Teleport
Reference for the teleport_github_connector Terraform resource
- Edge version
- Version 17.x
- Version 16.x
- Version 15.x
- Older Versions
Example Usage
# Terraform Github connector
variable "github_secret" {}
resource "teleport_github_connector" "github" {
version = "v3"
# This section tells Terraform that role example must be created before the GitHub connector
depends_on = [
teleport_role.example
]
metadata = {
name = "example"
labels = {
example = "yes"
}
}
spec = {
client_id = "client"
client_secret = var.github_secret
teams_to_roles = [{
organization = "gravitational"
team = "devs"
roles = ["example"]
}]
}
}
Schema
Required
spec
(Attributes) Spec is an Github connector specification. (see below for nested schema)version
(String) Version is the resource version. It must be specified. Supported values are:v3
.
Optional
metadata
(Attributes) Metadata holds resource metadata. (see below for nested schema)sub_kind
(String) SubKind is an optional resource sub kind, used in some resources.
Nested Schema for spec
Required:
client_id
(String) ClientID is the Github OAuth app client ID.client_secret
(String, Sensitive) ClientSecret is the Github OAuth app client secret.
Optional:
api_endpoint_url
(String) APIEndpointURL is the URL of the API endpoint of the Github instance this connector is for.client_redirect_settings
(Attributes) ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones. (see below for nested schema)display
(String) Display is the connector display name.endpoint_url
(String) EndpointURL is the URL of the GitHub instance this connector is for.redirect_url
(String) RedirectURL is the authorization callback URL.teams_to_logins
(Attributes List) TeamsToLogins maps Github team memberships onto allowed logins/roles. DELETE IN 11.0.0 Deprecated: use GithubTeamsToRoles instead. (see below for nested schema)teams_to_roles
(Attributes List) TeamsToRoles maps Github team memberships onto allowed roles. (see below for nested schema)
Nested Schema for spec.client_redirect_settings
Optional:
allowed_https_hostnames
(List of String) a list of hostnames allowed for https client redirect URLsinsecure_allowed_cidr_ranges
(List of String) a list of CIDRs allowed for HTTP or HTTPS client redirect URLs
Nested Schema for spec.teams_to_logins
Optional:
kubernetes_groups
(List of String) KubeGroups is a list of allowed kubernetes groups for this org/team.kubernetes_users
(List of String) KubeUsers is a list of allowed kubernetes users to impersonate for this org/team.logins
(List of String) Logins is a list of allowed logins for this org/team.organization
(String) Organization is a Github organization a user belongs to.team
(String) Team is a team within the organization a user belongs to.
Nested Schema for spec.teams_to_roles
Optional:
organization
(String) Organization is a Github organization a user belongs to.roles
(List of String) Roles is a list of allowed logins for this org/team.team
(String) Team is a team within the organization a user belongs to.
Nested Schema for metadata
Required:
name
(String) Name is an object name
Optional:
description
(String) Description is object descriptionexpires
(String) Expires is a global expiry time header can be set on any resource in the system.labels
(Map of String) Labels is a set of labels