DevFW-CICD/terraform-provider-edge-connect
15
0
Fork 0
Code Issues Pull requests Projects Releases 13 Packages Wiki Activity Actions
terraform-provider-edge-con.../examples/authentication/README.md

3.8 KiB
Raw Blame History

Authentication Examples

This directory contains examples demonstrating the different authentication methods supported by the Edge Connect Terraform provider.

Authentication Methods

The provider supports two mutually exclusive authentication methods:

1. Token-based Authentication

Token authentication uses a pre-generated API token for authentication.

File: token-auth.tf

Advantages:

  • More secure (tokens can be scoped and rotated)
  • Better for CI/CD pipelines
  • Recommended for production use

Usage:

provider "edge-connect" {
  endpoint = "https://api.edge-connect.example.com"
  token    = var.edge_connect_token
}

Environment Variable: You can also set credentials via environment variables:

export TF_VAR_edge_connect_token="your-token-here"
terraform apply

2. Username/Password Authentication

Username/password authentication uses standard user credentials.

File: username-password-auth.tf

Advantages:

  • Simpler for development and testing
  • No token generation required
  • Familiar authentication method

Usage:

provider "edge-connect" {
  endpoint = "https://api.edge-connect.example.com"
  username = var.edge_connect_username
  password = var.edge_connect_password
}

Environment Variables: You can also set credentials via environment variables:

export TF_VAR_edge_connect_username="your-username"
export TF_VAR_edge_connect_password="your-password"
terraform apply

Important Notes

  1. Mutual Exclusivity: You must use EITHER token OR username/password, not both. The provider will return an error if both methods are provided.

  2. Required Credentials:

    • For token auth: endpoint and token are required
    • For username/password auth: endpoint, username, and password are required

  3. Security Best Practices:

    • Never commit credentials to version control
    • Use environment variables or secure secret management systems
    • Mark sensitive variables with sensitive = true
    • Use .gitignore to exclude terraform.tfvars files

Validation Rules

The provider validates authentication credentials with the following rules:

  • At least one authentication method must be provided
  • Both authentication methods cannot be used simultaneously
  • For username/password auth, both username and password must be provided together

Error Messages

Missing Credentials

Error: Missing Authentication Credentials

The provider requires authentication credentials. Please provide either:
  - token: API token for authentication, or
  - username and password: Username and password for authentication

Conflicting Methods

Error: Conflicting Authentication Methods

Both token and username/password authentication methods are provided.
Please use only one authentication method.

Incomplete Credentials

Error: Incomplete Username/Password Credentials

Both username and password must be provided together for username/password authentication.

Testing Examples

To test token authentication:

cd examples/authentication
terraform init
terraform plan -var="edge_connect_token=your-token" -target=edge-connect_app.token_example

To test username/password authentication:

cd examples/authentication
terraform init
terraform plan \
  -var="edge_connect_username=your-username" \
  -var="edge_connect_password=your-password" \
  -target=edge-connect_app.userpass_example

Recommendations

  • Production Environments: Use token-based authentication with properly scoped and rotated tokens
  • Development Environments: Either method is acceptable, but token auth is still recommended
  • CI/CD Pipelines: Use token-based authentication with secrets management (e.g., HashiCorp Vault, AWS Secrets Manager)
  • Local Development: Consider using environment variables or .tfvars files (excluded from git) for credentials