terraform: access list support #916
Conversation
hugoShaka
force-pushed
the
hugo/terraform-access-lists
branch
2 times, most recently
from
3f56627 to
5d918fb
Compare
|
Note: linting and tests are all over the place because I changed the |
hugoShaka
requested review from
klizhentas,
russjones,
r0mant,
Joerger,
tcsc,
zmb3,
camscale and
fheinecke
as code owners
Adds a custom_type configuration knob used by the PR gravitational/teleport-plugins#916 This allows to override types without specifying "gogoproto.customtype" (we don't use gogoproto anymore for the new types).
hugoShaka
force-pushed
the
hugo/terraform-access-lists
branch
from
e483741 to
f514c5c
Compare
|
I hacked a bit, a breaking change in the plugin lib was pushed to The CI is also using a dev release of teleport as the tests require a change which was not in the latest release 14.0.0. This CI reference must be updated the next time we do an official v14 release. |
What change was it? |
marcoandredinis
force-pushed
the
hugo/terraform-access-lists
branch
from
650c1fd to
df14d38
Compare
|
@mdwn Can you please take another look? |
marcoandredinis
force-pushed
the
hugo/terraform-access-lists
branch
from
73f17f8 to
12f96de
Compare
This PR adds access list support to the Terraform provider. Since we stopped using gogoproto, generating new resources became increasingly complex. The access list terraform schema was generated from the protobuf types and not the ones in `api/types`, which causes all kind of small oddities from a user PoV, and made this PR way more complex. User-facing limitations: - the `metadata` field is nested under the `header` one because of the protobuf structure - the traits is not a map but a list of structs, each struct with a key and a value attribute Non user-facing limitations the PR had to work around: - the protobuf time is different from go's time, I initially wanted to create `ProtoTimeType`/`ProtoTimeValue` but we cannot embbed a protobuf timestamp directly (because it contains a lock, the terraform value must be a reference, which is not supported by the protoc generator). The workaround is to use custom types (`Timestamp` and `Duration`). - the provider has to do the conversion between the proto type and the api/type. This required writing a new provider template for new non-gogo resources (`gen/plural_data_source_new.go.tpl` and `gen/plural_resources_new.go.tpl`) - The time type difference caused conversion issues fixed by gravitational/teleport#32135
marcoandredinis
force-pushed
the
hugo/terraform-access-lists
branch
from
12f96de to
0a5793d
Compare
This PR adds access list support to the Terraform provider. Since we stopped using gogoproto, generating new resources became increasingly complex.
The access list terraform schema was generated from the protobuf types and not the ones in
api/types, which causes all kinds of small oddities from a user PoV, and made this PR way more complex.User-facing limitations:
metadatafield is nested under theheaderone because of the protobuf structureNon user-facing limitations the PR had to work around:
ProtoTimeType/ProtoTimeValuebut we cannot embbed a protobuf timestamp directly (because it contains a lock, the terraformvalue must be a reference, which is not supported by the protoc generator). The workaround is to use custom types (
TimestampandDuration). Requires: Add custom_types config parameter protoc-gen-terraform#36gen/plural_data_source_new.go.tplandgen/plural_resources_new.go.tpl)