Merge branch 'infra-monkey-feat/framework'

.github/workflows/test-acc.yml

@@ -36,10 +36,10 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.18'
-      - uses: hashicorp/setup-terraform@v2
+          go-version: '1.22'
+      - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: '1.3.*'
+          terraform_version: '1.9.*'
           terraform_wrapper: false
       - name: Add ipa container to /etc/hosts
         run: |

.gitignore

@@ -1,3 +1,4 @@
 terraform-provider-freeipa-2
 terraform-provider-freeipa
 .env
+test/

GNUmakefile

@@ -10,7 +10,7 @@ testacc:
 	TF_ACC=1 go test ./... -v $(TESTARGS) -timeout 120m
 
 doc:
-	go generate ./...
+	go get github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs; tfplugindocs generate --provider-name freeipa
 
 fmt:
 	go fmt ./...

ISSUES.md

@@ -0,0 +1 @@
+error returned when enabling/disabling a zone but it succeeds

README.md

@@ -6,8 +6,8 @@ Download provider from [registry.terraform.io](https://registry.terraform.io/pro
 Requirements
 ------------
 
-- [Terraform](https://www.terraform.io/downloads.html) 1.0.x
-- [Go](https://golang.org/doc/install) 1.18 (to build the provider plugin)
+- [Terraform](https://www.terraform.io/downloads.html) 1.0+
+- [Go](https://golang.org/doc/install) 1.22+ (to build the provider plugin)
 
 Building The Provider
 ---------------------

docs/data-sources/dns_record.md

@@ -0,0 +1,36 @@
+---
+page_title: "freeipa_dns_record Data Source - freeipa"
+description: |-
+FreeIPA DNS Record data source
+---
+
+# freeipa_dns_record (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "freeipa_dns_record" "dns-record-0" {
+  record_name = "test-record-A"
+  zone_name   = "test.example.lan."
+}
+
+data "freeipa_dns_record" "dns-zone-1" {
+  record_name = "10"
+  zone_name   = "23.168.192.in-addr.arpa."
+}
+```
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `record_name` (String) Record name
+- `zone_name` (String) Zone name (FQDN)
+
+### Read-Only
+
+- `id` (String) ID of the resource

docs/data-sources/dns_zone.md

@@ -0,0 +1,53 @@
+---
+page_title: "freeipa_dns_zone Data Source - freeipa"
+description: |-
+FreeIPA DNS Zone resource
+---
+
+# freeipa_dns_zone (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "freeipa_dns_zone" "dns-zone-0" {
+  zone_name       = "test.example.lan."
+}
+
+data "freeipa_dns_zone" "dns-zone-1" {
+  zone_name       = "23.168.192.in-addr.arpa."
+}
+```
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `zone_name` (String) Zone name (FQDN)
+
+### Read-Only
+
+- `admin_email_address` (String) Administrator e-mail address
+- `allow_inline_dnssec_signing` (Boolean) Allow inline DNSSEC signing of records in the zone
+- `allow_ptr_sync` (Boolean) Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the zone
+- `allow_query` (String) Semicolon separated list of IP addresses or networks which are allowed to issue queries
+- `allow_transfer` (String) Semicolon separated list of IP addresses or networks which are allowed to transfer the zone
+- `authoritative_nameserver` (String) Authoritative nameserver domain name
+- `bind_update_policy` (String) BIND update policy
+- `default_ttl` (Number) Time to live for records without explicit TTL definition
+- `disable_zone` (Boolean) Allow disabled the zone
+- `dynamic_updates` (Boolean) Allow dynamic updates
+- `id` (String) ID of the resource
+- `nsec3param_record` (String) NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt
+- `skip_nameserver_check` (Boolean) Force DNS zone creation even if nameserver is not resolvable
+- `skip_overlap_check` (Boolean) Force DNS zone creation even if it will overlap with an existing zone
+- `soa_expire` (Number) SOA record expire time
+- `soa_minimum` (Number) How long should negative responses be cached
+- `soa_refresh` (Number) SOA record refresh time
+- `soa_retry` (Number) SOA record retry time
+- `soa_serial_number` (Number) SOA record serial number
+- `ttl` (Number) Time to live for records at zone apex
+- `zone_forwarders` (List of String) Per-zone forwarders. A custom port can be specified for each forwarder using a standard format IP_ADDRESS port PORT

docs/data-sources/group.md

@@ -0,0 +1,42 @@
+---
+page_title: "freeipa_group Data Source - freeipa"
+description: |-
+FreeIPA User Group data source
+---
+
+# freeipa_group (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "freeipa_group" "group-0" {
+  name = "test-group"
+}
+```
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Group name
+
+### Read-Only
+
+- `description` (String) Group Description
+- `gid_number` (Number) GID (use this option to set it manually)
+- `id` (String) ID of the resource in the terraform state
+- `member_external` (List of String) List of external users (from trusted domain) that are member of this group.
+- `member_group` (List of String) List of groups that are member of this group.
+- `member_indirect_group` (List of String) List of groups that are is indirectly member of this group.
+- `member_indirect_user` (List of String) List of users that are is indirectly member of this group.
+- `member_user` (List of String) List of users that are member of this group.
+- `memberof_group` (List of String) List of groups this group is member of.
+- `memberof_hbacrule` (List of String) List of HBAC rules this group is member of.
+- `memberof_indirect_group` (List of String) List of groups this group is is indirectly member of.
+- `memberof_indirect_hbacrule` (List of String) List of HBAC rules this group is indirectly member of.
+- `memberof_indirect_sudorule` (List of String) List of SUDO rules this group is is indirectly member of.
+- `memberof_sudorule` (List of String) List of SUDO rules this group is member of.

docs/data-sources/hbac_policy.md

@@ -0,0 +1,40 @@
+---
+page_title: "freeipa_hbac_policy Data Source - freeipa"
+description: |-
+FreeIPA User hbac policy data source
+---
+
+# freeipa_hbac_policy (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "freeipa_hbac_policy" "myservers" {
+  name = "myservers"
+}
+```
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Name of the hbac policy
+
+### Read-Only
+
+- `description` (String) Description of the hbac policy
+- `enabled` (Boolean) Enable this hbac policy
+- `hostcategory` (String) Host category the hbac policy is applied to (allowed value: all)
+- `id` (String) ID of the resource in the terraform state
+- `member_group` (List of String) List of user groups member of this hbac policy.
+- `member_host` (List of String) List of hosts member of this hbac policy.
+- `member_hostgroup` (List of String) List of host groups member of this hbac policy.
+- `member_service` (List of String) List of services member of this hbac policy.
+- `member_servicegroup` (List of String) List of service groups member of this hbac policy.
+- `member_user` (List of String) List of users member of this hbac policy.
+- `servicecategory` (String) Command category the hbac policy is applied to (allowed value: all)
+- `usercategory` (String) User category the hbac policy is applied to (allowed value: all)

docs/data-sources/host.md

@@ -0,0 +1,52 @@
+---
+page_title: "freeipa_host Data Source - freeipa"
+description: |-
+FreeIPA Host data source
+---
+
+# freeipa_host (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "freeipa_host" "host-0" {
+  name = "testhost.example.lan"
+}
+```
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Host name
+
+### Optional
+
+- `trusted_for_delegation` (Boolean) Client credentials may be delegated to the service
+
+### Read-Only
+
+- `assigned_idview` (String) Assigned ID View
+- `description` (String) A description of this host
+- `id` (String) ID of the resource in the terraform state
+- `ipasshpubkeys` (List of String) SSH public keys
+- `krb_auth_indicators` (List of String) Defines a whitelist for Authentication Indicators. Use 'otp' to allow OTP-based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA authentications. Other values may be used for custom configurations.
+- `krb_preauth` (Boolean) Pre-authentication is required for the service
+- `locality` (String) Host locality (e.g. 'Baltimore, MD')
+- `location` (String) Host location (e.g. 'Lab 2')
+- `mac_addresses` (List of String) Hardware MAC address(es) on this host
+- `memberof_hbacrule` (List of String) List of HBAC rules this user is member of.
+- `memberof_hostgroup` (List of String) List of hostgroups this user is member of.
+- `memberof_indirect_hbacrule` (List of String) List of HBAC rules this user is indirectly member of.
+- `memberof_indirect_hostgroup` (List of String) List of hostgroups this user is is indirectly member of.
+- `memberof_indirect_sudorule` (List of String) List of SUDO rules this user is is indirectly member of.
+- `memberof_sudorule` (List of String) List of SUDO rules this user is member of.
+- `operating_system` (String) Host operating system and version (e.g. 'Fedora 40')
+- `platform` (String) Host hardware platform (e.g. 'Lenovo T61')
+- `trusted_to_auth_as_delegate` (Boolean) The service is allowed to authenticate on behalf of a client
+- `user_certificates` (List of String) Base-64 encoded host certificate
+- `userclass` (List of String) Host category (semantics placed on this attribute are for local interpretation)

docs/data-sources/hostgroup.md

@@ -0,0 +1,40 @@
+---
+page_title: "freeipa_hostgroup Data Source - freeipa"
+description: |-
+FreeIPA User Group data source
+---
+
+# freeipa_hostgroup (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "freeipa_hostgroup" "hostgroup-0" {
+  name = "testhostgroup"
+}
+```
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Hostgroup name
+
+### Read-Only
+
+- `description` (String) Hostgroup Description
+- `id` (String) ID of the resource in the terraform state
+- `member_host` (List of String) List of hosts that are member of this hostgroup.
+- `member_hostgroup` (List of String) List of hostgroups that are member of this hostgroup.
+- `member_indirect_host` (List of String) List of hosts that are is indirectly member of this hostgroup.
+- `member_indirect_hostgroup` (List of String) List of hostgroups that are is indirectly member of this hostgroup.
+- `memberof_hbacrule` (List of String) List of HBAC rules this hostgroup is member of.
+- `memberof_hostgroup` (List of String) List of hostgroups this hostgroup is member of.
+- `memberof_indirect_hbacrule` (List of String) List of HBAC rules this hostgroup is indirectly member of.
+- `memberof_indirect_hostgroup` (List of String) List of hostgroups this hostgroup is is indirectly member of.
+- `memberof_indirect_sudorule` (List of String) List of SUDO rules this hostgroup is is indirectly member of.
+- `memberof_sudorule` (List of String) List of SUDO rules this hostgroup is member of.

docs/data-sources/sudo_cmdgroup.md

@@ -0,0 +1,31 @@
+---
+page_title: "freeipa_sudo_cmdgroup Data Source - freeipa"
+description: |-
+FreeIPA User sudo command group data source
+---
+
+# freeipa_sudo_cmdgroup (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "freeipa_sudo_cmdgroup" "terminals" {
+  name = "terminals"
+}
+```
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Name of the sudo command group
+
+### Read-Only
+
+- `description` (String) Description of the sudo command group
+- `id` (String) ID of the resource in the terraform state
+- `member_sudocmd` (List of String) List of sudo commands that are member of the sudo command group

docs/data-sources/sudo_rule.md

@@ -0,0 +1,48 @@
+---
+page_title: "freeipa_sudo_rule Data Source - freeipa"
+description: |-
+FreeIPA User sudo rule data source
+---
+
+# freeipa_sudo_rule (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "freeipa_sudo_rule" "operators" {
+  name = "operators"
+}
+```
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Name of the sudo rule
+
+### Read-Only
+
+- `commandcategory` (String) Command category the sudo rule is applied to (allowed value: all)
+- `description` (String) Description of the sudo rule
+- `enabled` (Boolean) Enable this sudo rule
+- `hostcategory` (String) Host category the sudo rule is applied to (allowed value: all)
+- `id` (String) ID of the resource in the terraform state
+- `member_allow_sudo_cmd` (List of String) List of allowed sudo commands member of this sudo rule.
+- `member_allow_sudo_cmdgroup` (List of String) List of allowed sudo command groups member of this sudo rule.
+- `member_deny_sudo_cmd` (List of String) List of denied sudo commands member of this sudo rule.
+- `member_deny_sudo_cmdgroup` (List of String) List of denied sudo command groups member of this sudo rule.
+- `member_group` (List of String) List of user groups member of this sudo rule.
+- `member_host` (List of String) List of hosts member of this sudo rule.
+- `member_hostgroup` (List of String) List of host groups member of this sudo rule.
+- `member_user` (List of String) List of users member of this sudo rule.
+- `option` (List of String) List of options defined for this sudo rule.
+- `order` (Number) Sudo rule order (must be unique)
+- `runasgroup` (List of String) List of groups authorised to be run as.
+- `runasgroupcategory` (String) Run as group category the sudo rule is applied to (allowed value: all)
+- `runasuser` (List of String) List of users authorised to be run as.
+- `runasusercategory` (String) Run as user category the sudo rule is applied to (allowed value: all)
+- `usercategory` (String) User category the sudo rule is applied to (allowed value: all)