Updates terraform HCL for zartantv, removes unneeded HCL files

udplabs · Mar 22, 2022 · d26d776 · d26d776
1 parent 07c7c8c
commit d26d776
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 178 deletions.
diff --git a/terraform/healthcare-oie/healthcare-oie_tf_12_9.tf b/terraform/healthcare-oie/healthcare-oie_tf_12_9.tf
diff --git a/...thcare-oie/healthcare-oie.dotenv.template → ...rm/localhost/zartantv/zartantv.dotenv.tpl b/...thcare-oie/healthcare-oie.dotenv.template → ...rm/localhost/zartantv/zartantv.dotenv.tpl
diff --git a/terraform/zartantv/zartantv.tf → terraform/localhost/zartantv/zartantv.tf b/terraform/zartantv/zartantv.tf → terraform/localhost/zartantv/zartantv.tf
@@ -5,16 +5,24 @@ variable "demo_app_name" { default = "zartantv" }
 variable "udp_subdomain" { default = "local" }
 
 locals {
-  app_domain       = "${var.udp_subdomain}.${var.demo_app_name}.unidemo.info"
-  nodash_subdomain = replace(var.udp_subdomain, "-", "_")
+  app_domain = var.udp_subdomain != "local" ? format("%s.%s.unidemo.info") : format("%s.%s", var.udp_subdomain, var.demo_app_name)
+}
+
+terraform {
+  required_providers {
+    okta = {
+      source  = "okta/okta"
+      version = "~> 3.17"
+    }
+  }
 }
 
 provider "okta" {
   org_name  = var.org_name
   api_token = var.api_token
   base_url  = var.base_url
-  version   = "~> 3.11"
 }
+
 data "okta_group" "all" {
   name = "Everyone"
 }
@@ -27,7 +35,6 @@ resource "okta_app_oauth" "zartantv" {
     "http://localhost:8666/authorization-code/callback"
   ]
   post_logout_redirect_uris = [
-    "https://${local.app_domain}/index",
     "http://localhost:8666/index"
   ]
   response_types = ["code"]
@@ -55,12 +62,12 @@ resource "okta_app_oauth" "zartantv" {
 #   depends_on = [data.okta_app_signon_policy.zartantv]
 # }
 resource "okta_app_oauth" "networktv" {
-  label       = "${var.udp_subdomain} ${var.demo_app_name} network tv (Generated by UDP)"
-  type        = "native"
+  label                      = "${var.udp_subdomain} ${var.demo_app_name} network tv (Generated by UDP)"
+  type                       = "native"
   token_endpoint_auth_method = "client_secret_basic"
   grant_types = [
     "authorization_code",
-    #"urn:ietf:params:oauth:grant-type:device_code",
+    "urn:ietf:params:oauth:grant-type:device_code",
     "refresh_token"
   ]
   redirect_uris = [
@@ -104,15 +111,15 @@ resource "okta_auth_server" "zartantv" {
   name        = "${var.udp_subdomain} ${var.demo_app_name}"
   description = "Generated by UDP"
   #issuer_mode = "DYNAMIC"
-  audiences   = ["api://${local.app_domain}"]
+  audiences = ["api://${local.app_domain}"]
 }
 resource "okta_auth_server_policy" "zartantv" {
   auth_server_id   = okta_auth_server.zartantv.id
   status           = "ACTIVE"
   name             = "standard"
   description      = "Generated by UDP"
   priority         = 1
-  client_whitelist = ["${okta_app_oauth.zartantv.id}","${okta_app_oauth.networktv.id}"]
+  client_whitelist = ["${okta_app_oauth.zartantv.id}", "${okta_app_oauth.networktv.id}"]
 }
 resource "okta_auth_server_policy_rule" "zartantv" {
   auth_server_id       = okta_auth_server.zartantv.id
@@ -125,15 +132,15 @@ resource "okta_auth_server_policy_rule" "zartantv" {
   scope_whitelist      = ["*"]
 }
 resource "okta_auth_server_policy_rule" "networktv" {
-  auth_server_id       = okta_auth_server.zartantv.id
-  policy_id            = okta_auth_server_policy.zartantv.id
-  status               = "ACTIVE"
-  name                 = "Network TV devices"
-  priority             = 2
-  group_whitelist      = ["${data.okta_group.all.id}"]
+  auth_server_id  = okta_auth_server.zartantv.id
+  policy_id       = okta_auth_server_policy.zartantv.id
+  status          = "ACTIVE"
+  name            = "Network TV devices"
+  priority        = 2
+  group_whitelist = ["${data.okta_group.all.id}"]
   #grant_type_whitelist = ["urn:ietf:params:oauth:grant-type:device_code"]
-  grant_type_whitelist = ["authorization_code"]
-  scope_whitelist      = ["*"]
+  grant_type_whitelist          = ["authorization_code"]
+  scope_whitelist               = ["*"]
   access_token_lifetime_minutes = 5
 }
 resource "okta_app_user_schema" "customfield1" {
@@ -147,11 +154,26 @@ resource "okta_app_user_schema" "customfield1" {
   scope       = "SELF"
   permissions = "READ_WRITE"
 }
+
+# Create the .env file
+resource "local_file" "dotenv" {
+  content = templatefile("${path.module}/zartantv.dotenv.tpl", {
+    client_id         = okta_app_oauth.zartantv.client_id,
+    client_secret     = okta_app_oauth.zartantv.client_secret,
+    domain            = format("%s.%s", var.org_name, var.base_url),
+    auth_server_id    = okta_auth_server.zartantv.id,
+    okta_app_oauth_id = okta_app_oauth.zartantv.id
+  })
+
+  filename = format("%s/%s.env", "${path.module}", var.demo_app_name)
+}
+
 output "client_id" {
   value = "${okta_app_oauth.zartantv.client_id}"
 }
 output "client_secret" {
-  value = "${okta_app_oauth.zartantv.client_secret}"
+  value     = "${okta_app_oauth.zartantv.client_secret}"
+  sensitive = true
 }
 output "domain" {
   value = "${var.org_name}.${var.base_url}"

diff --git a/terraform/zartantv/zartantv.tfvars.sample → ...localhost/zartantv/zartantv.tfvars.sample b/terraform/zartantv/zartantv.tfvars.sample → ...localhost/zartantv/zartantv.tfvars.sample
diff --git a/terraform/zartantv/localhost.tf.none b/terraform/zartantv/localhost.tf.none
diff --git a/terraform/zartantv/zartantv.dotenv.template b/terraform/zartantv/zartantv.dotenv.template