Skip to content
This repository has been archived by the owner on Dec 19, 2024. It is now read-only.

Custom Terraform provider that allows provisioning VGS Proxy Routes.

License

Notifications You must be signed in to change notification settings

verygoodsecurity/terraform-provider-vgs

Repository files navigation

VGS Terraform Provider

CircleCI

Custom Terraform provider that allows provisioning VGS Proxy Routes.

THIS LIBRARY IS PRE-RELEASE AND NOT READY FOR CUSTOMER CONSUMPTION

It will be ready when we provide

  • Tests
  • CICD
  • Documentation

How to Install

Manual (in-house provider)

  1. Navigate to the latest release of the provider.
  2. Download archive for a particular OS and Architecture. You can run terraform --version on your environment to decide which OS and Arch to use.
  3. Unzip the archive and copy the provider binary into ~/terraform.d/plugin/... according to official documentation.

Terraform Registry

NOTE: Current version has not been published to Terraform Registry yet.

How to Use

  1. Create a Vault through VGS dashboard and get your Vault ID.
  2. Create a directory for your TF files (or use /examples) and create main.tf. For terraform of version 0.13 and later see main_0.13.tf.
provider "vgs" {
  version = "~> 0.1"
}
resource "vgs_route" "inbound_route" {
  environment = "sandbox"
  vault = "tntbcduzut5"
  inline_config = <<EOF
id: 04b2e1b7-fb60-472f-a79f-af7e2353f122
type: rule_chain
attributes:
  tags:
    name: my-awesome-inbound-route
    source: RouteContainer
  destination_override_endpoint: 'https://echo.apps.verygood.systems'
  host_endpoint: (.*)\.verygoodproxy\.io
  id: 04b2e1b7-fb60-472f-a79f-af7e2353f122
  ordinal: null
  port: 80
  protocol: http
  source_endpoint: '*'
  entries:
  - classifiers: {}
    config:
      condition: AND
      rules:
        - expression:
            field: PathInfo
            operator: matches
            type: string
            values:
              - /post
        - expression:
            field: ContentType
            operator: equals
            type: string
            values:
              - application/json
          rules: null
    id: 39f2f5db-06a0-461d-9387-dd9a7ab19035
    id_selector: null
    operation: REDACT
    operations: null
    phase: REQUEST
    public_token_generator: UUID
    targets:
      - body
    token_manager: PERSISTENT
    transformer: JSON_PATH
    transformer_config:
      - $.account_number
    transformer_config_map: null
EOF
}
  1. Install and use vgs-cli to create a ServiceAccount.
  2. Set the VGS_CLIENT_ID and VGS_CLIENT_SECRET environment variables from ServiceAccount and run
~ terraform init
~ VGS_CLIENT_ID=xxx VGS_CLIENT_SECRET=yyy terraform apply

How to build from source

Requirements: Go

For your system

To compile binaries:

~ make build
~ ls ./bin
terraform-provider-vgs_v<ver>

Develop

Useful overrides for development:

~ VGS_VAULT_MANAGEMENT_API_BASE_URL=https://api.verygoodsecurity.io \
VGS_ACCOUNT_MANAGEMENT_API_BASE_URL=https://accounts.verygoodsecurity.io \
VGS_KEYCLOAK_URL=https://auth.verygoodsecurity.io \
VGS_CLIENT_ID=XXX \
VGS_CLIENT_SECRET=YYY \
terraform apply

API client located under https://github.com/verygoodsecurity/vgs-api-client-go

Test

To run tests locally:

~ TF_ACC=true VGS_CLIENT_ID=xxx VGS_CLIENT_SECRET=yyy go test ./...
?   	github.com/verygoodsecurity/terraform-provider-vgs	[no test files]
ok  	github.com/verygoodsecurity/terraform-provider-vgs/provider	66.337s