Terraform overview
Terraform uses code to manage Okta orgs which enables you to:
- Apply oversight and auditing to changes in your orgs
- Control access to Okta objects and changes
- Implement best practices for operations, such as source control and automated deployment
You write code in Terraform that describes the desired state of your Okta org, including groups, policies, apps, and more.
Terraform uses that description to examine the current state of your org.
When you apply the code, Terraform makes the necessary API calls to create, update, or delete Okta objects to match the desired state.
Okta plugin for Terraform
Terraform uses plugins called Providers to automate different types of services and applications. The Okta Provider is the plugin that enables you to manage your Okta org with Terraform.
The provider contains many components that provide the functionality to manage parts of your org, such as groups and applications. In Terraform, these components are identified as resources and data sources.
Manage with code
The code is organized in one or more configuration files, ones that end in .tf.
Terraform uses all files in a single directory, the configuration directory, to build the plan. The collection of Terraform files in the directory is called a configuration.
Okta recommends using one configuration per Okta org. This reduces the risk of conflicts and errors when managing your org.
Synchronize Terraform and your org
Terraform tracks the state of managed objects to make changes to your org. When you run your configuration, Terraform uses this information to find the differences between the current and desired state. Terraform can then apply the required changes to reach the desired state.
Terraform stores this state information in a json state file called terraform.tfstate in the configuration directory.
Terraform uses state to determine which changes to make to your infrastructure. Prior to any operation, Terraform does a refresh to update the state with the real infrastructure.
Run Terraform with the command line
You can run Terraform from the command line interface (CLI) to manage your Okta org. The CLI includes many useful commands, but there are three key commands that you use to run any configuration:
-
terraform init- Initializes the configuration directory by downloading the Okta provider and setting up the backend for storing state. -
terraform plan- Creates an execution plan that shows the changes Terraform will make to your Okta org to match the desired state defined in your configuration files. -
terraform apply- Applies the changes required to reach the desired state of the configuration.
You usually run the commands in the following order: init, plan, and apply. This order ensures that Terraform is ready to run and gives you an opportunity to preview the changes before Terraform makes them.