Simple demos showcasing Okta and Terraformer( Reverse Terraform). The intended audience for this repo are for practitioners who are familiar with Terraform
and Okta. Please review this introduction on Terraform and of course more info on Okta if you are not. My other Okta Terraform Demo is quick walk-through to get you started.
- Okta Tenant - Free Development tenant here.
- Terraform - Install docs here and introduction here.
- Terraformer - Install docs here.
- (Optional, but highly recommended) tfenv - Terraform Version Manager π
- (Optional, but highly recommended) dotenv - Best environment variable tool for command-line ninja.
NOTE: Please review Terraformer Okta supported resources at the following link. The contributors are continuously adding and fixing resources to align in parity to the Terraform Okta Provider. Issues and feature request can be submitted on the main repo.
NOTE: It is subtle but names of the commandline tools are terraform
and terraformer
which are two commandline applications.
Validate install:
# Show version
$ terraform version
# Output
ie.
Terraform v1.0.9
on darwin_amd64
+ provider registry.terraform.io/okta/okta v3.15.0
...
# List of help details
$ terraform help
# Show version
$ terraformer -v
# Output
ie.
version v0.8.17
Setup a developer Okta Org and create a API Token.
- Setup developer Okta Org at developer.okta.com.
- Activate your Okta Org and then go to the Dashboard.
- On the Dashboard screen, navigate
API
menu and selectTokens
. - On the API screen, click
Create Token
and name your API Token. - Copy and store the generated token so you can use this
backend.config
file later. - Make note of your Okta Org url. (ie.
dev-302083.okta.com
) you need this later too.
Setting your commandline environment, which I'm using direnv
and copy and update .envrc.sample
to have .envrc
file containing Okta information.
- Validate
direnv
is installed.
$ direnv version
ie.
2.28.0
- Copy and update the
.envrc.sample
file using your favorite editor. I'm using VIM.
$ cp .envrc.sample .envrc
$ vim .envrc
# Update the file, etc
# Should look similar to this.
$ cat .envrc
# Okta Tenant ie https://dev-1537305.okta.com or https://dev-1537305.oktapreview.com
export OKTA_API_TOKEN=00e...
export OKTA_ORG_NAME=dev-1537305
export OKTA_BASE_URL=okta.com
- Now load environment variable to only this directory with
direnv
tool.
$ direnv allow .
# Output
# ie.
# direnv: loading /xdata/_prj/okta-terrafomer-demo/.envrc
# direnv: export +OKTA_API_TOKEN +OKTA_BASE_URL +OKTA_ORG_NAME
This demo walk-through expects a existing Okta org/tenant that contains a few supporting resources like: Oauth/OIDC apps, users, groups, etc.
Prepare for extraction
- Create
okta.tf
or use the only in this repo.
$ cat okta.tf
# Output
# ie.
# # This all you need to start with Terraformer to extract Okta resource from your Okta tenant.
# terraform {
# required_providers {
# okta = {
# source = "okta/okta",
# version = "~> 3.13"
# }
# }
# }
# provider "okta" {
# }%
- Install
terraform
binary and use version that you installed. I will be usingtfenv
to do that.
# Install the terraform binary
$ tfenv install 1.0.9
# Set to the version that I installed
$ tfenv use 1.0.9
- Initialized the Okta provider. (Basically, get the Okta provider binaries to working space).
$ terraform init
- Finally, start extracting the Okta resource using the
terraformer
commandline tool into HCL and Terraform State file.
$ terrafomer import okta --resources=okta_user
- Review. The above command by default will create a
generated
folder containing specific resource that you wanted extracted, in the example that was theokta_user
resource.
NOTE: I'm using the tree
command tool, which may not exist in your OS. You can observe the generated folder using MacOS Finder app or similar tool.
$tree generated
# Output
ie.
generated
βββ okta
βββ okta_user
βββ outputs.tf
βββ provider.tf
βββ terraform.tfstate
βββ user.tf
2 directories, 4 files
- Extract User and OAuth/OpenID Applications
$ terraformer import okta --resources=okta_user,okta_app_oauth
- Extract User, Groups, OAuth/OpenID Applications, and Authorization Server
$ terraformer import okta --resources=okta_user,okta_group,okta_app_oauth,okta_auth_server
Please submit Issues/Bugs/Features using GitHub Issues page and clicking on New issue
button.
-
Okta
-
Terraform
-
Other tools
-
Additional Articles and Blogs
- Deeper walk-though with Okta + Terraform Many thanks to Articulate and quantumew π
- Better together using Okta Integration...
- Managing Multiple Okta Instances with Terraform Cloud