Device trust terraform provider

[flyinghermit]

Terraform support for device trust.

Device type definition

Currently, there's two Device types implemented for Device Trust:

1. Device proto, which is the main definition used by all Device Trust related services.
2. DeviceV1 used by this provider.

Provider implementation

Unlike other existing resources, DeviceV1 does not fully utilize the metadata fields such as label, description, etc. Only metadata.name is supported, specifically to be compatible with schema generation for terraform provider. Additionally, the DeviceV1 embeds the ResourceHeader field. protoc-gen-terraform is updated to support such embedded fields.

This PR adds a new fields to the template payload:

• UUIDMetadataName field: used to generate Metadata.Name as uuid value. The plural_resource.go.tpl template is updated to accommodate UUIDMetadataName field.

Supported device trust CRUD fields

As for supported fields, only asset_tag, os_type, and enroll_status are supported by this provider.

1. Create: Create device: asset_tag, os_type, enroll_status (optional as this value can be updated outside of Terraform and it won't be a good experience for our users to keep the .tf files in sync with the state )
2. Update: Update enroll_status: enrolled -> not_enrolled
3. Delete: Delete device.

Closes: https://github.com/gravitational/teleport.e/issues/939
Depends on gravitational/protoc-gen-terraform#29

[flyinghermit]

Note to reviewer on failing CI test: This PR requires latest teleport enterprise build (master branch). What would be the way to update this before v13 is released? Ready to review now as v13 is released.

[marcoandredinis]

Note to reviewer on failing CI test: This PR requires latest teleport version (master branch). What would be the way to update this before v13 is released?

If you want the CI to pass, you must update the teleport dep in go.mod to point to current master's commit (or at least to a commit where your changes were made)
However, we can't merge that before the v13 release

Something like this:

go get github.com/gravitational/teleport/api@<commit>

[flyinghermit]

@marcoandredinis I've already updated the required API version in go.mod. However this PR also depends on latest teleport.e build. And currently CI run tests against v12.1.0?

Also FYI, that those updates for teleport.e will not be back ported to v12. So I'm guessing it'll wait till we release v13?

[marcoandredinis]

Yeah, we should leave this PR until v13 gets released and during the non-production ready releases (alpha, beta, rc, ...) we should be able to update the API and the binary used to run tests

The binary used to run the tests is under the TELEPORT_GET_VERSION variable
It can be updated using TELEPORT_GET_VERSION=v13.0.0 make update-test-version (when that is released)

[nklaassen]

I'm curious what the expected use case for this is? Will admins be able to define all resource asset tags in terraform and then end users will be able to enroll their device with tsh, or something like that?

[flyinghermit]

@marcoandredinis @nklaassen Can you please take another look to this PR. Now that embedded fields are supported (see gravitational/protoc-gen-terraform#29), I have significantly updated this PR (no longer hacky injected fields).

I'm curious what the expected use case for this is? Will admins be able to define all resource asset tags in terraform and then end users will be able to enroll their device with tsh, or something like that?

@nklaassen, Yes that is the case. Basically register and delete and unenroll device (change status from enroll -> not_enrolled). Device enrollment will be handled by users using tsh.

[marcoandredinis]

We need this issue fixed for the tests to pass
#820

[marcoandredinis]

Can you please re-run the the terraform-gen-tfschema target?
I got some differences

Btw, after this gets merged and released (13.0.4 ?) we should update the Terraform Reference docs
Something like this:
gravitational/teleport#26502 (I have to fix a "typo" before I can merge that one)

[flyinghermit]

This is scheduled for 13.1 but noted to update reference docs. Thanks

[flyinghermit]

Friendly ping @r0mant @zmb3 for code owner review please

[r0mant]

Bot.