This Terraform provider allows you to manage WarpGate resources through Terraform. Warpgate is a smart SSH and HTTPS bastion that provides secure access to your infrastructure.
- Clone the repository:
git clone https://github.com/warp-tech/terraform-provider-warpgate.git
cd terraform-provider-warpgate- Build the provider:
make build- Install the provider for local development:
make installThis will build and install the provider into your ~/.terraform.d/plugins directory (or equivalent on Windows/macOS).
To use the provider, define it in your Terraform configuration:
terraform {
required_providers {
warpgate = {
source = "registry.terraform.io/warp-tech/warpgate"
version = "~> 1.0.0"
}
}
}
provider "warpgate" {
host = "https://warpgate.example.com"
token = var.warpgate_token
}You can also use environment variables to configure the provider:
export WARPGATE_HOST="https://warpgate.example.com"
export WARPGATE_TOKEN="your-api-token"warpgate_role- Manage Warpgate roleswarpgate_user- Manage Warpgate userswarpgate_target- Manage Warpgate targets (SSH, HTTP, MySQL, PostgreSQL)warpgate_user_role- Manage role assignments to userswarpgate_target_role- Manage role assignments to targetswarpgate_password_credential- Manage password credentials for userswarpgate_public_key_credential- Manage SSH public key credentials for users
warpgate_role- Retrieve information about a Warpgate rolewarpgate_user- Retrieve information about a Warpgate userwarpgate_target- Retrieve information about a Warpgate target
resource "warpgate_user" "example" {
username = "eugene"
description = "Eugene - WarpGate Developer"
credential_policy {
http = ["Password", "Totp"]
ssh = ["PublicKey"]
mysql = ["Password"]
postgres = ["Password"]
}
}# Add a password credential
resource "warpgate_password_credential" "eugene_password" {
user_id = warpgate_user.example.id
password = var.user_password
}
# Add an SSH public key credential
resource "warpgate_public_key_credential" "eugene_ssh_key" {
user_id = warpgate_user.example.id
label = "Work Laptop"
public_key = "ssh-rsa AAAAB3NzaC1yc2E... [email protected]"
}resource "warpgate_role" "developers" {
name = "developers"
description = "Role for development team"
}resource "warpgate_user_role" "developer_role" {
user_id = warpgate_user.example.id
role_id = warpgate_role.developers.id
}resource "warpgate_target" "app_server" {
name = "app-server"
description = "Application Server"
ssh_options {
host = "10.0.0.10"
port = 22
username = "admin"
# Use either password_auth or public_key_auth
password_auth {
password = var.ssh_password
}
# OR
# public_key_auth {}
}
}resource "warpgate_target" "web_app" {
name = "internal-web-app"
description = "Internal Web Application"
http_options {
url = "https://internal.example.com"
tls {
mode = "Required"
verify = true
}
headers = {
"X-Custom-Header" = "value"
}
}
}resource "warpgate_target" "database" {
name = "mysql-db"
description = "Production MySQL Database"
mysql_options {
host = "db.example.com"
port = 3306
username = "admin"
password = var.db_password
tls {
mode = "Required"
verify = true
}
}
}resource "warpgate_target" "postgres_db" {
name = "postgres-db"
description = "Production PostgreSQL Database"
postgres_options {
host = "postgres.example.com"
port = 5432
username = "admin"
password = var.postgres_password
tls {
mode = "Required"
verify = true
}
}
}resource "warpgate_target_role" "app_server_access" {
target_id = warpgate_target.app_server.id
role_id = warpgate_role.developers.id
}data "warpgate_user" "existing_user" {
id = "existing-user-id"
}
data "warpgate_role" "existing_role" {
id = "existing-role-id"
}
data "warpgate_target" "existing_target" {
id = "existing-target-id"
}You can import existing Warpgate resources into Terraform state:
# Import a user
terraform import warpgate_user.example user-uuid
# Import a role
terraform import warpgate_role.example role-uuid
# Import a target
terraform import warpgate_target.example target-uuid
# Import a user-role association
terraform import warpgate_user_role.example user-uuid:role-uuid
# Import a target-role association
terraform import warpgate_target_role.example target-uuid:role-uuid
# Import a password credential
terraform import warpgate_password_credential.example user-uuid:credential-uuid
# Import a public key credential
terraform import warpgate_public_key_credential.example user-uuid:credential-uuidThe provider supports authentication using an API token. You can generate the token through the Warpgate admin interface.
make docs- Fork the repository
- Create a feature branch:
git checkout -b feature/my-new-feature - Commit your changes:
git commit -am 'Add some feature' - Push to the branch:
git push origin feature/my-new-feature - Submit a pull request
This provider is distributed under the MIT License.