This workshop is part of our Enterprise-Ready Workshop series. Follow along to get familiar with managing identity as code using Okta’s Terraform provider, so you can assist enterprise customers and simplify any identity setup steps that your product might require. In this workshop, you’ll use Terraform to manage users and groups in an Okta Organization, while practicing beginner and intermediate Terraform skills.
This is a companion discussion topic for the original entry at https://developer.okta.com/blog/2023/07/28/terraform-workshop
Hello @edunham thank you for the detailed workshop on using terraform. As you predicated (very accurately) at 8:48 in the video the openssl command has likely changed and the mentioned command in the workshop openssl rsa -in pkcs.pem -out rsa.pem no longer generates the rsa key correctly - The output of this command currently generates a key that doesn’t contain -----END RSA PRIVATE KEY----- and instead contains only -----END PRIVATE KEY----- at the end. I’m using openssl version 3.3.1. This (probably) is resulting in an error “failed to create user: the API returned an error: You do not have permission to perform the requested action” when the terraform apply command is used.
Tried a few online convertors such as RSA Keys Converter which generate the key with required format at the end but still seeing the same error downstream. Hence, I’m guessing that the conversion isn’t happening correctly. Appreciate if you can assist with the source to find the updated openssl command for PKCS1 key to PKCS8 (RSA) conversion as I couldn’t find any either at openssl github or docs.openssl.org.
Thanks for the heads up! The openssl command was required due to an issue with the golang SDK underlying the Terraform provider, which has since been fixed, the openssl step is no longer required and the key can be used exactly as it’s downloaded from the admin interface. I’ll get that updated in the workshop – glad to see it’s still useful even a year later!
Nice. Does that mean we directly reference the downloaded private key PKCS.pem file using
private_key = "${path.module}/pkcs.pem" in main.tf?