Back to all posts
Terraform Provider

Terraform Provider

12/13/2022

Introducing the Infra Terraform provider.

Now, users, groups and their access to infrastructure can be managed via a safe & consistent infrastructure-as-code workflow. For information on how to get started managing Infra via Terraform, see the provider’s documentation.

Example use cases

Managing users and groups

To create users and groups in Infra, use the infra_user and infra_group resources. Group membership can be managed via the infra_group_membership resource:

resource "infra_user" "jeff" {
    email = "jeff@acme.co"
}

resource "infra_user" "suzie" {
    email = "suzie@acme.co"
}

resource "infra_group" "engineering" {
    name = "engineering"
}

resource "infra_group_membership" "jeff_engineering" {
    user_id  = infra_user.jeff.id
    group_id = infra_group.engineering.id
}

resource "infra_group_membership" "suzie_engineering" {
    user_id  = infra_user.suzie.id
    group_id = infra_group.engineering.id
}

Managing access

Once users and groups are defined in Infra, they can be individually mapped to specific roles in destination infrastructure (e.g. a Kubernetes cluster named development):

resource "infra_grant" "group_view" {
    group_name = "engineering"

    kubernetes {
        cluster = "development"
        role    = "view"
    }
}

resource "infra_grant" "user_admin" {
  user_email = "jeff@acme.co"

  kubernetes {
    cluster = "development"
    role    = "admin"
  }
}

Integrating identity providers

To enable access via identity providers, such as Okta, Google, Azure AD, or any generic OIDC provider, an identity provider resource can be specified in Terraform. For example, the below resource will configure Infra to authenticate users via Okta (see the Okta guide for details on how to find these values):

resource "infra_identity_provider" "okta" {
    client_id = "<client id>"
    client_secret = "<client secret>"

    okta {
        issuer = "<okta domain>"
    }
}

What’s coming next

This is the initial version of Infra’s Terraform provider. Further improvements are in the works:

  • Ability to provision access keys for connecting individual Kubernetes clusters
  • Ability to provision Kubernetes credentials for use with the Kubernetes provider or other Kubernetes tooling

The Infra Terraform provider is under active development. Future changes to the provider may include changes that aren’t backwards compatible.

Feedback

We’d love to hear your feedback. Contact us or create an issue in the Terraform provider GitHub repository.