diff --git a/0.x/_gen/provider_hcp.libsonnet b/0.x/_gen/provider_hcp.libsonnet index 5785d67..9d7a5a2 100644 --- a/0.x/_gen/provider_hcp.libsonnet +++ b/0.x/_gen/provider_hcp.libsonnet @@ -2,12 +2,13 @@ local tf = (import 'github.com/tf-libsonnet/core/main.libsonnet'); local d = (import 'github.com/jsonnet-libs/docsonnet/doc-util/main.libsonnet'); { '#':: d.pkg(name='provider', url='', help='`provider` represents the `hcp` Terraform provider config.\n\n\n\nThis package contains functions and utilities for setting up the provider using Jsonnet code.\n'), - '#new':: d.fn(help='\n`hcp.provider.new` injects a new `hcp` Terraform `provider`\nblock into the root module document.\n\nOptionally, this inserts the provider into the\n[required_providers](https://developer.hashicorp.com/terraform/language/providers/requirements) `terraform` sub block if\nthe `src` and/or `version` parameters are set.\n\n**Args**:\n - `client_id` (`string`): The OAuth2 Client ID for API operations. When `null`, the `client_id` field will be omitted from the resulting object.\n - `client_secret` (`string`): The OAuth2 Client Secret for API operations. When `null`, the `client_secret` field will be omitted from the resulting object.\n - `credential_file` (`string`): The path to an HCP credential file to use to authenticate the provider to HCP. You can alternatively set the HCP_CRED_FILE environment variable to point at a credential file as well. Using a credential file allows you to authenticate the provider as a service principal via client credentials or dynamically based on Workload Identity Federation. When `null`, the `credential_file` field will be omitted from the resulting object.\n - `project_id` (`string`): The default project in which resources should be created. When `null`, the `project_id` field will be omitted from the resulting object.\n - `alias` (`string`): The provider `alias` to set for this instance of the provider block. When `null`, the `alias`\n field will be omitted from the resulting provider block.\n - `src` (`string`): The provider `source` to set on the resulting `required_providers` block. If `src` or `version` is\n set and is not `null`, a `required_providers` block and entry for the provider will be injected into the document.\n - `version` (`string`): The provider `version` to set on the resulting `required_providers` block. If `src` or\n `version` is set and is not `null`, a `required_providers` block and entry for the provider will be injected into the\n document.\n\n\n**Returns**:\n- A mixin object that injects the new provider (and optionally, `required_providers` block) into the root Terraform configuration.\n', args=[]), + '#new':: d.fn(help='\n`hcp.provider.new` injects a new `hcp` Terraform `provider`\nblock into the root module document.\n\nOptionally, this inserts the provider into the\n[required_providers](https://developer.hashicorp.com/terraform/language/providers/requirements) `terraform` sub block if\nthe `src` and/or `version` parameters are set.\n\n**Args**:\n - `client_id` (`string`): The OAuth2 Client ID for API operations. When `null`, the `client_id` field will be omitted from the resulting object.\n - `client_secret` (`string`): The OAuth2 Client Secret for API operations. When `null`, the `client_secret` field will be omitted from the resulting object.\n - `credential_file` (`string`): The path to an HCP credential file to use to authenticate the provider to HCP. You can alternatively set the HCP_CRED_FILE environment variable to point at a credential file as well. Using a credential file allows you to authenticate the provider as a service principal via client credentials or dynamically based on Workload Identity Federation. When `null`, the `credential_file` field will be omitted from the resulting object.\n - `project_id` (`string`): The default project in which resources should be created. When `null`, the `project_id` field will be omitted from the resulting object.\n - `workload_identity` (`list[obj]`): Allows authenticating the provider by exchanging the OAuth 2.0 access token or OpenID Connect token specified in the `token_file` for a HCP service principal using Workload Identity Federation. When `null`, the `workload_identity` sub block will be omitted from the resulting object. When setting the sub block, it is recommended to construct the object using the [hcp.provider.workload_identity.new](#fn-hcpworkloadidentitynew) constructor.\n - `alias` (`string`): The provider `alias` to set for this instance of the provider block. When `null`, the `alias`\n field will be omitted from the resulting provider block.\n - `src` (`string`): The provider `source` to set on the resulting `required_providers` block. If `src` or `version` is\n set and is not `null`, a `required_providers` block and entry for the provider will be injected into the document.\n - `version` (`string`): The provider `version` to set on the resulting `required_providers` block. If `src` or\n `version` is set and is not `null`, a `required_providers` block and entry for the provider will be injected into the\n document.\n\n\n**Returns**:\n- A mixin object that injects the new provider (and optionally, `required_providers` block) into the root Terraform configuration.\n', args=[]), new( client_id=null, client_secret=null, credential_file=null, project_id=null, + workload_identity=null, alias=null, src=null, version=null @@ -20,19 +21,32 @@ local d = (import 'github.com/jsonnet-libs/docsonnet/doc-util/main.libsonnet'); client_id=client_id, client_secret=client_secret, credential_file=credential_file, - project_id=project_id + project_id=project_id, + workload_identity=workload_identity ) ), - '#newAttrs':: d.fn(help='\n`hcp.provider.` constructs a new object with attributes and blocks configured for the `hcp`\nTerraform `provider`.\n\nUnlike [hcp.provider.new](#fn-hcpnew), this function will not inject the `provider`\nblock into the root Terraform document. Instead, this must be passed in as the `attrs` argument for the\n[tf.withProvider](https://github.com/tf-libsonnet/core/tree/main/docs#fn-withprovider) function to build a complete block.\n\nThis is most useful when you need to preprocess the attributes with functions, conditional, or looping logic prior to\ninjecting into a complete block.\n\n**Args**:\n - `client_id` (`string`): The OAuth2 Client ID for API operations. When `null`, the `client_id` field will be omitted from the resulting object.\n - `client_secret` (`string`): The OAuth2 Client Secret for API operations. When `null`, the `client_secret` field will be omitted from the resulting object.\n - `credential_file` (`string`): The path to an HCP credential file to use to authenticate the provider to HCP. You can alternatively set the HCP_CRED_FILE environment variable to point at a credential file as well. Using a credential file allows you to authenticate the provider as a service principal via client credentials or dynamically based on Workload Identity Federation. When `null`, the `credential_file` field will be omitted from the resulting object.\n - `project_id` (`string`): The default project in which resources should be created. When `null`, the `project_id` field will be omitted from the resulting object.\n\n**Returns**:\n - An attribute object that can be used with [tf.withProvider](https://github.com/tf-libsonnet/core/tree/main/docs#fn-withprovider) to construct a new `hcp` provider\n configuration into the root Terraform configuration.\n', args=[]), + '#newAttrs':: d.fn(help='\n`hcp.provider.` constructs a new object with attributes and blocks configured for the `hcp`\nTerraform `provider`.\n\nUnlike [hcp.provider.new](#fn-hcpnew), this function will not inject the `provider`\nblock into the root Terraform document. Instead, this must be passed in as the `attrs` argument for the\n[tf.withProvider](https://github.com/tf-libsonnet/core/tree/main/docs#fn-withprovider) function to build a complete block.\n\nThis is most useful when you need to preprocess the attributes with functions, conditional, or looping logic prior to\ninjecting into a complete block.\n\n**Args**:\n - `client_id` (`string`): The OAuth2 Client ID for API operations. When `null`, the `client_id` field will be omitted from the resulting object.\n - `client_secret` (`string`): The OAuth2 Client Secret for API operations. When `null`, the `client_secret` field will be omitted from the resulting object.\n - `credential_file` (`string`): The path to an HCP credential file to use to authenticate the provider to HCP. You can alternatively set the HCP_CRED_FILE environment variable to point at a credential file as well. Using a credential file allows you to authenticate the provider as a service principal via client credentials or dynamically based on Workload Identity Federation. When `null`, the `credential_file` field will be omitted from the resulting object.\n - `project_id` (`string`): The default project in which resources should be created. When `null`, the `project_id` field will be omitted from the resulting object.\n - `workload_identity` (`list[obj]`): Allows authenticating the provider by exchanging the OAuth 2.0 access token or OpenID Connect token specified in the `token_file` for a HCP service principal using Workload Identity Federation. When `null`, the `workload_identity` sub block will be omitted from the resulting object. When setting the sub block, it is recommended to construct the object using the [hcp.provider.workload_identity.new](#fn-hcpworkloadidentitynew) constructor.\n\n**Returns**:\n - An attribute object that can be used with [tf.withProvider](https://github.com/tf-libsonnet/core/tree/main/docs#fn-withprovider) to construct a new `hcp` provider\n configuration into the root Terraform configuration.\n', args=[]), newAttrs( client_id=null, client_secret=null, credential_file=null, - project_id=null + project_id=null, + workload_identity=null ):: std.prune(a={ client_id: client_id, client_secret: client_secret, credential_file: credential_file, project_id: project_id, + workload_identity: workload_identity, }), + workload_identity:: { + '#new':: d.fn(help='\n`hcp.workload_identity.new` constructs a new object with attributes and blocks configured for the `workload_identity`\nTerraform sub block.\n\n\n\n**Args**:\n - `resource_name` (`string`): The resource_name of the Workload Identity Provider to exchange the token with.\n - `token_file` (`string`): The path to a file containing a JWT token retrieved from an OpenID Connect (OIDC) or OAuth2 provider.\n\n**Returns**:\n - An attribute object that represents the `workload_identity` sub block.\n', args=[]), + new( + resource_name, + token_file + ):: std.prune(a={ + resource_name: resource_name, + token_file: token_file, + }), + }, } diff --git a/0.x/_gen/resources/service_principal.libsonnet b/0.x/_gen/resources/service_principal.libsonnet index 07732c1..da48574 100644 --- a/0.x/_gen/resources/service_principal.libsonnet +++ b/0.x/_gen/resources/service_principal.libsonnet @@ -1,7 +1,7 @@ local tf = (import 'github.com/tf-libsonnet/core/main.libsonnet'); local d = (import 'github.com/jsonnet-libs/docsonnet/doc-util/main.libsonnet'); { - '#':: d.pkg(name='service_principal', url='', help='`service_principal` represents the `hcp_service_principal` Terraform resource.\n\nThe service principal resource manages a HCP Service Principal.\n\nThe user or service account that is running Terraform when creating a `hcp_service_principal` resource must have `roles/Admin` on the parent resource; either the project or organization.\n\nThis package contains functions and utilities for setting up the resource using Jsonnet code.\n'), + '#':: d.pkg(name='service_principal', url='', help='`service_principal` represents the `hcp_service_principal` Terraform resource.\n\nThe service principal resource manages a HCP Service Principal.\n\nThe user or service account that is running Terraform when creating a `hcp_service_principal` resource must have `roles/admin` on the parent resource; either the project or organization.\n\nThis package contains functions and utilities for setting up the resource using Jsonnet code.\n'), '#new':: d.fn(help="\n`hcp.service_principal.new` injects a new `hcp_service_principal` Terraform `resource`\nblock into the root module document.\n\nAdditionally, this inserts a private function into the `_ref` attribute that generates references to attributes of the\nresource. For example, if you added a new instance to the root using:\n\n # arguments omitted for brevity\n hcp.service_principal.new('some_id')\n\nYou can get the reference to the `id` field of the created `hcp.service_principal` using the reference:\n\n $._ref.hcp_service_principal.some_id.get('id')\n\nThis is the same as directly entering `\"${ hcp_service_principal.some_id.id }\"` as the value.\n\nNOTE: if you are chaining multiple resources together in a merge operation, you may not be able to use `super`, `self`,\nor `$` to refer to the root object. Instead, make an explicit outer object using `local`.\n\n**Args**:\n - `resourceLabel` (`string`): The name label of the block.\n - `name` (`string`): The service principal\u0026#39;s name.\n - `parent` (`string`): The parent location to create the service principal under. If unspecified, the service principal will be created in the project the provider is configured with. If specified, the accepted values are \u0026#34;project/\u0026lt;project_id\u0026gt;\u0026#34; or \u0026#34;organization/\u0026lt;organization_id\u0026gt;\u0026#34; When `null`, the `parent` field will be omitted from the resulting object.\n\n**Returns**:\n- A mixin object that injects the new resource into the root Terraform configuration.\n", args=[]), new( resourceLabel, diff --git a/0.x/_gen/resources/service_principal_key.libsonnet b/0.x/_gen/resources/service_principal_key.libsonnet index 42bfb36..8db52ac 100644 --- a/0.x/_gen/resources/service_principal_key.libsonnet +++ b/0.x/_gen/resources/service_principal_key.libsonnet @@ -1,7 +1,7 @@ local tf = (import 'github.com/tf-libsonnet/core/main.libsonnet'); local d = (import 'github.com/jsonnet-libs/docsonnet/doc-util/main.libsonnet'); { - '#':: d.pkg(name='service_principal_key', url='', help='`service_principal_key` represents the `hcp_service_principal_key` Terraform resource.\n\nThe service principal key resource manages a service principal key.\n\nThe user or service account that is running Terraform when creating a `hcp_service_principal_key` resource must have `roles/Admin` on the parent resource; either the project or organization.\n\nThis package contains functions and utilities for setting up the resource using Jsonnet code.\n'), + '#':: d.pkg(name='service_principal_key', url='', help='`service_principal_key` represents the `hcp_service_principal_key` Terraform resource.\n\nThe service principal key resource manages a service principal key.\n\nThe user or service account that is running Terraform when creating a `hcp_service_principal_key` resource must have `roles/admin` on the parent resource; either the project or organization.\n\nThis package contains functions and utilities for setting up the resource using Jsonnet code.\n'), '#new':: d.fn(help="\n`hcp.service_principal_key.new` injects a new `hcp_service_principal_key` Terraform `resource`\nblock into the root module document.\n\nAdditionally, this inserts a private function into the `_ref` attribute that generates references to attributes of the\nresource. For example, if you added a new instance to the root using:\n\n # arguments omitted for brevity\n hcp.service_principal_key.new('some_id')\n\nYou can get the reference to the `id` field of the created `hcp.service_principal_key` using the reference:\n\n $._ref.hcp_service_principal_key.some_id.get('id')\n\nThis is the same as directly entering `\"${ hcp_service_principal_key.some_id.id }\"` as the value.\n\nNOTE: if you are chaining multiple resources together in a merge operation, you may not be able to use `super`, `self`,\nor `$` to refer to the root object. Instead, make an explicit outer object using `local`.\n\n**Args**:\n - `resourceLabel` (`string`): The name label of the block.\n - `rotate_triggers` (`obj`): A map of arbitrary string key/value pairs that will force recreation of the key when they change, enabling key based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created. When `null`, the `rotate_triggers` field will be omitted from the resulting object.\n - `service_principal` (`string`): The service principal\u0026#39;s resource name for which a key should be created.\n\n**Returns**:\n- A mixin object that injects the new resource into the root Terraform configuration.\n", args=[]), new( resourceLabel, diff --git a/docs/0.x/provider.md b/docs/0.x/provider.md index d14734a..3927ffd 100644 --- a/docs/0.x/provider.md +++ b/docs/0.x/provider.md @@ -15,6 +15,8 @@ This package contains functions and utilities for setting up the provider using * [`fn new()`](#fn-new) * [`fn newAttrs()`](#fn-newattrs) +* [`obj workload_identity`](#obj-workload_identity) + * [`fn new()`](#fn-workload_identitynew) ## Fields @@ -37,6 +39,7 @@ the `src` and/or `version` parameters are set. - `client_secret` (`string`): The OAuth2 Client Secret for API operations. When `null`, the `client_secret` field will be omitted from the resulting object. - `credential_file` (`string`): The path to an HCP credential file to use to authenticate the provider to HCP. You can alternatively set the HCP_CRED_FILE environment variable to point at a credential file as well. Using a credential file allows you to authenticate the provider as a service principal via client credentials or dynamically based on Workload Identity Federation. When `null`, the `credential_file` field will be omitted from the resulting object. - `project_id` (`string`): The default project in which resources should be created. When `null`, the `project_id` field will be omitted from the resulting object. + - `workload_identity` (`list[obj]`): Allows authenticating the provider by exchanging the OAuth 2.0 access token or OpenID Connect token specified in the `token_file` for a HCP service principal using Workload Identity Federation. When `null`, the `workload_identity` sub block will be omitted from the resulting object. When setting the sub block, it is recommended to construct the object using the [hcp.provider.workload_identity.new](#fn-hcpworkloadidentitynew) constructor. - `alias` (`string`): The provider `alias` to set for this instance of the provider block. When `null`, the `alias` field will be omitted from the resulting provider block. - `src` (`string`): The provider `source` to set on the resulting `required_providers` block. If `src` or `version` is @@ -72,7 +75,32 @@ injecting into a complete block. - `client_secret` (`string`): The OAuth2 Client Secret for API operations. When `null`, the `client_secret` field will be omitted from the resulting object. - `credential_file` (`string`): The path to an HCP credential file to use to authenticate the provider to HCP. You can alternatively set the HCP_CRED_FILE environment variable to point at a credential file as well. Using a credential file allows you to authenticate the provider as a service principal via client credentials or dynamically based on Workload Identity Federation. When `null`, the `credential_file` field will be omitted from the resulting object. - `project_id` (`string`): The default project in which resources should be created. When `null`, the `project_id` field will be omitted from the resulting object. + - `workload_identity` (`list[obj]`): Allows authenticating the provider by exchanging the OAuth 2.0 access token or OpenID Connect token specified in the `token_file` for a HCP service principal using Workload Identity Federation. When `null`, the `workload_identity` sub block will be omitted from the resulting object. When setting the sub block, it is recommended to construct the object using the [hcp.provider.workload_identity.new](#fn-hcpworkloadidentitynew) constructor. **Returns**: - An attribute object that can be used with [tf.withProvider](https://github.com/tf-libsonnet/core/tree/main/docs#fn-withprovider) to construct a new `hcp` provider configuration into the root Terraform configuration. + + +## obj workload_identity + + + +### fn workload_identity.new + +```ts +new() +``` + + +`hcp.workload_identity.new` constructs a new object with attributes and blocks configured for the `workload_identity` +Terraform sub block. + + + +**Args**: + - `resource_name` (`string`): The resource_name of the Workload Identity Provider to exchange the token with. + - `token_file` (`string`): The path to a file containing a JWT token retrieved from an OpenID Connect (OIDC) or OAuth2 provider. + +**Returns**: + - An attribute object that represents the `workload_identity` sub block. diff --git a/docs/0.x/service_principal.md b/docs/0.x/service_principal.md index aa9e4b6..cb902f7 100644 --- a/docs/0.x/service_principal.md +++ b/docs/0.x/service_principal.md @@ -8,7 +8,7 @@ permalink: /service_principal/ The service principal resource manages a HCP Service Principal. -The user or service account that is running Terraform when creating a `hcp_service_principal` resource must have `roles/Admin` on the parent resource; either the project or organization. +The user or service account that is running Terraform when creating a `hcp_service_principal` resource must have `roles/admin` on the parent resource; either the project or organization. This package contains functions and utilities for setting up the resource using Jsonnet code. diff --git a/docs/0.x/service_principal_key.md b/docs/0.x/service_principal_key.md index e181888..72623ae 100644 --- a/docs/0.x/service_principal_key.md +++ b/docs/0.x/service_principal_key.md @@ -8,7 +8,7 @@ permalink: /service_principal_key/ The service principal key resource manages a service principal key. -The user or service account that is running Terraform when creating a `hcp_service_principal_key` resource must have `roles/Admin` on the parent resource; either the project or organization. +The user or service account that is running Terraform when creating a `hcp_service_principal_key` resource must have `roles/admin` on the parent resource; either the project or organization. This package contains functions and utilities for setting up the resource using Jsonnet code.