Skip to content

Instantly share code, notes, and snippets.

@jlj77

jlj77/apply.txt

Last active April 13, 2021 15:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jlj77/d7797153e6b252b9ab3454004ec5b804 to your computer and use it in GitHub Desktop.
Save jlj77/d7797153e6b252b9ab3454004ec5b804 to your computer and use it in GitHub Desktop.
Download ZIP
Okta Terraform provider output re potential bug
Raw
apply.txt
Terraform v0.14.10
okta_policy_rule_signon.r_test1b3: Creating...
okta_policy_rule_signon.r_test1b2: Modifying... [id=0pr8qy0g06pCtXIUE357]
okta_policy_rule_signon.r_test1b3: Creation complete after 1s [id=0pr8ryuv7lenA4PTD357]
Error: failed to update sign-on policy rule: provided priority was not valid, got: 3, API responded with: 2. See schema for attribute details
on pol_so.tf line 46, in resource "okta_policy_rule_signon" "r_test1b2":
46: resource "okta_policy_rule_signon" "r_test1b2" {
Raw
plan.txt
Terraform v0.14.10
Configuring remote state backend...
Initializing Terraform configuration...
okta_factor.okta_email: Refreshing state... [id=okta_email]
okta_factor.okta_push: Refreshing state... [id=okta_push]
okta_network_zone.p_test1di: Refreshing state... [id=nzo8r4ilhmGPi0vk3357]
okta_group.g_test: Refreshing state... [id=00g8qz9q08464Mo5k357]
okta_factor.okta_otp: Refreshing state... [id=okta_otp]
okta_factor.okta_sms: Refreshing state... [id=okta_sms]
okta_user.test1: Refreshing state... [id=00u8qx6ciuVMmHBiA357]
okta_network_zone.p_test1dii: Refreshing state... [id=nzo8r4kauuBulJ30d357]
okta_policy_signon.p_test1b: Refreshing state... [id=00p8qxv5g3ZEm7uod357]
okta_policy_mfa.p_test1c: Refreshing state... [id=00p8r06rpuZozqNeW357]
okta_policy_password.p_test1a: Refreshing state... [id=00p8qxvmeuXFTGyZk357]
okta_policy_rule_mfa.r_test1c: Refreshing state... [id=0pr8r4hdtbQwmdEOc357]
okta_policy_rule_signon.r_test1b1: Refreshing state... [id=0pr8qxvg4iNRnYZck357]
okta_policy_rule_signon.r_test1b2: Refreshing state... [id=0pr8qy0g06pCtXIUE357]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
~ update in-place
Terraform will perform the following actions:
# okta_policy_rule_signon.r_test1b2 will be updated in-place
~ resource "okta_policy_rule_signon" "r_test1b2" {
id = "0pr8qy0g06pCtXIUE357"
name = "Global Deny"
~ priority = 2 -> 3
# (14 unchanged attributes hidden)
}
# okta_policy_rule_signon.r_test1b3 will be created
+ resource "okta_policy_rule_signon" "r_test1b3" {
+ access = "ALLOW"
+ authtype = "ANY"
+ id = (known after apply)
+ mfa_lifetime = 1440
+ mfa_prompt = "SESSION"
+ mfa_remember_device = true
+ mfa_required = true
+ name = "MFA - Zone D1"
+ network_connection = "ZONE"
+ network_includes = [
+ "nzo8r4ilhmGPi0vk3357",
]
+ policyid = "00p8qxv5g3ZEm7uod357"
+ priority = 2
+ session_idle = 120
+ session_lifetime = 2880
+ session_persistent = false
+ status = "ACTIVE"
}
Plan: 1 to add, 1 to change, 0 to destroy.
Raw
state_excerpt.txt
...
{
"mode": "managed",
"type": "okta_policy_rule_signon",
"name": "r_test1b1",
"provider": "provider[\"registry.terraform.io/oktadeveloper/okta\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"access": "ALLOW",
"authtype": "ANY",
"id": "0pr8qxvg4iNRnYZck357",
"mfa_lifetime": 15,
"mfa_prompt": "SESSION",
"mfa_remember_device": false,
"mfa_required": true,
"name": "MFA - Test",
"network_connection": "ANYWHERE",
"network_excludes": [],
"network_includes": [],
"policyid": "00p8qxv5g3ZEm7uod357",
"priority": 1,
"session_idle": 120,
"session_lifetime": 1440,
"session_persistent": false,
"status": "ACTIVE",
"users_excluded": [
"00u8qx6ciuVMmHBiA357"
]
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"okta_group.g_test",
"okta_policy_signon.p_test1b",
"okta_user.test1"
]
}
]
},
{
"mode": "managed",
"type": "okta_policy_rule_signon",
"name": "r_test1b2",
"provider": "provider[\"registry.terraform.io/oktadeveloper/okta\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"access": "DENY",
"authtype": "ANY",
"id": "0pr8qy0g06pCtXIUE357",
"mfa_lifetime": 0,
"mfa_prompt": null,
"mfa_remember_device": false,
"mfa_required": false,
"name": "Global Deny",
"network_connection": "ANYWHERE",
"network_excludes": [],
"network_includes": [],
"policyid": "00p8qxv5g3ZEm7uod357",
"priority": 3,
"session_idle": 120,
"session_lifetime": 120,
"session_persistent": false,
"status": "ACTIVE",
"users_excluded": [
"00u8qx6ciuVMmHBiA357"
]
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"okta_policy_signon.p_test1b",
"okta_user.test1"
]
}
]
},
{
"mode": "managed",
"type": "okta_policy_rule_signon",
"name": "r_test1b3",
"provider": "provider[\"registry.terraform.io/oktadeveloper/okta\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"access": "ALLOW",
"authtype": "ANY",
"id": "0pr8ryuv7lenA4PTD357",
"mfa_lifetime": 1440,
"mfa_prompt": "SESSION",
"mfa_remember_device": false,
"mfa_required": true,
"name": "MFA - Zone D1",
"network_connection": "ZONE",
"network_excludes": null,
"network_includes": [
"nzo8r4ilhmGPi0vk3357"
],
"policyid": "00p8qxv5g3ZEm7uod357",
"priority": 2,
"session_idle": 120,
"session_lifetime": 2880,
"session_persistent": false,
"status": "ACTIVE",
"users_excluded": null
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"okta_network_zone.p_test1di",
"okta_policy_signon.p_test1b"
]
}
]
},
...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment