Terraform: Add teleport_bot_v2 resource and teleport_bot datasource

api/client/client.go

@@ -5674,3 +5674,35 @@ func (c *Client) ValidateTrustedCluster(
 	}
 	return resp, nil
 }
+
+// GetBot gets the bot with the given name.
+func (c *Client) GetBot(ctx context.Context, name string) (*machineidv1pb.Bot, error) {
+	bot, err := c.BotServiceClient().GetBot(ctx, &machineidv1pb.GetBotRequest{
+		BotName: name,
+	})
+	return bot, trace.Wrap(err)
+}
+
+// CreateBot creates the given bot.
+func (c *Client) CreateBot(ctx context.Context, bot *machineidv1pb.Bot) (*machineidv1pb.Bot, error) {
+	bot, err := c.BotServiceClient().CreateBot(ctx, &machineidv1pb.CreateBotRequest{
+		Bot: bot,
+	})
+	return bot, trace.Wrap(err)
+}
+
+// DeleteBot deletes the bot with the given name.
+func (c *Client) DeleteBot(ctx context.Context, name string) error {
+	_, err := c.BotServiceClient().DeleteBot(ctx, &machineidv1pb.DeleteBotRequest{
+		BotName: name,
+	})
+	return trace.Wrap(err)
+}
+
+// UpsertBot upserts the given bot.
+func (c *Client) UpsertBot(ctx context.Context, bot *machineidv1pb.Bot) (*machineidv1pb.Bot, error) {
+	bot, err := c.BotServiceClient().UpsertBot(ctx, &machineidv1pb.UpsertBotRequest{
+		Bot: bot,
+	})
+	return bot, trace.Wrap(err)
+}

docs/pages/reference/infrastructure-as-code/terraform-provider/data-sources/bot.mdx

@@ -0,0 +1,61 @@
+---
+title: Reference for the teleport_bot Terraform data-source
+sidebar_label: bot
+description: This page describes the supported values of the teleport_bot data-source of the Teleport Terraform provider.
+tags:
+ - infrastructure-as-code
+ - reference
+ - platform-wide
+---
+
+{/*Auto-generated file. Do not edit.*/}
+{/*To regenerate, navigate to integrations/terraform and run `make docs`.*/}
+
+{/* Disable the outdated name check since data source fields occasionally need
+to refer to these. */}
+{/* vale 3rd-party-products.former-names = NO */}
+
+This page describes the supported values of the `teleport_bot` data source of the
+Teleport Terraform provider.
+
+
+
+
+
+{/*  schema generated by tfplugindocs */}
+## Schema
+
+### Optional
+
+- `metadata` (Attributes) Common metadata that all resources share. (see [below for nested schema](#nested-schema-for-metadata))
+- `spec` (Attributes) The configured properties of a Bot. (see [below for nested schema](#nested-schema-for-spec))
+- `status` (Attributes) Fields that are set by the server as results of operations. These should not be modified by users. (see [below for nested schema](#nested-schema-for-status))
+- `sub_kind` (String) Differentiates variations of the same kind. All resources should contain one, even if it is never populated.
+- `version` (String) The version of the resource being represented.
+
+### Nested Schema for `metadata`
+
+Optional:
+
+- `description` (String) description is object description.
+- `expires` (String) expires is a global expiry time header can be set on any resource in the system.
+- `labels` (Map of String) labels is a set of labels.
+- `name` (String) name is an object name.
+
+
+### Nested Schema for `spec`
+
+Optional:
+
+- `max_session_ttl` (String) The max session TTL value for the bot's internal role. Unless specified, bots may not request a value beyond the default maximum TTL of 12 hours. This value may not be larger than 7 days (168 hours).
+- `roles` (List of String) The roles that the bot should be able to impersonate.
+- `traits` (Map of List of String) The traits that will be associated with the bot for the purposes of role templating.  Where multiple specified with the same name, these will be merged by the server.
+
+
+### Nested Schema for `status`
+
+Optional:
+
+- `role_name` (String) The name of the role associated with the bot.
+- `user_name` (String) The name of the user associated with the bot.
+

docs/pages/reference/infrastructure-as-code/terraform-provider/data-sources/data-sources.mdx

@@ -24,6 +24,7 @@ The Teleport Terraform provider supports the following data-sources:
   - [`teleport_auth_preference`](./auth_preference.mdx)
   - [`teleport_autoupdate_config`](./autoupdate_config.mdx)
   - [`teleport_autoupdate_version`](./autoupdate_version.mdx)
+  - [`teleport_bot`](./bot.mdx)
   - [`teleport_cluster_maintenance_config`](./cluster_maintenance_config.mdx)
   - [`teleport_cluster_networking_config`](./cluster_networking_config.mdx)
   - [`teleport_database`](./database.mdx)

docs/pages/reference/infrastructure-as-code/terraform-provider/resources/bot_v2.mdx

@@ -0,0 +1,105 @@
+---
+title: Reference for the teleport_bot_v2 Terraform resource
+sidebar_label: bot_v2
+description: This page describes the supported values of the teleport_bot_v2 resource of the Teleport Terraform provider.
+tags:
+ - infrastructure-as-code
+ - reference
+ - platform-wide
+---
+
+{/*Auto-generated file. Do not edit.*/}
+{/*To regenerate, navigate to integrations/terraform and run `make docs`.*/}
+
+{/* Disable the outdated name check since resource fields occasionally need
+to refer to these. */}
+{/* vale 3rd-party-products.former-names = NO */}
+
+This page describes the supported values of the teleport_bot_v2 resource of the Teleport Terraform provider.
+
+
+
+
+## Example Usage
+
+```hcl
+# Teleport Machine ID Bot creation example
+
+locals {
+  bot_name = "example"
+}
+
+resource "random_password" "bot_token" {
+  length  = 32
+  special = false
+}
+
+resource "time_offset" "bot_example_token_expiry" {
+  offset_hours = 1
+}
+
+resource "teleport_provision_token" "bot_example" {
+  metadata = {
+    expires     = time_offset.bot_example_token_expiry.rfc3339
+    description = "Bot join token for ${local.bot_name} generated by Terraform"
+
+    name = random_password.bot_token.result
+  }
+
+  spec = {
+    roles       = ["Bot"]
+    bot_name    = local.bot_name
+    join_method = "token"
+  }
+}
+
+resource "teleport_bot_v2" "example" {
+  metadata = {
+    name = local.bot_name
+  }
+
+  spec = {
+    roles = ["access"]
+    traits = {
+      "logins" = ["ubuntu", "root"]
+    }
+  }
+}
+```
+
+{/*  schema generated by tfplugindocs */}
+## Schema
+
+### Optional
+
+- `metadata` (Attributes) Common metadata that all resources share. (see [below for nested schema](#nested-schema-for-metadata))
+- `spec` (Attributes) The configured properties of a Bot. (see [below for nested schema](#nested-schema-for-spec))
+- `status` (Attributes) Fields that are set by the server as results of operations. These should not be modified by users. (see [below for nested schema](#nested-schema-for-status))
+- `sub_kind` (String) Differentiates variations of the same kind. All resources should contain one, even if it is never populated.
+- `version` (String) The version of the resource being represented.
+
+### Nested Schema for `metadata`
+
+Optional:
+
+- `description` (String) description is object description.
+- `expires` (String) expires is a global expiry time header can be set on any resource in the system.
+- `labels` (Map of String) labels is a set of labels.
+- `name` (String) name is an object name.
+
+
+### Nested Schema for `spec`
+
+Optional:
+
+- `max_session_ttl` (String) The max session TTL value for the bot's internal role. Unless specified, bots may not request a value beyond the default maximum TTL of 12 hours. This value may not be larger than 7 days (168 hours).
+- `roles` (List of String) The roles that the bot should be able to impersonate.
+- `traits` (Map of List of String) The traits that will be associated with the bot for the purposes of role templating.  Where multiple specified with the same name, these will be merged by the server.
+
+
+### Nested Schema for `status`
+
+Optional:
+
+- `role_name` (String) The name of the role associated with the bot.
+- `user_name` (String) The name of the user associated with the bot.

docs/pages/reference/infrastructure-as-code/terraform-provider/resources/resources.mdx

@@ -25,6 +25,7 @@ The Teleport Terraform provider supports the following resources:
   - [`teleport_autoupdate_config`](./autoupdate_config.mdx)
   - [`teleport_autoupdate_version`](./autoupdate_version.mdx)
   - [`teleport_bot`](./bot.mdx)
+  - [`teleport_bot_v2`](./bot_v2.mdx)
   - [`teleport_cluster_maintenance_config`](./cluster_maintenance_config.mdx)
   - [`teleport_cluster_networking_config`](./cluster_networking_config.mdx)
   - [`teleport_database`](./database.mdx)

integrations/terraform/Makefile

@@ -142,6 +142,13 @@ endif
 		--terraform_out=config=protoc-gen-terraform-healthcheckconfig.yaml:./tfschema \
 		teleport/healthcheckconfig/v1/health_check_config.proto
 
+	@protoc \
+		-I=../../api/proto \
+		-I=$(PROTOBUF_MOD_PATH) \
+		--plugin=$(PROTOC_GEN_TERRAFORM) \
+		--terraform_out=config=protoc-gen-terraform-machineid.yaml:./tfschema \
+		teleport/machineid/v1/bot.proto
+
 	mv ./tfschema/github.com/gravitational/teleport/api/gen/proto/go/teleport/loginrule/v1/loginrule_terraform.go ./tfschema/loginrule/v1/
 	mv ./tfschema/github.com/gravitational/teleport/api/gen/proto/go/teleport/accesslist/v1/accesslist_terraform.go ./tfschema/accesslist/v1/
 	mv ./tfschema/github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1/access_monitoring_rules_terraform.go ./tfschema/accessmonitoringrules/v1/
@@ -150,6 +157,7 @@ endif
 	mv ./tfschema/github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1/autoupdate_terraform.go ./tfschema/autoupdate/v1/
 	mv ./tfschema/github.com/gravitational/teleport/api/gen/proto/go/teleport/healthcheckconfig/v1/health_check_config_terraform.go ./tfschema/healthcheckconfig/v1/
 	mv ./tfschema/github.com/gravitational/teleport/api/types/device_terraform.go ./tfschema/devicetrust/v1/
+	mv ./tfschema/github.com/gravitational/teleport/api/gen/proto/go/teleport/machineid/v1/bot_terraform.go ./tfschema/machineid/v1/
 	rm -r ./tfschema/github.com/
 	@go run ./gen/main.go
 

integrations/terraform/examples/resources/teleport_bot_v2/resource.tf

@@ -0,0 +1,42 @@
+# Teleport Machine ID Bot creation example
+
+locals {
+  bot_name = "example"
+}
+
+resource "random_password" "bot_token" {
+  length  = 32
+  special = false
+}
+
+resource "time_offset" "bot_example_token_expiry" {
+  offset_hours = 1
+}
+
+resource "teleport_provision_token" "bot_example" {
+  metadata = {
+    expires     = time_offset.bot_example_token_expiry.rfc3339
+    description = "Bot join token for ${local.bot_name} generated by Terraform"
+
+    name = random_password.bot_token.result
+  }
+
+  spec = {
+    roles       = ["Bot"]
+    bot_name    = local.bot_name
+    join_method = "token"
+  }
+}
+
+resource "teleport_bot_v2" "example" {
+  metadata = {
+    name = local.bot_name
+  }
+
+  spec = {
+    roles = ["access"]
+    traits = {
+      "logins" = ["ubuntu", "root"]
+    }
+  }
+}

integrations/terraform/gen/main.go

@@ -665,6 +665,31 @@ var (
 		ExtraImports: []string{"apitypes \"github.com/gravitational/teleport/api/types\""},
 		ForceSetKind: "apitypes.KindHealthCheckConfig",
 	}
+
+	bot = payload{
+		Name:                  "Bot",
+		TypeName:              "Bot",
+		VarName:               "bot",
+		GetMethod:             "GetBot",
+		CreateMethod:          "CreateBot",
+		UpsertMethodArity:     2,
+		UpdateMethod:          "UpsertBot",
+		DeleteMethod:          "DeleteBot",
+		ID:                    "bot.Metadata.Name",
+		Kind:                  "bot",
+		HasStaticID:           false,
+		ProtoPackage:          "machineidv1",
+		ProtoPackagePath:      "github.com/gravitational/teleport/api/gen/proto/go/teleport/machineid/v1",
+		SchemaPackage:         "schemav1",
+		SchemaPackagePath:     "github.com/gravitational/teleport/integrations/terraform/tfschema/machineid/v1",
+		TerraformResourceType: "teleport_bot_v2",
+		// Since [RFD 153](https://github.com/gravitational/teleport/blob/master/rfd/0153-resource-guidelines.md)
+		// resources are plain structs
+		IsPlainStruct: true,
+		// As 153-style resources don't have CheckAndSetDefaults, we must set the Kind manually.
+		// We import the package containing kinds, then use ForceSetKind.
+		ForceSetKind: `"bot"`,
+	}
 )
 
 func main() {
@@ -726,6 +751,8 @@ func genTFSchema() {
 	generateDataSource(autoUpdateConfig, singularDataSource)
 	generateResource(healthCheckConfig, pluralResource)
 	generateDataSource(healthCheckConfig, pluralDataSource)
+	generateResource(bot, pluralResource)
+	generateDataSource(bot, pluralDataSource)
 }
 
 func generateResource(p payload, tpl string) {

integrations/terraform/protoc-gen-terraform-machineid.yaml

@@ -0,0 +1,69 @@
+---
+target_package_name: "v1"
+default_package_name: "github.com/gravitational/teleport/api/gen/proto/go/teleport/machineid/v1"
+duration_custom_type: Duration
+use_state_for_unknown_by_default: true
+
+# Top-level type names to export
+types:
+  - "Bot"
+
+# These import paths were not being automatically picked up by
+# protoc-gen-terraform without these overrides
+import_path_overrides:
+  "types": "github.com/gravitational/teleport/api/types"
+  "wrappers": "github.com/gravitational/teleport/api/types/wrappers"
+  "durationpb": "google.golang.org/protobuf/types/known/durationpb"
+  "timestamppb": "google.golang.org/protobuf/types/known/timestamppb"
+  "structpb": "google.golang.org/protobuf/types/known/structpb"
+  "v1": "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1"
+  "v11": "github.com/gravitational/teleport/api/gen/proto/go/teleport/label/v1"
+  "github.com_gravitational_teleport_integrations_terraform_tfschema": "github.com/gravitational/teleport/integrations/terraform/tfschema"
+
+# id field is required for integration tests. It is not used by provider.
+# We have to add it manually (might be removed in the future versions).
+injected_fields:
+  Bot:
+    - name: id
+      type: github.com/hashicorp/terraform-plugin-framework/types.StringType
+      computed: true
+      plan_modifiers:
+        - "github.com/hashicorp/terraform-plugin-framework/tfsdk.UseStateForUnknown()"
+
+# These fields will be excluded
+exclude_fields:
+  # Metadata (we id resources by name on our side)
+  - "Bot.metadata.id"
+
+# These fields will be marked as Computed: true
+computed_fields:
+  # Metadata
+  - "Bot.metadata.namespace"
+  - "Bot.kind"
+  - "Bot.status"
+
+# These fields will be marked as Required: true
+required_fields: []
+
+plan_modifiers:
+  # Force to recreate resource if it's name changes
+  Metadata.name:
+    - "github.com/hashicorp/terraform-plugin-framework/tfsdk.RequiresReplace()"
+
+# This must be defined for the generator to be happy, but in reality all time
+# fields are overridden (because the protobuf timestamps contain locks and the
+# linter gets mad if we use raw structs instead of pointers).
+time_type:
+  type: "PlaceholderType"
+duration_type:
+  type: "PlaceholderType"
+
+validators:
+  # Expires must be in the future
+  Metadata.expires:
+    - github.com_gravitational_teleport_integrations_terraform_tfschema.MustTimeBeInFuture()
+
+custom_types:
+  "Bot.metadata.expires": Timestamp
+  "Bot.spec.max_session_ttl": Duration
+  "Bot.spec.traits": TraitsMap