gravitational · flyinghermit · May 29, 2023 · Apr 7, 2023 · Apr 11, 2023 · Apr 12, 2023
@@ -72,9 +72,17 @@ endif
 		--terraform_out=config=protoc-gen-terraform-loginrule.yaml:./tfschema \
 		teleport/loginrule/v1/loginrule.proto
 
+	@protoc \
+		-I$(API_MOD_PATH)/proto \
+		-I$(PROTOBUF_MOD_PATH) \
+		--plugin=$(GENTERRAFORMPATH)/protoc-gen-terraform \
+		--terraform_out=config=protoc-gen-terraform-devicetrust.yaml:./tfschema \
+		teleport/legacy/types/device.proto
+
 	@go run ./gen/main.go
 	mv ./tfschema/github.com/gravitational/teleport/api/types/types_terraform.go ./tfschema/
 	mv ./tfschema/github.com/gravitational/teleport/api/gen/proto/go/teleport/loginrule/v1/loginrule_terraform.go ./tfschema/loginrule/v1/
+	mv ./tfschema/github.com/gravitational/teleport/api/types/device_terraform.go ./tfschema/devicetrust/v1/
 	rm -r ./tfschema/github.com/
 	@go run ./gen/main.go docs
 

@@ -25,6 +25,7 @@ spec:
         - app
         - db
         - login_rule
+        - device
         - okta_import_rule
         verbs: ['list','create','read','update','delete']
 version: v6

@@ -0,0 +1,8 @@
+# Trusted device resource
+
+resource "teleport_trusted_device" "TESTDEVICE1" {
+  spec = {
+    asset_tag = "TESTDEVICE1"
+    os_type   = "macos"
+  }
+}
@@ -36,6 +36,7 @@ import (
 
 	"github.com/gravitational/teleport-plugins/terraform/provider"
 	"github.com/gravitational/teleport-plugins/terraform/tfschema"
+	devicetrustSchema "github.com/gravitational/teleport-plugins/terraform/tfschema/devicetrust/v1"
 	loginruleSchema "github.com/gravitational/teleport-plugins/terraform/tfschema/loginrule/v1"
 )
 
@@ -67,6 +68,9 @@ type payload struct {
 	ID string
 	// RandomMetadataName indicates that Metadata.Name must be generated (supported by plural resources only)
 	RandomMetadataName bool
+	// UUIDMetadataName functions similar to RandomMetadataName but generates UUID instead of
+	// generating 32 bit crypto random value
+	UUIDMetadataName bool
 	// Kind Teleport kind for a resource
 	Kind string
 	// DefaultVersion represents the default resource version on create
@@ -323,6 +327,24 @@ var (
 		TerraformResourceType: "teleport_login_rule",
 	}
 
+	deviceTrust = payload{
+		Name:                  "DeviceV1",
+		VarName:               "trustedDevice",
+		TypeName:              "DeviceV1",
+		GetMethod:             "GetDeviceResource",
+		CreateMethod:          "UpsertDeviceResource",
+		UpsertMethodArity:     2,
+		UpdateMethod:          "UpsertDeviceResource",
+		DeleteMethod:          "DeleteDeviceResource",
+		Kind:                  "device",
+		ID:                    "trustedDevice.Metadata.Name",
+		HasStaticID:           true,
+		SchemaPackagePath:     "github.com/gravitational/teleport-plugins/terraform/tfschema/devicetrust/v1",
+		IsPlainStruct:         true,
+		UUIDMetadataName:      true,
+		TerraformResourceType: "teleport_device_trust",
+	}
+
 	oktaImportRule = payload{
 		Name:                  "OktaImportRule",
 		TypeName:              "OktaImportRuleV1",
@@ -375,6 +397,8 @@ func genTFSchema() {
 	generateDataSource(user, pluralDataSource)
 	generateResource(loginRule, pluralResource)
 	generateDataSource(loginRule, pluralDataSource)
+	generateResource(deviceTrust, pluralResource)
+	generateDataSource(deviceTrust, pluralDataSource)
 	generateResource(oktaImportRule, pluralResource)
 	generateDataSource(oktaImportRule, pluralDataSource)
 }
@@ -418,6 +442,7 @@ var (
 		"bot":                       provider.GenSchemaBot,
 		"cluster_networking_config": tfschema.GenSchemaClusterNetworkingConfigV2,
 		"database":                  tfschema.GenSchemaDatabaseV3,
+		"trusted_device":            devicetrustSchema.GenSchemaDeviceV1,
 		"github_connector":          tfschema.GenSchemaGithubConnectorV3,
 		"login_rule":                loginruleSchema.GenSchemaLoginRule,
 		"okta_import_rule":          tfschema.GenSchemaOktaImportRuleV1,

@@ -24,6 +24,9 @@ import (
 	"crypto/rand"
 	"encoding/hex"
 {{- end}}
+{{- if .UUIDMetadataName}}
+	"github.com/google/uuid"
+{{- end}}
 {{- range $i, $a := .ExtraImports}}
 	"{{$a}}"
 {{- end}}
@@ -91,6 +94,11 @@ func (r resourceTeleport{{.Name}}) Create(ctx context.Context, req tfsdk.CreateR
 		{{.VarName}}.Metadata.Name = hex.EncodeToString(b)
 	}
 	{{end -}}
+	{{if .UUIDMetadataName -}}
+	if {{.VarName}}.Metadata.Name == "" {
+		{{.VarName}}.Metadata.Name = uuid.NewString()
+	}
+	{{end -}}
 	{{if .DefaultVersion -}}
 	if {{.VarName}}.Version == "" {
 		{{.VarName}}.Version = "{{.DefaultVersion}}"

@@ -0,0 +1,71 @@
+---
+target_package_name: "v1"
+default_package_name: "github.com/gravitational/teleport/api/types"
+use_state_for_unknown_by_default: true
+
+# Top-level type names to export
+types:
+    - "DeviceV1"
+
+# These import paths were not being automatically picked up by
+# protoc-gen-terraform without these overrides
+import_path_overrides:
+    "types": "github.com/gravitational/teleport/api/types"
+    "wrappers": "github.com/gravitational/teleport/api/types/wrappers"
+
+
+injected_fields:
+  DeviceV1:
+    # id field is required for integration tests. It is also used by this provider
+    # to hold Metadata.name value returned by Teleport.
+    -
+      name: id
+      type: github.com/hashicorp/terraform-plugin-framework/types.StringType
+      computed: true
+      plan_modifiers:
+        - "github.com/hashicorp/terraform-plugin-framework/tfsdk.UseStateForUnknown()"
+
+
+
+# These fields will be marked as Computed: true
+computed_fields:
+    # Metadata
+    - "DeviceV1.Metadata"
+    - "DeviceV1.Kind"
+    - "DeviceV1.Version"
+    # DeviceV1
+    - "DeviceV1.spec.enroll_status"
+
+
+# These fields will be marked as Required: true
+required_fields:
+    - "DeviceV1.spec.asset_tag"
+    - "DeviceV1.spec.os_type"
+
+
+exclude_fields:
+    # Below fields are either managed or not used on Teleport side
+    - "DeviceV1.SubKind"
+    - "DeviceV1.Metadata.ID"
+    - "DeviceV1.Metadata.Namespace"
+    - "DeviceV1.Metadata.Description"
+    - "DeviceV1.Metadata.Expires"
+    - "DeviceV1.spec.create_time"
+    - "DeviceV1.spec.update_time"
+    - "DeviceV1.spec.credential"
+    - "DeviceV1.spec.collected_data"
+
+
+plan_modifiers:
+    # Force to recreate resource if asset tag changes
+    "DeviceV1.spec.asset_tag":
+      - "github.com/hashicorp/terraform-plugin-framework/tfsdk.RequiresReplace()"
+
+
+time_type:
+    type: "github.com/gravitational/teleport-plugins/terraform/tfschema.TimeType"
+    value_type: "github.com/gravitational/teleport-plugins/terraform/tfschema.TimeValue"
+    cast_to_type: "time.Time"
+    cast_from_type: "time.Time"
+    type_constructor: "github.com/gravitational/teleport-plugins/terraform/tfschema.UseRFC3339Time()"
+
@@ -572,6 +572,7 @@ func (p *Provider) GetResources(_ context.Context) (map[string]tfsdk.ResourceTyp
 		"teleport_user":                      resourceTeleportUserType{},
 		"teleport_bot":                       resourceTeleportBotType{},
 		"teleport_login_rule":                resourceTeleportLoginRuleType{},
+		"teleport_trusted_device":            resourceTeleportDeviceV1Type{},
 		"teleport_okta_import_rule":          resourceTeleportOktaImportRuleType{},
 	}, nil
 }
@@ -592,6 +593,7 @@ func (p *Provider) GetDataSources(_ context.Context) (map[string]tfsdk.DataSourc
 		"teleport_trusted_cluster":           dataSourceTeleportTrustedClusterType{},
 		"teleport_user":                      dataSourceTeleportUserType{},
 		"teleport_login_rule":                dataSourceTeleportLoginRuleType{},
+		"teleport_trusted_device":            dataSourceTeleportDeviceV1Type{},
 		"teleport_okta_import_rule":          dataSourceTeleportOktaImportRuleType{},
 	}, nil
 }