Comments (2)
Hey @mbainter, I'm moving this over to our Zendesk platform, you'll be receiving another email where we will pick this up!
Thanks,
James
from terraform-provider-sdm.
For anyone else that stumbles on this trying to solve the same problem the followup was just that they'll look into it, and so far there hasn't been any indication of action.
In the meantime, the workaround that we're using for this is to let Okta push the roles to strongDM, then import the role into state. The terraform provider will update the role policy without a destroy/create cycle, so that works okay.
However, it is important that you use the lifecycle rules to set "prevent-destroy" in case someone makes a change (like a rename) that would cause a destroy/create cycle, or it will obviously break Okta's ability to manage the role and its membership.
If this does happen, you can fix it similarly:
- use terraform state rm to delete the state
- use the strongdm UI to delete the terraform-created role
- "unlink" the group in okta, and tell it to leave the group behind
- re-assign the group.
- this will fail. click the failure notice, click the link to choose the linked role, and change it to create.
- this will also fail, because the role doesn't actually exist, okta is just confused.
- Unlink the group again, and choose to leave the group alone again
- re-assign the group one more time -- this time you'll have the "create" option and it should be the default
- verify the role was created, and grab the role id
- re-import the role into terraform.
- re-run terraform to apply the role policy
There could possibly be a more straightforward method in Okta, but that is the path that has worked consistently for me.
Hopefully StrongDM will eventually release a better implementation that works more effectively with an external SSO/SCIM provider.
from terraform-provider-sdm.
Related Issues (20)
- resource exhausted: Sorry! You've made too many requests, try again HOT 2
- Import example for Secrets Store is incorrect HOT 1
- Example in Data Source documentation for `sdm_resource` is incorrect HOT 1
- Tags option not working for some Data Source filters HOT 1
- cannot read SecretStore: unauthenticated: cannot find auth GUID HOT 1
- Support for mapping sdm_roles with sdm_datasource using "name" as identifier instead of relying on tags or id HOT 5
- Bump the module version to `v2` HOT 1
- add way to set default tags HOT 1
- username is not imported for mongo db resources HOT 3
- Using SDM in module causes terraform to insist on trying to get non-existent "hashicorp/sdm" module
- Add support for default_tags in the SDM Provider HOT 1
- Terraform does not catch username and password changes done on the website HOT 4
- secret_store_id change should force new resource HOT 3
- secret store id change still doesn't force re-creation on all resource types HOT 3
- Fix sdm_resource > google_gke > healthcheck_namespace so that it's not permanently diffed HOT 2
- Add port_override to google_gke resource HOT 2
- Changing a port_override creates a plan that cannot be applied HOT 1
- Changing the `sdm_resource` type doesn't cause a replacement HOT 5
- data sdm_peering_group: small bug? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-sdm.