Add published documentation

Author: loafoe

docs/data-sources/credentials_access.md

@@ -0,0 +1,52 @@
+# hsdp_credentials_access
+
+Gets credentials for an S3 Credentials access
+
+## Example Usage
+
+```hcl
+data "hsdp_credentials_access" "my_access" {
+   product_key = var.product_key
+   username = "my_iam_login"
+   password = "MyP@ssw0rd"
+}
+```
+
+```hcl
+output "s3_credentials" {
+   value = data.hsdp_credentials_access.my_access.access
+}
+```
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `access` - JSON response to access request
+
+Example output:
+```json
+[
+  {
+    "allowed": {
+      "resources": [
+        "978abfcc-6327-4373-86b4-3eb4ec8cce0f/*"
+      ],
+      "actions": [
+        "GET",
+        "PUT",
+        "LIST",
+        "DELETE",
+        "ALL_OBJECT"
+      ]
+    },
+    "credentials": {
+      "accessKey": "PV86FAKEdquKdxDeTZ4s",
+      "secretKey": "6qqXSECRETZqlP6fhkAuiIAdQyv2pvwL5mAQyOpc",
+      "sessionToken": "AnotherFakeSecretTokenThPRGFvODdRVUdjWGl4bzM3WERqQnZ1bDMya3JxdlNpb3FYM01MSFdDZkZRSmZ4VGZoa05qUEJrNUdzRUZ0U3BKRHo1T0g0OGZ3bXd3bWowUzVxYTFLaG9LcnB2YWxHUXZuUTdjTks5VXNQMWVVbXhyQWhvcERidzRodkxMSWh2S25CTFgwZFBTU2ppUkc1ZlJHRGlhRHo3dnNrUHFFZnFYd0o3ZWFZYTlIM1ZMUk9CZ0JjdmgzaHIyU1lOTkNmWmdudEhtN1k2eGw0dWlFVWpNY3dTVjFRQklnamlzbGNPQmJkSmgyb0IyVlZzOU9NaEtHdmFNMFVqa0M5OEs4OWxCWnY4cEs4ZGtUZVhIVngzRjB5eUtJRVFqYVlxVE9PZjNIVXREYUJtMlh2Wk1CeW1zZXgza3RZVFhpRXBKeDBNMGpWbnVwN1NQbnpGVnFQYkJOdlNaZFZZcjFRR0g5Z2V5MENEcGFPNjJyTXVrbXZOd2E5ekFvM0NuUGVZMHdtQmk5a09NcE84ZTlsb21COVIwOER6WlNVdWhPUTdEanZGcFdlTXZ5TkUzajBBZERPSUJ5c1RrYVhZUUVoMUNTWWV4SVBSSXNjVHJOS1lqVmNLTXg0N3NMN0dnU2R4eGtrQlFoNU1vVG1FeXpQcTdFWGVpVXgyM1cK",
+      "expires": "2019-02-20T20:58:10.000",
+      "bucket": "cf-s3-eb78633b-7833-4953-aa58-cee7d854812b"
+    }
+  }
+]
+```

docs/data-sources/credentials_policy.md

@@ -0,0 +1,43 @@
+# hsdp_credentials_policy
+
+Gets information on defined S3 Credential policies
+
+> This resource is only available when `credentials_url` is set in the provider config
+
+## Example Usage
+
+```hcl
+data "hsdp_credentials_policy" "my_org_policies" {
+   product_key = var.product_key
+   username = "my_iam_login"
+   password = "MyP@ssw0rd"
+
+   filter {
+      managing_org = var.my_org_id
+   }
+}
+```
+
+```hcl
+output "s3_credential_policies_my_org" {
+   value = data.hsdp_credentials_policy.my_org_policies.policies
+}
+```
+## Argument Reference
+
+The following arguments are supported:
+* `product_key` - (Required) The product key under which to search for policies 
+* `username` - (Optional) The IAM username to authenticate under 
+* `password` - (Optional) The password of `username`
+* `filter` - (Required) The filter conditions block for selecting policies
+
+### filter options
+* `id` - (Optional) The id (uuid) of the filter 
+* `managing_org` - (Optional) Finds policies under `managing_org` (uuid)
+* `group_name` - (Optional) Find policies assigned to this group
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `policies` - JSON array of policies found using supplied filter values

docs/data-sources/iam_introspect.md

@@ -0,0 +1,23 @@
+# hsdp_iam_introspect
+
+Introspects the ORG admin account in use by the provider
+
+## Example Usage
+
+```hcl
+data "hsdp_iam_introspect" "admin" {}
+```
+
+```hcl
+output "admins_org" {
+   value = data.hsdp_iam_introspect.admin.managing_organization
+}
+```
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `managing_organization` - The managing organization of the Org admin user
+* `username` - The username (email) of the Org admin user
+* `token` - The current session token

docs/data-sources/iam_permissions.md

@@ -0,0 +1,21 @@
+# hsdp_iam_permission
+
+Retrieves all available permissions
+
+## Example Usage
+
+```hcl
+data "hsdp_iam_permissions" "list" {}
+```
+
+```hcl
+output "all_permissions" {
+   value = data.hsdp_iam_permissions.list.permissions
+}
+```
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `permissions` - The list of permissions

docs/data-sources/iam_user.md

@@ -0,0 +1,35 @@
+Provides details of a given HSDP IAM user. 
+
+>Typically this resource is used to only test account. We highly recommend using the IAM Self serviceUI which HSDP provides for day to day user management tasks
+
+## Example Usage
+
+```hcl
+data "hsdp_iam_user" "john" {
+  username = "john.doe@1e100.io"
+}
+```
+
+```hcl
+output "johns_uuid" {
+   value = data.hsdp_iam_user.john.uuid
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `username` - (Required) The username/email of the user in HSDP IAM
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `uuid` - The UUID of the user
+
+## Error conditions
+
+If the user does not fall under the given organization administration lookup may fail. In that case the lookup will return the following error
+
+`responseCode: 4010`

docs/index.md

@@ -0,0 +1,92 @@
+# HSDP Provider
+
+The HSDP provider is used to interact with HSDP REST APIs to perform adminstrative configuration of platform 
+resources.
+
+## Example Usage
+
+```hcl
+# Many variables are optional
+
+variable "region" {}
+variable "environment" {}
+variable "iam_url" {}
+variable "idm_url" {}
+variable "oauth2_client_id" {}
+variable "oauth2_password" {}
+variable "org_id" {}
+variable "org_admin_username" {}
+variable "org_admin_password" {}
+variable "shared_key" {}
+variable "secret_key" {}
+variable "cartel_host" {}
+variable "cartel_token" {}
+variable "cartel_secret" {}
+variable "cartel_skip_verify" {}
+variable "cartel_no_tls" {}
+variable "retry_max"
+
+
+## Configure the HSDP Provider
+
+provider "hsdp" {
+  region             = "us-east"
+  environment        = "client-test"
+  iam_url            = var.iam_url
+  idm_url            = var.idm_url
+  oauth2_client_id   = var.oauth2_client_id
+  oauth2_password    = var.oauth2_password
+  org_id             = var.org_id
+  org_admin_username = var.org_admin_username
+  org_admin_password = var.org_admin_password
+  shared_key         = var.shared_key
+  secret_key         = var.secret_key
+  debug              = true
+  debug_log          = "/tmp/provider.log"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional) The HSDP region to use [us-east, eu-west, sa1, ...]
+
+* `environment` - (Optional) The HSDP environment to use within region [client-test, prod]
+
+* `iam_url` - (Optional) IAM API endpoint (e.g. https://iam-client-test.us-east.philips-healthsuite.com). Auto-discovered when region and environment are specified.
+
+* `idm_url` - (Optioanl) IDM API endpoint (e.g. https://idm-client-test.us-east.philips-healthsuite.com). Auto-discovered when region and environment are specified.
+
+* `credentials_url` - (Optional) S3 Credenials API endpoint (e.g. https://s3creds-client-test.us-east.philips-healthsuite.com). Auto-discovered when region and environment are specified.
+
+* `oauth2_client_id` - (Required) The OAuth2 client ID as provided by HSDP
+
+* `oauth2_password` - (Required) The OAuth2 password as provided by HSDP
+
+* `service_id` - (Optional) The service ID to use for IAM org admin operations (conflicts with: `org_admin_username`)
+
+* `service_private_key` - (Optional) The service private key to use for IAM org admin operations (conflicts with: `org_admin_password`)
+
+* `org_admin_username` - (Optional) Your IAM admin username.
+
+* `org_admin_password` - (Optional) Your IAM admin passowrd.
+
+* `org_id` - (Optional) Your IAM root ORG id as provided by HSDP
+
+* `shared_key` - (Optional) The shared key as provided by HSDP. Actions which require API signing will not work if this value is missing.
+
+* `secret_key` - (Optional) The secret key as provided by HSDP. Actions which require API signing will not work if this value is missing.
+
+* `cartel_host` - (Optional) The cartel host as provided by HSDP. Auto-discovered when region and environment are specified.
+
+* `cartel_token` - (Optional) The cartel token as provided by HSDP.
+
+* `cartel_secret` - (Optional) The cartel secret as provided by HSDP.
+
+* `retry_max` - (Optiona) Integer, when > 0 will use a retry-able HTTP client and retry requests when applicable.
+
+* `debug` - (Optional) If set to true, outputs details on API calls
+
+* `debug_log` - (Optional) If set to a path, when debug is enabled outputs details to this file
+

docs/resources/container_host.md

@@ -0,0 +1,71 @@
+# hsdp_container_host
+Provides HSDP Container Host instances
+
+> This resource is only available when the `cartel_*` keys are set in the provider config
+
+## Example Usage
+
+The following example provisions three (3) new container host instances
+
+```hcl
+resource "hsdp_container_host" "zahadoom" {
+  count         = 3
+  name          = "zahadoom-${count.index}.dev"
+  volumes       = 1
+  volume_size   = 50
+  instance_type = "t2.medium"
+
+  user_groups     = var.user_groups
+  security_groups = ["analytics", "tcp-8080"]
+
+  connection {
+    bastion_host = var.bastion_host
+    host         = self.private_ip
+    user         = var.user
+    private_key  = var.private_key
+    script_path  = "/home/${var.user}/bootstrap.bash"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "ifconfig",
+      "docker volume create fluent-bit",
+      "docker run -d -p 24224:24224 -v fluent-bit:/fluent-bit/etc philipssoftware/fluent-bit-out-hsdp:1.4.4"
+    ]
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The container host name. Must be unique.
+* `instance_type` - (Optional) The EC2 instance type to use. Default `m5.large`
+* `instance_role` - (Optional) The role to use. Default `container-host` (other values: `vanilla`, `base`)
+* `volume_type` - (Optional) The EBS volume type.
+* `iops` - (Optional) Number of IOPs to provision.
+* `protect` - (Optional) Boolean when set will enable protection for container host.
+* `encrypt_volumes` - (Optional) When set encrypts volumes. Default is `true`
+* `volumes` - (Optional) Number of additional volumes to attach. Default `0`
+* `volume_size` - (Optional) Volume size in GB.
+* `security_groups` - (Optional) list(string) of Security groups to attach. Default `[]`
+* `user_groups` - (Optional) list(string) of User groups to attach. Default `[]`
+
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The instance ID
+* `private_ip` - The private IP address of the instance
+* `role` - The role of the instance.
+* `subnet` - The subnet the instance was provisioned in.
+* `vpc` - The VPC the instance was provisioned in.
+* `zone` - The Zone the instance was provisioned in.
+* `launch_time` - Timestamp when the instance was launched.
+* `block_devices` - The list of block devices attached to the instance.
+
+## Import
+
+Importing existing instances is supported but not recommended.

docs/resources/credentials_policy.md

@@ -0,0 +1,48 @@
+# hsdp_credentials_policy
+Provides a resource for managing HSDP S3 Credentials policies
+
+> This resource is only available when `credentials_url` is set in the provider config
+
+## Example Usage
+
+The following example creates a new policy
+
+```hcl
+resource "hsdp_credentials_policy" "policy1" {
+  product_key = var.credentials_product_key
+
+  policy = <<POLICY
+{
+  "conditions": {
+    "managingOrganizations": [ var.org_id ],
+    "groups": [ "PublishGroup" ]
+  },
+  "allowed": {
+    "resources": [ "${var.org_id}/foo/*" ],
+    "actions": [
+      "GET",
+      "PUT"
+    ]
+  }
+}
+POLICY
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `product_key` - (Required) The product key (tenant) for which this policy should apply to
+* `policy` - (Required) The policy definition. This is a JSON string as per HSDP S3 Credentials documentation
+
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The ID of the policy
+
+## Import
+
+Importing existing policies is currently not supported