Can I use Terraform to create management groups?

x980707x · August 6, 2021, 9:39am

Hi,
Can I create an oidc filter using Terraform?
I can’t find the documentation.
Below is a cli example.

boundary managed-groups create oidc -name test -auth-method-id amoidc_tTz3xCZd2j -filter '"dev" in "/userinfo/groups"'

malnick · August 6, 2021, 7:22pm

Thanks for trying out Boundary @x980707x

We’re actually in progress on adding the managed group resource to the Terraform provider as I write this. Apologies for being tardy on adding this coverage. We’ll reach out on this thread as soon as it’s available.

x980707x · August 18, 2021, 3:26pm

Hi @malnick

Can I know when it will be released? If I can’t use terraform, I have to think of another way.

Thanks!

BrandonALXEllisSS · August 18, 2021, 4:31pm

Looks like a commit was just recently added to the terraform provider adding the functionality. You might be able to try it out if you build it yourself.

I’m still waiting till the next release. For now I just use a local-exec hack, i.e.

resource "null_resource" "managed_group" {
  provisioner "local-exec" {
    command = <<EOT
export BOUNDARY_ADDR="${var.url}" \
&& export BOUNDARY_RECOVERY_CONFIG="${var.recovery_config_path}" \
&& GROUP_ID=$(boundary managed-groups create oidc -auth-method-id ${boundary_auth_method_oidc.oidc.id} -filter '"Admins" in "/userinfo/groups"' -format json | jq -r ".item.id") \
&& boundary roles add-principals -id ${boundary_role.scope1.id} -principal $GROUP_ID \
&& boundary roles add-principals -id ${boundary_role.scope2.id} -principal $GROUP_ID \
&& boundary roles add-principals -id ${boundary_role.scope3.id} -principal $GROUP_ID
EOT
  }
}

This hack requires that you have your KMS Recovery Config stored at var.recovery_config_path. It is an absolute path to a recovery kms config file like this:

kms "awskms" {
  purpose    = "recovery"
  key_id     = "global_root"
  kms_key_id = "arn:aws:kms:us-east-1:123456789012:key/05e633a3-ee51-4345-8c4f-19b7e525cfaf"
}

x980707x · August 19, 2021, 5:47am

@BrandonALXEllisSS Thanks!

louisruch · August 19, 2021, 7:09pm

Hey all,
We have just released the latest version of the Boundary Terraform Provider which now includes support for managed groups.
https://registry.terraform.io/providers/hashicorp/boundary/latest

Please note I have not completed example usage yet - sorry about that, but the schema is pretty straight forward. Let us know if you have any issues!

x980707x · August 20, 2021, 9:05am

I created manage groups using version 1.0.4
thank you!

Topic		Replies	Views
OIDC Managed Groups Boundary	7	1368	March 30, 2023
Tip ( doc improvement ) auth0, terraform boundary_managed_group Boundary	0	294	May 24, 2022
Manage permission for OIDC users with keycloak Boundary	5	1392	April 7, 2022
Boundary 0.2.1 Released! Boundary boundary-release	0	641	May 6, 2021
Oidc filtering userinfo/groups Boundary	4	269	March 16, 2023

Can I use Terraform to create management groups?

Related topics