dave/terraform-provider-system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
76 Commits 1 Branch 0 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
dave 0fc678bfdd add package and ssh tests
2026-02-12 12:42:54 -05:00
examples
initial commit - scaffolding
2023-02-06 13:28:08 -08:00
internal/provider
add package and ssh tests
2026-02-12 12:42:54 -05:00
system
add package and ssh tests
2026-02-12 12:42:54 -05:00
test/tf
add file data source, update deps
2025-11-25 11:25:41 -05:00
testutil
refactor container test fixture to be more customizable
2026-02-02 17:43:05 -05:00
.gitignore
more base layout and setup
2023-02-06 17:27:43 -08:00
go.mod
wait for ssh container to start, access it in tests
2025-12-30 11:11:12 -05:00
go.sum
wait for ssh container to start, access it in tests
2025-12-30 11:11:12 -05:00
main.go
file cleanup
2025-12-08 10:28:17 -05:00
Makefile
add base cmd resource
2026-01-28 17:53:49 -05:00
README.md
add suffix validator
2026-02-09 15:28:17 -05:00

README.md

terraform-provider-system

Host-level configuration management via terraform

Items of Note

On setting permissions/owner/group to null

Linux/unix systems automatically set ownership/group to the acting user creating the file. Umask controls the permissions of newly created files. These behaviors are favored over this provider having some default for either.

Why int64 for uid/gid?

Possible values in the field dictate it:

  • Modern linux allows for up to UINT32_MAX
  • Some OSes use negative values for Uid/Gid. For example, nobody on hp-ux is uid -2 gid -1
  • Therefore, a signed value is needed and 32 bits is not enough
  • Terraform provides int64, a perfect match
  • TODO ensure this is used consistently throughout the provider

Using privilege escalation

The provider can escalate privileges, using sudo, with some limitations:

  • Sudo binary must be present
  • Sudoing must be passwordless
  • File operations:
    • Supported in SSH mode only, not local
    • In SSH mode, the target server must use a standalone sftp server - not internal-sftp
  • Run command: not supported
  • Package management: supported
  • Service management: supported

Notes

IsUnknown() -> whether or not the attribute is set in the terraform config. Setting attr=null counts as unknown.

Planned Resources / Data Sources

"Phase 1"

Item Type Comment
File Both Text contents, base64 binary contents, line in file/absent, file absent
Directory Both Present, absent, data source lists children
Package Both Just apt for now, package present/absent, debconf options, datasource lists packages
Command Both Run command once and store result in state. Data source just runs it
Service Both Just systemd for now, manage unit file by section
User Resource No datasource, SysInfo covers this
Group Resource No datasource, SysInfo covers this
SysInfo Data Provides information about the system, such as OS flavor, hostname, primary ip, disks, users, groups, etc

"Phase 2" resources

  • User
  • Group
  • Cronjob
  • Application-specific package managers
    • Pip (actual pip)
    • Pip (via uv)

Other TODO

  • Look into ssh max sessions - what happens when we hit the cap? Do we need to self limit? Provider setting for limit?
  • Change file resource so that:
    • Contents attribute is optional, and leaving it out just touches the file
    • Or, other options such as line-in-file, similar to ansible, can be used
Reference in New Issue View Git Blame Copy Permalink
Description
terraform provider for managing resources on a linux system e.g. configuration management
Readme 454 KiB
Languages
Go 98.9%
HCL 0.7%
Makefile 0.4%