[v15] Add Terraform Provider support for the installer resource

docs/pages/admin-guides/infrastructure-as-code/terraform-provider.mdx

@@ -82,6 +82,7 @@ authority to manage resources in the cluster. To prepare credentials using a loc
            - user
            - access_list
            - node
+           - installer
            verbs: ['list','create','read','update','delete']
    version: v7
    ```

integrations/terraform/README.md

@@ -2,7 +2,7 @@
 
 ## Usage
 
-Please, refer to [official documentation](https://goteleport.com/docs/setup/guides/terraform-provider/).
+Please, refer to [official documentation](https://goteleport.com/docs/admin-guides/infrastructure-as-code/terraform-provider/).
 
 ## Development
 

integrations/terraform/example/installer.tf.example

@@ -0,0 +1,70 @@
+# Teleport Installer resource
+
+resource "teleport_installer" "example" {
+  version = "v1"
+  metadata = {
+    name        = "example"
+    description = "Example Teleport Installer"
+    labels = {
+      example = "yes"
+    }
+  }
+
+  spec = {
+    # This is the default installer script. For more details about the installer script
+    # see https://goteleport.com/docs/enroll-resources/auto-discovery/servers/ec2-discovery/#step-67-optional-customize-the-default-installer-script
+    script = <<EOF
+#!/usr/bin/env sh
+set -eu
+
+cdnBaseURL='https://cdn.teleport.dev'
+teleportVersion='v{{.MajorVersion}}'
+teleportFlavor='teleport-ent' # teleport or teleport-ent
+successMessage='Teleport is installed and running.'
+teleportArgs='install autodiscover-node --public-proxy-addr={{.PublicProxyAddr}} --teleport-package={{.TeleportPackage}} --repo-channel={{.RepoChannel}} --auto-upgrade={{.AutomaticUpgrades}} --azure-client-id={{.AzureClientID}}'
+
+# shellcheck disable=all
+# Use $HOME or / as base dir
+tempDir=$(mktemp -d -p $${HOME:-}/)
+OS=$(uname -s)
+ARCH=$(uname -m)
+# shellcheck enable=all
+
+trap 'rm -rf -- "$tempDir"' EXIT
+
+teleportTarballName() {
+    if [ $${OS} = "Darwin" ]; then
+        echo $${teleportFlavor}-$${teleportVersion}-darwin-universal-bin.tar.gz
+        return 0
+    fi;
+
+    if [ $${OS} != "Linux" ]; then
+        echo "Only MacOS and Linux are supported." >&2
+        return 1
+    fi;
+
+    if [ $${ARCH} = "armv7l" ]; then echo "$${teleportFlavor}-$${teleportVersion}-linux-arm-bin.tar.gz"
+    elif [ $${ARCH} = "aarch64" ]; then echo "$${teleportFlavor}-$${teleportVersion}-linux-arm64-bin.tar.gz"
+    elif [ $${ARCH} = "x86_64" ]; then echo "$${teleportFlavor}-$${teleportVersion}-linux-amd64-bin.tar.gz"
+    elif [ $${ARCH} = "i686" ]; then echo "$${teleportFlavor}-$${teleportVersion}-linux-386-bin.tar.gz"
+    else
+        echo "Invalid Linux architecture $${ARCH}." >&2
+        return 1
+    fi;
+}
+
+main() {
+    tarballName=$(teleportTarballName)
+    echo "Downloading from $${cdnBaseURL}/$${tarballName} and extracting teleport to $${tempDir} ..."
+    curl --show-error --fail --location $${cdnBaseURL}/$${tarballName} | tar xzf - -C $${tempDir} $${teleportFlavor}/teleport
+
+    mkdir -p $${tempDir}/bin
+    mv $${tempDir}/$${teleportFlavor}/teleport $${tempDir}/bin/teleport
+    echo "> $${tempDir}/bin/teleport $${teleportArgs} $@"
+    sudo $${tempDir}/bin/teleport $${teleportArgs} $@ && echo $successMessage
+}
+
+main $@
+EOF
+  }
+}

integrations/terraform/example/terraform.yaml

@@ -29,6 +29,7 @@ spec:
         - device
         - okta_import_rule
         - access_list
+        - installer
         verbs: ['list','create','read','update','delete']
 version: v6
 ---

integrations/terraform/gen/main.go

@@ -455,6 +455,21 @@ var (
 		Namespaced:             true,
 		ForceSetKind:           "apitypes.KindNode",
 	}
+
+	installer = payload{
+		Name:                   "Installer",
+		TypeName:               "InstallerV1",
+		VarName:                "installer",
+		GetMethod:              "GetInstaller",
+		CreateMethod:           "SetInstaller",
+		UpdateMethod:           "SetInstaller",
+		DeleteMethod:           "DeleteInstaller",
+		ID:                     `"installer"`,
+		Kind:                   "installer",
+		HasStaticID:            false,
+		TerraformResourceType:  "teleport_installer",
+		HasCheckAndSetDefaults: true,
+	}
 )
 
 func main() {
@@ -502,6 +517,8 @@ func genTFSchema() {
 	generateDataSource(accessList, pluralDataSource)
 	generateResource(server, pluralResource)
 	generateDataSource(server, pluralDataSource)
+	generateResource(installer, pluralResource)
+	generateDataSource(installer, pluralDataSource)
 }
 
 func generateResource(p payload, tpl string) {
@@ -574,6 +591,7 @@ var (
 		"trusted_cluster":            tfschema.GenSchemaTrustedClusterV2,
 		"user":                       tfschema.GenSchemaUserV2,
 		"server":                     tfschema.GenSchemaServerV2,
+		"installer":                  tfschema.GenSchemaInstallerV1,
 	}
 
 	// hiddenFields are fields that are not outputted to the reference doc.

integrations/terraform/protoc-gen-terraform-teleport.yaml

@@ -20,8 +20,9 @@ types:
     - "SessionRecordingConfigV2"
     - "TrustedClusterV2"
     - "UserV2"
+    - "InstallerV1"
 
-# id field is required for integration tests. It is not used by provider. 
+# id field is required for integration tests. It is not used by provider.
 # We have to add it manually (might be removed in the future versions).
 injected_fields:
   AppV3:
@@ -122,6 +123,13 @@ injected_fields:
       computed: true
       plan_modifiers:
         - "github.com/hashicorp/terraform-plugin-framework/tfsdk.UseStateForUnknown()"
+  InstallerV1:
+    -
+      name: id
+      type: github.com/hashicorp/terraform-plugin-framework/types.StringType
+      computed: true
+      plan_modifiers:
+        - "github.com/hashicorp/terraform-plugin-framework/tfsdk.UseStateForUnknown()"
 
 # These fields will be excluded
 exclude_fields:
@@ -255,7 +263,7 @@ computed_fields:
     # back into the state.
     - "ServerV2.Metadata"
 
-  # Session recording
+    # Session recording
     - "SessionRecordingConfigV2.Spec.Mode"
     - "SessionRecordingConfigV2.Kind"
 
@@ -265,7 +273,10 @@ computed_fields:
     # User
     - "UserV2.Kind"
 
-# These fields will be marked as Required: true 
+    # Installer
+    - "InstallerV1.Kind"
+
+# These fields will be marked as Required: true
 required_fields:
     # App
     - "AppV3.Metadata.Name"
@@ -276,8 +287,8 @@ required_fields:
     - "AuthPreferenceV2.Metadata.Name"
 
     # Database
-    - "DatabaseV3.Spec.Protocol"    
-    - "DatabaseV3.Spec.URI"        
+    - "DatabaseV3.Spec.Protocol"
+    - "DatabaseV3.Spec.URI"
     - "DatabaseV3.Metadata.Name"
     - "DatabaseV3.Version"
 
@@ -326,12 +337,18 @@ required_fields:
     - "ClusterMaintenanceConfigV1.Version"
     - "AuthPreferenceV2.Version"
 
+    # Installer
+    - "InstallerV1.Spec"
+    - "InstallerV1.Spec.Script"
+    - "InstallerV1.Metadata.Name"
+    - "InstallerV1.Version"
+
 # These fields must be marked as sensitive
 sensitive_fields:
     - "SAMLConnectorV2.Spec.Cert"
     - "SAMLConnectorV2.Spec.SigningKeyPair.PrivateKey"
     - "SAMLConnectorV2.Spec.EncryptionKeyPair.PrivateKey"
-    - "SAMLConnectorV2.Spec.EntityDescriptor"    
+    - "SAMLConnectorV2.Spec.EntityDescriptor"
     - "GithubConnectorV3.Spec.ClientSecret"
     - "OIDCConnectorV3.Spec.ClientSecret"
     - "OIDCConnectorV3.Spec.GoogleServiceAccount"
@@ -394,13 +411,15 @@ validators:
     - UseVersionBetween(2,2)
   ClusterMaintenanceConfigV1.Version:
     - UseVersionBetween(1,1)
+  InstallerV1.Version:
+    - UseVersionBetween(1,1)
 
 time_type:
     type: "TimeType"
     value_type: "TimeValue"
     cast_to_type: "time.Time"
     cast_from_type: "time.Time"
-    type_constructor: UseRFC3339Time()    
+    type_constructor: UseRFC3339Time()
 
 duration_type:
     type: "DurationType"

integrations/terraform/provider/provider.go

@@ -583,6 +583,7 @@ func (p *Provider) GetResources(_ context.Context) (map[string]tfsdk.ResourceTyp
 		"teleport_okta_import_rule":           resourceTeleportOktaImportRuleType{},
 		"teleport_access_list":                resourceTeleportAccessListType{},
 		"teleport_server":                     resourceTeleportServerType{},
+		"teleport_installer":                  resourceTeleportInstallerType{},
 	}, nil
 }
 
@@ -606,5 +607,6 @@ func (p *Provider) GetDataSources(_ context.Context) (map[string]tfsdk.DataSourc
 		"teleport_trusted_device":             dataSourceTeleportDeviceV1Type{},
 		"teleport_okta_import_rule":           dataSourceTeleportOktaImportRuleType{},
 		"teleport_access_list":                dataSourceTeleportAccessListType{},
+		"teleport_installer":                  dataSourceTeleportInstallerType{},
 	}, nil
 }