Update authentication and service connector configurations

zenml-io · Oct 28, 2024 · 85f04ea · 85f04ea
1 parent d84a9ae
commit 85f04ea
Show file tree

Hide file tree

Showing 4 changed files with 101 additions and 35 deletions.
diff --git a/docs/guides/authentication.md b/docs/guides/authentication.md
@@ -7,16 +7,16 @@ description: |-
 
 # Authentication
 
-The ZenML provider requires authentication to interact with your ZenML server. This guide explains how to set up authentication for the provider.
+The ZenML provider requires authentication to interact with your ZenML server. The provider uses API key authentication to obtain access tokens.
 
 ## Configuration
 
-The provider can be configured with the following environment variables:
+The provider can be configured using environment variables:
 
-- `ZENML_SERVER_URL`: The URL of your ZenML server
-- `ZENML_API_KEY`: Your ZenML API key
+* `ZENML_SERVER_URL` - (Required) The URL of your ZenML server
+* `ZENML_API_KEY` - (Required) Your ZenML API key
 
-Alternatively, you can provide these credentials in the provider configuration:
+Alternatively, you can provide these credentials directly in the provider configuration:
 
 ```hcl
 provider "zenml" {
@@ -27,18 +27,38 @@ provider "zenml" {
 
 !> **Warning:** Hard-coding credentials into your Terraform configuration is not recommended. Use environment variables or other secure methods to provide credentials.
 
+## Authentication Process
+
+The provider automatically handles the authentication process by:
+1. Making a login request to `/api/v1/login` with your API key
+2. Obtaining an access token
+3. Using this token for subsequent API requests
+
+The access token is automatically refreshed for each request to ensure continuous operation.
+
 ## Obtaining Credentials
 
-1. **Server URL**: This is the URL where your ZenML server is hosted.
+1. **Server URL**: This is the URL where your ZenML server is hosted. For example: `https://your-zenml-server.com`
 
 2. **API Key**: You can generate an API key from the ZenML UI or CLI:
-   - UI: Navigate to your user settings and create a new API key
-   - CLI: Use the command `zenml api-key create --name="terraform" --description="For Terraform"`
+   ```bash
+   zenml api-key create --name="terraform" --description="For Terraform provider"
+   ```
 
 ## Best Practices
 
-- Use environment variables or a secure secret management system to handle credentials.
-- Rotate your API keys regularly.
-- Use separate API keys for different environments (development, staging, production).
+* Store credentials using environment variables:
+  ```bash
+  export ZENML_SERVER_URL="https://your-zenml-server.com"
+  export ZENML_API_KEY="your-api-key"
+  ```
+* Use different API keys for different environments
+* Rotate API keys regularly
+* Never commit API keys to version control
+
+## Troubleshooting
 
-For more information on ZenML authentication, refer to the [ZenML documentation](https://docs.zenml.io/user-guide/advanced-guide/environment-management/connect-to-zenml).
+If you encounter authentication errors:
+1. Verify your server URL is correct and accessible
+2. Ensure your API key is valid and not expired
+3. Check that your server URL doesn't have a trailing slash
diff --git a/docs/resources/service_connector.md b/docs/resources/service_connector.md
@@ -29,22 +29,36 @@ resource "zenml_service_connector" "gcp_connector" {
     service_account_json = jsonencode({
       "type": "service_account",
       "project_id": "my-gcp-project",
-      # ... other service account details
+      "private_key_id": "key-id",
+      "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
+      "client_email": "[email protected]",
+      "client_id": "client-id",
+      "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+      "token_uri": "https://oauth2.googleapis.com/token"
     })
   }
+  
+  labels = {
+    environment = "production"
+    team        = "ml-ops"
+  }
 }
 ```
 
 ## Argument Reference
 
 * `name` - (Required) The name of the service connector.
-* `type` - (Required) The type of the service connector (e.g., "gcp", "aws", "azure").
-* `auth_method` - (Required) The authentication method used by the service connector.
-* `user` - (Required) The ID of the user who owns this connector.
-* `workspace` - (Required) The ID of the workspace this connector belongs to.
-* `resource_types` - (Optional) A list of resource types this connector can be used for.
-* `configuration` - (Required) A map of configuration key-value pairs for the connector.
-* `secrets` - (Optional) A map of secret key-value pairs for the connector. These are sensitive and will not be output.
+* `type` - (Required, Forces new resource) The type of the service connector. Valid values include: `aws`, `gcp`, `azure`, and others depending on your ZenML version.
+* `auth_method` - (Required, Forces new resource) The authentication method used by the connector. Valid values include:
+  * AWS: `iam-role`, `aws-access-keys`, `web-identity`
+  * GCP: `service-account`, `oauth2`, `workload-identity`
+  * Azure: `service-principal`, `managed-identity`
+  * Kubernetes: `kubeconfig`, `service-account`
+* `user` - (Required, Forces new resource) The ID of the user who owns this connector.
+* `workspace` - (Required, Forces new resource) The ID of the workspace this connector belongs to.
+* `resource_types` - (Optional) A list of resource types this connector can be used for (e.g., `artifact-store`, `container-registry`, `orchestrator`).
+* `configuration` - (Required, Sensitive) A map of configuration key-value pairs for the connector.
+* `secrets` - (Optional, Sensitive) A map of secret key-value pairs for the connector.
 * `labels` - (Optional) A map of labels to associate with the connector.
 
 ## Attributes Reference

diff --git a/docs/resources/stack.md b/docs/resources/stack.md
@@ -12,36 +12,65 @@ Manages a ZenML stack, which is a collection of components that define the infra
 ## Example Usage
 
 ```hcl
+# First, create the required stack components
 resource "zenml_stack_component" "artifact_store" {
   name      = "my-artifact-store"
   type      = "artifact_store"
   flavor    = "gcp"
-  user      = "user-uuid"
-  workspace = "workspace-uuid"
+  workspace = "default"
   
   configuration = {
     path = "gs://my-bucket/artifacts"
   }
 }
 
+resource "zenml_stack_component" "orchestrator" {
+  name      = "my-orchestrator"
+  type      = "orchestrator"
+  flavor    = "kubernetes"
+  workspace = "default"
+  
+  configuration = {
+    kubernetes_context = "my-k8s-cluster"
+  }
+}
+
+# Then create the stack using the component IDs
 resource "zenml_stack" "my_stack" {
-  name = "my-stack"
+  name = "my-production-stack"
+  
+  # Map component types to their IDs
   components = {
     artifact_store = zenml_stack_component.artifact_store.id
+    orchestrator   = zenml_stack_component.orchestrator.id
   }
   
   labels = {
     environment = "production"
+    team        = "ml-ops"
   }
 }
 ```
 
 ## Argument Reference
 
 * `name` - (Required) The name of the stack.
-* `components` - (Required) A map of component types to component IDs that make up this stack.
+* `components` - (Required) A map where keys are component types and values are component IDs. Each component type can only have one component. Valid component types include:
+  * `artifact_store`
+  * `container_registry`
+  * `orchestrator`
+  * `step_operator`
+  * `model_deployer`
+  * `experiment_tracker`
+  * `alerter`
+  * `annotator`
+  * `data_validator`
+  * `feature_store`
+  * `image_builder`
 * `labels` - (Optional) A map of labels to associate with the stack.
 
+-> **Note** The stack will be created in the default workspace. Future versions may allow workspace configuration.
+
 ## Attributes Reference
 
 In addition to all arguments above, the following attributes are exported:
@@ -52,6 +81,6 @@ In addition to all arguments above, the following attributes are exported:
 
 Stacks can be imported using the `id`, e.g.
 
-```
+```shell
 $ terraform import zenml_stack.example 12345678-1234-1234-1234-123456789012
 ```
diff --git a/docs/resources/stack_component.md b/docs/resources/stack_component.md
@@ -16,13 +16,16 @@ resource "zenml_stack_component" "artifact_store" {
   name      = "my-artifact-store"
   type      = "artifact_store"
   flavor    = "gcp"
-  user      = "user-uuid"
-  workspace = "workspace-uuid"
+  workspace = "default"
   
   configuration = {
     path = "gs://my-bucket/artifacts"
   }
   
+  # Optional: Connect to a service connector
+  connector_id           = "connector-uuid"
+  connector_resource_id  = "resource-id"
+  
   labels = {
     environment = "production"
   }
@@ -32,15 +35,15 @@ resource "zenml_stack_component" "artifact_store" {
 ## Argument Reference
 
 * `name` - (Required) The name of the stack component.
-* `type` - (Required) The type of the stack component (e.g., "artifact_store", "orchestrator").
+* `type` - (Required) The type of the stack component (e.g., "artifact_store", "orchestrator"). Must be one of the valid component types supported by ZenML.
 * `flavor` - (Required) The flavor of the stack component (e.g., "local", "gcp", "aws").
-* `user` - (Required) The ID of the user who owns this component.
-* `workspace` - (Required) The ID of the workspace this component belongs to.
-* `configuration` - (Required) A map of configuration key-value pairs for the component.
-* `connector_resource_id` - (Optional) The ID of the connector resource to use with this component.
+* `workspace` - (Required, Forces new resource) The name of the workspace this component belongs to.
+* `configuration` - (Optional, Sensitive) A map of configuration key-value pairs for the component.
+* `connector_id` - (Optional) The ID of the service connector to use with this component. Must be specified together with `connector_resource_id`.
+* `connector_resource_id` - (Optional) The ID of the connector resource to use with this component. Must be specified together with `connector_id`.
 * `labels` - (Optional) A map of labels to associate with the component.
-* `component_spec_path` - (Optional) The path to the component specification file.
-* `connector` - (Optional) The ID of the service connector to use with this component.
+
+-> **Note** When using service connectors, both `connector_id` and `connector_resource_id` must be specified together. Specifying only one will result in an error.
 
 ## Attributes Reference
 
@@ -52,6 +55,6 @@ In addition to all arguments above, the following attributes are exported:
 
 Stack components can be imported using the `id`, e.g.
 
-```
+```shell
 $ terraform import zenml_stack_component.example 12345678-1234-1234-1234-123456789012
 ```