Hardening Infrastructure Security Against SSO Identity Provider Compromise
Jul 11
Virtual
Register Today
Support
LOG IN
Teleport logoTry For Free
Contact SalesTry for Free
Support
LOG IN
Fork me on GitHub

Teleport

Reference for the teleport_github_connector Terraform resource

Version 16.x

Example Usage 

# Terraform Github connector

variable "github_secret" {}

resource "teleport_github_connector" "github" {
  # This section tells Terraform that role example must be created before the GitHub connector
  depends_on = [
    teleport_role.example
  ]

  metadata = {
    name = "example"
    labels = {
      example = "yes"
    }
  }

  spec = {
    client_id     = "client"
    client_secret = var.github_secret

    teams_to_roles = [{
      organization = "gravitational"
      team         = "devs"
      roles        = ["example"]
    }]
  }
}

Schema

Required

  • spec (Attributes) Spec is an Github connector specification. (see below for nested schema)
  • version (String) Version is the resource version. It must be specified. Supported values are: v3.

Optional

  • metadata (Attributes) Metadata holds resource metadata. (see below for nested schema)
  • sub_kind (String) SubKind is an optional resource sub kind, used in some resources.

Nested Schema for spec

Required:

  • client_id (String) ClientID is the Github OAuth app client ID.
  • client_secret (String, Sensitive) ClientSecret is the Github OAuth app client secret.

Optional:

  • api_endpoint_url (String) APIEndpointURL is the URL of the API endpoint of the Github instance this connector is for.
  • client_redirect_settings (Attributes) ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones. (see below for nested schema)
  • display (String) Display is the connector display name.
  • endpoint_url (String) EndpointURL is the URL of the GitHub instance this connector is for.
  • redirect_url (String) RedirectURL is the authorization callback URL.
  • teams_to_logins (Attributes List) TeamsToLogins maps Github team memberships onto allowed logins/roles. DELETE IN 11.0.0 Deprecated: use GithubTeamsToRoles instead. (see below for nested schema)
  • teams_to_roles (Attributes List) TeamsToRoles maps Github team memberships onto allowed roles. (see below for nested schema)

Nested Schema for spec.client_redirect_settings

Optional:

  • allowed_https_hostnames (List of String) a list of hostnames allowed for https client redirect URLs

Nested Schema for spec.teams_to_logins

Optional:

  • kubernetes_groups (List of String) KubeGroups is a list of allowed kubernetes groups for this org/team.
  • kubernetes_users (List of String) KubeUsers is a list of allowed kubernetes users to impersonate for this org/team.
  • logins (List of String) Logins is a list of allowed logins for this org/team.
  • organization (String) Organization is a Github organization a user belongs to.
  • team (String) Team is a team within the organization a user belongs to.

Nested Schema for spec.teams_to_roles

Optional:

  • organization (String) Organization is a Github organization a user belongs to.
  • roles (List of String) Roles is a list of allowed logins for this org/team.
  • team (String) Team is a team within the organization a user belongs to.

Nested Schema for metadata

Required:

  • name (String) Name is an object name

Optional:

  • description (String) Description is object description
  • expires (String) Expires is a global expiry time header can be set on any resource in the system.
  • labels (Map of String) Labels is a set of labels