New AWS Account Federation App resource

okta / terraform-provider-okta

A Terraform provider to manage Okta resources, enabling infrastructure-as-code provisioning and management of users, groups, applications, and other Okta objects.

https://registry.terraform.io/providers/okta/okta

Mozilla Public License 2.0

256 stars 207 forks source link

New AWS Account Federation App resource #1304

Open xiaoweiwu12701 opened 2 years ago

xiaoweiwu12701 commented 2 years ago

I am trying to create an AWS Account Federation app and maintain it via terraform. I use the okta_app_saml with preconfigured_app = amazon_aws. Compared to the manual creating the app, I haven't been able to find the following configurations, and all are under the Sign-on tab.

"Identity Provider ARN (Required only for SAML SSO)"
"Application username format" under "Credentials Details" block

https://github.com/okta/terraform-provider-okta/blob/master/examples/okta_app_saml/user_groups.tf The above code example does show many configuration items. But it's unclear whether the two I am looking for are available.

monde commented 2 years ago

@xiaoweiwu12701 we don't have an AWS Federation App yet, and as you point out, the generic okta_app_saml resource doesn't expose all of the properties of an AWS Federation App.

monde commented 2 years ago

Okta internal ref: https://oktainc.atlassian.net/browse/OKTA-534249

monde commented 2 years ago

Not seeing AWS Account Federation app listed in the public API at the present time https://developer.okta.com/docs/reference/api/apps/

narapon commented 1 year ago

thanks @monde for looking into this, looking forward to have this implemented as we use this extensively but would really like to manage this via terraform from now

narapon commented 1 year ago

@xiaoweiwu12701 we don't have an AWS Federation App yet, and as you point out, the generic okta_app_saml resource doesn't expose all of the properties of an AWS Federation App.

will be happy to just use the generic okta_app_saml as long as it exposes all the properties of an AWS Federation App when your public API supports it :)

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

xiaoweiwu12701 commented 1 year ago

Was there any update on if the aws federation app created?

monde commented 1 year ago

@xiaoweiwu12701 our team has a meeting tomorrow and I'll see if I can get some feedback then and report back here. The desire is to get Okta's API to have a generic interface for all of the OIN apps. But as it stands now each is a bit of a snowflake. That makes it tedious to onboard each new app into the API and in turn to downstream consumers like our language SDKs and this TF provider.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

xiaoweiwu12701 commented 1 year ago

@monde update from your last internal meeting?

monde commented 1 year ago

Hi @xiaoweiwu12701 , @albertchen-okta is our PM leading getting full OIN support into the Okta API which we'll consume in the Terraform provider. I know his team has plans for that this year but I'll leave it to him to elaborate. cc/ @jefftaylor-okta