-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrules.tf
39 lines (31 loc) · 1.14 KB
/
rules.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
###################################################
# Rules of Okta Password Policy
###################################################
resource "okta_policy_rule_password" "this" {
for_each = {
for rule in var.rules :
rule.name => rule
}
policy_id = local.policy.id
name = each.key
priority = each.value.priority
status = each.value.enabled ? "ACTIVE" : "INACTIVE"
## Conditions
users_excluded = each.value.condition.excluded_users
network_connection = anytrue([
length(each.value.condition.network.excluded_zones) > 0,
length(each.value.condition.network.included_zones) > 0,
]) ? "ZONE" : "ANYWHERE"
network_excludes = (length(each.value.condition.network.excluded_zones) > 0
? each.value.condition.network.excluded_zones
: null
)
network_includes = (length(each.value.condition.network.included_zones) > 0
? each.value.condition.network.included_zones
: null
)
## Effects
password_change = each.value.allow_password_change ? "ALLOW" : "DENY"
password_reset = each.value.allow_password_reset ? "ALLOW" : "DENY"
password_unlock = each.value.allow_password_unlock ? "ALLOW" : "DENY"
}