The Chainguard Terraform provider manages Chainguard resources (IAM groups, identities, image repos, etc) using Terraform.
The provider is written to be compatible with the Terraform Plugin Framework
Configure the provider in your Terraform config:
terraform {
required_providers {
chainguard = { source = "chainguard-dev/chainguard" }
}
}
By default, the provider will attempt to refresh your Chainguard token when it's expired. You can disable this with:
provider "chainguard" {
login_options {
disabled = true
}
}
Additional options include specifying an identity to assume when authenticating and a verified organization name to use a custom identity provider rather than the Auth0 defaults (GitHub, GitLab, and Google).
Detailed documentation on all available resources can be found under /docs
.
If you wish to work on the provider, you'll first need Go installed on your machine.
If you'd like to compile the provider locally and use it instead of pulling from the Terraform registry, you can configure your Terraform CLI to do so.
cat <<EOF > dev.tfrc
provider_installation {
dev_overrides {
"chainguard-dev/chainguard" = "/path/to/terraform-provider-chainguard"
}
}
EOF
export TF_CLI_CONFIG_FILE=dev.tfrc
To compile the provider, run go install
. This will build the provider and put
the provider binary in the $GOPATH/bin
directory.
To generate or update documentation, run go generate
.
In order to run the full suite of Acceptance tests, run
# Select an existing group id to root tests under
TF_ACC_GROUP_ID=foo
TF_ACC_CONSOLE_API=https://console-api.example.com
TF_ACC_AUDIENCE=https://console-api.example.com
TF_ACC_ISSUER=https://issuer.example.com
TF_ACC=1 go test ./... -v