Reference for the teleport_github_connector Terraform resource

Example Usage

# Terraform Github connector

variable "github_secret" {}

resource "teleport_github_connector" "github" {
  version = "v3"
  # This section tells Terraform that role example must be created before the GitHub connector
  depends_on = [
    teleport_role.example
  ]

  metadata = {
    name = "example"
    labels = {
      example = "yes"
    }
  }

  spec = {
    client_id     = "client"
    client_secret = var.github_secret

    teams_to_roles = [{
      organization = "gravitational"
      team         = "devs"
      roles        = ["example"]
    }]
  }
}

Schema

Required

• spec (Attributes) Spec is an Github connector specification. (see below for nested schema)
• version (String) Version is the resource version. It must be specified. Supported values are: v3.

Optional

• metadata (Attributes) Metadata holds resource metadata. (see below for nested schema)
• sub_kind (String) SubKind is an optional resource sub kind, used in some resources.

Nested Schema for spec

Required:

• client_id (String) ClientID is the Github OAuth app client ID.
• client_secret (String, Sensitive) ClientSecret is the Github OAuth app client secret.

Optional:

• api_endpoint_url (String) APIEndpointURL is the URL of the API endpoint of the Github instance this connector is for.
• client_redirect_settings (Attributes) ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones. (see below for nested schema)
• display (String) Display is the connector display name.
• endpoint_url (String) EndpointURL is the URL of the GitHub instance this connector is for.
• redirect_url (String) RedirectURL is the authorization callback URL.
• teams_to_logins (Attributes List) TeamsToLogins maps Github team memberships onto allowed logins/roles. DELETE IN 11.0.0 Deprecated: use GithubTeamsToRoles instead. (see below for nested schema)
• teams_to_roles (Attributes List) TeamsToRoles maps Github team memberships onto allowed roles. (see below for nested schema)

Nested Schema for spec.client_redirect_settings

Optional:

• allowed_https_hostnames (List of String) a list of hostnames allowed for https client redirect URLs
• insecure_allowed_cidr_ranges (List of String) a list of CIDRs allowed for HTTP or HTTPS client redirect URLs

Nested Schema for spec.teams_to_logins

Optional:

• kubernetes_groups (List of String) KubeGroups is a list of allowed kubernetes groups for this org/team.
• kubernetes_users (List of String) KubeUsers is a list of allowed kubernetes users to impersonate for this org/team.
• logins (List of String) Logins is a list of allowed logins for this org/team.
• organization (String) Organization is a Github organization a user belongs to.
• team (String) Team is a team within the organization a user belongs to.

Nested Schema for spec.teams_to_roles

Optional:

• organization (String) Organization is a Github organization a user belongs to.
• roles (List of String) Roles is a list of allowed logins for this org/team.
• team (String) Team is a team within the organization a user belongs to.

Nested Schema for metadata

Required:

• name (String) Name is an object name

Optional:

• description (String) Description is object description
• expires (String) Expires is a global expiry time header can be set on any resource in the system.
• labels (Map of String) Labels is a set of labels