Skip to content

Terraform: Modernize teleport_bot resource#60623

Merged
boxofrad merged 5 commits intomasterfrom
boxofrad/evolve-bot-resource
Nov 10, 2025
Merged

Terraform: Modernize teleport_bot resource#60623
boxofrad merged 5 commits intomasterfrom
boxofrad/evolve-bot-resource

Conversation

@boxofrad
Copy link
Copy Markdown
Contributor

@boxofrad boxofrad commented Oct 27, 2025

This is an alternative to #60310 which is far less disruptive to the user, but much more complex internally.

It evolves the teleport_bot resource such that:

  • The top-level name, roles, and traits attributes are now deprecated, and have been replaced with RFD 153-style metadata and spec objects to match our other resources
  • We no longer delete and recreate bots during updates (unless the bot name has changed)
  • You can now import teleport_bot resources

The complexity stems from the fact that, because the Terraform provider's version is directly coupled to the auth server version, making backward-incompatible changes to resource schema is additionally disruptive. So we want to support both the old and new "schemas" at the same time, and allow the user to update their configuration when they're ready.

An alternative would be to increment the schema "version" and provide a StateUpgrade method, but this would still require the user to update their configuration before the next run.

# Before (this will still work unmodified, with deprecation warnings!)
resource "teleport_bot" "rocket_launcher" {
  name  = "rocket-launcher"
  roles = ["access"]

  traits = {
    logins = ["ubuntu", "root"]
  }
}

# After
resource "teleport_bot" "rocket_launcher" {
  metadata = {
    name  = "rocket-launcher"
  }

  spec = {
    roles = ["access"]

    traits = {
      logins = ["ubuntu", "root"]
    }
  }
}

It is not permissible to mix and match old and new-style attributes, because this makes the mapping to/from protobuf more complex.

# This is not allowed
resource "teleport_bot" "rocket_launcher" {
  name = "rocket-launcher"

  metadata = {
    labels = {
      team = "engineering"
    }
  }

  roles = ["access"]

  spec = {
    traits = {
      logins = ["root"]
    }
  }
}

Closes #40654, #51555, #56910.

changelog: Terraform: teleport_bot resource now supports import, and follows the standard resource structure

@boxofrad boxofrad added the terraform-provider Issues relating to the Teleport Terraform provider in the teleport-plugins repo label Oct 27, 2025
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Oct 27, 2025
edited
Loading

Amplify deployment status

Branch Commit Job ID Status Preview Updated (UTC)
boxofrad/evolve-bot-resource 490f750 3 ✅SUCCEED boxofrad-evolve-bot-resource 2025-10-28 12:40:40

strideynet
strideynet reviewed Oct 28, 2025
View reviewed changes
Comment thread docs/pages/reference/infrastructure-as-code/terraform-provider/resources/bot.mdx Outdated
@strideynet
Copy link
Copy Markdown
Contributor

strideynet commented Oct 28, 2025

Does this need a label for v18 backport?

@strideynet strideynet mentioned this pull request Oct 28, 2025
Open
@boxofrad boxofrad added this pull request to the merge queue Nov 10, 2025
Merged via the queue into master with commit c8713a7 Nov 10, 2025
46 checks passed
@boxofrad boxofrad deleted the boxofrad/evolve-bot-resource branch November 10, 2025 11:03
@backport-bot-workflows
Copy link
Copy Markdown
Contributor

backport-bot-workflows bot commented Nov 10, 2025

@boxofrad See the table below for backport results.

Branch Result
branch/v18 Create PR

@boxofrad boxofrad mentioned this pull request Nov 10, 2025
Merged
@taraspos taraspos linked an issue Nov 14, 2025 that may be closed by this pull request
Allow importing of teleport_bot Terraform resource #51555
Closed
@strideynet strideynet mentioned this pull request Nov 14, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcoandredinis marcoandredinis marcoandredinis approved these changes

@strideynet strideynet strideynet approved these changes

@hugoShaka hugoShaka hugoShaka approved these changes

Assignees

No one assigned

Labels

backport/branch/v18 documentation machine-id size/lg terraform-provider Issues relating to the Teleport Terraform provider in the teleport-plugins repo

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow importing of teleport_bot Terraform resource Machine ID: Introduce new Bot resource to Terraform

4 participants

@boxofrad @strideynet @marcoandredinis @hugoShaka