-
Notifications
You must be signed in to change notification settings - Fork 57
Feat: implement sa tokens #712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
c28554a
feat: implement sa access token resource
h3adex e09ca68
feat: implement service account resource/datasource
h3adex dec2848
feat: implement sa access token resource
h3adex f629b1f
review changes
h3adex 9540c00
review changes 2
h3adex 646aa44
change id order
h3adex File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "stackit_service_account_access_token Resource - stackit" | ||
| subcategory: "" | ||
| description: |- | ||
| Schema for a STACKIT service account access token resource. | ||
| ~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our guide https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources for how to opt-in to use beta resources. | ||
| Example Usage | ||
| Automatically rotate access tokens | ||
|
|
||
| resource "stackit_service_account" "sa" { | ||
| project_id = var.stackit_project_id | ||
| name = "sa01" | ||
| } | ||
|
|
||
| resource "time_rotating" "rotate" { | ||
| rotation_days = 80 | ||
| } | ||
|
|
||
| resource "stackit_service_account_access_token" "sa1" { | ||
| project_id = var.stackit_project_id | ||
| service_account_email = stackit_service_account.sa.email | ||
| ttl_days = 180 | ||
|
|
||
| rotate_when_changed = { | ||
| rotation = time_rotating.rotate.id | ||
| } | ||
| } | ||
| --- | ||
|
|
||
| # stackit_service_account_access_token (Resource) | ||
|
|
||
| Schema for a STACKIT service account access token resource. | ||
|
|
||
| ~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our [guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources) for how to opt-in to use beta resources. | ||
| ## Example Usage | ||
|
|
||
|
|
||
| ### Automatically rotate access tokens | ||
| ```terraform | ||
| resource "stackit_service_account" "sa" { | ||
| project_id = var.stackit_project_id | ||
| name = "sa01" | ||
| } | ||
|
|
||
| resource "time_rotating" "rotate" { | ||
| rotation_days = 80 | ||
| } | ||
|
|
||
| resource "stackit_service_account_access_token" "sa1" { | ||
| project_id = var.stackit_project_id | ||
| service_account_email = stackit_service_account.sa.email | ||
| ttl_days = 180 | ||
|
|
||
| rotate_when_changed = { | ||
| rotation = time_rotating.rotate.id | ||
| } | ||
| } | ||
|
|
||
| ``` | ||
|
|
||
|
|
||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `project_id` (String) STACKIT project ID associated with the service account token. | ||
| - `service_account_email` (String) Email address linked to the service account. | ||
|
|
||
| ### Optional | ||
|
|
||
| - `rotate_when_changed` (Map of String) A map of arbitrary key/value pairs that will force recreation of the token when they change, enabling token rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created. | ||
| - `ttl_days` (Number) Specifies the token's validity duration in days. If unspecified, defaults to 90 days. | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `access_token_id` (String) Identifier for the access token linked to the service account. | ||
| - `active` (Boolean) Indicate whether the token is currently active or inactive | ||
| - `created_at` (String) Timestamp indicating when the access token was created. | ||
| - `id` (String) Unique internal resource ID for Terraform, formatted as "`project_id`,`access_token_id`". | ||
| - `token` (String, Sensitive) JWT access token for API authentication. Prefixed by 'Bearer' and should be stored securely as it is irretrievable once lost. | ||
| - `valid_until` (String) Estimated expiration timestamp of the access token. For precise validity, check the JWT details. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| package token | ||
|
|
||
| const markdownDescription = ` | ||
| Schema for a STACKIT service account access token resource.` + "\n" + ` | ||
| ~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our [guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources) for how to opt-in to use beta resources. | ||
| ## Example Usage` + "\n" + ` | ||
|
|
||
| ### Automatically rotate access tokens` + "\n" + | ||
| "```terraform" + ` | ||
| resource "stackit_service_account" "sa" { | ||
| project_id = var.stackit_project_id | ||
| name = "sa01" | ||
| } | ||
|
|
||
| resource "time_rotating" "rotate" { | ||
| rotation_days = 80 | ||
| } | ||
|
|
||
| resource "stackit_service_account_access_token" "sa1" { | ||
| project_id = var.stackit_project_id | ||
| service_account_email = stackit_service_account.sa.email | ||
| ttl_days = 180 | ||
|
|
||
| rotate_when_changed = { | ||
| rotation = time_rotating.rotate.id | ||
| } | ||
| } | ||
|
h3adex marked this conversation as resolved.
|
||
| ` + "\n```" | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.