chore: update docs
This commit is contained in:
parent
7de63b5b8e
commit
75e003ae9a
1 changed files with 9 additions and 118 deletions
127
docs/index.md
127
docs/index.md
|
|
@ -1,6 +1,13 @@
|
|||
# STACKITPRIVATEPREVIEW Terraform Provider
|
||||
---
|
||||
# generated by https://github.com/hashicorp/terraform-plugin-docs
|
||||
page_title: "stackitprivatepreview Provider"
|
||||
description: |-
|
||||
|
||||
---
|
||||
|
||||
# stackitprivatepreview Provider
|
||||
|
||||
|
||||
The STACKIT Terraform provider is the official Terraform provider to integrate all the resources developed by [STACKIT](https://www.stackit.de/en/).
|
||||
|
||||
## Example Usage
|
||||
|
||||
|
|
@ -34,122 +41,6 @@ provider "stackitprivatepreview" {
|
|||
}
|
||||
```
|
||||
|
||||
## Authentication
|
||||
|
||||
To authenticate, you will need a [service account](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/). Create it in the [STACKIT Portal](https://portal.stackit.cloud/) and assign the necessary permissions to it, e.g. `project.owner`. There are multiple ways to authenticate:
|
||||
|
||||
- Key flow (recommended)
|
||||
- Token flow (is scheduled for deprecation and will be removed on December 17, 2025)
|
||||
|
||||
When setting up authentication, the provider will always try to use the key flow first and search for credentials in several locations, following a specific order:
|
||||
|
||||
1. Explicit configuration, e.g. by setting the field `service_account_key_path` in the provider block (see example below)
|
||||
2. Environment variable, e.g. by setting `STACKIT_SERVICE_ACCOUNT_KEY_PATH`
|
||||
3. Credentials file
|
||||
|
||||
The provider will check the credentials file located in the path defined by the `STACKIT_CREDENTIALS_PATH` env var, if specified,
|
||||
or in `$HOME/.stackit/credentials.json` as a fallback.
|
||||
The credentials should be set using the same name as the environment variables. Example:
|
||||
|
||||
```json
|
||||
{
|
||||
"STACKIT_SERVICE_ACCOUNT_TOKEN": "foo_token",
|
||||
"STACKIT_SERVICE_ACCOUNT_KEY_PATH": "path/to/sa_key.json",
|
||||
"STACKIT_PRIVATE_KEY_PATH": "path/to/private_key.pem"
|
||||
}
|
||||
```
|
||||
|
||||
### Key flow
|
||||
|
||||
The following instructions assume that you have created a service account and assigned the necessary permissions to it, e.g. `project.owner`.
|
||||
|
||||
To use the key flow, you need to have a service account key, which must have an RSA key-pair attached to it.
|
||||
|
||||
When creating the service account key, a new pair can be created automatically, which will be included in the service account key. This will make it much easier to configure the key flow authentication in the [STACKIT Terraform Provider](https://github.com/stackitcloud/terraform-provider-stackit), by just providing the service account key.
|
||||
|
||||
**Optionally**, you can provide your own private key when creating the service account key, which will then require you to also provide it explicitly to the [STACKIT Terraform Provider](https://github.com/stackitcloud/terraform-provider-stackit), additionally to the service account key. Check the STACKIT Docs for an [example of how to create your own key-pair](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/how-tos/manage-service-account-keys/).
|
||||
|
||||
To configure the key flow, follow this steps:
|
||||
|
||||
1. Create a service account key:
|
||||
|
||||
- Use the [STACKIT Portal](https://portal.stackit.cloud/): go to the `Service Accounts` tab, choose a `Service Account` and go to `Service Account Keys` to create a key. For more details, see [Create a service account key](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/how-tos/manage-service-account-keys/)
|
||||
|
||||
2. Save the content of the service account key by copying it and saving it in a JSON file.
|
||||
|
||||
The expected format of the service account key is a **JSON** with the following structure:
|
||||
|
||||
```json
|
||||
{
|
||||
"id": "uuid",
|
||||
"publicKey": "public key",
|
||||
"createdAt": "2023-08-24T14:15:22Z",
|
||||
"validUntil": "2023-08-24T14:15:22Z",
|
||||
"keyType": "USER_MANAGED",
|
||||
"keyOrigin": "USER_PROVIDED",
|
||||
"keyAlgorithm": "RSA_2048",
|
||||
"active": true,
|
||||
"credentials": {
|
||||
"kid": "string",
|
||||
"iss": "my-sa@sa.stackit.cloud",
|
||||
"sub": "uuid",
|
||||
"aud": "string",
|
||||
(optional) "privateKey": "private key when generated by the SA service"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
3. Configure the service account key for authentication in the provider by following one of the alternatives below:
|
||||
|
||||
- setting the fields in the provider block: `service_account_key` or `service_account_key_path`
|
||||
- setting the environment variable: `STACKIT_SERVICE_ACCOUNT_KEY_PATH`
|
||||
- setting `STACKIT_SERVICE_ACCOUNT_KEY_PATH` in the credentials file (see above)
|
||||
|
||||
> **Optionally, only if you have provided your own RSA key-pair when creating the service account key**, you also need to configure your private key (takes precedence over the one included in the service account key, if present). **The private key must be PEM encoded** and can be provided using one of the options below:
|
||||
>
|
||||
> - setting the field in the provider block: `private_key` or `private_key_path`
|
||||
> - setting the environment variable: `STACKIT_PRIVATE_KEY_PATH`
|
||||
> - setting `STACKIT_PRIVATE_KEY_PATH` in the credentials file (see above)
|
||||
|
||||
|
||||
### Token flow
|
||||
|
||||
> Is scheduled for deprecation and will be removed on December 17, 2025.
|
||||
|
||||
Using this flow is less secure since the token is long-lived. You can provide the token in several ways:
|
||||
|
||||
1. Setting the field `service_account_token` in the provider
|
||||
2. Setting the environment variable `STACKIT_SERVICE_ACCOUNT_TOKEN`
|
||||
3. Setting it in the credentials file (see above)
|
||||
|
||||
# Backend configuration
|
||||
|
||||
To keep track of your terraform state, you can configure an [S3 backend](https://developer.hashicorp.com/terraform/language/settings/backends/s3) using [STACKIT Object Storage](https://docs.stackit.cloud/products/storage/object-storage).
|
||||
|
||||
To do so, you need an Object Storage [S3 bucket](https://docs.stackit.cloud/products/storage/object-storage/basics/concepts/#buckets) and [credentials](https://docs.stackit.cloud/products/storage/object-storage/basics/concepts/#credentials) to access it. If you need to create them, check [Create and delete Object Storage buckets](https://docs.stackit.cloud/products/storage/object-storage/how-tos/create-and-manage-object-storage-buckets/) and [Create and delete Object Storage credentials](https://docs.stackit.cloud/products/storage/object-storage/how-tos/create-and-delete-object-storage-credentials/).
|
||||
|
||||
Once you have everything setup, you can configure the backend by adding the following block to your terraform configuration:
|
||||
|
||||
```
|
||||
terraform {
|
||||
backend "s3" {
|
||||
bucket = "BUCKET_NAME"
|
||||
key = "path/to/key"
|
||||
endpoints = {
|
||||
s3 = "https://object.storage.eu01.onstackit.cloud"
|
||||
}
|
||||
region = "eu01"
|
||||
skip_credentials_validation = true
|
||||
skip_region_validation = true
|
||||
skip_s3_checksum = true
|
||||
skip_requesting_account_id = true
|
||||
secret_key = "SECRET_KEY"
|
||||
access_key = "ACCESS_KEY"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Note: AWS specific checks must be skipped as they do not work on STACKIT. For details on what those validations do, see [here](https://developer.hashicorp.com/terraform/language/settings/backends/s3#configuration).
|
||||
<!-- schema generated by tfplugindocs -->
|
||||
## Schema
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue