
> - setting the field in the provider block: `private_key` or `private_key_path`
> - setting the environment variable: `STACKIT_PRIVATE_KEY_PATH`
> - setting `STACKIT_PRIVATE_KEY_PATH` in the credentials file (see above)
### Token flow