Search code examples
for-loopterraformoktalistobject

we created okta_users, and okta_groups using terraform. but i am unable to get the specific user id, and group id

We created okta users, and okta groups using terraform

This is variables.tf used variable list object for users and groups

variable "users" {
  type = list(object
    ({
      first_name   = string
      last_name    = string
      email        = string
      organization = string
      role         = string
      okta_admin   = bool
  }))
}

variable "groups" {
  type = list(object
    ({
      name        = string
      description = string
  }))
}

This is terraform.tfvars

groups = [
  { name = "dev", description = "This group for Devlopers" },
  { name = "qa", description = "This group for QA" },
  { name = "per", description = "This group for Per" }
]

users = [
  { first_name = "a", last_name = "a", email = "[email protected]", role = "Engineer", organization = "organization", okta_admin = true },
  { first_name = "b", last_name = "b", email = "[email protected]", role = "Lead", organization = "organization", okta_admin = true },
  { first_name = "c", last_name = "c", email = "[email protected]", role = "Devloper", organization = "organization", okta_admin = false },
]

this is main.tf

to get the values used for_each

resource "okta_group" "groups" {
  for_each    = { for group in var.groups : join("-", [group.name, group.description]) => group }
  name        = each.value.name
  description = each.value.description
}



resource "okta_user" "okta_user_add" {
  for_each = { for user in var.users : join("-", [user.first_name, user.last_name]) => user }

  title        = each.value.role
  email        = each.value.email
  first_name   = each.value.first_name
  last_name    = each.value.last_name
  login        = each.value.email
  organization = each.value.organization
}

when we are trying to get id we tried multiple things but it didn't work for us. unable to get the group id and user id's

resource "okta_group_memberships" "okta_member_group" {

  for_each = okta_group.groups
  group_id = each.value.id # I want only select one group
  
  users = users = values(okta_user.okta_user_add)[*].id
}

my question is

okta_group_memberships.okta_member_group we have multiple groups but we need only one group to add in okta_group_memberships. and we also to add specific user. I mention in tfvars file. there users object we have okta_admin = true. we need only those users we need in the okta_member_group

Solution

  • For retrieving all the group id, you could iterate over the okta_user resources:

    resource "okta_group_memberships" "okta_member_group" {
  group_id = each.value.id
  
  # Add all users to each group
  users = values(okta_user.okta_user_add)[*].id
}

    The problem with your question is that you don't specify anywhere which user belongs to which group, so I've used a splat expression to get all the ids of all the users.

    You should create a separate input variable in order to map each user to certain group.

    Edit:

    locals {
   # get DEV group
   dev_group = [for group in var.groups: group if group.name == "dev"][0]
   # filter okta admins
   okta_admins = [for user in var.users: join("-", [user.first_name, user.last_name]) if user.okta_admin]
}


resource "okta_group_memberships" "okta_member_group" {

  # select only the DEV group
  group_id = okta_group.groups[join("-", [local.dev_group.name, local.dev_group.description])].id
  
  # get IDs of okta_admins only
  users = [for okta_admin in local.okta_admins: okta_user.okta_user_add[okta_admin].id]
}