EA Feature - Resource Set Conditions

[exitcode0]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

---

Description

Resource set conditions help you limit the scope of a role by excluding an admin's access to certain apps. This gives you more granular control over your custom admin roles and helps meet your org's unique security needs
https://help.okta.com/oie/en-us/content/topics/security/custom-admin-role/resource-set-conditions.htm

It would be great to add support for this feature to the okta_resource_set resource

New or Affected Resource(s)

• okta_resource_set

Potential Terraform Configuration

locals {
  org_url = "https://mycompany.okta.com"
}

resource "okta_resource_set" "test" {
  label       = "UsersAppsAndGroups"
  description = "All the users, app and groups"
  resources = [
    format("%s/api/v1/users", local.org_url),
    format("%s/api/v1/apps", local.org_url),
    format("%s/api/v1/groups", local.org_url)
  ]
  conditions {
    exclude = jsonencode({
      "okta:ORN" = [
        "orn:oktapreview:idp:00o3123456789:apps:example:0oa5123456789"
      ]
    }
  }
}

References

• #0000

[duytiennguyen-okta]

Is this feature still EA?

[duytiennguyen-okta]

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-829683