Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TF feedback/issue notes #77

Open
OKirwinW opened this issue Sep 13, 2022 · 1 comment
Open

TF feedback/issue notes #77

OKirwinW opened this issue Sep 13, 2022 · 1 comment

Comments

@OKirwinW
Copy link

Feedback submission:

For the most part the the TF provider is functional but there are a few gaps in attributes.
Please include code blocks for examples on how to use the provider resources and data attributes.

  • Also for Validating labels:
    Internal validation within the product itself. Currently, I can assign a label for a gateway that does not exist via Terraform.

  • There's also some wording on assigning gateways:

  • `gateway_selector (String) Assigns ASA Gateways with labels matching all selectors. At least one selector is required for traffic forwarding.
    You can only assign one, what do they mean by ‘at least’

The documentation on this resource needs adjustment.

  • call it project_group_attachment and call it out in both the oktapam_group and oktapam_project docs in a note-box stating it’s requirement to pair those two resources together.
  • not clear to how to couple oktapam_group , oktapam_project with the Okta provider for group
    If there’s a depends_on conditional I need to throw out if I’m creating an Okta Group and assigning to the Okta ASA Template as a push-group.
    (Likely question if they’re running a multi-provider Okta/OktaPAM Terraform run)

General feedback is to add more polish to validation rules, especially for attributes that are being created by the resource, or referencing pre-existing items within the dashboard. Gateway Selectors are a great example for this.
@waltergoulet-okta
Copy link
Contributor

Thank you for the feedback @OKirwinW. As there are multiple items in this submission I will leave this issue open and respond here in the comments for some of the issues. For the remaining issues, our developers will review this issue on a best effort basis and post questions if needed to clarify any of the feedback.

On this item

`gateway_selector (String) Assigns ASA Gateways with labels matching all selectors. At least one selector is required for traffic forwarding.
You can only assign one, what do they mean by ‘at least’

Our API allows for multiple gateway labels to be associated with a Project as shown in current UI and API. Therefore this wording is correct.

not clear to how to couple oktapam_group , oktapam_project with the Okta provider for group
If there’s a depends_on conditional I need to throw out if I’m creating an Okta Group and assigning to the Okta ASA Template as a push-group.
(Likely question if they’re running a multi-provider Okta/OktaPAM Terraform run)

Note that the groups in ASA are locally created groups provisioned by SCIM from Okta to mirror Okta groups. This is by design because ASA does allow for local groups to be created in ASA that aren't mirrored from Okta. Putting a depends_on conditional in the OktaPAM Terraform provider to link it to the Okta provider that would not support the general case of allowing the OktaPAM provider to work with both Okta SCIM provisioned groups and locally created Okta groups.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@waltergoulet-okta @OKirwinW