# Reference for the teleport\_github\_connector Terraform resource This page describes the supported values of the teleport\_github\_connector resource of the Teleport Terraform provider. ## Example Usage ``` # Terraform Github connector variable "github_secret" {} resource "teleport_github_connector" "github" { version = "v3" # This section tells Terraform that role example must be created before the GitHub connector depends_on = [ teleport_role.example ] metadata = { name = "example" labels = { example = "yes" } } spec = { client_id = "client" client_secret = var.github_secret teams_to_roles = [{ organization = "gravitational" team = "devs" roles = ["example"] }] } } ``` ## Schema ### Required - `spec` (Attributes) Spec is an Github connector specification. (see [below for nested schema](#nested-schema-for-spec)) - `version` (String) Version is the resource version. It must be specified. Supported values are: `v3`. ### Optional - `metadata` (Attributes) Metadata holds resource metadata. (see [below for nested schema](#nested-schema-for-metadata)) - `sub_kind` (String) SubKind is an optional resource sub kind, used in some resources. ### Nested Schema for `spec` Required: - `client_id` (String) ClientID is the Github OAuth app client ID. - `client_secret` (String, Sensitive) ClientSecret is the Github OAuth app client secret. Optional: - `api_endpoint_url` (String) APIEndpointURL is the URL of the API endpoint of the Github instance this connector is for. - `client_redirect_settings` (Attributes) ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones. (see [below for nested schema](#nested-schema-for-specclient_redirect_settings)) - `display` (String) Display is the connector display name. - `endpoint_url` (String) EndpointURL is the URL of the GitHub instance this connector is for. - `redirect_url` (String) RedirectURL is the authorization callback URL. - `teams_to_logins` (Attributes List) TeamsToLogins maps Github team memberships onto allowed logins/roles. DELETE IN 11.0.0 Deprecated: use GithubTeamsToRoles instead. (see [below for nested schema](#nested-schema-for-specteams_to_logins)) - `teams_to_roles` (Attributes List) TeamsToRoles maps Github team memberships onto allowed roles. (see [below for nested schema](#nested-schema-for-specteams_to_roles)) ### Nested Schema for `spec.client_redirect_settings` Optional: - `allowed_https_hostnames` (List of String) a list of hostnames allowed for https client redirect URLs - `insecure_allowed_cidr_ranges` (List of String) a list of CIDRs allowed for HTTP or HTTPS client redirect URLs ### Nested Schema for `spec.teams_to_logins` Optional: - `kubernetes_groups` (List of String) KubeGroups is a list of allowed kubernetes groups for this org/team. - `kubernetes_users` (List of String) KubeUsers is a list of allowed kubernetes users to impersonate for this org/team. - `logins` (List of String) Logins is a list of allowed logins for this org/team. - `organization` (String) Organization is a Github organization a user belongs to. - `team` (String) Team is a team within the organization a user belongs to. ### Nested Schema for `spec.teams_to_roles` Optional: - `organization` (String) Organization is a Github organization a user belongs to. - `roles` (List of String) Roles is a list of allowed logins for this org/team. - `team` (String) Team is a team within the organization a user belongs to. ### Nested Schema for `metadata` Required: - `name` (String) Name is an object name Optional: - `description` (String) Description is object description - `expires` (String) Expires is a global expiry time header can be set on any resource in the system. - `labels` (Map of String) Labels is a set of labels