Skip to content

Commit

Permalink
Merge pull request #61 from Infisical/daniel/aws-integrations
Browse files Browse the repository at this point in the history 
feat(integrations): AWS & CircleCI Integrations
  • Loading branch information
@DanielHougaard
DanielHougaard authored Oct 10, 2024
2 parents 6fb530d + 3b71582 commit 4501337
Show file tree
Hide file tree
Showing 14 changed files with 1,681 additions and 66 deletions.
92 changes: 92 additions & 0 deletions docs/resources/integration_aws_parameter_store.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "infisical_integration_aws_parameter_store Resource - terraform-provider-infisical"
subcategory: ""
description: |-
Create AWS Parameter Store integration & save to Infisical. Only Machine Identity authentication is supported for this data source
---

# infisical_integration_aws_parameter_store (Resource)

Create AWS Parameter Store integration & save to Infisical. Only Machine Identity authentication is supported for this data source

## Example Usage

```terraform
terraform {
required_providers {
infisical = {
# version = <latest version>
source = "infisical/infisical"
}
}
}
provider "infisical" {
host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com
client_id = "<machine-identity-client-id>"
client_secret = "<machine-identity-client-secret>"
}
resource "infisical_integration_aws_parameter_store" "parameter-store-integration" {
project_id = "<project-id>"
environment = "<env-slug>" // example, dev
secret_path = "<infisical-secrets-path>" // example, /folder, or /
parameter_store_path = "/example/secrets"
aws_region = "<aws-region>" // example, us-east-2
access_key_id = "<aws-access-key-id>"
secret_access_key = "<aws-secret-access-key>"
// Optional
options = {
should_disable_delete = true // Optional, default is false
aws_tags = [ // Optional
{
key = "key",
value = "value"
},
]
}
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `access_key_id` (String, Sensitive) The AWS access key ID. Used to authenticate with AWS Secrets Manager.
- `aws_region` (String) The AWS region to sync secrets to. (us-east-1, us-east-2, etc)
- `environment` (String) The slug of the environment to sync to AWS Parameter Store (prod, dev, staging, etc).
- `parameter_store_path` (String) The path in AWS Parameter Store to sync secrets to.
- `project_id` (String) The ID of your Infisical project.
- `secret_access_key` (String, Sensitive) The AWS secret access key. Used to authenticate with AWS Secrets Manager.
- `secret_path` (String) The secret path in Infisical to sync secrets from.

### Optional

- `options` (Attributes) Integration options (see [below for nested schema](#nestedatt--options))

### Read-Only

- `integration_auth_id` (String) The ID of the integration auth, used internally by Infisical.
- `integration_id` (String) The ID of the integration, used internally by Infisical.

<a id="nestedatt--options"></a>
### Nested Schema for `options`

Optional:

- `aws_tags` (Attributes Set) Tags to attach to the AWS parameter store secrets. (see [below for nested schema](#nestedatt--options--aws_tags))
- `should_disable_delete` (Boolean) Whether to disable deletion of existing secrets in AWS Parameter Store.

<a id="nestedatt--options--aws_tags"></a>
### Nested Schema for `options.aws_tags`

Optional:

- `key` (String) The key of the tag.
- `value` (String) The value of the tag.
93 changes: 93 additions & 0 deletions docs/resources/integration_aws_secrets_manager.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "infisical_integration_aws_secrets_manager Resource - terraform-provider-infisical"
subcategory: ""
description: |-
Create AWS Secrets Manager integration & save to Infisical. Only Machine Identity authentication is supported for this data source
---

# infisical_integration_aws_secrets_manager (Resource)

Create AWS Secrets Manager integration & save to Infisical. Only Machine Identity authentication is supported for this data source

## Example Usage

```terraform
terraform {
required_providers {
infisical = {
# version = <latest version>
source = "infisical/infisical"
}
}
}
provider "infisical" {
host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com
client_id = "<machine-identity-client-id>"
client_secret = "<machine-identity-client-secret>"
}
resource "infisical_integration_aws_secrets_manager" "secrets-manager-integration" {
project_id = "<project-id>"
aws_region = "<aws-region>" // example, us-east-2
environment = "<env-slug>" // example, dev
secret_path = "<infisical-secrets-path>" // example, /folder, or /
secrets_manager_path = "/example/secrets" # Only required if mapping_behavior is one-to-one
mapping_behavior = "one-to-one" # Optional, default is many-to-one
access_key_id = "<aws-access-key-id>"
secret_access_key = "<aws-secret-access-key>"
options = {
secret_prefix = "<optional-prefix>"
aws_tags = [
{
key = "key",
value = "value"
},
]
}
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `access_key_id` (String, Sensitive) The AWS access key ID. Used to authenticate with AWS Secrets Manager.
- `aws_region` (String) The AWS region to sync secrets to. (us-east-1, us-east-2, etc)
- `environment` (String) The slug of the environment to sync to AWS Secrets Manager (prod, dev, staging, etc).
- `project_id` (String) The ID of your Infisical project.
- `secret_access_key` (String, Sensitive) The AWS secret access key. Used to authenticate with AWS Secrets Manager.
- `secret_path` (String) The secret path in Infisical to sync secrets from.

### Optional

- `mapping_behavior` (String) The behavior of the mapping. Can be 'many-to-one' or 'one-to-one'. Many to One: All Infisical secrets will be mapped to a single AWS secret. One to One: Each Infisical secret will be mapped to its own AWS secret.
- `options` (Attributes) Integration options (see [below for nested schema](#nestedatt--options))
- `secrets_manager_path` (String) The path in AWS Secrets Manager to sync secrets to. This is required if mapping_behavior is 'many-to-one'.

### Read-Only

- `integration_auth_id` (String) The ID of the integration auth, used internally by Infisical.
- `integration_id` (String) The ID of the integration, used internally by Infisical.

<a id="nestedatt--options"></a>
### Nested Schema for `options`

Optional:

- `aws_tags` (Attributes Set) Tags to attach to the AWS Secrets Manager secrets. (see [below for nested schema](#nestedatt--options--aws_tags))
- `secret_prefix` (String) The prefix to add to the secret name in AWS Secrets Manager.

<a id="nestedatt--options--aws_tags"></a>
### Nested Schema for `options.aws_tags`

Optional:

- `key` (String) The key of the tag.
- `value` (String) The value of the tag.
58 changes: 58 additions & 0 deletions docs/resources/integration_circleci.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "infisical_integration_circleci Resource - terraform-provider-infisical"
subcategory: ""
description: |-
Create CircleCI integration & save to Infisical. Only Machine Identity authentication is supported for this data source
---

# infisical_integration_circleci (Resource)

Create CircleCI integration & save to Infisical. Only Machine Identity authentication is supported for this data source

## Example Usage

```terraform
terraform {
required_providers {
infisical = {
# version = <latest version>
source = "infisical/infisical"
}
}
}
provider "infisical" {
host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com
client_id = "<machine-identity-client-id>"
client_secret = "<machine-identity-client-secret>"
}
resource "infisical_integration_circleci" "circleci-integration" {
project_id = "225393b9-e3d6-424f-9df3-22c3cdeb97c9"
environment = "dev"
secret_path = "/test-folder"
circleci_token = "<your-circle-cipersonal-access-token>"
circleci_project_id = "<your-circleci-project-id>"
circleci_org_slug = "<your-circleci-org-slug>"
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `circleci_org_slug` (String) The organization slug of your CircleCI organization.
- `circleci_project_id` (String) The project ID of your CircleCI project.
- `circleci_token` (String, Sensitive) Your personal CircleCI token to authenticate with.
- `environment` (String) The slug of the environment to sync to CircleCI (prod, dev, staging, etc).
- `project_id` (String) The ID of your Infisical project.
- `secret_path` (String) The secret path in Infisical to sync secrets from.

### Read-Only

- `integration_auth_id` (String) The ID of the integration auth, used internally by Infisical.
- `integration_id` (String) The ID of the integration, used internally by Infisical.
1 change: 0 additions & 1 deletion docs/resources/integration_gcp_secret_manager.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,6 @@ resource "infisical_integration_gcp_secret_manager" "gcp-integration" {

### Read-Only

- `env_id` (String) The ID of the environment, used internally by Infisical.
- `integration_auth_id` (String) The ID of the integration auth, used internally by Infisical.
- `integration_id` (String) The ID of the integration, used internally by Infisical.

Expand Down
38 changes: 38 additions & 0 deletions examples/resources/infisical_integration_aws_parameter_store/resource.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
terraform {
required_providers {
infisical = {
# version = <latest version>
source = "infisical/infisical"
}
}
}

provider "infisical" {
host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com
client_id = "<machine-identity-client-id>"
client_secret = "<machine-identity-client-secret>"
}


resource "infisical_integration_aws_parameter_store" "parameter-store-integration" {
project_id = "<project-id>"
environment = "<env-slug>" // example, dev

secret_path = "<infisical-secrets-path>" // example, /folder, or /
parameter_store_path = "/example/secrets"

aws_region = "<aws-region>" // example, us-east-2
access_key_id = "<aws-access-key-id>"
secret_access_key = "<aws-secret-access-key>"

// Optional
options = {
should_disable_delete = true // Optional, default is false
aws_tags = [ // Optional
{
key = "key",
value = "value"
},
]
}
}
38 changes: 38 additions & 0 deletions examples/resources/infisical_integration_aws_secrets_manager/resource.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
terraform {
required_providers {
infisical = {
# version = <latest version>
source = "infisical/infisical"
}
}
}

provider "infisical" {
host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com
client_id = "<machine-identity-client-id>"
client_secret = "<machine-identity-client-secret>"
}

resource "infisical_integration_aws_secrets_manager" "secrets-manager-integration" {
project_id = "<project-id>"
aws_region = "<aws-region>" // example, us-east-2
environment = "<env-slug>" // example, dev

secret_path = "<infisical-secrets-path>" // example, /folder, or /

secrets_manager_path = "/example/secrets" # Only required if mapping_behavior is one-to-one
mapping_behavior = "one-to-one" # Optional, default is many-to-one

access_key_id = "<aws-access-key-id>"
secret_access_key = "<aws-secret-access-key>"

options = {
secret_prefix = "<optional-prefix>"
aws_tags = [
{
key = "key",
value = "value"
},
]
}
}
25 changes: 25 additions & 0 deletions examples/resources/infisical_integration_circleci/resource.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
terraform {
required_providers {
infisical = {
# version = <latest version>
source = "infisical/infisical"
}
}
}

provider "infisical" {
host = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com
client_id = "<machine-identity-client-id>"
client_secret = "<machine-identity-client-secret>"
}


resource "infisical_integration_circleci" "circleci-integration" {
project_id = "225393b9-e3d6-424f-9df3-22c3cdeb97c9"
environment = "dev"
secret_path = "/test-folder"

circleci_token = "<your-circle-cipersonal-access-token>"
circleci_project_id = "<your-circleci-project-id>"
circleci_org_slug = "<your-circleci-org-slug>"
}
5 changes: 4 additions & 1 deletion internal/client/integrations_auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,10 @@ import (
type IntegrationAuthType string

const (
IntegrationAuthTypeGcpSecretManager IntegrationAuthType = "gcp-secret-manager"
IntegrationAuthTypeGcpSecretManager IntegrationAuthType = "gcp-secret-manager"
IntegrationAuthTypeAwsParameterStore IntegrationAuthType = "aws-parameter-store"
IntegrationAuthTypeAwsSecretsManager IntegrationAuthType = "aws-secret-manager"
IntegrationAuthTypeCircleCi IntegrationAuthType = "circleci"
)

func (client Client) CreateIntegrationAuth(request CreateIntegrationAuthRequest) (CreateIntegrationAuthResponse, error) {
Expand Down
Loading

0 comments on commit 4501337

Please sign in to comment.