How to get okta_auth_server_policy_rule as Data Source in Terraform

Questions
1

I’m using Terraform and want to modify/add the rules in the default authorization server policy. I see in the Okta Terraform documentation that okta_auth_server_policy_rule is available as a resource to create a new rule but can I use it as a data source to get an existing rule? If so, what is the syntax to get it?

The current documentation seems to imply one can only create policy rules with terraform but cannot change existing rules.

If I try to just use the default policy rule name in a resource I get an error:

resource "okta_auth_server_policy_rule" "default_policy_rule" {
  auth_server_id       = data.okta_auth_server.default.id
  policy_id            = data.okta_auth_server_policy.default_policy.id
  ...
  name                 = "Default Policy Rule"
  ...
}

results in: Policy rule name already in use error.

Link to resource documentation for okta_auth_server_policy_rule: Terraform Registry

2

To manage a resource which is not created using terraform, you could try importing that resource using terraform import command and then start managing it afterwards. This is how terraform works and not specific to Okta provider

Here is a sample I used to do this,

First create a resource object with target configuration in your tf config file

data "okta_auth_server" "default" {
  name = "default"
}

data "okta_auth_server_policy" "default_default" {
  auth_server_id = data.okta_auth_server.default.id
  name           = "Default Policy"
}

resource "okta_auth_server_policy_rule" "default_default_default" {
  auth_server_id       = data.okta_auth_server.default.id
  policy_id            = data.okta_auth_server_policy.default_default.id
  status               = "ACTIVE"
  name                 = "Default Policy Rule"
  priority             = 1
  grant_type_whitelist = ["implicit","authorization_code","client_credentials","interaction_code","password","urn:ietf:params:oauth:grant-type:device_code","urn:ietf:params:oauth:grant-type:saml2-bearer","urn:ietf:params:oauth:grant-type:token-exchange"]
  group_whitelist      = ["EVERYONE"]
  scope_whitelist      = ["*"]
}

Next run terraform import command (This is available in terraform docs)

$ terraform import okta_auth_server_policy_rule.default_default_default <auth server id>/<policy id>/<policy rule id>

After this you should be able to manage this resource like any other rule you have created using terraform.

2 Likes
3

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.