diff --git a/docs/data-sources/postgresql_credential.md b/docs/data-sources/postgresql_credential.md index e934819e..71f660f2 100644 --- a/docs/data-sources/postgresql_credential.md +++ b/docs/data-sources/postgresql_credential.md @@ -4,7 +4,7 @@ page_title: "stackit_postgresql_credential Data Source - stackit" subcategory: "" description: |- PostgreSQL credential data source schema. Must have a region specified in the provider configuration. - !> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackitpostgresflexuser instead. For more details, check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html + !> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackit_postgresflex_user instead. For more details, check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html --- # stackit_postgresql_credential (Data Source) diff --git a/docs/data-sources/postgresql_instance.md b/docs/data-sources/postgresql_instance.md index 944cc752..9fa27735 100644 --- a/docs/data-sources/postgresql_instance.md +++ b/docs/data-sources/postgresql_instance.md @@ -4,7 +4,7 @@ page_title: "stackit_postgresql_instance Data Source - stackit" subcategory: "" description: |- PostgreSQL instance data source schema. Must have a region specified in the provider configuration. - !> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackitpostgresflexinstance instead. For more details, check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html + !> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackit_postgresflex_instance instead. For more details, check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html --- # stackit_postgresql_instance (Data Source) diff --git a/docs/index.md b/docs/index.md index 15fc7740..19ee5852 100644 --- a/docs/index.md +++ b/docs/index.md @@ -59,20 +59,23 @@ When setting up authentication, the provider will always try to use the key flow ### Key flow -To use the key flow, you need to have a service account key and an RSA key-pair. -To configure it, follow this steps: + The following instructions assume that you have created a service account and assigned the necessary permissions to it, e.g. `project.owner`. - The following instructions assume that you have created a service account and assigned it the necessary permissions, e.g. project.owner. +To use the key flow, you need to have a service account key, which must have an RSA key-pair attached to it. -1. In the Portal, go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key. +When creating the service account key, a new pair can be created automatically, which will be included in the service account key. This will make it much easier to configure the key flow authentication in the [STACKIT Terraform Provider](https://github.com/stackitcloud/terraform-provider-stackit), by just providing the service account key. -- You can create your own RSA key-pair or have the Portal generate one for you. +**Optionally**, you can provide your own private key when creating the service account key, which will then require you to also provide it explicitly to the [STACKIT Terraform Provider](https://github.com/stackitcloud/terraform-provider-stackit), additionally to the service account key. Check the STACKIT Knowledge Base for an [example of how to create your own key-pair](https://docs.stackit.cloud/stackit/en/usage-of-the-service-account-keys-in-stackit-175112464.html#UsageoftheserviceaccountkeysinSTACKIT-CreatinganRSAkey-pair). -2. Save the content of the service account key and the corresponding private key by copying them or saving them in a file. +To configure the key flow, follow this steps: - **Hint:** If you have generated the RSA key-pair using the Portal, you can save the private key in a PEM encoded file by downloading the service account key as a PEM file and using `openssl storeutl -keys > private.key` to extract the private key from the service account key. +1. Create a service account key: -The expected format of the service account key is a **json** with the following structure: +- Use the [STACKIT Portal](https://portal.stackit.cloud/): go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key. For more details, see [Create a service account key](https://docs.stackit.cloud/stackit/en/create-a-service-account-key-175112456.html) + +2. Save the content of the service account key by copying it and saving it in a JSON file. + + The expected format of the service account key is a **JSON** with the following structure: ```json { @@ -94,10 +97,18 @@ The expected format of the service account key is a **json** with the following } ``` -3. Configure the service account key and private key for authentication in the provider by following one of the alternatives below: - - setting the fiels in the provider block: `service_account_key` or `service_account_key_path`, `private_key` or `private_key_path` - - setting environment variables: `STACKIT_SERVICE_ACCOUNT_KEY_PATH` and `STACKIT_PRIVATE_KEY_PATH` - - setting `STACKIT_SERVICE_ACCOUNT_KEY_PATH` and `STACKIT_PRIVATE_KEY_PATH` in the credentials file (see above) +3. Configure the service account key for authentication in the provider by following one of the alternatives below: + + - setting the fields in the provider block: `service_account_key` or `service_account_key_path` + - setting the environment variable: `STACKIT_SERVICE_ACCOUNT_KEY_PATH` + - setting `STACKIT_SERVICE_ACCOUNT_KEY_PATH` in the credentials file (see above) + +> **Optionally, only if you have provided your own RSA key-pair when creating the service account key**, you also need to configure your private key (takes precedence over the one included in the service account key, if present). **The private key must be PEM encoded** and can be provided using one of the options below: +> +> - setting the field in the provider block: `private_key` or `private_key_path` +> - setting the environment variable: `STACKIT_PRIVATE_KEY_PATH` +> - setting `STACKIT_PRIVATE_KEY_PATH` in the credentials file (see above) + ### Token flow diff --git a/docs/resources/loadbalancer.md b/docs/resources/loadbalancer.md index 71b1d423..ad84605c 100644 --- a/docs/resources/loadbalancer.md +++ b/docs/resources/loadbalancer.md @@ -8,23 +8,25 @@ description: |- To automate the creation of load balancers, OpenStack can be used to setup the supporting infrastructure. To set up the OpenStack provider, you can create a token through the STACKIT Portal, in your project's Infrastructure API page. There, the OpenStack user domain name, username, and password are generated and can be obtained. The provider can then be configured as follows: - ```terraform + terraform { - required_providers { - (...) - openstack = { - source = "terraform-provider-openstack/openstack" - } - } + required_providers { + (...) + openstack = { + source = "terraform-provider-openstack/openstack" + } + } } + provider "openstack" { - userdomainname = "{OpenStack user domain name}" - username = "{OpenStack username}" - password = "{OpenStack password}" - region = "RegionOne" - authurl = "https://keystone.api.iaas.eu01.stackit.cloud/v3" + user_domain_name = "{OpenStack user domain name}" + user_name = "{OpenStack username}" + password = "{OpenStack password}" + region = "RegionOne" + auth_url = "https://keystone.api.iaas.eu01.stackit.cloud/v3" } - ``` + + Configuring the supporting infrastructure The example below uses OpenStack to create the network, router, a public IP address and a compute instance. --- diff --git a/docs/resources/postgresql_credential.md b/docs/resources/postgresql_credential.md index 38f31539..23faaba3 100644 --- a/docs/resources/postgresql_credential.md +++ b/docs/resources/postgresql_credential.md @@ -4,7 +4,7 @@ page_title: "stackit_postgresql_credential Resource - stackit" subcategory: "" description: |- PostgreSQL credential resource schema. Must have a region specified in the provider configuration. - !> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackitpostgresflexuser instead. For more details, check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html + !> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackit_postgresflex_user instead. For more details, check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html --- # stackit_postgresql_credential (Resource) diff --git a/docs/resources/postgresql_instance.md b/docs/resources/postgresql_instance.md index 5e6120ea..ddf77d98 100644 --- a/docs/resources/postgresql_instance.md +++ b/docs/resources/postgresql_instance.md @@ -4,7 +4,7 @@ page_title: "stackit_postgresql_instance Resource - stackit" subcategory: "" description: |- PostgreSQL instance resource schema. Must have a region specified in the provider configuration. - !> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackitpostgresflexinstance instead. Check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html on how to backup and restore an instance from PostgreSQL to PostgreSQL Flex, then import the resource to Terraform using an "import" block (https://developer.hashicorp.com/terraform/language/import) + !> The STACKIT PostgreSQL service has reached its end of support on June 30th 2024. Resources of this type have stopped working since then. Use stackit_postgresflex_instance instead. Check https://docs.stackit.cloud/stackit/en/bring-your-data-to-stackit-postgresql-flex-138347648.html on how to backup and restore an instance from PostgreSQL to PostgreSQL Flex, then import the resource to Terraform using an "import" block (https://developer.hashicorp.com/terraform/language/import) --- # stackit_postgresql_instance (Resource) diff --git a/go.mod b/go.mod index cc1908da..0c479255 100644 --- a/go.mod +++ b/go.mod @@ -46,7 +46,7 @@ require ( github.com/fatih/color v1.16.0 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/protobuf v1.5.4 // indirect - github.com/hashicorp/errwrap v1.0.0 // indirect + github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-checkpoint v0.5.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect @@ -73,7 +73,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/oklog/run v1.1.0 // indirect - github.com/rogpeppe/go-internal v1.11.0 // indirect + github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/stackitcloud/stackit-sdk-go/services/authorization v0.3.0 github.com/stretchr/testify v1.8.4 // indirect github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect diff --git a/go.sum b/go.sum index 9f1a8796..f9c5e65a 100644 --- a/go.sum +++ b/go.sum @@ -49,8 +49,9 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= @@ -140,8 +141,8 @@ github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsK github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl index 0f047c5c..97fd4735 100644 --- a/templates/index.md.tmpl +++ b/templates/index.md.tmpl @@ -33,20 +33,23 @@ When setting up authentication, the provider will always try to use the key flow ### Key flow -To use the key flow, you need to have a service account key and an RSA key-pair. -To configure it, follow this steps: + The following instructions assume that you have created a service account and assigned the necessary permissions to it, e.g. `project.owner`. - The following instructions assume that you have created a service account and assigned it the necessary permissions, e.g. project.owner. +To use the key flow, you need to have a service account key, which must have an RSA key-pair attached to it. -1. In the Portal, go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key. +When creating the service account key, a new pair can be created automatically, which will be included in the service account key. This will make it much easier to configure the key flow authentication in the [STACKIT Terraform Provider](https://github.com/stackitcloud/terraform-provider-stackit), by just providing the service account key. -- You can create your own RSA key-pair or have the Portal generate one for you. +**Optionally**, you can provide your own private key when creating the service account key, which will then require you to also provide it explicitly to the [STACKIT Terraform Provider](https://github.com/stackitcloud/terraform-provider-stackit), additionally to the service account key. Check the STACKIT Knowledge Base for an [example of how to create your own key-pair](https://docs.stackit.cloud/stackit/en/usage-of-the-service-account-keys-in-stackit-175112464.html#UsageoftheserviceaccountkeysinSTACKIT-CreatinganRSAkey-pair). -2. Save the content of the service account key and the corresponding private key by copying them or saving them in a file. +To configure the key flow, follow this steps: - **Hint:** If you have generated the RSA key-pair using the Portal, you can save the private key in a PEM encoded file by downloading the service account key as a PEM file and using `openssl storeutl -keys > private.key` to extract the private key from the service account key. +1. Create a service account key: -The expected format of the service account key is a **json** with the following structure: +- Use the [STACKIT Portal](https://portal.stackit.cloud/): go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key. For more details, see [Create a service account key](https://docs.stackit.cloud/stackit/en/create-a-service-account-key-175112456.html) + +2. Save the content of the service account key by copying it and saving it in a JSON file. + + The expected format of the service account key is a **JSON** with the following structure: ```json { @@ -68,10 +71,18 @@ The expected format of the service account key is a **json** with the following } ``` -3. Configure the service account key and private key for authentication in the provider by following one of the alternatives below: - - setting the fiels in the provider block: `service_account_key` or `service_account_key_path`, `private_key` or `private_key_path` - - setting environment variables: `STACKIT_SERVICE_ACCOUNT_KEY_PATH` and `STACKIT_PRIVATE_KEY_PATH` - - setting `STACKIT_SERVICE_ACCOUNT_KEY_PATH` and `STACKIT_PRIVATE_KEY_PATH` in the credentials file (see above) +3. Configure the service account key for authentication in the provider by following one of the alternatives below: + + - setting the fields in the provider block: `service_account_key` or `service_account_key_path` + - setting the environment variable: `STACKIT_SERVICE_ACCOUNT_KEY_PATH` + - setting `STACKIT_SERVICE_ACCOUNT_KEY_PATH` in the credentials file (see above) + +> **Optionally, only if you have provided your own RSA key-pair when creating the service account key**, you also need to configure your private key (takes precedence over the one included in the service account key, if present). **The private key must be PEM encoded** and can be provided using one of the options below: +> +> - setting the field in the provider block: `private_key` or `private_key_path` +> - setting the environment variable: `STACKIT_PRIVATE_KEY_PATH` +> - setting `STACKIT_PRIVATE_KEY_PATH` in the credentials file (see above) + ### Token flow