Managing Environments

Terraform Provider

In many software development methodologies, there is a need to manage and automate development, testing, and production environments. This need arises from the understanding that all resources deployed in an environment—whether cloud-based or hosted on local servers—eventually reach a stable configuration, often referred to as the "desired state", which primarily includes the configuration of all deployed services.

With tools like Terraform, the manual effort required to maintain this state decreases. Terraform, along with other infrastructure-as-code solutions, streamlines the process by enabling a code-first approach to automating environments. To read more about Terraform and this approach, click here.

Descope provides a terraform provider that allows managing Descope projects and configuration.

Prerequisites

Note

The terraform provider works with "Pro" or "Enterprise" type license. If you are having trouble with licensing, please contant the developer success team.

  • Terraform CLI installed.
  • A project already created in Descope.
  • Management Key. Create One on the Company Settings. If you intend to create a new project, make sure the key is scoped for use in all projects.

Using the Terraform Provider

  • Create a .tf file.

  • Import the Descope Provider inside the file.

terraform {
  required_providers {
    descope = {
      source = "descope/descope"
    }
  }
}
  • Initiate the provider with the needed parameters.

Note

Provide an existing project's id (won't be impacted by terraform) and the management key.

provider "descope" {
  project_id = var.descope_project_id
  management_key = var.descope_management_key
}
  • Create a new project resource.
resource "descope_project" "myproject" {
    name = "project-name"
}

Examples

All of the examples are set inside the Descope project resource we created.

Project Settings

Use the following object to declare and specify the project's settings.

  project_settings = {
    refresh_token_expiration = "3 weeks"
    enable_inactivity = true
    inactivity_time = "1 hour"
  }

Authorization

Use the following object to declare and specify the project's Authorization.

  authorization = {
    permissions = [
      {
        name = "test-permission"
        description = "this is a test"
      }
    ]
    roles = [
      {
        name = "test-role"
        description = "this is a test"
        permissions = ["test-permission"]
      }
    ]
  }

Authentication

Use the following object to declare and specify the project's Authentication methods.

  authentication = {
    magic_link = {
        expiration_time = "1 hour"
    }
    password = {
        lock = true
        lock_attempts = 3
        min_length = 8
    }
  }

Attributes

  attributes = {
    user = [
      {
        name = "test attribute user"
        type = "string"
      }
    ]
    tenant = [
      {
        name = "test attribute tenant"
        type = "multiselect"
        select_options = ["A", "B"]
      }
    ]
  }

Connectors

Note

This section uses terraform variables.

    connectors = {
    http = [ {
      name = "Test HTTP"
      description = "A Description"
      base_url = var.http_connector_base_url
      bearer_token = var.http_connector_secret
    } ]
  }

Applications

    applications = {
      oidc_applications = [ {
        name = "test OIDC app"
        description = "This is a test"
        claims = ["sub", "exp"]
      } ]
    }

Combined

variable "http_connector_base_url" {
   type = string
}
 
variable "http_connector_secret" {
  type = string
}
 
terraform {
  required_providers {
    descope = {
      source = "descope/descope"
    }
  }
}
 
provider "descope" {
  project_id = var.decope_project_id
  management_key = var.descope_management_key
}
 
resource "descope_project" "terraform-test-3" {
  name = "terraform-test-3"
  project_settings = {
    refresh_token_expiration = "3 weeks"
    enable_inactivity = true
    inactivity_time = "2 hour"
  }
 
  authentication = {
    magic_link = {
      expiration_time = 3600
      expiration_time_unit "seconds"
    }
    password = {
        lock = true
        lock_attempts = 3
        min_length = 8
    }
  }
 
  attributes = {
    user = [ {
      name = "test attribute user"
      type = "string"
    } ]
    tenant = [ {
      name = "test attribute tenant"
      type = "multiselect"
      select_options = ["A", "B"]
    } ]
  }
 
  authorization = {
    permissions = [ {
      name = "test-permission"
      description = "this is a test"
    } ]
    roles = [{
      name = "test-role"
      description = "this is a test"
      permissions = ["test-permission"]
    }]
  }
 
    applications = {
      oidc_applications = [ {
        name = "test OIDC app"
        description = "This is a test"
        claims = ["sub", "exp"]
      } ]
    }
 
    connectors = {
    http = [ {
      name = "Test HTTP"
      description = "A Description"
      base_url = var.http_connector_base_url
      bearer_token = var.http_connector_secret
    } ]
  }
}

Using the terraform in environments

The state file stores the relevant information for each descope project created as a resource in the tf file.

  • Make sure to have the ability to store and access the state file.

  • Use terraform plan to make sure the project resource has the right changes.

  • Use terraform apply to apply the changes.

Was this helpful?

Previous

Pulumi

Next

Testing Locally with Cookies

On this page

Terraform ProviderPrerequisitesUsing the Terraform ProviderExamplesProject SettingsAuthorizationAuthenticationAttributesConnectorsApplicationsCombinedUsing the terraform in environments