linting

okta_authenticators.tf

@@ -1,8 +1,9 @@
 # see https://registry.terraform.io/providers/okta/okta/latest/docs/resources/authenticator
 resource "okta_authenticator" "okta_email" {
-  key    = "okta_email"
-  name   = "Email"
-  status = "ACTIVE"
+  key                = "okta_email"
+  legacy_ignore_name = false
+  name               = "Email"
+  status             = "ACTIVE"
 
   settings = jsonencode({
     "allowedFor" : "recovery"
@@ -12,31 +13,21 @@ resource "okta_authenticator" "okta_email" {
 
 # see https://registry.terraform.io/providers/okta/okta/latest/docs/resources/authenticator
 resource "okta_authenticator" "okta_password" {
-  key    = "okta_password"
-  name   = "Password"
-  status = "ACTIVE"
+  key                = "okta_password"
+  legacy_ignore_name = false
+  name               = "Password"
 
   settings = jsonencode({
     "allowedFor" : "authentication"
   })
 }
 
-# see https://registry.terraform.io/providers/okta/okta/latest/docs/resources/authenticator
-resource "okta_authenticator" "security_question" {
-  key    = "security_question"
-  name   = "Security Question"
-  status = "ACTIVE"
-
-  settings = jsonencode({
-    "allowedFor" : "recovery"
-  })
-}
-
 # see https://registry.terraform.io/providers/okta/okta/latest/docs/resources/authenticator
 resource "okta_authenticator" "okta_verify" {
-  key    = "okta_verify"
-  name   = "Okta Verify"
-  status = "ACTIVE"
+  key                = "okta_verify"
+  legacy_ignore_name = false
+  name               = "Okta Verify"
+  status             = "ACTIVE"
 
   settings = jsonencode({
     "channelBinding" : {
@@ -51,3 +42,15 @@ resource "okta_authenticator" "okta_verify" {
     "userVerification" : "PREFERRED"
   })
 }
+
+# see https://registry.terraform.io/providers/okta/okta/latest/docs/resources/authenticator
+resource "okta_authenticator" "security_question" {
+  key                = "security_question"
+  legacy_ignore_name = false
+  name               = "Security Question"
+  status             = "ACTIVE"
+
+  settings = jsonencode({
+    "allowedFor" : "recovery"
+  })
+}

okta_branding.tf

@@ -30,9 +30,9 @@ resource "okta_brand" "main" {
 data "okta_brands" "main" {}
 
 # see https://registry.terraform.io/providers/okta/okta/latest/docs/data-sources/themes
-#data "okta_themes" "main" {
-#  brand_id = tolist(data.okta_brands.main.brands)[0].id
-#}
+data "okta_themes" "main" {
+  brand_id = tolist(data.okta_brands.main.brands)[0].id
+}
 
 # `okta_theme` can only be modified after first importing it using `terraform import`.
 # Steps:

okta_identity_providers.tf

@@ -4,7 +4,7 @@ resource "okta_idp_social" "github" {
   client_id            = var.okta_social_login_github_client_id
   client_secret        = var.okta_social_login_github_client_secret
   deprovisioned_action = "NONE"
-  issuer_mode          = "DYNAMIC"
+  issuer_mode          = "CUSTOM_URL"
   name                 = "GitHub (Org: ${var.project_identifier})"
   profile_master       = true
   protocol_type        = "OIDC"

secrets.op.env

@@ -0,0 +1,14 @@
+# shellcheck shell=sh
+
+# This file is part of a workflow that uses the 1Password CLI (https://developer.1password.com/docs/cli/)
+# and Terraform Environment Variables (https://developer.hashicorp.com/terraform/cli/config/environment-variables#tf_var_name)
+# to safely inject Secret Zero-type data into Terraform, by polling a project-specific 1Password Vault.
+#
+# For more information, see the README.md file.
+
+# Okta-specific configuration
+# see https://developer.okta.com/docs/guides/create-an-api-token/main/
+export TF_VAR_okta_org_name="op://Shared/okta/api/org"
+export TF_VAR_okta_api_token="op://Shared/okta/api/token"
+export TF_VAR_okta_social_login_github_client_id="op://Shared/okta/social-login-github/client-id"
+export TF_VAR_okta_social_login_github_client_secret="op://Shared/okta/social-login-github/client-secret"

terraform.tf

@@ -32,7 +32,7 @@ terraform {
 
     # see https://registry.terraform.io/providers/hashicorp/tfe/0.57.0
     tfe = {
-      source = "hashicorp/tfe"
+      source  = "hashicorp/tfe"
       version = "0.57.0"
     }
   }