Terraform provider
Oblique publishes a Terraform provider oblique-security/oblique ↗ that lets you manage objects in Oblique via Terraform and as code workflows. The Terraform provider supports a subset of the objects that can be managed in the Oblique app, which are more commonly managed as code.
The Oblique app notes when an object is managed by Terraform. If an object is managed by Terraform, it can no longer be modified in the app.
Supported objects
Section titled “Supported objects”Not all Oblique objects and configurations can be managed as resources in Terraform. The following are supported as of v0.1.0:
- Integrations
- Listings, including listing roles, auto-approval policies, and owners
- Team groups, including team members and owners
- Attribute-based groups, including owners
- Reporting groups, including owners
- Admins, including organization owner
All other objects, including users, user attributes, and entitlements are managed as data sources in Terraform.
Audit logs
Section titled “Audit logs”Actions taken through the Terraform provider are recorded in Oblique’s audit logs the same way as actions taken in the Oblique app. Each event records the API key as the author and the Terraform provider used as the client. You can filter audit logs by client to see all actions taken through the Terraform provider.
Start managing objects using Terraform
Section titled “Start managing objects using Terraform”To start managing Oblique resources as Terraform, you will need to generate an API key for use with Terraform, and to download your existing Oblique objects’ Terraform configuration.
To download the configuration for all objects, navigate to Manage then Terraform:
- Select Export as Terraform to export your current Oblique configuration as Terraform. This will export a zip of a folder with a file for each of integrations, listings, team groups, attribute-based and reporting groups, and admins, plus the
main.tfTerraform configuration. - Optionally, set the location of the repo in the version control system you are using to manage this Terraform configuration in
repo_urlandrepo_dir. - Optionally, remove any files or Terraform resources which you do not wish to be managed by Terraform.
- Run
terraform apply.
Oblique will show which objects are managed by Terraform, and will block editing these in the app. If you provided the location of the repo you are using for your Terraform configuration, this will be linked from each object in the Oblique app.
To copy the configuration for a single object, navigate to that object’s detail page:
- In the object header, select More, then select Copy as Terraform.
- Add this object’s configuration to your Terraform configuration.
- Run
terraform apply.
Create objects using Terraform
Section titled “Create objects using Terraform”You can add any of the supported object types in your Terraform config to create them in Oblique.
Refer to the Oblique Terraform provider docs ↗ for the schema and examples for each Terraform resource.
View which objects are managed by Terraform
Section titled “View which objects are managed by Terraform”To see which objects are currently managed by Terraform, navigate to Manage then Terraform. You will see a summary under Management overview.
Make changes to objects using Terraform
Section titled “Make changes to objects using Terraform”You can manage Oblique objects as code with Terraform. Use terraform plan to generate a preview of what will change in Oblique for your review, then use terraform apply to apply them.
Release objects from being managed by Terraform
Section titled “Release objects from being managed by Terraform”You cannot currently release objects that are managed by Terraform in Oblique, in either the app or the Terraform provider. To release objects from being managed by Terraform, contact support.
You can remove the object from your Terraform configuration, which will delete it from Oblique. Then, you can recreate it in the Oblique app.