From 3125137a2f2490575673b409002e7873c3ea3735 Mon Sep 17 00:00:00 2001 From: sshahcodes Date: Thu, 1 Jun 2023 23:03:55 +0545 Subject: [PATCH] backport device trust and okta provider docs --- docs/cspell.json | 1 + docs/pages/reference/terraform-provider.mdx | 137 ++++++++++++++++++++ 2 files changed, 138 insertions(+) diff --git a/docs/cspell.json b/docs/cspell.json index 78d8f9db9d357..df15c76339e81 100644 --- a/docs/cspell.json +++ b/docs/cspell.json @@ -173,6 +173,7 @@ "TOUCHID", "Tele", "Templating", + "TESTDEVICE", "Tmkx", "Toboth", "Traefik", diff --git a/docs/pages/reference/terraform-provider.mdx b/docs/pages/reference/terraform-provider.mdx index b719bf3841525..79e800c79a922 100644 --- a/docs/pages/reference/terraform-provider.mdx +++ b/docs/pages/reference/terraform-provider.mdx @@ -15,11 +15,13 @@ Supported resources: - [teleport_github_connector](#teleport_github_connector) - [teleport_login_rule](#teleport_login_rule) - [teleport_oidc_connector](#teleport_oidc_connector) +- [teleport_okta_import_rule](#teleport_okta_import_rule) - [teleport_provision_token](#teleport_provision_token) - [teleport_role](#teleport_role) - [teleport_saml_connector](#teleport_saml_connector) - [teleport_session_recording_config](#teleport_session_recording_config) - [teleport_trusted_cluster](#teleport_trusted_cluster) +- [teleport_trusted_device](#teleport_trusted_device) - [teleport_user](#teleport_user) ## Provider configuration @@ -870,6 +872,100 @@ resource "teleport_oidc_connector" "example" { ``` +## teleport_okta_import_rule + +| Name | Type | Required | Description | +|----------|--------|----------|------------------------------------------------------------------| +| metadata | object | | Metadata is resource metadata | +| spec | object | * | Spec is the specification for the Okta import rule. | +| sub_kind | string | | SubKind is an optional resource sub kind, used in some resources | +| version | string | | Version is version | + +### metadata + +Metadata is resource metadata + +| Name | Type | Required | Description | +|-------------|----------------|----------|--------------------------------------------------------------------------------------------------------| +| description | string | | Description is object description | +| expires | RFC3339 time | | Expires is a global expiry time header can be set on any resource in the system. | +| labels | map of strings | | Labels is a set of labels | +| name | string | * | Name is an object name | +| namespace | string | | Namespace is object namespace. The field should be called "namespace" when it returns in Teleport 2.4. | + +### spec + +Spec is the specification for the Okta import rule. + +| Name | Type | Required | Description | +|----------|--------|----------|-------------------------------------------------------------------------------------------------------| +| mappings | object | | Mappings is a list of matches that will map match conditions to labels. | +| priority | number | | Priority represents the priority of the rule application. Lower numbered rules will be applied first. | + +#### spec.mappings + +Mappings is a list of matches that will map match conditions to labels. + +| Name | Type | Required | Description | +|------------|----------------|----------|-------------------------------------------------------------------------------------------------------------| +| add_labels | map of strings | | AddLabels specifies which labels to add if any of the previous matches match. | +| match | object | | Match is a set of matching rules for this mapping. If any of these match, then the mapping will be applied. | + +##### spec.mappings.match + +Match is a set of matching rules for this mapping. If any of these match, then the mapping will be applied. + +| Name | Type | Required | Description | +|--------------------|------------------|----------|---------------------------------------------------------------------| +| app_ids | array of strings | | AppIDs is a list of app IDs to match against. | +| app_name_regexes | array of strings | | AppNameRegexes is a list of regexes to match against app names. | +| group_ids | array of strings | | GroupIDs is a list of group IDs to match against. | +| group_name_regexes | array of strings | | GroupNameRegexes is a list of regexes to match against group names. | + +Example: + +``` +# Teleport Okta Import Rule resource + +resource "teleport_okta_import_rule" "example" { + metadata = { + description = "Example Okta Import Rule" + labels = { + "example" = "yes" + } + } + + version = "v1" + + spec = { + priority = 100 + mappings = [ + { + add_labels = { + "label1": "value1" + } + matches = [ + { + app_ids = ["1", "2", "3"] + }, + ], + }, + { + add_labels = { + "label2": "value2" + } + matches = [ + { + group_ids = ["1", "2", "3"] + }, + ], + }, + ] + } +} + +``` + ## teleport_provision_token | Name | Type | Required | Description | @@ -1742,6 +1838,47 @@ resource "teleport_trusted_cluster" "cluster" { ``` +## teleport_trusted_device + +| Name | Type | Required | Description | +|----------|--------|----------|-------------------------------| +| metadata | object | | Metadata is resource metadata | +| spec | object | | Specification of the device. | +| version | string | | Version is version | + +### metadata + +Metadata is resource metadata + +| Name | Type | Required | Description | +|--------|----------------|----------|---------------------------| +| labels | map of strings | | Labels is a set of labels | +| name | string | | Name is an object name | + +### spec + +Specification of the device. + +| Name | Type | Required | Description | +|---------------|--------|----------|-------------| +| asset_tag | string | * | | +| enroll_status | string | | | +| os_type | string | * | | + +Example: + +``` +# Trusted device resource + +resource "teleport_trusted_device" "TESTDEVICE1" { + spec = { + asset_tag = "TESTDEVICE1" + os_type = "macos" + } +} + +``` + ## teleport_user | Name | Type | Required | Description |