Merge pull request #1 from dfns/feat/tunnel-ssm

dfns · Oct 28, 2024 · ead0d15 · ead0d15
2 parents 00c2abf + 86f305f
commit ead0d15
Show file tree

Hide file tree

Showing 2,895 changed files with 974,702 additions and 26 deletions.
diff --git a/README.md b/README.md
@@ -6,6 +6,40 @@ networks without needing to open additional ports to the outside networks.
 
 The provider is compatible with HashiCorp Cloud Platform (HCP)
 
+## Available tunnel types
+
+- [AWS Systems Manager (SSM)](https://docs.aws.amazon.com/systems-manager/latest/userguide/)
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    tunnel = {
+      source  = "dfns/tunnel"
+      version = ">= 1.0.0"
+    }
+  }
+}
+
+data "tunnel_ssm" "eks" {
+  target_host  = "https://eks-cluster.region.eks.amazonaws.com"
+  target_port  = 443
+  ssm_instance = "i-instanceid"
+  ssm_region   = "us-east-1"
+}
+
+provider "kubernetes" {
+  host = "https://${data.tunnel_ssm.eks.local_host}:${data.tunnel_ssm.eks.local_port}"
+
+  tls_server_name = "eks-cluster.region.eks.amazonaws.com"
+
+  client_certificate     = file("~/.kube/client-cert.pem")
+  client_key             = file("~/.kube/client-key.pem")
+  cluster_ca_certificate = file("~/.kube/cluster-ca-cert.pem")
+}
+```
+
 ## Requirements
 
 - [Terraform](https://developer.hashicorp.com/terraform/downloads) >= 1.0
@@ -35,10 +69,6 @@ go mod tidy
 
 Then commit the changes to `go.mod` and `go.sum`.
 
-## Using the provider
-
-Fill this in for each provider
-
 ## Developing the Provider
 
 If you wish to work on the provider, you'll first need [Go](http://www.golang.org) installed on your machine (see [Requirements](#requirements) above).

diff --git a/docs/data-sources/ssm.md b/docs/data-sources/ssm.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "tunnel_ssm Data Source - tunnel"
+subcategory: ""
+description: |-
+  Create a local AWS SSM tunnel to a remote host
+---
+
+# tunnel_ssm (Data Source)
+
+Create a local AWS SSM tunnel to a remote host
+
+## Example Usage
+
+```terraform
+# The following example shows how to create a tunnel for an AWS RDS database.
+
+data "tunnel_ssm" "rds" {
+  target_host  = "https://my-db.us-east-1.rds.amazonaws.com"
+  target_port  = 443
+  ssm_instance = "i-instanceid"
+  ssm_region   = "us-east-1"
+}
+
+provider "postgresql" {
+  host     = data.tunnel_ssm.rds.local_host
+  port     = data.tunnel_ssm.rds.local_port
+  database = "my-database"
+  username = "my-user"
+  password = "my-password"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `ssm_instance` (String) Specify the exact Instance ID of the managed node to connect to for the session
+- `ssm_region` (String) AWS Region where the instance is located
+- `target_host` (String) The DNS name or IP address of the remote host
+- `target_port` (Number) The port number of the remote host
+
+### Read-Only
+
+- `local_host` (String) The DNS name or IP address of the local host
+- `local_port` (Number) The local port number to use for the tunnel
diff --git a/docs/index.md b/docs/index.md
@@ -1,16 +1,47 @@
 ---
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "tunnel Provider"
-subcategory: ""
+page_title: "Provider: Tunnel"
 description: |-
-  
+  The Tunnel provider is used to manage local network tunnels.
 ---
 
-# tunnel Provider
+# Tunnel Provider
 
+The Tunnel provider is used to manage local network tunnels. This enables users to
+securely access and manage remote servers (databases, web servers, etc.) in private
+networks without needing to open additional ports to the outside networks.
 
+The provider is compatible with HashiCorp Cloud Platform (HCP)
 
+## Available tunnel types
 
+- [AWS Systems Manager (SSM)](https://docs.aws.amazon.com/systems-manager/latest/userguide/)
 
-<!-- schema generated by tfplugindocs -->
-## Schema
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    tunnel = {
+      source  = "dfns/tunnel"
+      version = ">= 1.0.0"
+    }
+  }
+}
+
+data "tunnel_ssm" "eks" {
+  target_host  = "https://eks-cluster.region.eks.amazonaws.com"
+  target_port  = 443
+  ssm_instance = "i-instanceid"
+  ssm_region   = "us-east-1"
+}
+
+provider "kubernetes" {
+  host = "https://${data.tunnel_ssm.eks.local_host}:${data.tunnel_ssm.eks.local_port}"
+
+  tls_server_name = "eks-cluster.region.eks.amazonaws.com"
+
+  client_certificate     = file("~/.kube/client-cert.pem")
+  client_key             = file("~/.kube/client-key.pem")
+  cluster_ca_certificate = file("~/.kube/cluster-ca-cert.pem")
+}
+```
diff --git a/examples/data-sources/tunnel_ssm/data-source.tf b/examples/data-sources/tunnel_ssm/data-source.tf
@@ -0,0 +1,16 @@
+# The following example shows how to create a tunnel for an AWS RDS database.
+
+data "tunnel_ssm" "rds" {
+  target_host  = "https://my-db.us-east-1.rds.amazonaws.com"
+  target_port  = 443
+  ssm_instance = "i-instanceid"
+  ssm_region   = "us-east-1"
+}
+
+provider "postgresql" {
+  host     = data.tunnel_ssm.rds.local_host
+  port     = data.tunnel_ssm.rds.local_port
+  database = "my-database"
+  username = "my-user"
+  password = "my-password"
+}
diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf
@@ -0,0 +1,25 @@
+terraform {
+  required_providers {
+    tunnel = {
+      source  = "dfns/tunnel"
+      version = ">= 1.0.0"
+    }
+  }
+}
+
+data "tunnel_ssm" "eks" {
+  target_host  = "https://eks-cluster.region.eks.amazonaws.com"
+  target_port  = 443
+  ssm_instance = "i-instanceid"
+  ssm_region   = "us-east-1"
+}
+
+provider "kubernetes" {
+  host = "https://${data.tunnel_ssm.eks.local_host}:${data.tunnel_ssm.eks.local_port}"
+
+  tls_server_name = "eks-cluster.region.eks.amazonaws.com"
+
+  client_certificate     = file("~/.kube/client-cert.pem")
+  client_key             = file("~/.kube/client-key.pem")
+  cluster_ca_certificate = file("~/.kube/cluster-ca-cert.pem")
+}
diff --git a/go.mod b/go.mod
@@ -2,11 +2,36 @@ module github.com/dfns/terraform-provider-tunnel
 
 go 1.22.7
 
-require github.com/hashicorp/terraform-plugin-framework v1.12.0
+require (
+	github.com/aws/aws-sdk-go-v2 v1.32.2
+	github.com/aws/aws-sdk-go-v2/config v1.28.0
+	github.com/aws/aws-sdk-go-v2/service/ssm v1.55.2
+	github.com/aws/session-manager-plugin v0.0.0-20241010233726-61cf1288c7c6
+	github.com/aws/smithy-go v1.22.0
+	github.com/hashicorp/terraform-plugin-framework v1.12.0
+	github.com/shirou/gopsutil/v4 v4.24.9
+)
 
 require (
+	github.com/aws/aws-sdk-go v1.55.5 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.41 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 // indirect
+	github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/ebitengine/purego v0.8.0 // indirect
 	github.com/fatih/color v1.16.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/hashicorp/go-hclog v1.6.3 // indirect
 	github.com/hashicorp/go-plugin v1.6.1 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
@@ -15,17 +40,32 @@ require (
 	github.com/hashicorp/terraform-registry-address v0.2.3 // indirect
 	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/kr/pretty v0.3.0 // indirect
+	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/oklog/run v1.0.0 // indirect
-	github.com/stretchr/testify v1.8.2 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
+	github.com/rogpeppe/go-internal v1.12.0 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/stretchr/testify v1.9.0 // indirect
+	github.com/tklauser/go-sysconf v0.3.12 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
+	github.com/twinj/uuid v0.0.0-20151029044442-89173bcdda19 // indirect
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
+	github.com/xtaci/smux v1.5.31 // indirect
+	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	golang.org/x/net v0.26.0 // indirect
-	golang.org/x/sys v0.23.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
 	golang.org/x/text v0.17.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect
 	google.golang.org/grpc v1.66.2 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
+	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )