Publish Terraform Provider

[benarent]

To make setup easier, we should publish our Terraform provider. https://www.terraform.io/docs/registry/providers/publishing.html

This will require use to move it to a new repo. terraform-provider-teleport

Other steps:

• Making a release
• Signing release.

[benarent]

I chatted with @klizhentas about this on Monday. We wont' publish to Terraform.io, but should compile and publish the module. Terraform provides a few options for private modules https://www.terraform.io/docs/language/modules/sources.html

[webvictim]

I think those docs relate to modules rather than providers - I don't think there's a way to use a provider other than:

1. compile (or extract) the binary for the provider locally to ~/.terraform.d/plugins/gravitational.com/teleport/teleport/6.2.0/linux_amd64 or similar
2. pull it from Terraform registry

What's the incentive for not publishing it to the registry?

[ari-becker]

@klizhentas @webvictim any updates? I see that despite being added to the Teleport plugins 7.2 milestone that this was not completed in time for https://github.com/gravitational/teleport-plugins/releases/tag/v7.2.0 Publishing the provider to registry.terraform.io or a hypothetical terraform-registry.goteleport.com that obeys the Terraform Provider Registry protocol would make my life much, much easier and make plugin upgrades much easier to handle.

[sover02]

This came up today internally over here in elastic-land as well :)

[dmsergeevN26]

A new major version is out and the provider is still not published :(

[pzduniak]

What is the reasoning? Why do we, the community, have to spend time scripting cross-platform hooks that imitate the proper process, just because someone won't pull the trigger? This project is 90% completed, someone probably already called it done - yet it's still just missing the last, critical part.

My biggest worry is that this is only tagged P1. I hope you're not planning to do 2 other full features before doing anything about a (somewhat) trivial publish.

EDIT: I ended up releasing 8.0.7 as my own repo, tagged as 8.0.8. Don't expect any support, I'll only update it when I feel like it.

[tcsc]

A quick update on our progress.

As part of an internal supply-chain hardening effort we have decided to host our own custom Terraform Provider Registry and publish there, rather than distribute it via registry.terraform.io. We're currently building it out and integrating it into our release pipeline.

The horizon for this is currently in the order of weeks (as opposed to days, months, etc), and we'll let you know here if anything changes.

[benarent]

@tcsc , we have an expected timeline? It looks like most people are happy with the RFD now https://github.com/gravitational/teleport-plugins/pull/444

[tcsc]

@benarent - I'm actually trying to deploy this now. Our new security posture is making things take longer than I'd envisioned - in a good way, though - but I am still trying to have this up by the end of April.

[tcsc]

Just a heads up that our Terraform registry is currently in internal testing and, barring incidents, go GA in the next couple of weeks.

[tcsc]

Our custom Terraform registry now in production. The minimum requirement is Terraform is 0.13, as it's the earliest version of Terraform that supports custom registries.

Note: The 0.13 requirement is just for the registry itself; the actual providers required there require

• Terraform >= 0.12 for provider version 9.0.0 and below, and
• Terraform >= 1.0 for anything newer

You can configure it by setting up the teleport provider in your HCL like so:

terraform {  
  required_providers {
    teleport = {
      version = "9.2.3"
      source  = "terraform.releases.teleport.dev/gravitational/teleport"
    }
  }
}

You may have some issues if you have existing state using a manually installed provider, but that can usually be fixed with:

$ terraform state replace-provider gravitational.com/teleport/teleport terraform.releases.teleport.dev/gravitational/teleport

It's currently populated with provider version 8.3.4 and above. Please let us know if you have any issues.

[enkov]

Can you also add darwin_arm64 platform to your terraform registry?

[r0mant]

Terraform registry is live now. https://goteleport.com/docs/setup/guides/terraform-provider/

[ohheyrj]

I know this issue is already closed, but, could this be looked at again? Not having the provider in the main registry is quite frustrating, especially when behind a proxy and using artifactory as a remote.