diff --git a/.github/configs/labeler.yml b/.github/configs/labeler.yml new file mode 100644 index 0000000..0a1c108 --- /dev/null +++ b/.github/configs/labeler.yml @@ -0,0 +1,7 @@ +#### +## This is managed via https://github.com/internal-GlueOps/github-shared-files-sync . Any changes to this file may be overridden by our automation +#### + +include-in-release-notes: + - changed-files: + - any-glob-to-any-file: '**' \ No newline at end of file diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000..b5bc3bb --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,32 @@ +#### +## This is managed via https://github.com/internal-GlueOps/github-shared-files-sync . Any changes to this file may be overridden by our automation +#### + +changelog: + exclude: + labels: + - 'ignore' + # authors: + # - 'glueops-terraform-svc-account' + # - 'glueops-svc-account' + # - 'glueops-renovatebot' + categories: + - title: Breaking Changes ๐Ÿ›  + labels: + - 'major' + - 'breaking-change' + - title: Enhancements ๐ŸŽ‰ + labels: + - 'minor' + - 'enhancement' + - 'new-feature' + - title: Other ๐Ÿ› + labels: + - 'auto-update' + - 'patch' + - 'fix' + - 'bugfix' + - 'bug' + - 'hotfix' + - 'dependencies' + - 'include-in-release-notes' \ No newline at end of file diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..e9106af --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,101 @@ +name: Docker Publish + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + push: + branches: [ "main" ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ "main" ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 + with: + cosign-release: 'v2.2.4' + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=tag + type=ref,event=branch + type=raw,value=latest + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable + TAGS: ${{ steps.meta.outputs.tags }} + DIGEST: ${{ steps.build-and-push.outputs.digest }} + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} \ No newline at end of file diff --git a/terraform-provider-autoglue/Makefile b/terraform-provider-autoglue/Makefile index efe381a..4ee74b7 100644 --- a/terraform-provider-autoglue/Makefile +++ b/terraform-provider-autoglue/Makefile @@ -1,23 +1,71 @@ +# ---- Provider build/dev settings ---- BIN ?= terraform-provider-autoglue VER ?= 0.0.1 OS ?= $(shell uname -s | tr '[:upper:]' '[:lower:]') ARCH ?= $(shell uname -m | sed 's/x86_64/amd64/;s/arm64/arm64/') +PROVIDER_SRC ?= glueops/autoglue/autoglue -.PHONY: build tidy dev clean +# ---- tfplugindocs settings ---- +# Where Go places binaries +BIN_DIR := $(shell go env GOBIN) +ifeq ($(BIN_DIR),) +BIN_DIR := $(shell go env GOPATH)/bin +endif +DOCS_BIN := $(BIN_DIR)/tfplugindocs +DOCS_DIR ?= docs +.PHONY: build tidy dev clean tools docs docs-validate docs-clean docs-readme + +# Build the provider binary in the repo root build: go build -o $(BIN) . +# Tidy module deps tidy: go mod tidy +# Install the provider locally for Terraform/OpenTofu as a dev provider dev: @echo "Installing dev provider v$(VER) for $(OS)_$(ARCH)..." - @DST="$${HOME}/.terraform.d/plugins/glueops/autoglue/autoglue/$(VER)/$(OS)_$(ARCH)"; \ + @DST="$${HOME}/.terraform.d/plugins/$(PROVIDER_SRC)/$(VER)/$(OS)_$(ARCH)"; \ mkdir -p "$$DST"; \ go build -o "$$DST/terraform-provider-autoglue_v$(VER)" .; \ echo "Provider installed to $$DST"; \ echo "Run: terraform init -upgrade" +# Remove build artifacts (and optionally generated docs if desired) clean: rm -f $(BIN) + +# ---------- Docs via tfplugindocs ---------- + +# Ensure tfplugindocs is available; install if missing +tools: + @set -e; \ + if [ ! -x "$(DOCS_BIN)" ]; then \ + echo "tfplugindocs not found. Installing..."; \ + go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@latest; \ + echo "Installed tfplugindocs to $(DOCS_BIN)"; \ + else \ + echo "tfplugindocs found at $(DOCS_BIN)"; \ + fi + +# Generate docs from your Go schemas into ./docs +docs: tools + @echo "Generating provider docs into ./$(DOCS_DIR)..." + @$(DOCS_BIN) + @echo "Done. See ./$(DOCS_DIR)" + +# Validate docs are up-to-date (useful in CI) +docs-validate: tools + @$(DOCS_BIN) validate + +# Clean generated docs +docs-clean: + @rm -rf $(DOCS_DIR) + +# OPTIONAL: copy the generated landing page to README.md +docs-readme: docs + @[ -f "$(DOCS_DIR)/index.md" ] && cp "$(DOCS_DIR)/index.md" README.md || \ + (echo "$(DOCS_DIR)/index.md not found. Did doc generation run?"; exit 1) + @echo "README.md updated from $(DOCS_DIR)/index.md" diff --git a/terraform-provider-autoglue/README.md b/terraform-provider-autoglue/README.md new file mode 100644 index 0000000..d54aeee --- /dev/null +++ b/terraform-provider-autoglue/README.md @@ -0,0 +1,24 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "autoglue Provider" +description: |- + +--- + +# autoglue Provider + + + + + + +## Schema + +### Optional + +- `addr` (String) Base URL to the autoglue API (e.g. https://autoglue.example.com/api/v1). Defaults to http://localhost:8080/api/v1. +- `api_key` (String, Sensitive) User API key for key-only auth. +- `bearer` (String, Sensitive) Bearer token (user access token). +- `org_id` (String) Organization ID (UUID). Required for user/bearer and user API key auth unless single-org membership. Omitted for org key/secret (derived server-side). +- `org_key` (String, Sensitive) Org-scoped key for machine auth. +- `org_secret` (String, Sensitive) Org-scoped secret for machine auth. diff --git a/terraform-provider-autoglue/docs/data-sources/annotations.md b/terraform-provider-autoglue/docs/data-sources/annotations.md new file mode 100644 index 0000000..081282d --- /dev/null +++ b/terraform-provider-autoglue/docs/data-sources/annotations.md @@ -0,0 +1,33 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "autoglue_annotations Data Source - terraform-provider-autoglue" +subcategory: "" +description: |- + List annotations for the organization (org-scoped). +--- + +# autoglue_annotations (Data Source) + +List annotations for the organization (org-scoped). + + + + +## Schema + +### Read-Only + +- `items` (Attributes List) Annotations returned by the API. (see [below for nested schema](#nestedatt--items)) + + +### Nested Schema for `items` + +Read-Only: + +- `created_at` (String) RFC3339, UTC. +- `id` (String) Taint ID (UUID). +- `key` (String) +- `organization_id` (String) +- `raw` (String) Full JSON for the item. +- `updated_at` (String) RFC3339, UTC. +- `value` (String) diff --git a/terraform-provider-autoglue/docs/data-sources/labels.md b/terraform-provider-autoglue/docs/data-sources/labels.md new file mode 100644 index 0000000..6211f67 --- /dev/null +++ b/terraform-provider-autoglue/docs/data-sources/labels.md @@ -0,0 +1,33 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "autoglue_labels Data Source - terraform-provider-autoglue" +subcategory: "" +description: |- + List labels for the organization (org-scoped). +--- + +# autoglue_labels (Data Source) + +List labels for the organization (org-scoped). + + + + +## Schema + +### Read-Only + +- `items` (Attributes List) Labels returned by the API. (see [below for nested schema](#nestedatt--items)) + + +### Nested Schema for `items` + +Read-Only: + +- `created_at` (String) RFC3339, UTC. +- `id` (String) Taint ID (UUID). +- `key` (String) +- `organization_id` (String) +- `raw` (String) Full JSON for the item. +- `updated_at` (String) RFC3339, UTC. +- `value` (String) diff --git a/terraform-provider-autoglue/docs/data-sources/servers.md b/terraform-provider-autoglue/docs/data-sources/servers.md new file mode 100644 index 0000000..03c41e1 --- /dev/null +++ b/terraform-provider-autoglue/docs/data-sources/servers.md @@ -0,0 +1,43 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "autoglue_servers Data Source - terraform-provider-autoglue" +subcategory: "" +description: |- + List servers for the organization (org-scoped). +--- + +# autoglue_servers (Data Source) + +List servers for the organization (org-scoped). + + + + +## Schema + +### Optional + +- `role` (String) Filter by role. +- `status` (String) Filter by status (pending|provisioning|ready|failed). + +### Read-Only + +- `items` (Attributes List) Servers returned by the API. (see [below for nested schema](#nestedatt--items)) + + +### Nested Schema for `items` + +Read-Only: + +- `created_at` (String) RFC3339, UTC. +- `hostname` (String) +- `id` (String) Server ID (UUID). +- `organization_id` (String) +- `private_ip_address` (String) +- `public_ip_address` (String) +- `raw` (String) Full JSON for the item. +- `role` (String) +- `ssh_key_id` (String) +- `ssh_user` (String) +- `status` (String) +- `updated_at` (String) RFC3339, UTC. diff --git a/terraform-provider-autoglue/docs/data-sources/ssh_keys.md b/terraform-provider-autoglue/docs/data-sources/ssh_keys.md new file mode 100644 index 0000000..6d368e7 --- /dev/null +++ b/terraform-provider-autoglue/docs/data-sources/ssh_keys.md @@ -0,0 +1,37 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "autoglue_ssh_keys Data Source - terraform-provider-autoglue" +subcategory: "" +description: |- + +--- + +# autoglue_ssh_keys (Data Source) + + + + + + +## Schema + +### Optional + +- `fingerprint` (String) Filter by exact fingerprint (client-side). +- `name_contains` (String) Filter by substring of name (client-side). + +### Read-Only + +- `keys` (Attributes List) SSH keys (see [below for nested schema](#nestedatt--keys)) + + +### Nested Schema for `keys` + +Read-Only: + +- `created_at` (String) +- `fingerprint` (String) +- `id` (String) +- `name` (String) +- `public_key` (String) +- `updated_at` (String) diff --git a/terraform-provider-autoglue/docs/data-sources/taints.md b/terraform-provider-autoglue/docs/data-sources/taints.md new file mode 100644 index 0000000..6cce3d1 --- /dev/null +++ b/terraform-provider-autoglue/docs/data-sources/taints.md @@ -0,0 +1,34 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "autoglue_taints Data Source - terraform-provider-autoglue" +subcategory: "" +description: |- + List taints for the organization (org-scoped). +--- + +# autoglue_taints (Data Source) + +List taints for the organization (org-scoped). + + + + +## Schema + +### Read-Only + +- `items` (Attributes List) Taints returned by the API. (see [below for nested schema](#nestedatt--items)) + + +### Nested Schema for `items` + +Read-Only: + +- `created_at` (String) RFC3339, UTC. +- `effect` (String) +- `id` (String) Taint ID (UUID). +- `key` (String) +- `organization_id` (String) +- `raw` (String) Full JSON for the item. +- `updated_at` (String) RFC3339, UTC. +- `value` (String) diff --git a/terraform-provider-autoglue/docs/index.md b/terraform-provider-autoglue/docs/index.md new file mode 100644 index 0000000..d54aeee --- /dev/null +++ b/terraform-provider-autoglue/docs/index.md @@ -0,0 +1,24 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "autoglue Provider" +description: |- + +--- + +# autoglue Provider + + + + + + +## Schema + +### Optional + +- `addr` (String) Base URL to the autoglue API (e.g. https://autoglue.example.com/api/v1). Defaults to http://localhost:8080/api/v1. +- `api_key` (String, Sensitive) User API key for key-only auth. +- `bearer` (String, Sensitive) Bearer token (user access token). +- `org_id` (String) Organization ID (UUID). Required for user/bearer and user API key auth unless single-org membership. Omitted for org key/secret (derived server-side). +- `org_key` (String, Sensitive) Org-scoped key for machine auth. +- `org_secret` (String, Sensitive) Org-scoped secret for machine auth. diff --git a/terraform-provider-autoglue/docs/index.md.tmpl b/terraform-provider-autoglue/docs/index.md.tmpl new file mode 100644 index 0000000..8b235f6 --- /dev/null +++ b/terraform-provider-autoglue/docs/index.md.tmpl @@ -0,0 +1,52 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "{{ .ProviderName }} Provider" +description: |-x + {{ .ProviderDescription }} +--- + +# {{ .ProviderName }} Provider + +${{ .ProviderDescription }} + +## Quick Start + +~~{hul}hcl +terraform { + required_providers { + {{ .ProviderName }} = { + source = "{{ .ProviderSource }}" + # version = ">= 0.0.1" + } + } +} + +provider "{{ .ProviderName }}" { + # addr = "https://api.example.com/api/v1" + # api_key = "angykey" + # bearer = "accesstoken" + # org_id = "..." + # org_key = "---" + # org_secret = "---" +} +~~{hul} + +## Resources +{{- if .Resources }} +{{- range .Resources }} +- [{+ .Name }](./resources/{{ .FileName }}) +{{- end }} +{{- else }} +_No resources yet._ +{{- end }} + +## Data Sources +{{- if .DataSources }} +{{- range .DataSources }} +- [{+.Name }(./data-sources/{{ .FileName }}) +{{- end }} +{{- else }} +_No data sources yet._ +{{- end }} + +<-- schema generated by tfplugindocs --= diff --git a/terraform-provider-autoglue/docs/resources/annotation.md b/terraform-provider-autoglue/docs/resources/annotation.md new file mode 100644 index 0000000..6f28356 --- /dev/null +++ b/terraform-provider-autoglue/docs/resources/annotation.md @@ -0,0 +1,29 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "autoglue_annotation Resource - terraform-provider-autoglue" +subcategory: "" +description: |- + Create and manage a annotation (org-scoped). +--- + +# autoglue_annotation (Resource) + +Create and manage a annotation (org-scoped). + + + + +## Schema + +### Required + +- `key` (String) Key. +- `value` (String) Value. + +### Read-Only + +- `created_at` (String) +- `id` (String) ID (UUID). +- `organization_id` (String) +- `raw` (String) Full server JSON from API. +- `updated_at` (String) diff --git a/terraform-provider-autoglue/docs/resources/label.md b/terraform-provider-autoglue/docs/resources/label.md new file mode 100644 index 0000000..83e7777 --- /dev/null +++ b/terraform-provider-autoglue/docs/resources/label.md @@ -0,0 +1,29 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "autoglue_label Resource - terraform-provider-autoglue" +subcategory: "" +description: |- + Create and manage a label (org-scoped). +--- + +# autoglue_label (Resource) + +Create and manage a label (org-scoped). + + + + +## Schema + +### Required + +- `key` (String) Key. +- `value` (String) Value. + +### Read-Only + +- `created_at` (String) +- `id` (String) Server ID (UUID). +- `organization_id` (String) +- `raw` (String) Full server JSON from API. +- `updated_at` (String) diff --git a/terraform-provider-autoglue/docs/resources/server.md b/terraform-provider-autoglue/docs/resources/server.md new file mode 100644 index 0000000..799f180 --- /dev/null +++ b/terraform-provider-autoglue/docs/resources/server.md @@ -0,0 +1,37 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "autoglue_server Resource - terraform-provider-autoglue" +subcategory: "" +description: |- + Create and manage a server (org-scoped). Mirrors API validation for role/status/ssh_key_id. +--- + +# autoglue_server (Resource) + +Create and manage a server (org-scoped). Mirrors API validation for role/status/ssh_key_id. + + + + +## Schema + +### Required + +- `hostname` (String) Hostname. +- `private_ip_address` (String) Private IP address (required). +- `role` (String) Server role (e.g., agent/manager/bastion). Lowercased by the provider. +- `ssh_key_id` (String) SSH key ID (UUID) that belongs to the org. +- `ssh_user` (String) SSH username (required). + +### Optional + +- `public_ip_address` (String) Public IP address (required when role = bastion). +- `status` (String) Status (pending|provisioning|ready|failed). Lowercased by the provider. + +### Read-Only + +- `created_at` (String) +- `id` (String) Server ID (UUID). +- `organization_id` (String) +- `raw` (String) Full server JSON from API. +- `updated_at` (String) diff --git a/terraform-provider-autoglue/docs/resources/ssh_key.md b/terraform-provider-autoglue/docs/resources/ssh_key.md new file mode 100644 index 0000000..eaff11c --- /dev/null +++ b/terraform-provider-autoglue/docs/resources/ssh_key.md @@ -0,0 +1,35 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "autoglue_ssh_key Resource - terraform-provider-autoglue" +subcategory: "" +description: |- + +--- + +# autoglue_ssh_key (Resource) + + + + + + +## Schema + +### Required + +- `comment` (String) Comment appended to authorized key +- `name` (String) Display name + +### Optional + +- `bits` (Number) RSA key size (2048/3072/4096). Ignored for ed25519. +- `type` (String) Key type: rsa or ed25519 (default rsa) + +### Read-Only + +- `created_at` (String) Creation time (RFC3339, UTC) +- `fingerprint` (String) SHA256 fingerprint +- `id` (String) SSH key ID (UUID) +- `private_key_pem` (String, Sensitive) Private key PEM (resource doesnโ€™t reveal; stays empty). +- `public_key` (String) OpenSSH authorized key +- `updated_at` (String) Update time (RFC3339, UTC) diff --git a/terraform-provider-autoglue/docs/resources/taint.md b/terraform-provider-autoglue/docs/resources/taint.md new file mode 100644 index 0000000..8a54b9e --- /dev/null +++ b/terraform-provider-autoglue/docs/resources/taint.md @@ -0,0 +1,30 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "autoglue_taint Resource - terraform-provider-autoglue" +subcategory: "" +description: |- + Create and manage a taint (org-scoped). +--- + +# autoglue_taint (Resource) + +Create and manage a taint (org-scoped). + + + + +## Schema + +### Required + +- `effect` (String) Effect. +- `key` (String) Key. +- `value` (String) Value. + +### Read-Only + +- `created_at` (String) +- `id` (String) Server ID (UUID). +- `organization_id` (String) +- `raw` (String) Full server JSON from API. +- `updated_at` (String) diff --git a/terraform-provider-autoglue/terraform-provider-autoglue b/terraform-provider-autoglue/terraform-provider-autoglue new file mode 100755 index 0000000..8c66219 Binary files /dev/null and b/terraform-provider-autoglue/terraform-provider-autoglue differ