Add main.tf
This commit is contained in:
commit
4ddcfa5334
|
@ -0,0 +1,45 @@
|
|||
# Okta AD Integration Resources
|
||||
resource "okta_group" "ad_users" {
|
||||
name = var.ad_group_name
|
||||
description = var.ad_group_description
|
||||
}
|
||||
|
||||
resource "okta_group_rule" "ad_users_rule" {
|
||||
name = "AD Users Rule"
|
||||
expression = "isMemberOfAnyGroupName(\"${var.ad_group_name}\")"
|
||||
status = "ACTIVE"
|
||||
group_assignments = [okta_group.ad_users.id]
|
||||
}
|
||||
|
||||
resource "okta_profile_mapping" "ad_to_okta_mapping" {
|
||||
source {
|
||||
type = "ACTIVE_DIRECTORY"
|
||||
}
|
||||
target {
|
||||
type = "OKTA"
|
||||
}
|
||||
|
||||
attribute_mappings = var.ad_user_profile_mappings
|
||||
}
|
||||
|
||||
# SailPoint Configuration for AD-Okta Identities
|
||||
data "http" "sailpoint_identity_sources" {
|
||||
url = "${var.sailpoint_api_url}/v3/identity-sources"
|
||||
request_headers = {
|
||||
Authorization = "Bearer ${var.sailpoint_api_token}"
|
||||
}
|
||||
}
|
||||
|
||||
# Triggering Identity Sync
|
||||
resource "http" "sailpoint_identity_sync" {
|
||||
url = "${var.sailpoint_api_url}/v3/identity-sources/sync"
|
||||
method = "POST"
|
||||
request_headers = {
|
||||
Authorization = "Bearer ${var.sailpoint_api_token}"
|
||||
Content-Type = "application/json"
|
||||
}
|
||||
|
||||
request_body = jsonencode({
|
||||
sourceId = data.http.sailpoint_identity_sources.body # This assumes the ID is retrieved from the identity sources data
|
||||
})
|
||||
}
|
Loading…
Reference in New Issue