udplabs / zartan

Zartan is a master of make-up and disguise and so is this demo.
GNU General Public License v3.0
23 stars 23 forks source link

Add Webhooks to healthcare terraform #209

Open bhanchand opened 4 years ago

bhanchand commented 4 years ago

Describe the bug Terraform scripts missing provisioning for inline hooks Currently this is being deployed manually

noinarisak commented 4 years ago

Pointing out that UDP will now have to support external rest API? Not sure if want to responsible for other UDP services.

Could be better as instructions, author the HCL script, and have it committed out, IMO.

noinarisak commented 4 years ago

This the following HCL script that @bhanchand is having issues with.

variable "org_name" {}
variable "api_token" {}
variable "base_url" {}
variable "demo_app_name" {}
variable "udp_subdomain" {}

locals {
    app_domain = "${var.udp_subdomain}.${var.demo_app_name}.unidemo.info"
    nodash_subdomain = replace(var.udp_subdomain, "-", "_")
}

provider "okta" {
  org_name  = var.org_name
  api_token = var.api_token
  base_url  = var.base_url

  # Update default backoff
  # min_wait_seconds = 60
  # max_wait_seconds = 600
  # max_retries      = 10

  version = "~> 3.0"
}
resource "okta_inline_hook" "healthcare" {
  name        = "${var.udp_subdomain}${var.demo_app_name}_inline_webhook"
  version     = "1.0.1"
  type        = "com.okta.oauth2.tokens.transform"
  status      = "ACTIVE"
  channel     = {
                  type    = "HTTP"
                  version = "1.0.0"
                  uri     = "https://scim.glitch.me/eventhook"
                  method  = "POST"
  }
  auth        = {
                  key   = "x-api-key"
                  type  = "HEADER"
                  value = "abcDEF"
  }
}

resource "okta_auth_server" "healthcare" {
  name        = "${var.udp_subdomain} ${var.demo_app_name}"
  description = "Generated by UDP"
  audiences   = ["api://${local.app_domain}"]
}

resource "okta_auth_server_policy" "healthcare" {
  auth_server_id   = okta_auth_server.healthcare.id
  status           = "ACTIVE"
  name             = "standard"
  description      = "Generated by UDP"
  priority         = 1
  client_whitelist = ["${okta_app_oauth.healthcare.id}"]
}

resource "okta_auth_server_policy_rule" "healthcare" {
  auth_server_id       = okta_auth_server.healthcare.id
  policy_id            = okta_auth_server_policy.healthcare.id
  status               = "ACTIVE"
  name                 = "one_hour"
  priority             = 1
  group_whitelist      = ["${data.okta_group.all.id}"]
  grant_type_whitelist = ["authorization_code"]
  scope_whitelist      = ["*"]
}

resource "okta_auth_server_policy_rule" "healthcare" {
  auth_server_id       = "${okta_auth_server.healthcare.id}"
  policy_id            = "${okta_auth_server_policy.healthcare.id}"
  status               = "ACTIVE"
  name                 = "one_hour"
  priority             = 1
  group_whitelist      = ["${data.okta_group.all.id}"]
  grant_type_whitelist = ["authorization_code"]
  scope_whitelist      = ["*"]
  inline_hook_id       = "${okta_inline_hook.healthcare.id}"
}