## Frontegg Terraform provider

Check out the repo on GitHub

br
Prerequisites
Terraform ≥ 1.0.3m
Go ≥ 1.20

### Using the provider

See the Terraform Registry - [here](https://registry.terraform.io/providers/frontegg/frontegg/latest).

### Importing existing resources

#### Workspaces

To import an existing workspace, first add a shim resource definition to your Terraform project:


```
resource "frontegg_workspace" "example" {}
```

br
Then run terraform import, specifying the address of the resource you declared above (frontegg_workspace.example) and your workspace ID (i.e., your API client ID):

br

```js
$ terraform import frontegg_workspace.example 65e2d503-c187-4d55-8ba5-816bd4a15f96
frontegg_workspace.example: Importing from ID "65e2d503-c187-4d55-8ba5-816bd4a15f96"...
frontegg_workspace.example: Import prepared!
  Prepared frontegg_workspace for import
frontegg_workspace.example: Refreshing state... [id=65e2d503-c187-4d55-8ba5-816bd4a15f96]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
```

br
Next, run `terraform state show` to show the configuration values Terraform has imported:

br

```js
$ terraform state show frontegg_workspace.example
# frontegg_workspace.example:
resource "frontegg_workspace" "example" {
    allowed_origins     = [
        "https://yourcompany.com",
    ]
    backend_stack       = "Python"
    country             = "US"
    frontegg_domain     = "yourcompany.frontegg.com"
    # ...
}
```

br
Finally, you can copy that output back into your `main.tf` file (or equivalent). Beware that you may need to manually remove some output properties from the resource, like jwt_public_key.

You should verify that `terraform plan` reports no diffs.

br
### Ignoring changes

Certain resources might indicate updates even if they’ve never been used. To handle such cases, it’s recommended to use the `ignore_changes` argument. For example, if you’re not actively managing email templates, consider including all templates under this argument.

br

```js
lifecycle {
    ignore_changes = [
      reset_password_email,           
      user_activation_email,          
      user_invitation_email,          
      pwned_password_email,           
      magic_link_email,               
      magic_code_email,               
      new_device_connected_email,     
      user_used_invitation_email,     
      reset_phone_number_email,       
      bulk_tenants_invites_email,     
      mfa_enroll_email,               
      mfa_unenroll_email,             
      new_mfa_method_email,           
      mfa_recovery_code_email,        
      remove_mfa_method_email,        
      email_verification_email,       
      brute_force_protection_email,   
      suspicious_ip_email,            
      mfa_otc_email,                  
      impossible_travel_email,        
      bot_detection_email,            
      sms_authentication_enabled_email,
    ]
  }
```

### Roles, permissions, and permission categories

The procedure is the same as above, except that the IDs for the role, permission, or permission category are UUIDs.

You can either query the Frontegg API yourself to find these IDs, or you can use your browser's developer tools to get the IDs out of the network requests as you browse the Frontegg Portal.

br
Functionalities Support
Please note that this provider may not offer full support for all Frontegg capabilities. If you require assistance or support for a specific functionality, please contact us at `support@frontegg.com`.