Skip to main content
Version: 19.x (unreleased)

Reference for the teleport_github_connector Terraform resource

Report an issue with this page

This page describes the supported values of the teleport_github_connector resource of the Teleport Terraform provider.

Example Usage

# Terraform Github connector

variable "github_secret" {}

resource "teleport_github_connector" "github" {
  version = "v3"
  # This section tells Terraform that role example must be created before the GitHub connector
  depends_on = [
    teleport_role.example
  ]

  metadata = {
    name = "example"
    labels = {
      example = "yes"
    }
  }

  spec = {
    client_id     = "client"
    client_secret = var.github_secret

    teams_to_roles = [{
      organization = "gravitational"
      team         = "devs"
      roles        = ["example"]
    }]
  }
}

Schema

Required

  • spec (Attributes) Spec is an Github connector specification. (see below for nested schema)
  • version (String) Version is the resource version. It must be specified. Supported values are: v3.

Optional

  • metadata (Attributes) Metadata holds resource metadata. (see below for nested schema)
  • sub_kind (String) SubKind is an optional resource sub kind, used in some resources.

Nested Schema for spec

Required:

  • client_id (String) ClientID is the Github OAuth app client ID.
  • client_secret (String, Sensitive) ClientSecret is the Github OAuth app client secret.

Optional:

  • api_endpoint_url (String) APIEndpointURL is the URL of the API endpoint of the Github instance this connector is for.
  • client_redirect_settings (Attributes) ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones. (see below for nested schema)
  • display (String) Display is the connector display name.
  • endpoint_url (String) EndpointURL is the URL of the GitHub instance this connector is for.
  • redirect_url (String) RedirectURL is the authorization callback URL.
  • teams_to_logins (Attributes List) TeamsToLogins maps Github team memberships onto allowed logins/roles. DELETE IN 11.0.0 Deprecated: use GithubTeamsToRoles instead. (see below for nested schema)
  • teams_to_roles (Attributes List) TeamsToRoles maps Github team memberships onto allowed roles. (see below for nested schema)
  • user_matchers (List of String) UserMatchers is a set of glob patterns to narrow down which username(s) this auth connector should match for identifier-first login.

Nested Schema for spec.client_redirect_settings

Optional:

  • allowed_https_hostnames (List of String) a list of hostnames allowed for https client redirect URLs
  • insecure_allowed_cidr_ranges (List of String) a list of CIDRs allowed for HTTP or HTTPS client redirect URLs

Nested Schema for spec.teams_to_logins

Optional:

  • kubernetes_groups (List of String) KubeGroups is a list of allowed kubernetes groups for this org/team.
  • kubernetes_users (List of String) KubeUsers is a list of allowed kubernetes users to impersonate for this org/team.
  • logins (List of String) Logins is a list of allowed logins for this org/team.
  • organization (String) Organization is a Github organization a user belongs to.
  • team (String) Team is a team within the organization a user belongs to.

Nested Schema for spec.teams_to_roles

Optional:

  • organization (String) Organization is a Github organization a user belongs to.
  • roles (List of String) Roles is a list of allowed logins for this org/team.
  • team (String) Team is a team within the organization a user belongs to.

Nested Schema for metadata

Required:

  • name (String) Name is an object name

Optional:

  • description (String) Description is object description
  • expires (String) Expires is a global expiry time header can be set on any resource in the system.
  • labels (Map of String) Labels is a set of labels