Terraform Provider for JumpCloud

This provider enables Terraform to manage JumpCloud resources.

Requirements

• Terraform >= 0.12.x
• Go >= 1.18 (to build the provider plugin)

Using the Provider

To use the provider, add the following terraform block to your configuration to specify the required provider:

terraform {
  required_providers {
    jumpcloud = {
      source  = "registry.terraform.io/agilize/jumpcloud"
      version = "~> 1.0"
    }
  }
}

provider "jumpcloud" {
  api_key = var.jumpcloud_api_key # Or use JUMPCLOUD_API_KEY env var
  org_id  = var.jumpcloud_org_id  # Optional: Or use JUMPCLOUD_ORG_ID env var
}

Authentication

The provider supports the following authentication methods:

1. Static credentials: Set the api_key (required) and org_id (optional) values in the provider block.
2. Environment variables:
   • JUMPCLOUD_API_KEY: API key for JumpCloud operations.
   • JUMPCLOUD_ORG_ID: Organization ID for multi-tenant environments.

Example: Managing Users and Groups

# Create a user
resource "jumpcloud_user" "example" {
  username  = "johndoe"
  email     = "[email protected]"
  firstname = "John"
  lastname  = "Doe"
  password  = "securePassword123!"
}

# Create a user group
resource "jumpcloud_user_group" "engineering" {
  name        = "Engineering Team"
  description = "Group for engineering staff"
}

# Add the user to the group
resource "jumpcloud_user_group_membership" "example_membership" {
  user_group_id = jumpcloud_user_group.engineering.id
  user_id       = jumpcloud_user.example.id
}

Example: Authentication Policies

# Create an authentication policy
resource "jumpcloud_auth_policy" "secure_policy" {
  name        = "Secure Access Policy"
  description = "Requires MFA for all users"

  rule {
    type = "AUTHENTICATION"

    conditions {
      resource {
        type = "USER_GROUP"
        id   = jumpcloud_user_group.engineering.id
      }
    }

    effects {
      allow_ssh_password_authentication    = false
      allow_multi_factor_authentication    = true
      force_multi_factor_authentication    = true
      require_password_reset               = false
      allow_password_management_self_serve = true
    }
  }
}

Documentation

Comprehensive documentation for each module is available in their respective directories:

• Authentication
• App Catalog
• Admin
• IP List
• Password Policies
• RADIUS
• SCIM
• System Groups
• User Associations
• User Groups

Error Handling

The provider includes robust error handling for JumpCloud API responses:

• IsNotFoundError: Detects 404 Not Found errors
• IsConflictError: Detects 409 Conflict errors
• IsBadRequestError: Detects 400 Bad Request errors
• IsUnauthorizedError: Detects 401 Unauthorized errors
• IsForbiddenError: Detects 403 Forbidden errors

These functions are used throughout the provider to handle API errors consistently.

Context Support

The provider supports context-aware API requests, which enables:

• Proper timeout handling
• Request cancellation
• Better error propagation
• Improved logging

All API client methods have context-aware versions (e.g., DoRequestWithContext, GetV1WithContext) for advanced use cases.

Development

Building the Provider

Clone the repository:

git clone https://github.com/jumpcloud/terraform-provider-jumpcloud.git

Build the provider:

cd terraform-provider-jumpcloud
go build

Testing

To run the tests, you will need:

• A JumpCloud API key
• Go installed on your machine

Set the environment variable:

export JUMPCLOUD_API_KEY="your-api-key"
export JUMPCLOUD_ORG_ID="your-org-id"  # Optional
export TF_ACC=1  # For acceptance tests

Run the tests:

go test ./...

For acceptance tests:

go test ./... -v -run=TestAcc

Contributing

Contributions are welcome! Please see CONTRIBUTING.md for details.

License

This provider is distributed under the Apache License, Version 2.0.