Add smallstep_managed_radius resource and data source

docs/data-sources/account.md

@@ -260,5 +260,3 @@ Read-Only:
 - `hidden` (Boolean) Whether or not the SSID is broadcast by the access points.
 - `network_access_server_ip` (String) The public IP address of your network equipment that clients connect to.
 - `ssid` (String) The name of the wireless network clients connect to.
-
-

docs/data-sources/authority.md

@@ -40,5 +40,3 @@ output "bootstrap_preexisting" {
 - `root` (String) The root certificate in pem format.
 - `type` (String) One of the available authority types
  Allowed values: `devops` `advanced` `managed`
-
-

docs/data-sources/device.md

@@ -64,5 +64,3 @@ Read-Only:
 - `email` (String) Email of the user the device is assigned to.
 This field may be populated with a value derived from data synced from your team's MDMs.
 Setting this value explicitly will mask any MDM-derived value.
-
-

docs/data-sources/managed_radius.md

@@ -0,0 +1,62 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "smallstep_managed_radius Data Source - terraform-provider-smallstep"
+subcategory: ""
+description: |-
+
+---
+
+# smallstep_managed_radius (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "smallstep_managed_radius" "my_radius" {
+  id = "cd4452b0-809a-4fc1-aafe-1814042ce1fc"
+}
+
+output "radius_ip" {
+  value = data.smallstep_managed_radius.my_radius.server_ip
+}
+
+output "radius_port" {
+  value = data.smallstep_managed_radius.my_radius.server_port
+}
+
+output "radius_hostname" {
+  value = data.smallstep_managed_radius.my_radius.server_hostname
+}
+
+output "radius_ca" {
+  value = data.smallstep_managed_radius.my_radius.server_ca
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The UUID of this managed RADIUS server.
+
+### Read-Only
+
+- `client_ca` (String) The CA that the RADIUS server will trust to verify clients.
+- `name` (String) A descriptive name for this resource. Must be unique across the team.
+- `nas_ips` (List of String) The ip addresses the Network Access Server (NAS) may connect to the RADIUS server from.
+- `reply_attributes` (Attributes List) (see [below for nested schema](#nestedatt--reply_attributes))
+- `server_ca` (String) The CA that supplicants should use to verify the RADIUS server.
+- `server_hostname` (String) The hostname of the RADIUS server.
+- `server_ip` (String) The IP address of the RADIUS server.
+- `server_port` (String) The port of the RADIUS server.
+
+<a id="nestedatt--reply_attributes"></a>
+### Nested Schema for `reply_attributes`
+
+Read-Only:
+
+- `name` (String) The attribute name.
+- `value` (String) The static attribute value.
+- `value_from_extension` (String) The object identifier of an extension in the supplicant certificate. The RADIUS server will set the value of the reply attribute to the value of the extension.

docs/data-sources/managed_radius_secret.md

@@ -0,0 +1,35 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "smallstep_managed_radius_secret Data Source - terraform-provider-smallstep"
+subcategory: ""
+description: |-
+  Read the secret required to configure a network access server to connect to a managed RADIUS server.
+---
+
+# smallstep_managed_radius_secret (Data Source)
+
+Read the secret required to configure a network access server to connect to a managed RADIUS server.
+
+## Example Usage
+
+```terraform
+data "smallstep_managed_radius_secret" "my_radius" {
+  id = "cd4452b0-809a-4fc1-aafe-1814042ce1fc"
+}
+
+output "radius_secret" {
+  sensitive = true
+  value     = data.smallstep_managed_radius_ssecret.my_radius.secret
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The UUID of a managed RADIUS resource.
+
+### Read-Only
+
+- `secret` (String, Sensitive) The secret a network access server needs to authenticate to a managed RADIUS server.

docs/data-sources/provisioner.md

@@ -183,5 +183,3 @@ Read-Only:
 Read-Only:
 
 - `roots` (Set of String) A list of pem-encoded x509 certificates. Any certificate bundle that chains up to any of these roots can be used in a certificate request.
-
-

docs/data-sources/provisioner_webhook.md

@@ -46,5 +46,3 @@ ENRICHING webhooks are called before rendering the certificate template. They ha
 A HOSTED_ATTESTATION webhook server is hosted by Smallstep and must be used with an `ENRICHING` webhook type and an ACME Attestation provisioner. The webhook server will verify the attested permanent identifier exists as the ID of an instance in the configured collection. The data of the instance in the collection will be added to the template data.
  Allowed values: `EXTERNAL` `HOSTED_ATTESTATION`
 - `url` (String) The URL of the webhook server. Required for `EXTERNAL` webhook servers; read-only for hosted webhook servers.
-
-

docs/index.md

@@ -1,7 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "smallstep Provider"
-subcategory: ""
 description: |-
 
 ---

docs/resources/account.md

@@ -397,6 +397,8 @@ Optional:
 
 Import is supported using the following syntax:
 
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
 ```shell
 terraform import smallstep_account.wifi b1161f78-d251-401e-b17c-fe38fc26ae7b
 ```

docs/resources/authority.md

@@ -199,6 +199,8 @@ Optional:
 
 Import is supported using the following syntax:
 
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
 ```shell
 terraform import smallstep_authority.my_ca b1161f78-d251-401e-b17c-fe38fc26ae7b
 ```

docs/resources/device.md

@@ -87,6 +87,8 @@ Optional:
 
 Import is supported using the following syntax:
 
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
 ```shell
 terraform import smallstep_device.laptop_12 b1161f78-d251-401e-b17c-fe38fc26ae7b
 ```

docs/resources/managed_radius.md

@@ -0,0 +1,71 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "smallstep_managed_radius Resource - terraform-provider-smallstep"
+subcategory: ""
+description: |-
+
+---
+
+# smallstep_managed_radius (Resource)
+
+
+
+## Example Usage
+
+```terraform
+resource "smallstep_managed_radius" "my_radius" {
+  name      = "My RADIUS"
+  nas_ips   = ["1.2.3.4"]
+  client_ca = file("${path.module}/root.crt")
+  reply_attributes = [{
+    name  = "Tunnel-Type"
+    value = "13"
+    }, {
+    name                 = "Tunnel-Private-Group-ID"
+    value_from_extension = "2.5.4.11"
+  }]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `client_ca` (String) The CA that the RADIUS server will trust to verify clients.
+- `name` (String) A descriptive name for this resource. Must be unique across the team.
+- `nas_ips` (List of String) The ip addresses the Network Access Server (NAS) may connect to the RADIUS server from.
+
+### Optional
+
+- `reply_attributes` (Attributes List) (see [below for nested schema](#nestedatt--reply_attributes))
+
+### Read-Only
+
+- `id` (String) The UUID of this managed RADIUS server.
+- `server_ca` (String) The CA that supplicants should use to verify the RADIUS server.
+- `server_hostname` (String) The hostname of the RADIUS server.
+- `server_ip` (String) The IP address of the RADIUS server.
+- `server_port` (String) The port of the RADIUS server.
+
+<a id="nestedatt--reply_attributes"></a>
+### Nested Schema for `reply_attributes`
+
+Required:
+
+- `name` (String) The attribute name.
+
+Optional:
+
+- `value` (String) The static attribute value.
+- `value_from_extension` (String) The object identifier of an extension in the supplicant certificate. The RADIUS server will set the value of the reply attribute to the value of the extension.
+
+## Import
+
+Import is supported using the following syntax:
+
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
+```shell
+terraform import smallstep_managed_radius.my_radius cd4452b0-809a-4fc1-aafe-1814042ce1fc
+```

docs/resources/provisioner.md

@@ -298,6 +298,8 @@ Required:
 
 Import is supported using the following syntax:
 
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
 ```shell
 terraform import smallstep_provisioner.my_jwk_provisioner b1161f78-d251-401e-b17c-fe38fc26ae7b/my_jwk_provisioner
 ```

docs/resources/provisioner_webhook.md

@@ -79,6 +79,8 @@ Required:
 
 Import is supported using the following syntax:
 
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
 ```shell
 # <authority_id>/<provisioner_id>/<name>
 AUTHORITY_ID=ed2e4f38-fd2d-4eb0-9280-52b697636873

examples/data-sources/smallstep_managed_radius/data-source.tf

@@ -0,0 +1,20 @@
+
+data "smallstep_managed_radius" "my_radius" {
+  id = "cd4452b0-809a-4fc1-aafe-1814042ce1fc"
+}
+
+output "radius_ip" {
+  value = data.smallstep_managed_radius.my_radius.server_ip
+}
+
+output "radius_port" {
+  value = data.smallstep_managed_radius.my_radius.server_port
+}
+
+output "radius_hostname" {
+  value = data.smallstep_managed_radius.my_radius.server_hostname
+}
+
+output "radius_ca" {
+  value = data.smallstep_managed_radius.my_radius.server_ca
+}

examples/data-sources/smallstep_managed_radius_secret/data-source.tf

@@ -0,0 +1,9 @@
+
+data "smallstep_managed_radius_secret" "my_radius" {
+  id = "cd4452b0-809a-4fc1-aafe-1814042ce1fc"
+}
+
+output "radius_secret" {
+  sensitive = true
+  value     = data.smallstep_managed_radius_ssecret.my_radius.secret
+}

examples/resources/smallstep_managed_radius/import.sh

@@ -0,0 +1,2 @@
+
+terraform import smallstep_managed_radius.my_radius cd4452b0-809a-4fc1-aafe-1814042ce1fc

examples/resources/smallstep_managed_radius/resource.tf

@@ -0,0 +1,13 @@
+
+resource "smallstep_managed_radius" "my_radius" {
+  name      = "My RADIUS"
+  nas_ips   = ["1.2.3.4"]
+  client_ca = file("${path.module}/root.crt")
+  reply_attributes = [{
+    name  = "Tunnel-Type"
+    value = "13"
+    }, {
+    name                 = "Tunnel-Private-Group-ID"
+    value_from_extension = "2.5.4.11"
+  }]
+}