如何通过Terraform检查Okta中是否已存在受信任的来源。

huangapple go评论57阅读模式
英文:

How to check if trusted origins are already exist in okta via terraform

问题

我想通过Terraform在Okta中创建一个受信任的来源,使用"okta_trusted_origin"来表示一组URL。

我想知道如何检查URL是否已经存在于Okta的受信任来源中,以免创建新的。

我尝试在"okta_trusted_origins"数据源中使用筛选器,但我不确定正确的搜索条件是什么。

以下是我的代码:

resource "okta_trusted_origin" "trusted_origin" {
  count = length(data.okta_trusted_origins.all.trusted_origins) == 0 ? 1 : 0

  name   = var.name
  origin = var.origin
  scopes = var.scopes
}

data "okta_trusted_origins" "all" {
  filter = "trusted_origins.origin eq ${var.origin}"
}
英文:

I wanted to create a trusted origin in okta via terraform by using "okta_trusted_origin" form a list of urls.
I would like to know how can I check if the URL is already exist in okta trusted origins, don't create a new one.

I tried using a filter in "okta_trusted_origins" data source, but I'm not sure what would be the correct search criteria

Here is my code:

resource "okta_trusted_origin" "trusted_origin" {
  count = length(data.okta_trusted_origins.all.trusted_origins) == 0 ? 1 : 0

  name   = var.name
  origin = var.origin
  scopes = var.scopes
}

data "okta_trusted_origins" "all" {
  filter = "trusted_origins.origin eq ${var.origin}"
}

答案1

得分: 0

正确的筛选语法是:

data "okta_trusted_origins" "all" {
  filter = "origin eq \"${var.origin}\""
}
英文:

The correct filter syntax is:

data "okta_trusted_origins" "all" {
  filter = "origin eq \"${var.origin}\""
}

答案2

得分: -1

Terraform 是一个"期望状态"系统,因此像"如果不存在则应该存在此对象"这样的声明是矛盾的:对象不能同时存在和不存在。

如果您成功地告诉 Terraform 这个规则,那么您将创建一个无法收敛的配置:第一次运行会检测到对象不存在并建议创建它,然后第二次运行会检测到对象存在并建议销毁它。

相反,您必须明确告诉 Terraform 每个对象是否应该存在。作为配置的作者,您有责任决定哪个系统负责管理每个对象,并且(当其中任何一个系统是基于 Terraform 的时候)只在应该管理它的配置中声明该对象。

Terraform 期望您会告诉它对象是否应该已经存在(使用 data 块)或者 Terraform 是否应该确保它存在(使用 resource 块)。无法自动做出这个决定,因为那样将不清楚哪个配置负责将来更新和销毁对象。

英文:

Terraform is a "desired state" system, and so a declaration like "this object should exist if it doesn't exist" is a contradiction: the object can't both exist and not exist at the same time.

If you were to succeed in telling Terraform that rule then you would create a configuration that cannot converge: the first run would detect that the object doesn't exist and propose to create it, and then the second run would detect that the object exists and propose to destroy it.

Instead, you must explicitly tell Terraform whether each object should exist or not. It's your responsibility as the author of your configurations to decide which system is responsible for managing each object, and (when any of those systems are Terraform-based) declare the object only in the configuration that ought to be managing it.

Terraform expects that you will tell it whether the object should already exist (using a data block) or whether Terraform should ensure that it exists (using a resource block). There is no way to make that decision automatically because then it would be ambiguous which configuration is the one responsible for updating and destroying the object in future.

huangapple
  • 本文由 发表于 2023年5月31日 22:48:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/76374765.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定