Merge pull request #22 from hashicorp-dev-advocates/oidc

OIDC

Makefile

@@ -1,6 +1,6 @@
 name = waypoint
 organization = hashicorp-dev-advocates
-version = 0.2.2
+version = 0.3.0
 arch = darwin_amd64
 #arch = linux_amd64
 
@@ -12,6 +12,8 @@ install: build
 	mv bin/terraform-provider-$(name)_v$(version) ~/.terraform.d/plugins/local/$(organization)/$(name)/$(version)/$(arch)/
 test:
 	go test ./internal/provider -v
+docs:
+	go run github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs
 multi_build:
 	@echo ""
 	@echo "Compile Provider"

docs/data-sources/project.md

@@ -12,13 +12,12 @@ A data source to read project configuration
 
 ## Example Usage
 
-```hcl
+```terraform
 data "waypoint_project" "example" {
   project_name = "example"
 }
 ```
 
-
 <!-- schema generated by tfplugindocs -->
 ## Schema
 

docs/data-sources/runner_profile.md

@@ -12,8 +12,8 @@ A data source to read waypoint runner profiles
 
 ## Example Usage
 
-```hcl
-data "waypoint_runner_profile" "example" {
+```terraform
+data "waypoint_runner_profile" "test" {
   id = "01G5K3Z29H87VRVYSJVBGQF7AM"
 }
 ```
@@ -23,7 +23,7 @@ data "waypoint_runner_profile" "example" {
 
 ### Required
 
-- `id` (String) ID of runner profile.
+- `id` (String) Computed ID of runner profile.
 
 ### Read-Only
 

docs/index.md

@@ -33,5 +33,5 @@ provider "waypoint" {
 
 ### Optional
 
-- `token` (String) Waypoint token to authenticate to Waypoint server. This can be omitted if the `WAYPOINT_TOKEN` environment variable is set
+- `token` (String) Waypoint token to authenticate to Waypoint server
 - `waypoint_addr` (String) Waypoint server address

docs/resources/auth_method_oidc.md

@@ -0,0 +1,71 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "waypoint_auth_method_oidc Resource - terraform-provider-waypoint"
+subcategory: ""
+description: |-
+  Auth method OIDC resource manages OIDC auth methods in Waypoint.
+---
+
+# waypoint_auth_method_oidc (Resource)
+
+Auth method OIDC resource manages OIDC auth methods in Waypoint.
+
+## Example Usage
+
+```terraform
+resource "waypoint_auth_method_oidc" "okta" {
+  name          = "my-oidc"
+  display_name = "My OIDC Provider"
+  client_id     = "..."
+  client_secret = "..."
+  discovery_url = "https://my-oidc.provider/oauth2/default"
+  allowed_redirect_urls = [
+    "https://localhost:9702/auth/oidc-callback",
+  ]
+
+    auds = [
+      "..."
+    ]
+
+  list_claim_mappings = {
+    groups = "groups"
+  }
+
+  signing_algs = [
+    "rsa512"
+  ]
+
+  discovery_ca_pem = [
+    "cert1.crt"
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `allowed_redirect_urls` (List of String) Allowed URI for auth redirection.
+- `client_id` (String) Client ID of OIDC provider
+- `discovery_url` (String) Discovery URL for OIDC provider
+- `name` (String) name of OIDC auth method
+
+### Optional
+
+- `accessor_selector` (String)
+- `auds` (List of String) The optional audience claims required
+- `claim_mappings` (Map of String) Mapping of a claim to a variable value for the access selector
+- `client_secret` (String, Sensitive) client secret for OIDC provider
+- `description` (String) Description of auth method
+- `discovery_ca_pem` (List of String) Optional CA certificate chain to validate the discovery URL. Multiple CA certificates can be specified to support easier rotation
+- `display_name` (String) Friendly display name of OIDC auth method
+- `list_claim_mappings` (Map of String) Same as claim-mapping but for list values
+- `scopes` (List of String) The optional claims scope requested.
+- `signing_algs` (List of String) The signing algorithms supported by the OIDC connect server. If this isn't specified, this will default to RS256 since that should be supported according to the RFC. The string values here should be valid OIDC signing algorithms
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

docs/resources/project.md

@@ -12,7 +12,7 @@ Project resource in the Waypoint Terraform provider.
 
 ## Example Usage
 
-```hcl
+```terraform
 resource "waypoint_project" "example" {
 
   project_name           = "example"
@@ -34,40 +34,8 @@ resource "waypoint_project" "example" {
     conference = "HashiConf EU 2022"
   }
 }
-```
-
-Git auth basic example
-```hcl
-resource "waypoint_project" "example" {
-
-  project_name           = "example"
-  remote_runners_enabled = true
-  
-	data_source_git {
-    git_url  = "https://github.com/hashicorp/waypoint-examples"
-    git_path = "docker/go"
-    git_ref  = "HEAD"
-    file_change_signal = "some-signal"
-    git_poll_interval_seconds = 90
-  }
-
-  project_variables = {
-    name = "rob"
-    job  = "dev-advocate"
-    conference = "HashiConf EU 2022"
-  }
-
-  app_status_poll_seconds = 12
-
-  git_auth_basic {
-  	username = "test" 
-    password = "test" 
-  }
-}
-```
 
-Git auth SSH example
-```hcl
+##Git auth ssh example
 resource "waypoint_project" "example" {
 
   project_name           = "example"

docs/resources/runner_profile.md

@@ -12,24 +12,8 @@ Runner profile resource to configure Waypoint runners.
 
 ## Example Usage
 
-Target ID example
-```hcl
-resource "waypoint_runner_profile" "example" {
-  profile_name     = "example"
-  oci_url          = "hashicorp/waypoint-odr:latest"
-  plugin_type      = "docker"
-  default          = true
-  target_runner_id = "01G5GNJEYC7RVJNXFGMHD0HCDT"
-
-  environment_variables = {
-    VAULT_ADDR           = "https://localhost:8200"
-    VAULT_CLIENT_TIMEOUT = "30s"
-  }
-}
-```
-
-Target labels example
-```hcl
+```terraform
+## Example with runner labels
 resource "waypoint_runner_profile" "target_id" {
   profile_name = "example"
   oci_url      = "hashicorp/waypoint-odr:latest"
@@ -44,6 +28,20 @@ resource "waypoint_runner_profile" "target_id" {
     VAULT_CLIENT_TIMEOUT = "30s"
   }
 }
+
+## Example with runner id
+resource "waypoint_runner_profile" "example" {
+  profile_name     = "example"
+  oci_url          = "hashicorp/waypoint-odr:latest"
+  plugin_type      = "docker"
+  default          = true
+  target_runner_id = "01G5GNJEYC7RVJNXFGMHD0HCDT"
+
+  environment_variables = {
+    VAULT_ADDR           = "https://localhost:8200"
+    VAULT_CLIENT_TIMEOUT = "30s"
+  }
+}
 ```
 
 <!-- schema generated by tfplugindocs -->

examples/resources/waypoint_auth_method_oidc/resource.tf

@@ -0,0 +1,26 @@
+resource "waypoint_auth_method_oidc" "okta" {
+  name          = "my-oidc"
+  display_name = "My OIDC Provider"
+  client_id     = "..."
+  client_secret = "..."
+  discovery_url = "https://my-oidc.provider/oauth2/default"
+  allowed_redirect_urls = [
+    "https://localhost:9702/auth/oidc-callback",
+  ]
+
+    auds = [
+      "..."
+    ]
+
+  list_claim_mappings = {
+    groups = "groups"
+  }
+
+  signing_algs = [
+    "rsa512"
+  ]
+
+  discovery_ca_pem = [
+    "cert1.crt"
+  ]
+}

examples/resources/waypoint_project/resource.tf

@@ -0,0 +1,67 @@
+resource "waypoint_project" "example" {
+
+  project_name           = "example"
+  remote_runners_enabled = false
+
+  data_source_git {
+    git_url                   = "https://github.com/hashicorp/waypoint-examples"
+    git_path                  = "docker/go"
+    git_ref                   = "HEAD"
+    file_change_signal        = "some-signal"
+    git_poll_interval_seconds = 15
+  }
+
+  app_status_poll_seconds = 12
+
+  project_variables = {
+    name       = "devopsrob"
+    job        = "dev-advocate"
+    conference = "HashiConf EU 2022"
+  }
+}
+
+##Git auth ssh example
+resource "waypoint_project" "example" {
+
+  project_name           = "example"
+  remote_runners_enabled = true
+
+  data_source_git {
+    git_url                   = "https://github.com/hashicorp/waypoint-examples"
+    git_path                  = "docker/go"
+    git_ref                   = "HEAD"
+    file_change_signal        = "some-signal"
+    git_poll_interval_seconds = 15
+  }
+
+  app_status_poll_seconds = 12
+
+  project_variables = {
+    name       = "devopsrob"
+    job        = "dev-advocate"
+    conference = "HashiConf EU 2022"
+  }
+
+
+  git_auth_ssh {
+    git_user        = "devops-rob"
+    passphrase      = "test-password"
+    ssh_private_key = <<EOF
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCjcGqTkOq0CR3rTx0ZSQSIdTrDrFAYl29611xN8aVgMQIWtDB/
+lD0W5TpKPuU9iaiG/sSn/VYt6EzN7Sr332jj7cyl2WrrHI6ujRswNy4HojMuqtfa
+b5FFDpRmCuvl35fge18OvoQTJELhhJ1EvJ5KUeZiuJ3u3YyMnxxXzLuKbQIDAQAB
+AoGAPrNDz7TKtaLBvaIuMaMXgBopHyQd3jFKbT/tg2Fu5kYm3PrnmCoQfZYXFKCo
+ZUFIS/G1FBVWWGpD/MQ9tbYZkKpwuH+t2rGndMnLXiTC296/s9uix7gsjnT4Naci
+5N6EN9pVUBwQmGrYUTHFc58ThtelSiPARX7LSU2ibtJSv8ECQQDWBRrrAYmbCUN7
+ra0DFT6SppaDtvvuKtb+mUeKbg0B8U4y4wCIK5GH8EyQSwUWcXnNBO05rlUPbifs
+DLv/u82lAkEAw39sTJ0KmJJyaChqvqAJ8guulKlgucQJ0Et9ppZyet9iVwNKX/aW
+9UlwGBMQdafQ36nd1QMEA8AbAw4D+hw/KQJBANJbHDUGQtk2hrSmZNoV5HXB9Uiq
+7v4N71k5ER8XwgM5yVGs2tX8dMM3RhnBEtQXXs9LW1uJZSOQcv7JGXNnhN0CQBZe
+nzrJAWxh3XtznHtBfsHWelyCYRIAj4rpCHCmaGUM6IjCVKFUawOYKp5mmAyObkUZ
+f8ue87emJLEdynC1CLkCQHduNjP1hemAGWrd6v8BHhE3kKtcK6KHsPvJR5dOfzbd
+HAqVePERhISfN6cwZt5p8B3/JUwSR8el66DF7Jm57BM=
+-----END RSA PRIVATE KEY-----
+EOF
+  }
+}

examples/resources/waypoint_runner_profile/resource.tf

@@ -0,0 +1,29 @@
+## Example with runner labels
+resource "waypoint_runner_profile" "target_id" {
+  profile_name = "example"
+  oci_url      = "hashicorp/waypoint-odr:latest"
+  plugin_type  = "docker"
+  default      = true
+  target_runner_labels = {
+    app = "payments"
+  }
+
+  environment_variables = {
+    VAULT_ADDR           = "https://localhost:8200"
+    VAULT_CLIENT_TIMEOUT = "30s"
+  }
+}
+
+## Example with runner id
+resource "waypoint_runner_profile" "example" {
+  profile_name     = "example"
+  oci_url          = "hashicorp/waypoint-odr:latest"
+  plugin_type      = "docker"
+  default          = true
+  target_runner_id = "01G5GNJEYC7RVJNXFGMHD0HCDT"
+
+  environment_variables = {
+    VAULT_ADDR           = "https://localhost:8200"
+    VAULT_CLIENT_TIMEOUT = "30s"
+  }
+}