Add global-session-policy module (#4)

.github/labeler.yaml

@@ -8,6 +8,9 @@
 ":floppy_disk: brand":
 - modules/brand/**/*
 
+":floppy_disk: global-session-policy":
+- modules/global-session-policy/**/*
+
 ":floppy_disk: group":
 - modules/group/**/*
 

.github/labels.yaml

@@ -49,6 +49,9 @@
 - color: "fbca04"
   description: "This issue or pull request is related to brand module."
   name: ":floppy_disk: brand"
+- color: "fbca04"
+  description: "This issue or pull request is related to global-session-policy module."
+  name: ":floppy_disk: global-session-policy"
 - color: "fbca04"
   description: "This issue or pull request is related to group module."
   name: ":floppy_disk: group"

README.md

@@ -9,6 +9,7 @@ Terraform module to manage all of things on Okta organization.
 - [authenticator](./modules/authenticator/)
 - [bookmark-app](./modules/bookmark-app/)
 - [brand](./modules/brand/)
+- [global-session-policy](./modules/global-session-policy/)
 - [group](./modules/group/)
 - [group-rule](./modules/group-rule/)
 - [organization](./modules/organization/)

modules/global-session-policy/README.md

@@ -0,0 +1,53 @@
+# global-session-policy
+
+This module creates following resources.
+
+- `okta_policy_signon`
+- `okta_policy_rule_signon` (optional)
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
+| <a name="requirement_okta"></a> [okta](#requirement\_okta) | >= 4.8 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_okta"></a> [okta](#provider\_okta) | 4.8.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [okta_policy_signon.this](https://registry.terraform.io/providers/okta/okta/latest/docs/resources/policy_signon) | resource |
+| [okta_group.this](https://registry.terraform.io/providers/okta/okta/latest/docs/data-sources/group) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_name"></a> [name](#input\_name) | (Required) A name of the Okta Global Session Policy. | `string` | n/a | yes |
+| <a name="input_description"></a> [description](#input\_description) | (Optional) A description of the Okta Global Session Policy. | `string` | `"Managed by Terraform."` | no |
+| <a name="input_enabled"></a> [enabled](#input\_enabled) | (Optional) Whether to enable the Okta Global Session Policy. Defaults to `true`. | `bool` | `true` | no |
+| <a name="input_groups"></a> [groups](#input\_groups) | (Optional) A set of group IDs to assign the Okta Global Session Policy to. | `set(string)` | `[]` | no |
+| <a name="input_priority"></a> [priority](#input\_priority) | (Optional) A priority of the Okta Global Session Policy. | `number` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_description"></a> [description](#output\_description) | The description of the Okta Global Session Policy. |
+| <a name="output_enabled"></a> [enabled](#output\_enabled) | Whether to enable the Okta Global Session Policy. |
+| <a name="output_groups"></a> [groups](#output\_groups) | The information for the assigned groups of the Okta Global Session Policy. |
+| <a name="output_id"></a> [id](#output\_id) | The ID of the Okta Global Session Policy. |
+| <a name="output_name"></a> [name](#output\_name) | The name of the Okta Global Session Policy. |
+| <a name="output_priority"></a> [priority](#output\_priority) | The priority of the Okta Global Session Policy. |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/global-session-policy/main.tf

@@ -0,0 +1,18 @@
+###################################################
+# Okta Global Session Policy
+###################################################
+
+resource "okta_policy_signon" "this" {
+  name        = var.name
+  description = var.description
+  status      = var.enabled ? "ACTIVE" : "INACTIVE"
+
+  priority        = var.priority
+  groups_included = var.groups
+}
+
+data "okta_group" "this" {
+  for_each = toset(okta_policy_signon.this.groups_included)
+
+  id = each.value
+}

modules/global-session-policy/outputs.tf

@@ -0,0 +1,40 @@
+output "id" {
+  description = "The ID of the Okta Global Session Policy."
+  value       = okta_policy_signon.this.id
+}
+
+output "name" {
+  description = "The name of the Okta Global Session Policy."
+  value       = okta_policy_signon.this.name
+}
+
+output "description" {
+  description = "The description of the Okta Global Session Policy."
+  value       = okta_policy_signon.this.description
+}
+
+output "enabled" {
+  description = "Whether to enable the Okta Global Session Policy."
+  value       = okta_policy_signon.this.status == "ACTIVE"
+}
+
+output "priority" {
+  description = "The priority of the Okta Global Session Policy."
+  value       = okta_policy_signon.this.priority
+}
+
+output "groups" {
+  description = "The information for the assigned groups of the Okta Global Session Policy."
+  value = [
+    for group in data.okta_group.this :
+    group.name
+  ]
+}
+
+# output "debug" {
+#   value = {
+#     for k, v in okta_policy_signon.this :
+#     k => v
+#     if !contains(["id", "name", "description", "status", "priority", "groups_included"], k)
+#   }
+# }

modules/global-session-policy/variables.tf

@@ -0,0 +1,33 @@
+variable "name" {
+  description = "(Required) A name of the Okta Global Session Policy."
+  type        = string
+  nullable    = false
+}
+
+variable "description" {
+  description = "(Optional) A description of the Okta Global Session Policy."
+  type        = string
+  default     = "Managed by Terraform."
+  nullable    = false
+}
+
+variable "enabled" {
+  description = "(Optional) Whether to enable the Okta Global Session Policy. Defaults to `true`."
+  type        = bool
+  default     = true
+  nullable    = false
+}
+
+variable "priority" {
+  description = "(Optional) A priority of the Okta Global Session Policy."
+  type        = number
+  default     = null
+  nullable    = true
+}
+
+variable "groups" {
+  description = "(Optional) A set of group IDs to assign the Okta Global Session Policy to."
+  type        = set(string)
+  default     = []
+  nullable    = false
+}

modules/global-session-policy/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.6"
+
+  required_providers {
+    okta = {
+      source  = "okta/okta"
+      version = ">= 4.8"
+    }
+  }
+}