diff --git a/README.md b/README.md new file mode 100644 index 0000000..e30b089 --- /dev/null +++ b/README.md @@ -0,0 +1,23 @@ +# terraform-okta-modules + +![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/tedilabs/terraform-okta-modules?color=blue&sort=semver&style=flat-square) +![GitHub](https://img.shields.io/github/license/tedilabs/terraform-okta-modules?color=blue&style=flat-square) +[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white&style=flat-square)](https://github.com/pre-commit/pre-commit) + +Terraform module to manage all of things on Okta organization. + +- [brand](./modules/brand/) +- [group](./modules/group/) +- [user](./modules/user/) + + +## Self Promotion + +Like this project? Follow the repository on [GitHub](https://github.com/tedilabs/terraform-okta-modules). And if you're feeling especially charitable, follow **[posquit0](https://github.com/posquit0)** on GitHub. + + +## License + +Provided under the terms of the [Apache License](LICENSE). + +Copyright © 2024, [Byungjin Park](https://www.posquit0.com). diff --git a/modules/brand/README.md b/modules/brand/README.md new file mode 100644 index 0000000..ba135d5 --- /dev/null +++ b/modules/brand/README.md @@ -0,0 +1,57 @@ +# brand + +This module creates following resources. + +- `okta_brand` + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.6 | +| [datadog](#requirement\_datadog) | >= 3.37 | + +## Providers + +| Name | Version | +|------|---------| +| [datadog](#provider\_datadog) | 3.37.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [datadog_team.this](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/team) | resource | +| [datadog_team_link.this](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/team_link) | resource | +| [datadog_team_permission_setting.edit](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/team_permission_setting) | resource | +| [datadog_team_permission_setting.membership](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/team_permission_setting) | resource | +| [datadog_team.this](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/data-sources/team) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [handle](#input\_handle) | (Required) The identifier of the team. | `string` | n/a | yes | +| [name](#input\_name) | (Required) A name to help you identify the team. | `string` | n/a | yes | +| [description](#input\_description) | (Optional) A description to help you identify the team. | `string` | `"Managed by Terraform."` | no | +| [links](#input\_links) | (Optional) A list of configurations for the team links. Each block of `teams` block as defined below.
(Required) `name` - A label to help you identify the link.
(Required) `url` - The URL for the link.
(Optional) `priority` - The link's position, used to sort links for the team. | 
list(object({
    name     = string
    url      = string
    priority = optional(number)
  }))
| `[]` | no | +| [permissions](#input\_permissions) | (Optional) A configurations for the team permissions. `permissions` block as defined below.
(Optional) `edit` - The scope who can edit the team. Users with the `User Access Manage` permission can always add members, remove members, and edit this setting. Defaults to `TEAM_MEMBER`.
(Optional) `membership` - The scope who can manage the team's membership. Users with the `Teams Manage` permission can always edit team details and this setting. Defaults to `TEAM_MANAGER`. | 
object({
    edit       = optional(string, "TEAM_MEMBER")
    membership = optional(string, "TEAM_MANAGER")
  })
| `{}` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [description](#output\_description) | The description of the team. | +| [handle](#output\_handle) | The handle of the team. | +| [id](#output\_id) | The ID of the team. | +| [link\_count](#output\_link\_count) | The number of links belonging to the team. | +| [links](#output\_links) | The configurations for the team links. | +| [name](#output\_name) | The name of the team. | +| [permissions](#output\_permissions) | The configurations for the team permissions. | +| [user\_count](#output\_user\_count) | The number of users belonging to the team. | + diff --git a/modules/brand/main.tf b/modules/brand/main.tf new file mode 100644 index 0000000..323bc92 --- /dev/null +++ b/modules/brand/main.tf @@ -0,0 +1,37 @@ +locals { + metadata = { + package = "terraform-okta-modules" + version = trimspace(file("${path.module}/../../VERSION")) + module = basename(path.module) + name = var.name + } + module_tags = { + "module.terraform.io/package" = local.metadata.package + "module.terraform.io/version" = local.metadata.version + "module.terraform.io/name" = local.metadata.module + "module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}" + "module.terraform.io/instance" = local.metadata.name + } +} + + +################################################### +# Okta Brand +################################################### + +resource "okta_brand" "this" { + name = var.name + locale = var.locale + + ## Custom Privacy Policy + agree_to_custom_privacy_policy = (var.custom_privacy_policy.enabled + ? true + : null + ) + custom_privacy_policy_url = (var.custom_privacy_policy.enabled + ? var.custom_privacy_policy.url + : null + ) + + remove_powered_by_okta = !var.powered_by_okta +} diff --git a/modules/brand/outputs.tf b/modules/brand/outputs.tf new file mode 100644 index 0000000..19f5e7e --- /dev/null +++ b/modules/brand/outputs.tf @@ -0,0 +1,45 @@ +output "id" { + description = "The ID of the brand." + value = okta_brand.this.id +} + +output "name" { + description = "The name of the brand." + value = okta_brand.this.name +} + +output "is_default" { + description = "Whether this brand is default or not." + value = okta_brand.this.is_default +} + +output "locale" { + description = "The preferred language for the brand." + value = okta_brand.this.locale +} + +output "custom_privacy_policy" { + description = "The configurations for the custom privacy policy." + value = { + enabled = var.custom_privacy_policy.enabled + url = var.custom_privacy_policy.url + } +} + +output "powered_by_okta" { + description = < v +# if !contains(["name", "id", "is_default", "brand_id", "locale", "agree_to_custom_privacy_policy", "custom_privacy_policy_url", "remove_powered_by_okta"], k) +# } +# } diff --git a/modules/brand/variables.tf b/modules/brand/variables.tf new file mode 100644 index 0000000..83b9d7c --- /dev/null +++ b/modules/brand/variables.tf @@ -0,0 +1,43 @@ +variable "name" { + description = "(Required) A name of the brand." + type = string + nullable = false +} + +variable "locale" { + description = "(Optional) The preferred language for the brand. Specified as an IETF BCP 47 language tag. Defaults to `en`." + type = string + default = "en" + nullable = false +} + +variable "custom_privacy_policy" { + description = <