For documentation of all resources and their parameters head over to the Terraform Registry Docs. Note that the provider requires Terraform version 0.15.x or newer.
To use the official version of the provider built by Rubrik and published to the Terraform Registry, use the following snippet at the top of your Terraform configuration:
terraform {
required_providers {
polaris = {
source = "rubrikinc/polaris"
}
}
}
This will pull down the latest version of the provider from the Terraform Registry. Terraform will also validate the authenticity of the provider using cryptographically signed checksums.
The following environmental variables can be used to override the default behaviour of the provider:
- RUBRIK_POLARIS_LOGLEVEL — Overrides the log level of the provider. Valid log levels are: FATAL, ERROR, WARN, INFO, DEBUG, TRACE and OFF. The default log level of the provider is WARN.
- RUBRIK_POLARIS_TOKEN_CACHE — Overrides whether the token cache should be used or not. By default, the token cache is used.
- RUBRIK_POLARIS_TOKEN_CACHE_DIR — Overrides the directory where cached authentication tokens are stored. By default, the OS default directory for temporary files are used.
- RUBRIK_POLARIS_TOKEN_CACHE_SECRET — Overrides the secret used as input when generating an encryption key for the authentication token.
The provider supports both local user accounts and service accounts. For documentation on how to create either using Polaris see the Rubrik Support Portal.
To use a local user account with the provider first create a directory called .rubrik
in your home directory. In that
directory create a file called polaris-accounts.json
. This JSON file can hold one or more local user accounts as per
this pattern:
{
"<my-account>": {
"username": "<my-username>",
"password": "<my-password>",
"url": "<my-polaris-url>",
}
}
Where my-account is an arbitrary name used to refer to the account when configuring the provider in the Terraform
configuration. my-username and my-password are the username and password of the local user account. my-polaris-url
is the URL of the Polaris API. The URL normally follows the pattern https://{polaris-domain}.my.rubrik.com/api
. Which
is the same URL as for accessing the Polaris UI but with /api
added to the end.
As an example, assume our Polaris domain is my-polaris-domain
and that the username and password of our local user
account is john.doe@example.org
and password123
the content of the polaris-accounts.json
file then should be:
{
"johndoe": {
"username": "john.doe@example.org",
"password": "password123",
"url": "https://my-polaris-domain.my.rubrik.com/api"
}
}
Where johndoe
will be used to refer to this account from our Terraform configuration:
terraform {
required_providers {
polaris = {
source = "rubrikinc/polaris"
}
}
}
provider "polaris" {
credentials = "johndoe"
}
When using a local user account the following environmental variables can be used to override the default local user account behaviour:
- RUBRIK_POLARIS_ACCOUNT_FILE — Overrides the name and path of the file to read local user accounts from.
- RUBRIK_POLARIS_ACCOUNT_NAME — Overrides the name of the local user account given to the credentials parameter in the provider configuration.
- RUBRIK_POLARIS_ACCOUNT_USERNAME — Overrides the username of the local user account.
- RUBRIK_POLARIS_ACCOUNT_PASSWORD — Overrides the password of the local user account.
- RUBRIK_POLARIS_ACCOUNT_URL — Overrides the Polaris API URL.
To use a service account with the provider first download the service account credentials as a JSON file from the Polaris User Management UI page. Next, configure the provider to use the the downloaded credentials file in the Terraform configuration:
terraform {
required_providers {
polaris = {
source = "rubrikinc/polaris"
}
}
}
provider "polaris" {
credentials = "/path/to/credentials.json"
}
When using a service account the following environmental variables can be used to override the default service account behaviour:
- RUBRIK_POLARIS_SERVICEACCOUNT_FILE — Overrides the name and path of the service account credentials file.
- RUBRIK_POLARIS_SERVICEACCOUNT_NAME — Overrides the name of the service account.
- RUBRIK_POLARIS_SERVICEACCOUNT_CLIENTID — Overrides the client id of the service account.
- RUBRIK_POLARIS_SERVICEACCOUNT_CLIENTSECRET — Overrides the client secret of the service account.
- RUBRIK_POLARIS_SERVICEACCOUNT_ACCESSTOKENURI — Overrides the service account access token URI. When using a service account the Polaris API URL is derived from this URI.
To build the provider for your machines OS and hardware architecture run the following command in the root of the repository:
$ go build
After the build finishes you should have a binary named terraform-provider-polaris
in the root of the repository.
To install the newly built provider on your machine you first need to create the directory where Terraform looks for local providers:
$ mkdir -p ~/.terraform.d/plugins
Next you need to copy the provider binary into a subdirectory of ~/.terraform.d/plugins
, the exact subdirectory
depends on your machines OS and hardware architecture. For Linux/AMD64 the subdirectory would be
terraform.rubrik.com/rubrikinc/polaris/0.0.1/linux_amd64
, where 0.0.1
is the version of the provider binary. This
can either be 0.0.1
or the release tag closest to the commit you built. For the release tag v0.1.0
you would use
0.1.0
. So the commands for copying a build of the v0.1.0
release tag on a Linux/AMD64 machine would be:
$ mkdir ~/.terraform.d/plugins/terraform.rubrik.com/rubrikinc/polaris/0.1.0/linux_amd64
$ cp terraform-provider-polaris ~/.terraform.d/plugins/terraform.rubrik.com/rubrikinc/polaris/0.1.0/linux_amd64
After the above commands the directory structure under ~/.terraform.d
would be:
.terraform.d/
└── plugins/
└── terraform.rubrik.com/
└── rubrik/
└── polaris/
└── 0.1.0/
└── linux_amd64/
└── terraform-provider-polaris
To use the local provider in a Terraform configuration use the following snippet at the top of the file:
terraform {
required_providers {
polaris = {
source = "terraform.rubrik.com/rubrikinc/polaris"
}
}
}