From 0ccd13e585937ee0aaa9ae8e04f55003e11b8329 Mon Sep 17 00:00:00 2001 From: Randall Morey Date: Wed, 16 Sep 2020 16:34:26 -0400 Subject: [PATCH] Docs fix example (#38) * docs: fix complex example syntax and login_name argument * docs: fix missing arguments and argument names * docs: fix type capitalization --- README.md | 139 +++++++++++++++++++------------ website/docs/index.html.markdown | 52 +++++++----- 2 files changed, 116 insertions(+), 75 deletions(-) diff --git a/README.md b/README.md index bcc6ba19..28a25915 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -Terraform Provider Boundary +Terraform Provider Boundary ================== Requirements @@ -12,7 +12,7 @@ Building The Provider 1. Clone the repository 1. Enter the repository directory -1. Build the provider using the Go `install` command: +1. Build the provider using the Go `install` command: ```sh $ go install ``` @@ -39,14 +39,14 @@ Please see our detailed docs for individual resource usage. Below is a complex e ```hcl provider "boundary" { - addr = "http://127.0.0.1:9200" - auth_method_id = "ampw_1234567890" - password_auth_method_username = "admin" - password_auth_method_password = "passpass" + addr = "http://127.0.0.1:9200" + auth_method_id = "ampw_1234567890" # changeme + password_auth_method_login_name = "myuser" # changeme + password_auth_method_password = "passpass" # changeme } variable "backend_team" { - type = set(string) + type = set(string) default = [ "Jim Lambert", "Mike Gaffney", @@ -55,15 +55,15 @@ variable "backend_team" { } variable "frontend_team" { - type = set(string) + type = set(string) default = [ - "Randy Morey", + "Randall Morey", "Susmitha Girumala", ] } variable "leadership_team" { - type = set(string) + type = set(string) default = [ "Jeff Mitchell", "Pete Pacent", @@ -72,8 +72,8 @@ variable "leadership_team" { ] } -variable "frontend_server_ips" { - type = set(string) +variable "web_server_ips" { + type = set(string) default = [ "10.0.0.1", "10.0.0.2", @@ -81,34 +81,50 @@ variable "frontend_server_ips" { } variable "backend_server_ips" { - type = set(string) + type = set(string) default = [ "10.1.0.1", "10.1.0.2", ] } -resource "boundary_organization" "corp" {} +variable "frontend_server_ips" { + type = set(string) + default = [ + "10.2.0.1", + "10.2.0.2", + ] +} + +resource "boundary_scope" "global" { + global_scope = true + scope_id = "global" +} + +resource "boundary_scope" "corp" { + scope_id = boundary_scope.global.id + auto_create_role = true +} resource "boundary_user" "backend" { for_each = var.backend_team name = each.key description = "Backend user: ${each.key}" - scope_id = boundary_organization.corp.id + scope_id = boundary_scope.corp.id } resource "boundary_user" "frontend" { for_each = var.frontend_team name = each.key description = "Frontend user: ${each.key}" - scope_id = boundary_organization.corp.id + scope_id = boundary_scope.corp.id } resource "boundary_user" "leadership" { for_each = var.leadership_team name = each.key description = "WARNING: Managers should be read-only" - scope_id = boundary_organization.corp.id + scope_id = boundary_scope.corp.id } // organiation level group for the leadership team @@ -116,101 +132,110 @@ resource "boundary_group" "leadership" { name = "leadership_team" description = "Organization group for leadership team" member_ids = [for user in boundary_user.leadership : user.id] - scope_id = boundary_organization.corp.id + scope_id = boundary_scope.corp.id } // add org-level role for readonly access resource "boundary_role" "organization_readonly" { name = "readonly" description = "Read-only role" - principals = [boundary_group.leadership.id] - grants = ["id=*;actions=read"] - scope_id = boundary_organization.corp.id + principal_ids = [boundary_group.leadership.id] + grant_strings = ["id=*;actions=read"] + scope_id = boundary_scope.corp.id } // add org-level role for administration access resource "boundary_role" "organization_admin" { name = "admin" description = "Administrator role" - principals = concat( + principal_ids = concat( [for user in boundary_user.backend : user.id], [for user in boundary_user.frontend : user.id] ) - grants = ["id=*;actions=create,read,update,delete"] - scope_id = boundary_organization.corp.id + grant_strings = ["id=*;actions=create,read,update,delete"] + scope_id = boundary_scope.corp.id } // create a project for core infrastructure -resource "boundary_project" "core_infra" { - description = "Core infrastrcture" - scope_id = boundary_organization.corp.id +resource "boundary_scope" "core_infra" { + description = "Core infrastrcture" + scope_id = boundary_scope.corp.id + auto_create_role = true } resource "boundary_group" "backend_core_infra" { name = "backend" description = "Backend team group" member_ids = [for user in boundary_user.backend : user.id] - scope_id = boundary_project.core_infra.id + scope_id = boundary_scope.core_infra.id } resource "boundary_group" "frontend_core_infra" { name = "frontend" description = "Frontend team group" member_ids = [for user in boundary_user.frontend : user.id] - scope_id = boundary_project.core_infra.id + scope_id = boundary_scope.core_infra.id } resource "boundary_host" "backend_servers_service" { for_each = var.backend_server_ips + type = "static" name = "backend_server_service_${each.value}" description = "Backend server host for service port" address = "${each.key}:9200" - scope_id = boundary_project.core_infra.id host_catalog_id = boundary_host_catalog.backend_servers.id } resource "boundary_host" "backend_servers_ssh" { for_each = var.backend_server_ips + type = "static" name = "backend_server_ssh_${each.value}" description = "Backend server host for SSH port" address = "${each.key}:22" - scope_id = boundary_project.core_infra.id host_catalog_id = boundary_host_catalog.backend_servers.id } resource "boundary_host" "frontend_servers_console" { for_each = var.frontend_server_ips + type = "static" name = "frontend_server_console_${each.value}" description = "Frontend server host for console port" address = "${each.key}:443" - scope_id = boundary_project.core_infra.id - host_catalog_id = boundary_host_catalog.web_servers.id + host_catalog_id = boundary_host_catalog.frontend_servers.id } resource "boundary_host" "frontend_servers_ssh" { for_each = var.frontend_server_ips + type = "static" name = "frontend_server_ssh_${each.value}" description = "Frontend server host for SSH port" address = "${each.key}:22" - scope_id = boundary_project.core_infra.id - host_catalog_id = boundary_host_catalog.web_servers.id + host_catalog_id = boundary_host_catalog.frontend_servers.id } resource "boundary_host_catalog" "web_servers" { name = "web_servers" description = "Web servers for frontend team" - type = "Static" - scope_id = boundary_project.core_infra.id + type = "static" + scope_id = boundary_scope.core_infra.id } resource "boundary_host_catalog" "backend_servers" { name = "backend_servers" description = "Web servers for backend team" - type = "Static" - scope_id = boundary_project.core_infra.id + type = "static" + scope_id = boundary_scope.core_infra.id +} + +resource "boundary_host_catalog" "frontend_servers" { + name = "frontend_servers" + description = "Web servers for backend team" + type = "static" + scope_id = boundary_scope.core_infra.id } resource "boundary_host_set" "backend_servers_service" { + type = "static" name = "backend_servers_service" description = "Host set for services servers" host_catalog_id = boundary_host_catalog.backend_servers.id @@ -218,6 +243,7 @@ resource "boundary_host_set" "backend_servers_service" { } resource "boundary_host_set" "backend_servers_ssh" { + type = "static" name = "backend_servers_ssh" description = "Host set for backend servers SSH access" host_catalog_id = boundary_host_catalog.backend_servers.id @@ -225,23 +251,26 @@ resource "boundary_host_set" "backend_servers_ssh" { } resource "boundary_host_set" "frontend_servers_console" { + type = "static" name = "frontend_servers_console" description = "Host set for frontend servers console access" - host_catalog_id = boundary_host_catalog.web_servers.id + host_catalog_id = boundary_host_catalog.frontend_servers.id host_ids = [for host in boundary_host.frontend_servers_console : host.id] } resource "boundary_host_set" "frontend_servers_ssh" { + type = "static" name = "frontend_servers_ssh" description = "Host set for frontend servers SSH access" - host_catalog_id = boundary_host_catalog.web_servers.id + host_catalog_id = boundary_host_catalog.frontend_servers.id host_ids = [for host in boundary_host.frontend_servers_ssh : host.id] } resource "boundary_target" "frontend_servers_console" { + type = "tcp" name = "frontend_servers_console" description = "Frontend console target" - scope_id = boundary_project.core_infra.id + scope_id = boundary_scope.core_infra.id host_set_ids = [ boundary_host_set.frontend_servers_console.id @@ -249,9 +278,10 @@ resource "boundary_target" "frontend_servers_console" { } resource "boundary_target" "frontend_servers_ssh" { + type = "tcp" name = "frontend_servers_ssh" description = "Frontend SSH target" - scope_id = boundary_project.core_infra.id + scope_id = boundary_scope.core_infra.id host_set_ids = [ boundary_host_set.frontend_servers_ssh.id @@ -259,40 +289,43 @@ resource "boundary_target" "frontend_servers_ssh" { } resource "boundary_target" "backend_servers_service" { + type = "tcp" name = "backend_servers_service" description = "Backend service target" - scope_id = boundary_project.core_infra.id + scope_id = boundary_scope.core_infra.id host_set_ids = [ - boundary_host_set.backend_servers_service.id, + boundary_host_set.backend_servers_service.id ] } resource "boundary_target" "backend_servers_ssh" { + type = "tcp" name = "backend_servers_ssh" description = "Backend SSH target" - scope_id = boundary_project.core_infra.id + scope_id = boundary_scope.core_infra.id host_set_ids = [ - boundary_host_set.backend_servers_ssh.id, + boundary_host_set.backend_servers_ssh.id ] } // only allow the backend team access to the backend web servers host catalog resource "boundary_role" "admin_backend_core_infra" { description = "Administrator role for backend core infrastructure" - principals = [boundary_group.backend_core_infra.id] - grants = ["id=${boundary_host_catalog.backend_servers.id};actions=create,read,update,delete"] - scope_id = boundary_project.core_infra.id + principal_ids = [boundary_group.backend_core_infra.id] + grant_strings = ["id=${boundary_host_catalog.backend_servers.id};actions=create,read,update,delete"] + scope_id = boundary_scope.core_infra.id } // only allow the frontend team access to the frontend web servers host catalog resource "boundary_role" "admin_frontend_core_infra" { description = "Administrator role for frontend core infrastructure" - principals = [boundary_group.frontend_core_infra.id] - grants = ["id=${boundary_host_catalog.web_servers.id};actions=create,read,update,delete"] - scope_id = boundary_project.core_infra.id + principal_ids = [boundary_group.frontend_core_infra.id] + grant_strings = ["id=${boundary_host_catalog.web_servers.id};actions=create,read,update,delete"] + scope_id = boundary_scope.core_infra.id } + ``` Developing the Provider diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index 5b92f8ab..420fa411 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -18,8 +18,8 @@ Do not keep your authentication password in HCL for production environments, use provider "boundary" { addr = "http://127.0.0.1:9200" auth_method_id = "ampw_1234567890" # changeme - password_auth_method_username = "myuser" # changeme - password_auth_method_password = "$uper$ecure9ass^^ord" # changeme + password_auth_method_login_name = "myuser" # changeme + password_auth_method_password = "passpass" # changeme } ``` @@ -27,10 +27,10 @@ provider "boundary" { ```hcl provider "boundary" { - addr = "http://127.0.0.1:9200" - auth_method_id = "ampw_1234567890" # changeme - password_auth_method_username = "myuser" # changeme - password_auth_method_password = "$uper$ecure9ass^^ord" # changeme + addr = "http://127.0.0.1:9200" + auth_method_id = "ampw_1234567890" # changeme + password_auth_method_login_name = "myuser" # changeme + password_auth_method_password = "passpass" # changeme } variable "backend_team" { @@ -89,7 +89,7 @@ resource "boundary_scope" "global" { scope_id = "global" } -resource "boundary_scope "corp" { +resource "boundary_scope" "corp" { scope_id = boundary_scope.global.id auto_create_role = true } @@ -127,8 +127,8 @@ resource "boundary_group" "leadership" { resource "boundary_role" "organization_readonly" { name = "readonly" description = "Read-only role" - principals = [boundary_group.leadership.id] - grants = ["id=*;actions=read"] + principal_ids = [boundary_group.leadership.id] + grant_strings = ["id=*;actions=read"] scope_id = boundary_scope.corp.id } @@ -136,11 +136,11 @@ resource "boundary_role" "organization_readonly" { resource "boundary_role" "organization_admin" { name = "admin" description = "Administrator role" - principals = concat( + principal_ids = concat( [for user in boundary_user.backend : user.id], [for user in boundary_user.frontend : user.id] ) - grants = ["id=*;actions=create,read,update,delete"] + grant_strings = ["id=*;actions=create,read,update,delete"] scope_id = boundary_scope.corp.id } @@ -167,62 +167,63 @@ resource "boundary_group" "frontend_core_infra" { resource "boundary_host" "backend_servers_service" { for_each = var.backend_server_ips + type = "static" name = "backend_server_service_${each.value}" description = "Backend server host for service port" address = "${each.key}:9200" - scope_id = boundary_scope.core_infra.id host_catalog_id = boundary_host_catalog.backend_servers.id } resource "boundary_host" "backend_servers_ssh" { for_each = var.backend_server_ips + type = "static" name = "backend_server_ssh_${each.value}" description = "Backend server host for SSH port" address = "${each.key}:22" - scope_id = boundary_scope.core_infra.id host_catalog_id = boundary_host_catalog.backend_servers.id } resource "boundary_host" "frontend_servers_console" { for_each = var.frontend_server_ips + type = "static" name = "frontend_server_console_${each.value}" description = "Frontend server host for console port" address = "${each.key}:443" - scope_id = boundary_scope.core_infra.id host_catalog_id = boundary_host_catalog.frontend_servers.id } resource "boundary_host" "frontend_servers_ssh" { for_each = var.frontend_server_ips + type = "static" name = "frontend_server_ssh_${each.value}" description = "Frontend server host for SSH port" address = "${each.key}:22" - scope_id = boundary_scope.core_infra.id host_catalog_id = boundary_host_catalog.frontend_servers.id } resource "boundary_host_catalog" "web_servers" { name = "web_servers" description = "Web servers for frontend team" - type = "Static" + type = "static" scope_id = boundary_scope.core_infra.id } resource "boundary_host_catalog" "backend_servers" { name = "backend_servers" description = "Web servers for backend team" - type = "Static" + type = "static" scope_id = boundary_scope.core_infra.id } resource "boundary_host_catalog" "frontend_servers" { name = "frontend_servers" description = "Web servers for backend team" - type = "Static" + type = "static" scope_id = boundary_scope.core_infra.id } resource "boundary_host_set" "backend_servers_service" { + type = "static" name = "backend_servers_service" description = "Host set for services servers" host_catalog_id = boundary_host_catalog.backend_servers.id @@ -230,6 +231,7 @@ resource "boundary_host_set" "backend_servers_service" { } resource "boundary_host_set" "backend_servers_ssh" { + type = "static" name = "backend_servers_ssh" description = "Host set for backend servers SSH access" host_catalog_id = boundary_host_catalog.backend_servers.id @@ -237,6 +239,7 @@ resource "boundary_host_set" "backend_servers_ssh" { } resource "boundary_host_set" "frontend_servers_console" { + type = "static" name = "frontend_servers_console" description = "Host set for frontend servers console access" host_catalog_id = boundary_host_catalog.frontend_servers.id @@ -244,6 +247,7 @@ resource "boundary_host_set" "frontend_servers_console" { } resource "boundary_host_set" "frontend_servers_ssh" { + type = "static" name = "frontend_servers_ssh" description = "Host set for frontend servers SSH access" host_catalog_id = boundary_host_catalog.frontend_servers.id @@ -251,6 +255,7 @@ resource "boundary_host_set" "frontend_servers_ssh" { } resource "boundary_target" "frontend_servers_console" { + type = "tcp" name = "frontend_servers_console" description = "Frontend console target" scope_id = boundary_scope.core_infra.id @@ -261,6 +266,7 @@ resource "boundary_target" "frontend_servers_console" { } resource "boundary_target" "frontend_servers_ssh" { + type = "tcp" name = "frontend_servers_ssh" description = "Frontend SSH target" scope_id = boundary_scope.core_infra.id @@ -271,6 +277,7 @@ resource "boundary_target" "frontend_servers_ssh" { } resource "boundary_target" "backend_servers_service" { + type = "tcp" name = "backend_servers_service" description = "Backend service target" scope_id = boundary_scope.core_infra.id @@ -281,6 +288,7 @@ resource "boundary_target" "backend_servers_service" { } resource "boundary_target" "backend_servers_ssh" { + type = "tcp" name = "backend_servers_ssh" description = "Backend SSH target" scope_id = boundary_scope.core_infra.id @@ -293,16 +301,16 @@ resource "boundary_target" "backend_servers_ssh" { // only allow the backend team access to the backend web servers host catalog resource "boundary_role" "admin_backend_core_infra" { description = "Administrator role for backend core infrastructure" - principals = [boundary_group.backend_core_infra.id] - grants = ["id=${boundary_host_catalog.backend_servers.id};actions=create,read,update,delete"] + principal_ids = [boundary_group.backend_core_infra.id] + grant_strings = ["id=${boundary_host_catalog.backend_servers.id};actions=create,read,update,delete"] scope_id = boundary_scope.core_infra.id } // only allow the frontend team access to the frontend web servers host catalog resource "boundary_role" "admin_frontend_core_infra" { description = "Administrator role for frontend core infrastructure" - principals = [boundary_group.frontend_core_infra.id] - grants = ["id=${boundary_host_catalog.web_servers.id};actions=create,read,update,delete"] + principal_ids = [boundary_group.frontend_core_infra.id] + grant_strings = ["id=${boundary_host_catalog.web_servers.id};actions=create,read,update,delete"] scope_id = boundary_scope.core_infra.id } ```