Simple demos showcasing Okta and Terraformer( Reverse Terraform). The intended audience for this repo are for practitioners who are familiar with Terraform and Okta. Please review this introduction on Terraform and of course more info on Okta if you are not. My other Okta Terraform Demo is quick walk-through to get you started.
- Okta Tenant - Free Development tenant here.
- Terraform - Install docs here and introduction here.
- Terraformer - Install docs here.
- (Optional, but highly recommended) tfenv - Terraform Version Manager π
- (Optional, but highly recommended) dotenv - Best environment variable tool for command-line ninja.
NOTE: Please review Terraformer Okta supported resources at the following link. The contributors are continuously adding and fixing resources to align in parity to the Terraform Okta Provider. Issues and feature request can be submitted on the main repo.
NOTE: It is subtle but names of the commandline tools are terraform and terraformer which are two commandline applications.
Validate install:
# Show version
$ terraform version
# Output
ie.
Terraform v1.0.9
on darwin_amd64
+ provider registry.terraform.io/okta/okta v3.15.0
...
# List of help details
$ terraform help# Show version
$ terraformer -v
# Output
ie.
version v0.8.17Setup a developer Okta Org and create a API Token.
- Setup developer Okta Org at developer.okta.com.
- Activate your Okta Org and then go to the Dashboard.
- On the Dashboard screen, navigate
APImenu and selectTokens. - On the API screen, click
Create Tokenand name your API Token. - Copy and store the generated token so you can use this
backend.configfile later. - Make note of your Okta Org url. (ie.
dev-302083.okta.com) you need this later too.
Setting your commandline environment, which I'm using direnv and copy and update .envrc.sample to have .envrc file containing Okta information.
- Validate
direnvis installed.
$ direnv version
ie.
2.28.0- Copy and update the
.envrc.samplefile using your favorite editor. I'm using VIM.
$ cp .envrc.sample .envrc
$ vim .envrc
# Update the file, etc
# Should look similar to this.
$ cat .envrc
# Okta Tenant ie https://dev-1537305.okta.com or https://dev-1537305.oktapreview.com
export OKTA_API_TOKEN=00e...
export OKTA_ORG_NAME=dev-1537305
export OKTA_BASE_URL=okta.com- Now load environment variable to only this directory with
direnvtool.
$ direnv allow .
# Output
# ie.
# direnv: loading /xdata/_prj/okta-terrafomer-demo/.envrc
# direnv: export +OKTA_API_TOKEN +OKTA_BASE_URL +OKTA_ORG_NAMEThis demo walk-through expects a existing Okta org/tenant that contains a few supporting resources like: Oauth/OIDC apps, users, groups, etc.
Prepare for extraction
- Create
okta.tfor use the only in this repo.
$ cat okta.tf
# Output
# ie.
# # This all you need to start with Terraformer to extract Okta resource from your Okta tenant.
# terraform {
# required_providers {
# okta = {
# source = "okta/okta",
# version = "~> 3.13"
# }
# }
# }
# provider "okta" {
# }%- Install
terraformbinary and use version that you installed. I will be usingtfenvto do that.
# Install the terraform binary
$ tfenv install 1.0.9
# Set to the version that I installed
$ tfenv use 1.0.9- Initialized the Okta provider. (Basically, get the Okta provider binaries to working space).
$ terraform init- Finally, start extracting the Okta resource using the
terraformercommandline tool into HCL and Terraform State file.
$ terrafomer import okta --resources=okta_user- Review. The above command by default will create a
generatedfolder containing specific resource that you wanted extracted, in the example that was theokta_userresource.
NOTE: I'm using the tree command tool, which may not exist in your OS. You can observe the generated folder using MacOS Finder app or similar tool.
$tree generated
# Output
ie.
generated
βββ okta
βββ okta_user
βββ outputs.tf
βββ provider.tf
βββ terraform.tfstate
βββ user.tf
2 directories, 4 files- Extract User and OAuth/OpenID Applications
$ terraformer import okta --resources=okta_user,okta_app_oauth- Extract User, Groups, OAuth/OpenID Applications, and Authorization Server
$ terraformer import okta --resources=okta_user,okta_group,okta_app_oauth,okta_auth_serverPlease submit Issues/Bugs/Features using GitHub Issues page and clicking on New issue button.
-
Okta
-
Terraform
-
Other tools
-
Additional Articles and Blogs
- Deeper walk-though with Okta + Terraform Many thanks to Articulate and quantumew π
- Better together using Okta Integration...
- Managing Multiple Okta Instances with Terraform Cloud