From bba7f45b1897feafaa6169a94b00502f914b2d59 Mon Sep 17 00:00:00 2001 From: Dimitar Proynov Date: Thu, 23 Feb 2023 14:11:10 +0200 Subject: [PATCH 1/2] Update documentation with the OAuth App authentication capability Testing done: NA Signed-off-by: Dimitar Proynov --- examples/main.tf | 3 ++- examples/variables.tf | 10 ++++++++-- website/docs/index.html.markdown | 12 ++++++++---- 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/examples/main.tf b/examples/main.tf index 03165e2d..16726e94 100644 --- a/examples/main.tf +++ b/examples/main.tf @@ -6,7 +6,8 @@ terraform { } } provider "vmc" { - refresh_token = var.api_token + client_id = var.client_id + client_secret = var.client_secret org_id = var.org_id } # Empty data source defined in order to store the org display name and name in terraform state diff --git a/examples/variables.tf b/examples/variables.tf index 395bba20..7a394c1c 100644 --- a/examples/variables.tf +++ b/examples/variables.tf @@ -1,8 +1,14 @@ -variable "api_token" { - description = "API token used to authenticate when calling the VMware Cloud Services API." +variable "client_id" { + description = "ID of an OAuth App associated with the organization. It is recommended to use an OAuth App with least-privileged roles in automated environments." default = "" } +variable "client_secret" { + description = "Secret of the OAuth App, associated with the organization. It is recommended to use an OAuth App with least-privileged roles in automated environments." + default = "" +} + + variable "org_id" { description = "Organization Identifier." default = "" diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index ccbadf3d..9fd29c2e 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -21,18 +21,22 @@ resources. In order to use the provider you need to obtain the authentication token from the Cloud Service Provider by providing the org scoped API token. The provider client uses Cloud Service Provider (CSP) API -to exchange this org scoped API token for user access token. +to exchange this org scoped API token/OAuth App Id and Secret for user access token. -Note that in all of the examples you will need to update the `api_token` and `org_id` settings -in the variables.tf file to match those configured in your VMC environment. +Note that in all the examples you will need to update the `api_token` (or `client_id` and `client_secret`) +and `org_id` settings in the variables.tf file to match those configured in your VMC environment. ## Argument Reference The following arguments are used to configure the VMware Cloud on AWS Provider: -* `api_token` - (Required) API token is used to authenticate when calling VMware Cloud Services APIs. +* `api_token` - (Required, in conflict with "client_id" and "client_secret") API token is used to authenticate when calling VMware Cloud Services APIs. This token is scoped within the organization. +* `client_id` - (Required in pair with "client_secret", in conflict with "api_token") ID of OAuth App associated with the organization. The combination with + "client_secret" is used to authenticate when calling VMware Cloud Services APIs. +* `client_secret` - (Required in pair with "client_id", in conflict with "api_token") Secret of OAuth App associated with the organization. The combination with + "client_id" is used to authenticate when calling VMware Cloud Services APIs. * `org_id` - (Required) Organization Identifier. * `vmc_url` - (Optional) VMware Cloud on AWS URL. Default : https://vmc.vmware.com * `csp_url` - (Optional) Cloud Service Provider URL. Default : https://console.cloud.vmware.com From f0ad73948528dbbb18ad7d202f0b2b007d06e4c9 Mon Sep 17 00:00:00 2001 From: Dimitar Proynov Date: Thu, 23 Feb 2023 16:20:52 +0200 Subject: [PATCH 2/2] Update documentation with the OAuth App authentication capability Address issues pointed out by reviewers. Testing done: NA Signed-off-by: Dimitar Proynov --- website/docs/index.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index 9fd29c2e..ef04faa7 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -23,7 +23,7 @@ token from the Cloud Service Provider by providing the org scoped API token. The provider client uses Cloud Service Provider (CSP) API to exchange this org scoped API token/OAuth App Id and Secret for user access token. -Note that in all the examples you will need to update the `api_token` (or `client_id` and `client_secret`) +Note that in all the examples you will need to update the `client_id` and `client_secret` or `api_token` and `org_id` settings in the variables.tf file to match those configured in your VMC environment.