cut new release for terraform-provider-ngrok

.github/workflows/release.yml

@@ -21,7 +21,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.16
+          go-version: 1.17
 
       - name: Import GPG key
         id: import_gpg

CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.1.4 (Unreleased)
+
+ENHANCEMENTS:
+
+* Added `nameid_format` field to the SAML endpoint configuration.
+
 ## 0.1.3 (July 13, 2021)
 
 FIXED:

docs/resources/agent_ingress.md

@@ -0,0 +1,42 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ngrok_agent_ingress Resource - terraform-provider-ngrok"
+subcategory: ""
+description: |-
+  
+---
+
+# ngrok_agent_ingress (Resource)
+
+
+
+## Example Usage
+
+```terraform
+resource "ngrok_agent_ingress" "example" {
+  description = "acme devices"
+  domain = "connect.acme.com"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- **domain** (String) the domain that you own to be used as the base domain name to generate regional agent ingress domains.
+
+### Optional
+
+- **description** (String) human-readable description of the use of this Agent Ingress. optional, max 255 bytes.
+- **metadata** (String) arbitrary user-defined machine-readable data of this Agent Ingress. optional, max 4096 bytes
+- **uri** (String) URI to the API resource of this Agent ingress
+
+### Read-Only
+
+- **created_at** (String) timestamp when the Agent Ingress was created, RFC 3339 format
+- **id** (String) unique Agent Ingress resource identifier
+- **ns_targets** (List of String) a list of target values to use as the values of NS records for the domain property these values will delegate control over the domain to ngrok
+- **region_domains** (List of String) a list of regional agent ingress domains that are subdomains of the value of domain this value may increase over time as ngrok adds more regions
+
+

docs/resources/endpoint_configuration.md

@@ -77,7 +77,7 @@ Optional:
 Optional:
 
 - **allow_options** (Boolean) true or false indicating whether to allow OPTIONS requests through without authentication which is necessary for CORS. default is `false`
-- **auth_provider_id** (String) determines how the basic auth credentials are validated. Currently only the value `agent` is supported which means that credentials will be validated against the username and password specified by the ngrok agent's `-auth` flag, if any.
+- **auth_provider_id** (String) determines how the basic auth credentials are validated. Currently only the value `agent` is supported which means that credentials will be validated against the username and password specified by the ngrok agent's `--basic-auth` flag, if any.
 - **enabled** (Boolean) `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified
 - **realm** (String) an arbitrary string to be specified in as the 'realm' value in the `WWW-Authenticate` header. default is `ngrok`
 
@@ -285,6 +285,7 @@ Optional:
 - **inactivity_timeout** (Number) Integer number of seconds of inactivity after which if the user has not accessed the endpoint, their session will time out and they will be forced to reauthenticate.
 - **maximum_duration** (Number) Integer number of seconds of the maximum duration of an authenticated session. After this period is exceeded, a user must reauthenticate.
 - **metadata_url** (String) A public URL where the SP's metadata is hosted. If an IdP supports dynamic configuration, this is the URL it can use to retrieve the SP metadata.
+- **nameid_format** (String) Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` will be used. A subset of the allowed values enumerated by the SAML specification are supported.
 - **options_passthrough** (Boolean) Do not enforce authentication on HTTP OPTIONS requests. necessary if you are supporting CORS.
 - **request_signing_certificate_pem** (String) PEM-encoded x.509 certificate of the key pair that is used to sign all SAML requests that the ngrok SP makes to the IdP. Many IdPs do not support request signing verification, but we highly recommend specifying this in the IdP's configuration if it is supported.
 - **single_logout_url** (String) The public URL of the SP's Single Logout Service. This is where the IdP will redirect to during a single logout flow. This will optionally need to be specified to the IdP as configuration.
@@ -306,7 +307,7 @@ Optional:
 Optional:
 
 - **enabled** (Boolean) `true` if the module will be applied to traffic, `false` to disable. default `true` if unspecified
-- **provider** (String) a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers: `SLACK`, `SNS`, `STRIPE`, `GITHUB`, `TWILIO`, `SHOPIFY`, `GITLAB`, `INTERCOM`.
+- **provider** (String) a string indicating which webhook provider will be sending webhooks to this endpoint. Value must be one of the supported providers: `SLACK`, `SNS`, `STRIPE`, `GITHUB`, `TWILIO`, `SHOPIFY`, `GITLAB`, `INTERCOM`, `SENDGRID`, `XERO`, `PAGERDUTY`.
 - **secret** (String, Sensitive) a string secret used to validate requests from the given provider. All providers except AWS SNS require a secret
 
 

docs/resources/event_destination.md

@@ -71,7 +71,7 @@ Optional:
 <a id="nestedblock--target--cloudwatch_logs--auth--creds"></a>
 ### Nested Schema for `target.cloudwatch_logs.auth.role`
 
-Optional:
+Required:
 
 - **aws_access_key_id** (String) The ID portion of an AWS access key.
 - **aws_secret_access_key** (String) The secret portion of an AWS access key.
@@ -80,7 +80,7 @@ Optional:
 <a id="nestedblock--target--cloudwatch_logs--auth--role"></a>
 ### Nested Schema for `target.cloudwatch_logs.auth.role`
 
-Optional:
+Required:
 
 - **role_arn** (String) An ARN that specifies the role that ngrok should use to deliver to the configured target.
 
@@ -115,7 +115,7 @@ Optional:
 <a id="nestedblock--target--firehose--auth--creds"></a>
 ### Nested Schema for `target.firehose.auth.role`
 
-Optional:
+Required:
 
 - **aws_access_key_id** (String) The ID portion of an AWS access key.
 - **aws_secret_access_key** (String) The secret portion of an AWS access key.
@@ -124,7 +124,7 @@ Optional:
 <a id="nestedblock--target--firehose--auth--role"></a>
 ### Nested Schema for `target.firehose.auth.role`
 
-Optional:
+Required:
 
 - **role_arn** (String) An ARN that specifies the role that ngrok should use to deliver to the configured target.
 
@@ -150,7 +150,7 @@ Optional:
 <a id="nestedblock--target--kinesis--auth--creds"></a>
 ### Nested Schema for `target.kinesis.auth.role`
 
-Optional:
+Required:
 
 - **aws_access_key_id** (String) The ID portion of an AWS access key.
 - **aws_secret_access_key** (String) The secret portion of an AWS access key.
@@ -159,7 +159,7 @@ Optional:
 <a id="nestedblock--target--kinesis--auth--role"></a>
 ### Nested Schema for `target.kinesis.auth.role`
 
-Optional:
+Required:
 
 - **role_arn** (String) An ARN that specifies the role that ngrok should use to deliver to the configured target.
 

docs/resources/event_subscription.md

@@ -14,11 +14,11 @@ description: |-
 
 ```terraform
 resource "ngrok_event_subscription" "example" {
-  description = "low sampling, basic HTTP logs"
-  destination_ids = [ "ed_1ro7aylyqQ1LLMWNWrOISvlfveQ" ]
+  description = "ip policy creations"
+  destination_ids = [ "ed_25auH2H0JNlDGXUH01Z3sZdgFFM" ]
   metadata = "{\"environment\": \"staging\"}"
   sources [ {
-    type = "http_request_complete"
+    type = "ip_policy_created.v0"
   } ]
 }
 ```
@@ -29,7 +29,7 @@ resource "ngrok_event_subscription" "example" {
 ### Optional
 
 - **description** (String) Arbitrary customer supplied information intended to be human readable. Optional, max 255 chars.
-- **destination_ids** (List of String) A list of Event Destination IDs which should be used for this Event Stream. Event Streams are required to have at least one Event Destination.
+- **destination_ids** (List of String) A list of Event Destination IDs which should be used for this Event Subscription.
 - **id** (String) Unique identifier for this Event Subscription.
 - **metadata** (String) Arbitrary customer supplied information intended to be machine readable. Optional, max 4096 chars.
 - **sources** (Block List) Sources containing the types for which this event subscription will trigger (see [below for nested schema](#nestedblock--sources))

docs/resources/ip_policy.md

@@ -28,12 +28,9 @@ resource "ngrok_ip_policy" "example" {
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
-### Required
-
-- **action** (String) the IP policy action. Supported values are `allow` or `deny`
-
 ### Optional
 
+- **action** (String) this field is deprecated. Please leave it empty and use the ip policy rule object's "action" field instead. It is temporarily retained for backwards compatibility reasons.
 - **description** (String) human-readable description of the source IPs of this IP policy. optional, max 255 bytes.
 - **metadata** (String) arbitrary user-defined machine-readable data of this IP policy. optional, max 4096 bytes.
 

docs/resources/ip_policy_rule.md

@@ -18,7 +18,7 @@ IP Policy Rules are the IPv4 or IPv6 CIDRs entries that
 resource "ngrok_ip_policy_rule" "example" {
   cidr = "212.3.14.0/24"
   description = "nyc office"
-  ip_policy_id = "ipp_1rV56VrAxesFteoj4XZxaaYyvXo"
+  ip_policy_id = "ipp_25auGv9R7vPmi6NKs5Cxcyzc2Cm"
 }
 ```
 
@@ -32,6 +32,7 @@ resource "ngrok_ip_policy_rule" "example" {
 
 ### Optional
 
+- **action** (String) the action to apply to the policy rule, either `allow` or `deny`
 - **description** (String) human-readable description of the source IPs of this IP rule. optional, max 255 bytes.
 - **id** (String) unique identifier for this IP policy rule
 - **metadata** (String) arbitrary user-defined machine-readable data of this IP policy rule. optional, max 4096 bytes.

docs/resources/ip_restriction.md

@@ -4,7 +4,7 @@ page_title: "ngrok_ip_restriction Resource - terraform-provider-ngrok"
 subcategory: ""
 description: |-
   An IP restriction is a restriction placed on the CIDRs that are allowed to
-   initate traffic to a specific aspect of your ngrok account. An IP
+   initiate traffic to a specific aspect of your ngrok account. An IP
    restriction has a type which defines the ingress it applies to. IP
    restrictions can be used to enforce the source IPs that can make API
    requests, log in to the dashboard, start ngrok agents, and connect to your
@@ -14,7 +14,7 @@ description: |-
 # ngrok_ip_restriction (Resource)
 
 An IP restriction is a restriction placed on the CIDRs that are allowed to
- initate traffic to a specific aspect of your ngrok account. An IP
+ initiate traffic to a specific aspect of your ngrok account. An IP
  restriction has a type which defines the ingress it applies to. IP
  restrictions can be used to enforce the source IPs that can make API
  requests, log in to the dashboard, start ngrok agents, and connect to your
@@ -24,7 +24,7 @@ An IP restriction is a restriction placed on the CIDRs that are allowed to
 
 ```terraform
 resource "ngrok_ip_restriction" "example" {
-  ip_policy_ids = [ "ipp_1rV5CMI1Aw8MiqWtjlQCyDDEWnQ" ]
+  ip_policy_ids = [ "ipp_25auGwa4eEWUeCOBfCZkwtwqFey" ]
   type = "dashboard"
 }
 ```

docs/resources/reserved_domain.md

@@ -20,7 +20,7 @@ Reserved Domains are hostnames that you can listen for traffic on. Domains
 
 ```terraform
 resource "ngrok_reserved_domain" "example" {
-  certificate_id = "cert_1rV51OQetZPK9V6vTWUVy3Onjir"
+  certificate_id = "cert_25auGELSEngiae3wzmLLesiZn8h"
   name = "myapp.mydomain.com"
   region = "us"
 }
@@ -35,6 +35,7 @@ resource "ngrok_reserved_domain" "example" {
 
 ### Optional
 
+- **acme_challenge_cname_target** (String) DNS CNAME target for the host _acme-challenge.example.com, where example.com is your reserved domain name. This is required to issue certificates for wildcard, non-ngrok reserved domains. Must be null for non-wildcard domains and ngrok subdomains.
 - **certificate_id** (String) ID of a user-uploaded TLS certificate to use for connections to targeting this domain. Optional, mutually exclusive with `certificate_management_policy`.
 - **certificate_management_policy** (Block Set) configuration for automatic management of TLS certificates for this domain, or null if automatic management is disabled (see [below for nested schema](#nestedblock--certificate_management_policy))
 - **cname_target** (String) DNS CNAME target for a custom hostname, or null if the reserved domain is a subdomain of *.ngrok.io

docs/resources/ssh_host_certificate.md

@@ -21,8 +21,8 @@ resource "ngrok_ssh_host_certificate" "example" {
   description = "personal server"
   principals = [ "inconshreveable.com", "10.2.42.9" ]
   public_key = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI3oSgxrOEJ+tIJ/n6VYtxQIFvynqlOHpfOAJ4x4OfmMYDkbf8dr6RAuUSf+ZC2HMCujta7EjZ9t+6v08Ue+Cgk= inconshreveable.com"
-  ssh_certificate_authority_id = "sshca_1rV5GiTaiBQg8AtJiyiVeNKzYiR"
-  valid_until = "2021-07-20T23:38:42Z"
+  ssh_certificate_authority_id = "sshca_25auH7sr0BYJFNyfJUwXPzyyFAz"
+  valid_until = "2022-05-26T08:23:47Z"
 }
 ```
 

docs/resources/ssh_user_certificate.md

@@ -21,8 +21,8 @@ resource "ngrok_ssh_user_certificate" "example" {
   description = "temporary access to staging machine"
   principals = [ "ec2-user", "root" ]
   public_key = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK58lFzmWlDimDtBz78wVT4oauA8PjY0CiXTCEIsBNC6UwOJvZ0jdSaYNhDaa7dRV84DfBb/gKzqlXC7cVMZjl0= alan@work-laptop"
-  ssh_certificate_authority_id = "sshca_1rV5G33U0TV5AFqiEfKcjOi8W4t"
-  valid_until = "2021-07-20T23:38:37Z"
+  ssh_certificate_authority_id = "sshca_25auH5JtiUPW9eMiXYzujvcpkGW"
+  valid_until = "2022-05-26T08:23:47Z"
 }
 ```
 

examples/resources/ngrok_agent_ingress/resource.tf

@@ -0,0 +1,6 @@
+
+resource "ngrok_agent_ingress" "example" {
+  description = "acme devices"
+  domain = "connect.acme.com"
+}
+

examples/resources/ngrok_event_subscription/resource.tf

@@ -1,10 +1,10 @@
 
 resource "ngrok_event_subscription" "example" {
-  description = "low sampling, basic HTTP logs"
-  destination_ids = [ "ed_1ro7aylyqQ1LLMWNWrOISvlfveQ" ]
+  description = "ip policy creations"
+  destination_ids = [ "ed_25auH2H0JNlDGXUH01Z3sZdgFFM" ]
   metadata = "{\"environment\": \"staging\"}"
   sources [ {
-    type = "http_request_complete"
+    type = "ip_policy_created.v0"
   } ]
 }
 

examples/resources/ngrok_ip_policy_rule/resource.tf

@@ -2,6 +2,6 @@
 resource "ngrok_ip_policy_rule" "example" {
   cidr = "212.3.14.0/24"
   description = "nyc office"
-  ip_policy_id = "ipp_1rV56VrAxesFteoj4XZxaaYyvXo"
+  ip_policy_id = "ipp_25auGv9R7vPmi6NKs5Cxcyzc2Cm"
 }
 

examples/resources/ngrok_ip_restriction/resource.tf

@@ -1,6 +1,6 @@
 
 resource "ngrok_ip_restriction" "example" {
-  ip_policy_ids = [ "ipp_1rV5CMI1Aw8MiqWtjlQCyDDEWnQ" ]
+  ip_policy_ids = [ "ipp_25auGwa4eEWUeCOBfCZkwtwqFey" ]
   type = "dashboard"
 }
 

examples/resources/ngrok_reserved_domain/resource.tf

@@ -1,6 +1,6 @@
 
 resource "ngrok_reserved_domain" "example" {
-  certificate_id = "cert_1rV51OQetZPK9V6vTWUVy3Onjir"
+  certificate_id = "cert_25auGELSEngiae3wzmLLesiZn8h"
   name = "myapp.mydomain.com"
   region = "us"
 }

examples/resources/ngrok_ssh_host_certificate/resource.tf

@@ -3,7 +3,7 @@ resource "ngrok_ssh_host_certificate" "example" {
   description = "personal server"
   principals = [ "inconshreveable.com", "10.2.42.9" ]
   public_key = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI3oSgxrOEJ+tIJ/n6VYtxQIFvynqlOHpfOAJ4x4OfmMYDkbf8dr6RAuUSf+ZC2HMCujta7EjZ9t+6v08Ue+Cgk= inconshreveable.com"
-  ssh_certificate_authority_id = "sshca_1rV5GiTaiBQg8AtJiyiVeNKzYiR"
-  valid_until = "2021-07-20T23:38:42Z"
+  ssh_certificate_authority_id = "sshca_25auH7sr0BYJFNyfJUwXPzyyFAz"
+  valid_until = "2022-05-26T08:23:47Z"
 }
 

examples/resources/ngrok_ssh_user_certificate/resource.tf

@@ -3,7 +3,7 @@ resource "ngrok_ssh_user_certificate" "example" {
   description = "temporary access to staging machine"
   principals = [ "ec2-user", "root" ]
   public_key = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK58lFzmWlDimDtBz78wVT4oauA8PjY0CiXTCEIsBNC6UwOJvZ0jdSaYNhDaa7dRV84DfBb/gKzqlXC7cVMZjl0= alan@work-laptop"
-  ssh_certificate_authority_id = "sshca_1rV5G33U0TV5AFqiEfKcjOi8W4t"
-  valid_until = "2021-07-20T23:38:37Z"
+  ssh_certificate_authority_id = "sshca_25auH5JtiUPW9eMiXYzujvcpkGW"
+  valid_until = "2022-05-26T08:23:47Z"
 }