Introducing the Infra Terraform provider.
Now, users, groups and their access to infrastructure can be managed via a safe & consistent infrastructure-as-code workflow. For information on how to get started managing Infra via Terraform, see the provider’s documentation.
Example use cases
Managing users and groups
To create users and groups in Infra, use the infra_user
and infra_group
resources. Group membership can be managed via the infra_group_membership
resource:
resource "infra_user" "jeff" { email = "jeff@acme.co" } resource "infra_user" "suzie" { email = "suzie@acme.co" } resource "infra_group" "engineering" { name = "engineering" } resource "infra_group_membership" "jeff_engineering" { user_id = infra_user.jeff.id group_id = infra_group.engineering.id } resource "infra_group_membership" "suzie_engineering" { user_id = infra_user.suzie.id group_id = infra_group.engineering.id }
Managing access
Once users and groups are defined in Infra, they can be individually mapped to specific roles in destination infrastructure (e.g. a Kubernetes cluster named development
):
resource "infra_grant" "group_view" { group_name = "engineering" kubernetes { cluster = "development" role = "view" } } resource "infra_grant" "user_admin" { user_email = "jeff@acme.co" kubernetes { cluster = "development" role = "admin" } }
Integrating identity providers
To enable access via identity providers, such as Okta, Google, Azure AD, or any generic OIDC provider, an identity provider resource can be specified in Terraform. For example, the below resource will configure Infra to authenticate users via Okta (see the Okta guide for details on how to find these values):
resource "infra_identity_provider" "okta" { client_id = "<client id>" client_secret = "<client secret>" okta { issuer = "<okta domain>" } }
What’s coming next
This is the initial version of Infra’s Terraform provider. Further improvements are in the works:
- Ability to provision access keys for connecting individual Kubernetes clusters
- Ability to provision Kubernetes credentials for use with the Kubernetes provider or other Kubernetes tooling
The Infra Terraform provider is under active development. Future changes to the provider may include changes that aren’t backwards compatible.
Feedback
We’d love to hear your feedback. Contact us or create an issue in the Terraform provider GitHub repository.