This provider allows you to manage Hoop.dev resources through Terraform. Currently, it supports managing database connections with various configurations and security settings.
terraform {
required_providers {
hoop = {
source = "registry.terraform.io/local/hoop"
version = "1.0.0"
}
}
}
provider "hoop" {
# See how to get your API key at: https://hoop.dev/docs/learn/api-key-usage
api_key = var.hoop_api_key
api_url = "http://localhost:8009/api" # Your Hoop.dev API URL
}resource "hoop_connection" "simple_postgres" {
name = "user-service-db"
subtype = "postgres"
agent_id = "your-agent-id"
secrets = {
host = "localhost"
port = "5432"
user = "postgres"
pass = "your-password"
db = "users"
sslmode = "verify-full" # Optional
}
tags = ["production", "user-service"]
}locals {
databases = {
"users" = {
subtype = "postgres"
host = "users-db.internal"
db = "users"
tags = ["prod", "core"]
}
"payments" = {
subtype = "mysql"
host = "payments-db.internal"
db = "payments"
tags = ["prod", "financial"]
}
}
}
resource "hoop_connection" "service_databases" {
for_each = local.databases
name = "${each.key}-db"
subtype = each.value.subtype
agent_id = var.agent_id
secrets = {
host = each.value.host
port = "5432"
user = var.db_user
pass = var.db_password
db = each.value.db
}
tags = each.value.tags
}# modules/database/main.tf
variable "environment" {}
variable "service_name" {}
variable "database_config" {}
resource "hoop_connection" "database" {
name = "${var.service_name}-${var.environment}"
subtype = var.database_config.type
agent_id = var.agent_id
secrets = var.database_config.secrets
tags = concat(
var.database_config.tags,
[var.environment, var.service_name]
)
}
# main.tf
module "user_service_db" {
source = "./modules/database"
environment = "production"
service_name = "user-service"
database_config = {
type = "postgres"
secrets = {
host = "user-db.prod.internal"
port = "5432"
user = var.db_user
pass = var.db_password
db = "users"
}
tags = ["core"]
}
}name- (Required) The name of the connection. Must be unique and follow the pattern:^[a-zA-Z0-9_]+(?:[-\.]?[a-zA-Z0-9_]+){2,253}$subtype- (Required) The database type. Valid values: "postgres", "mysql", "mongodb", "mssql", "oracledb"agent_id- (Required) The ID of the agent that will manage this connectionsecrets- (Required) Connection credentials. Required fields vary by database type:- PostgreSQL: host, port, user, pass, db (optional: sslmode)
- MySQL: host, port, user, pass, db
- MongoDB: connection_string
- MSSQL: host, port, user, pass, db (optional: insecure)
- OracleDB: host, port, user, pass, sid
access_mode- (Optional) Configuration for different types of accessrunbook- (Optional) Enable runbook access. Default: trueweb- (Optional) Enable web access. Default: truenative- (Optional) Enable native access. Default: true
access_schema- (Optional) Enable schema access. Default: truedatamasking- (Optional) Enable data masking. Default: falseredact_types- (Optional) List of info types to redact. Default: []review_groups- (Optional) List of groups that can review connection access. Default: []guardrails- (Optional) List of guardrail ids. Default: []jira_template_id- (Optional) ID of the Jira template for access requests. Default: ""tags- (Optional) List of tags to categorize the connection. Default: []
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
MIT