monde
commented
1 year ago @balaganaparthi-okta @emanor-okta do you all have feedback here?
Open exitcode0 opened 1 year ago
monde
commented
1 year ago @balaganaparthi-okta @emanor-okta do you all have feedback here?
monde
commented
1 year ago Speaking with the PM we are wondering if we should add some information about modules in our latest developer documentation https://developer.okta.com/docs/guides/terraform-landing-page/main/ I will look into this further.
monde
commented
1 year ago @exitcode0 I'll be meeting some our customers along with @jefftaylor-okta next month. I'll see if anyone have feedback about modules, or perhaps can share modules they've written with us.
Also, @exitcode0 do you have any ideas for modules that would be reflective of common use cases of the Okta provider? We could save them in the examples directory. Or add them to the developer documentation that I mentioned https://developer.okta.com/docs/guides/terraform-landing-page/main/
exitcode0
commented
1 year ago I'd assert that a lot of people just starting out with this provider may not have used terraform before (I hadn't). With that in mind, I think a general overview of how modules can be used to enforce an org's convention(s) might be helpful to those starting out with the provider e.g we use a module to set custom attrs on service accounts as well as creating a group for each that denotes owners
One thing I'll be creating a module for when I have the time is delegating group membership admin of all groups assigned to a given app to the app's owners group (excluding the owners group itself)
one thing I've created ages ago that I should probably make into a module is a group that contains users with any admin permissions - this is useful for excluding Admins from IT Support custom roles It does this by listing users assigned to the Okta admin dashboard app, the membership only updates in the plan after the plan where the user was assigned permissions though π’
monde
commented
1 year ago @jefftaylor-okta coming up with a set of TF modules seems more of a developer relations effort, perhaps a section in our developer docs for TF https://developer.okta.com/docs/guides/terraform-landing-page/main/ If we start curating modules in the project we are presuming to know a best practice that will be common to many customers and that seems beyond the scope of team maintaining the Okta TF provider itself. @jefftaylor-okta thoughts?
jefftaylor-okta
commented
1 year ago @exitcode0 Thanks for the suggestion! I am glad someone has brought this up. If you look at our latest documentation, you will see us moving in this direction. I am also giving a talk at our upcoming conference, Oktane, where we will create a module from a real world scenario. This is also a test with the community to see how these samples would be received. Look for a public Gist in the next few days, and let me know what you think! I will also work with our developer advocacy team to see how we can expand on this idea with the feedback we receive. Also, if you have some top of mind scenarios, please respond and tag me! π
Edit: Adding links to our new developer documentation: https://developer.okta.com/docs/guides/terraform-landing-page/main/
exitcode0
commented
1 year ago @exitcode0 Thanks for the suggestion! I am glad someone has brought this up. If you look at our latest documentation, you will see us moving in this direction. I am also giving a talk at our upcoming conference, Oktane, where we will create a module from a real world scenario. This is also a test with the community to see how these samples would be received. Look for a public Gist in the next few days, and let me know what you think! I will also work with our developer advocacy team to see how we can expand on this idea with the feedback we receive. Also, if you have some top of mind scenarios, please respond and tag me! π
Edit: Adding links to our new developer documentation: https://developer.okta.com/docs/guides/terraform-landing-page/main/
I'm glad to see there is some interest in this space I think there is a lot of value in organisations using modules to enforce their conventions over certain resources, orgs can statically analyses their Terraform code with their tool of choice, but for some modules may be simpler I think that a Okta feature in this space could also be fantastic for organisations with large admin teams, e.g policy to require a PKCE
Some ideas for Terraform modules off-hand:
BUILT_IN doesn't currently support listing users)apps:<ID>:groups:contained_resourcesIf you'd like to chat further I'm quite happy to do a customer interview after the dust from Oktane has settled π
github-actions[bot]
commented
1 year ago This issue is stale because it has been open 60 days with no activity. Comment or this will be closed in 5 days
exitcode0
commented
1 year ago Commenting to remove stale-bot π
Community Note
Description
Was wondering if there is any desire or intent for Okta to host modules for the provider I'm seeing some clever modules from some people in the community, having a place to share this work could be a collective good
I'm unsure of where I think these modules could be hosted, this Repo, the Terraform registry, or elsewhere Β―\(γ)/Β―
Not sure if Okta has a desire to developed and/or maintained modules for the provider But having a place where the community can submit theirs might be beneficial, i'd imagine most don't want to spend the time to upload them to the terraform registry