WIP: Add example usage

jetstack · Feb 4, 2025 · c6f9ba8 · c6f9ba8
1 parent a8246d9
commit c6f9ba8
Show file tree

Hide file tree

Showing 2 changed files with 195 additions and 0 deletions.
diff --git a/docs/resources/cloudprovider_gcp.md b/docs/resources/cloudprovider_gcp.md
@@ -0,0 +1,114 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "tlspc_cloudprovider_gcp Resource - tlspc"
+subcategory: ""
+description: |-
+  
+---
+
+# tlspc_cloudprovider_gcp (Resource)
+
+
+
+## Example Usage
+
+```terraform
+provider "google" {
+  project = "$PROJECT_NAME"
+  region  = "europe-west1"
+}
+
+resource "google_project_iam_custom_role" "tlspc" {
+  role_id     = "tlspc_wif"
+  title       = "TLSPC Integration"
+  description = "Permissions granted to TLSPC"
+  permissions = [
+    "certificatemanager.certs.create",
+    "certificatemanager.certs.get",
+    "certificatemanager.certs.list",
+    "certificatemanager.certs.update",
+    "certificatemanager.locations.list",
+    "certificatemanager.operations.get",
+    "resourcemanager.projects.get"
+  ]
+}
+
+resource "google_service_account" "tlspc" {
+  account_id   = "venafi-tlspc-wif"
+  display_name = "Venafi TLSPC Workload Identity"
+}
+
+resource "google_project_iam_member" "tlspc_wif" {
+  project = "$PROJECT_NAME"
+  role    = resource.google_project_iam_custom_role.tlspc.id
+  member  = resource.google_service_account.tlspc.member
+}
+
+resource "google_iam_workload_identity_pool" "tlspc" {
+  workload_identity_pool_id = "venafi-workload-pool"
+  display_name              = "Venafi TLSPC Pool"
+  description               = "Venafi Workload Identity Pool"
+}
+
+resource "google_project_service" "enable_cloud_resource_manager_api" {
+  service = "cloudresourcemanager.googleapis.com"
+}
+
+data "google_project" "project" {
+}
+
+resource "google_project_iam_member" "tlspc_wi_user" {
+  project = "$PROJECT_NAME"
+  role    = "roles/iam.workloadIdentityUser"
+  member  = "principal://iam.googleapis.com/projects/${data.google_project.project.number}/locations/global/workloadIdentityPools/${resource.google_iam_workload_identity_pool.tlspc.workload_identity_pool_id}/subject/venafi_control_plane"
+}
+
+data "tlspc_user" "owner" {
+  email = "[email protected]"
+}
+
+resource "tlspc_team" "team" {
+  name   = "TF WIF"
+  role   = "PLATFORM_ADMIN"
+  owners = [data.tlspc_user.owner.id]
+}
+
+resource "google_iam_workload_identity_pool_provider" "tlspc" {
+  workload_identity_pool_id          = resource.google_iam_workload_identity_pool.tlspc.workload_identity_pool_id
+  workload_identity_pool_provider_id = resource.tlspc_cloudprovider_gcp.gcp-cloudprovider.workload_identity_pool_provider_id
+  display_name                       = "Venafi TLSPC"
+  description                        = "Venafi WIF Pool Provider"
+  attribute_mapping = {
+    "google.subject" = "assertion.sub"
+  }
+  oidc {
+    issuer_uri = resource.tlspc_cloudprovider_gcp.gcp-cloudprovider.issuer_url
+  }
+}
+
+resource "tlspc_cloudprovider_gcp" "gcp-cloudprovider" {
+  name                               = "terraform-wif"
+  team                               = resource.tlspc_team.team.id
+  service_account_email              = resource.google_service_account.tlspc.email
+  project_number                     = data.google_project.project.number
+  workload_identity_pool_id          = resource.google_iam_workload_identity_pool.tlspc.workload_identity_pool_id
+  workload_identity_pool_provider_id = "venafi-provider"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String)
+- `project_number` (Number)
+- `service_account_email` (String)
+- `team` (String)
+- `workload_identity_pool_id` (String)
+- `workload_identity_pool_provider_id` (String)
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `issuer_url` (String)
diff --git a/examples/resources/tlspc_cloudprovider_gcp/resource.tf b/examples/resources/tlspc_cloudprovider_gcp/resource.tf
@@ -0,0 +1,81 @@
+provider "google" {
+  project = "$PROJECT_NAME"
+  region  = "europe-west1"
+}
+
+resource "google_project_iam_custom_role" "tlspc" {
+  role_id     = "tlspc_wif"
+  title       = "TLSPC Integration"
+  description = "Permissions granted to TLSPC"
+  permissions = [
+    "certificatemanager.certs.create",
+    "certificatemanager.certs.get",
+    "certificatemanager.certs.list",
+    "certificatemanager.certs.update",
+    "certificatemanager.locations.list",
+    "certificatemanager.operations.get",
+    "resourcemanager.projects.get"
+  ]
+}
+
+resource "google_service_account" "tlspc" {
+  account_id   = "venafi-tlspc-wif"
+  display_name = "Venafi TLSPC Workload Identity"
+}
+
+resource "google_project_iam_member" "tlspc_wif" {
+  project = "$PROJECT_NAME"
+  role    = resource.google_project_iam_custom_role.tlspc.id
+  member  = resource.google_service_account.tlspc.member
+}
+
+resource "google_iam_workload_identity_pool" "tlspc" {
+  workload_identity_pool_id = "venafi-workload-pool"
+  display_name              = "Venafi TLSPC Pool"
+  description               = "Venafi Workload Identity Pool"
+}
+
+resource "google_project_service" "enable_cloud_resource_manager_api" {
+  service = "cloudresourcemanager.googleapis.com"
+}
+
+data "google_project" "project" {
+}
+
+resource "google_project_iam_member" "tlspc_wi_user" {
+  project = "$PROJECT_NAME"
+  role    = "roles/iam.workloadIdentityUser"
+  member  = "principal://iam.googleapis.com/projects/${data.google_project.project.number}/locations/global/workloadIdentityPools/${resource.google_iam_workload_identity_pool.tlspc.workload_identity_pool_id}/subject/venafi_control_plane"
+}
+
+data "tlspc_user" "owner" {
+  email = "[email protected]"
+}
+
+resource "tlspc_team" "team" {
+  name   = "TF WIF"
+  role   = "PLATFORM_ADMIN"
+  owners = [data.tlspc_user.owner.id]
+}
+
+resource "google_iam_workload_identity_pool_provider" "tlspc" {
+  workload_identity_pool_id          = resource.google_iam_workload_identity_pool.tlspc.workload_identity_pool_id
+  workload_identity_pool_provider_id = resource.tlspc_cloudprovider_gcp.gcp-cloudprovider.workload_identity_pool_provider_id
+  display_name                       = "Venafi TLSPC"
+  description                        = "Venafi WIF Pool Provider"
+  attribute_mapping = {
+    "google.subject" = "assertion.sub"
+  }
+  oidc {
+    issuer_uri = resource.tlspc_cloudprovider_gcp.gcp-cloudprovider.issuer_url
+  }
+}
+
+resource "tlspc_cloudprovider_gcp" "gcp-cloudprovider" {
+  name                               = "terraform-wif"
+  team                               = resource.tlspc_team.team.id
+  service_account_email              = resource.google_service_account.tlspc.email
+  project_number                     = data.google_project.project.number
+  workload_identity_pool_id          = resource.google_iam_workload_identity_pool.tlspc.workload_identity_pool_id
+  workload_identity_pool_provider_id = "venafi-provider"
+}