diff --git a/docs/index.md b/docs/index.md
index 67d8b05..4ea45e8 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -19,6 +19,7 @@ description: |-
- `address_filter` (List of String) List of network cidr's to filter addresses used to connect to nixos_instance resources
- `address_priority` (Map of Number) Map of network cidr's with associated weight which will affect address ordering for nixos_isntance resource
+- `bastion` (Block Set, Max: 1) SSH configuration for bastion server (see [below for nested schema](#nestedblock--bastion))
- `nix` (Block Set, Max: 1) Nix package manager configuration options (see [below for nested schema](#nestedblock--nix))
- `retry` (Number) Amount of retries for retryable operations
- `retry_wait` (Number) Amount of seconds to wait between retries
@@ -26,6 +27,17 @@ description: |-
- `secrets` (Block Set, Max: 1) Describes secrets settings (see [below for nested schema](#nestedblock--secrets))
- `ssh` (Block Set, Max: 1) SSH protocol settings (see [below for nested schema](#nestedblock--ssh))
+
+### Nested Schema for `bastion`
+
+Optional:
+
+- `config` (Map of String) SSH configuration map
+- `host` (String) SSH bastion remote hostname
+- `port` (Number) SSH remote port
+- `user` (String) SSH remote user name
+
+
### Nested Schema for `nix`
@@ -98,17 +110,6 @@ Optional:
Optional:
-- `bastion` (Block Set, Max: 1) SSH configuration for bastion server (see [below for nested schema](#nestedblock--ssh--bastion))
-- `config` (Map of String) SSH configuration map
-- `port` (Number) SSH remote port
-- `user` (String) SSH remote user name
-
-
-### Nested Schema for `ssh.bastion`
-
-Optional:
-
- `config` (Map of String) SSH configuration map
-- `host` (String) SSH remote hostname
- `port` (Number) SSH remote port
- `user` (String) SSH remote user name
diff --git a/docs/resources/instance.md b/docs/resources/instance.md
index 4af77ec..ecef1f6 100644
--- a/docs/resources/instance.md
+++ b/docs/resources/instance.md
@@ -22,6 +22,7 @@ NixOS instance
### Optional
+- `bastion` (Block Set, Max: 1) SSH configuration for bastion server (see [below for nested schema](#nestedblock--bastion))
- `derivations` (Block List) List of derivations which is built during apply (see [below for nested schema](#nestedblock--derivations))
- `nix` (Block Set, Max: 1) Nix package manager configuration options (see [below for nested schema](#nestedblock--nix))
- `secret` (Block Set) Describes secret which should be transfered to host (see [below for nested schema](#nestedblock--secret))
@@ -35,6 +36,17 @@ NixOS instance
- `id` (String) The ID of this resource.
- `secret_fingerprint` (Map of String) Secrets state fingerprint information which is used to maintain state
+
+### Nested Schema for `bastion`
+
+Optional:
+
+- `config` (Map of String) SSH configuration map
+- `host` (String) SSH bastion remote hostname
+- `port` (Number) SSH remote port
+- `user` (String) SSH remote user name
+
+
### Nested Schema for `derivations`
@@ -116,18 +128,7 @@ Optional:
Optional:
-- `bastion` (Block Set, Max: 1) SSH configuration for bastion server (see [below for nested schema](#nestedblock--ssh--bastion))
-- `config` (Map of String) SSH configuration map
-- `port` (Number) SSH remote port
-- `user` (String) SSH remote user name
-
-
-### Nested Schema for `ssh.bastion`
-
-Optional:
-
- `config` (Map of String) SSH configuration map
-- `host` (String) SSH remote hostname
- `port` (Number) SSH remote port
- `user` (String) SSH remote user name
diff --git a/makefile b/makefile
index 513d12c..d363202 100644
--- a/makefile
+++ b/makefile
@@ -2,6 +2,7 @@
.ONESHELL:
export TF_LOG ?= ERROR
+export SSH_AUTH_SOCK =
root = $(dir $(abspath $(firstword $(MAKEFILE_LIST))))
result = $(root)/result/libexec/terraform-providers
diff --git a/provider/provider.go b/provider/provider.go
index 8f52a25..b05ede3 100644
--- a/provider/provider.go
+++ b/provider/provider.go
@@ -229,8 +229,8 @@ func (p *Provider) SshSettings(resource ResourceBox) map[string]interface{} {
return p.settings(resource, KeySsh)
}
-func (p *Provider) SshBastionSettings(resource ResourceBox) map[string]interface{} {
- return p.settings(resource, KeySsh, KeySshBastion)
+func (p *Provider) BastionSettings(resource ResourceBox) map[string]interface{} {
+ return p.settings(resource, KeyBastion)
}
func (p *Provider) SshConfigMap(settings map[string]interface{}) *SshConfigMap {
@@ -298,7 +298,7 @@ func (p *Provider) NewSsh(resource ResourceBox) *Ssh {
settings = p.SshSettings(resource)
configMap = p.SshConfigMap(settings)
- bastionSettings = p.SshBastionSettings(resource)
+ bastionSettings = p.BastionSettings(resource)
)
bastionHost, _ := bastionSettings[KeySshHost].(string)
diff --git a/provider/schema.go b/provider/schema.go
index c012647..560ec9f 100644
--- a/provider/schema.go
+++ b/provider/schema.go
@@ -50,12 +50,13 @@ const (
//
- KeySsh = "ssh"
- KeySshHost = "host"
- KeySshUser = "user"
- KeySshPort = "port"
- KeySshConfig = "config"
- KeySshBastion = "bastion"
+ KeySsh = "ssh"
+ KeySshHost = "host"
+ KeySshUser = "user"
+ KeySshPort = "port"
+ KeySshConfig = "config"
+
+ KeyBastion = "bastion"
//
@@ -112,35 +113,32 @@ var (
DefaultFunc: DefaultSshConfig,
},
}
+ ProviderSchemaSsh = SchemaWithDefaultFuncCtr(DefaultMapFromSchema, &schema.Schema{
+ Description: "SSH protocol settings",
+ Type: schema.TypeSet,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: ProviderSchemaSshMap,
+ },
+ Optional: true,
+ })
+
ProviderSchemaBastionMap = SchemaMapExtend(
ProviderSchemaSshMap,
map[string]*schema.Schema{
KeySshHost: {
- Description: "SSH remote hostname",
+ Description: "SSH bastion remote hostname",
Type: schema.TypeString,
Optional: true,
},
},
)
- ProviderSchemaSsh = SchemaWithDefaultFuncCtr(DefaultMapFromSchema, &schema.Schema{
- Description: "SSH protocol settings",
+ ProviderSchemaBastion = SchemaWithDefaultFuncCtr(DefaultMapFromSchema, &schema.Schema{
+ Description: "SSH configuration for bastion server",
Type: schema.TypeSet,
MaxItems: 1,
Elem: &schema.Resource{
- Schema: SchemaMapExtend(
- ProviderSchemaSshMap,
- map[string]*schema.Schema{
- KeySshBastion: {
- Description: "SSH configuration for bastion server",
- Type: schema.TypeSet,
- MaxItems: 1,
- Elem: &schema.Resource{
- Schema: ProviderSchemaBastionMap,
- },
- Optional: true,
- },
- },
- ),
+ Schema: ProviderSchemaBastionMap,
},
Optional: true,
})
@@ -381,6 +379,7 @@ var (
KeyNix: ProviderSchemaNix,
KeySsh: ProviderSchemaSsh,
+ KeyBastion: ProviderSchemaBastion,
KeySecrets: ProviderSchemaSecrets,
KeySecret: ProviderSchemaSecret,
}
@@ -424,6 +423,7 @@ var (
KeyNix: ProviderSchemaNix,
KeySsh: ProviderSchemaSsh,
+ KeyBastion: ProviderSchemaBastion,
KeySecrets: ProviderSchemaSecrets,
KeySecret: ProviderSchemaSecret,
diff --git a/provider/schema_test.go b/provider/schema_test.go
index f94a507..32093ad 100644
--- a/provider/schema_test.go
+++ b/provider/schema_test.go
@@ -56,10 +56,10 @@ resource "nixos_instance" "test2" {
pubKeyAuthentication = "no"
passwordAuthentication = "yes"
}
- bastion {
- host = "127.0.0.1"
- port = 2222
- }
+ }
+ bastion {
+ host = "127.0.0.1"
+ port = 2222
}
}
`
@@ -78,15 +78,15 @@ provider "nixos" {
pubKeyAuthentication = "no"
passwordAuthentication = "yes"
}
- bastion {
- host = "127.0.0.1"
- port = 2222
- config = {
- userKnownHostsFile = "/dev/null"
- strictHostKeyChecking = "no"
- pubKeyAuthentication = "no"
- passwordAuthentication = "yes"
- }
+ }
+ bastion {
+ host = "127.0.0.1"
+ port = 2222
+ config = {
+ userKnownHostsFile = "/dev/null"
+ strictHostKeyChecking = "no"
+ pubKeyAuthentication = "no"
+ passwordAuthentication = "yes"
}
}
secrets {
@@ -152,8 +152,8 @@ func TestResourceNixosInstance(t *testing.T) {
CheckEqual(t, "nixos_instance.test2", "address.2", ""),
CheckEqual(t, "nixos_instance.test2", "configuration", "../test/test.nix"),
CheckEqual(t, "nixos_instance.test2", "ssh.0.port", "2222"),
- CheckEqual(t, "nixos_instance.test2", "ssh.0.bastion.0.host", "127.0.0.1"),
- CheckEqual(t, "nixos_instance.test2", "ssh.0.bastion.0.port", "2222"),
+ CheckEqual(t, "nixos_instance.test2", "bastion.0.host", "127.0.0.1"),
+ CheckEqual(t, "nixos_instance.test2", "bastion.0.port", "2222"),
),
},
{
diff --git a/test/main.tf b/test/main.tf
index 54b4461..9580b4e 100644
--- a/test/main.tf
+++ b/test/main.tf
@@ -19,10 +19,10 @@ provider "nixos" {
pubKeyAuthentication = "no"
passwordAuthentication = "yes"
}
- bastion {
- host = "127.0.0.1"
- port = 777
- }
+ }
+ bastion {
+ host = "127.0.0.1"
+ port = 777
}
}
@@ -41,10 +41,10 @@ resource "nixos_instance" "test" {
pubKeyAuthentication = "no"
passwordAuthentication = "yes"
}
- bastion {
- host = "127.0.0.1"
- port = 2222
- }
+ }
+ bastion {
+ host = "127.0.0.1"
+ port = 2222
}
secret {