Hi Team,
I have 2 directories where i have the code for each of them: app_dev1 and app_dev2
app_dev1 contains app_dev1.json file which defines the groups for dev1 app and it’s being used in app_dev1.tf code.
app_dev2 contains app_dev2.json file which defines the groups for dev2 app and it’s being used in app_dev2.tf.
My requirement is to use the app_dev1.json file for group assignments in dev2 app. the group defined in app_dev1.json file is already created in Okta org. How can i refer app_dev1.json file in app_dev2.tf file so that it can be used for dev2 app group assignments along with the groups mentioned in app_dev2.json file. groups in app_dev2.json file will be created when the app_dev2.tf code is executed.
I tried this code:
locals {
app_dev2_data = values(jsondecode(file("${path.module}/app_dev2.json")))
dev1_access_data = values(jsondecode(file("${path.module}/../app_dev1/app_dev1.json")))
}
resource "okta_group" "dev2_access_groups" {
for_each = {
for x in local.app_dev2_data: x.name => x
}
name = each.value.name
description = "Terraform managed group from app_dev2.tf"
}
resource "okta_app_group_assignments" "dev2" {
app_id ="0oafialoynRTLysCg5d7"
lifecycle {
ignore_changes = [ group ]
create_before_destroy = true
}
for_each = {
for x in local.app_dev2_data: x.name => x
}
group {
id = okta_group.dev2_access_groups[each.value.name].id
profile = jsonencode(each.value.profile)
}
}
resource "okta_app_group_assignments" "dev2_1" {
app_id ="0oafialoynRTLysCg5d7"
lifecycle {
ignore_changes = [ group ]
create_before_destroy = true
}
for_each = {
for x in local.dev1_access_data: x.name => x
}
group {
id = each.value.name
profile = jsonencode(each.value.profile)
}
}
This is the error from above code:
Enter a value: yes
okta_app_group_assignments.dev2_1["SG_SSO_Dev1_Access"]: Creating...
okta_group.dev2_access_groups["SG_SSO_Dev2_Access"]: Creating...
okta_group.dev2_access_groups["SG_SSO_Dev2_Access"]: Creation complete after 0s [id=00gfidevfm24mGtT25d7]
okta_app_group_assignments.dev2["SG_SSO_Dev2_Access"]: Creating...
okta_app_group_assignments.dev2["SG_SSO_Dev2_Access"]: Creation complete after 0s [id=0oafialoynRTLysCg5d7]
╷
│ Error: failed to create application group assignment: the API returned an error: Not found: Resource not found: SG_SSO_Dev1_Access (UserGroup)
│
│ with okta_app_group_assignments.dev2_1["SG_SSO_Dev1_Access"],
│ on app_dev2.tf line 37, in resource "okta_app_group_assignments" "dev2_1":
│ 37: resource "okta_app_group_assignments" "dev2_1" {
Am i missing anything in the code. Could you please guide me in the right direction. Thanks in advance.
Thanks,