I ve recently checked this, this is more important and which i was expecting it. I need to store all resources in github and import if any thing got changed or on migration.
how can i import existing resources and then start apply new changes?
1 Like
We can import resources to terraform state as shown:
Example - Importing Edge Router Policy
terraform import ziti_edge_router_policy.<router_policy_resource_name> <edge router policy id>
2 Likes
Welcome to the forum, @vinaynetfoundry!
1 Like
One more question can I save jwt file once the identity is created using terraform output ?
I don't see the enrollment token as an attribute on the ziti_identity resource or data source.
@vinaynetfoundry Is there a way to reference the entity's arbitrary properties? I know the JWT is internally defined by the enrollment that's associated with the identity, so if nothing else it would be possible to look up the enrollment ID as an attribute of the identity data source then use that to look up the JWT.
With that ability, we could craft an enrollment module that handles the simple case of creating an enrollment for the identity if it doesn't have one and optionally writing the token to a file or var, or both.
1 Like
JWT token gets created asynchronously and once the token is used, we do not see the jwt in the response of get identity. Hence we did not add it as an attribute for ziti_identity resource or data source. 
When i try to create new identity via terraform and went to ziti console to download jwt it shows empty,
ziti_identities = {
"rd-vinoth" = {
is_admin = false
},
"test-terraform"={}
}
So i should not use terraform to create identities? or am i missing some variable options?
Updated and released new version 0.0.4. Now the jwt should be available in the UI once you create Identity from terraform.
If you are not using the version parameter in the required_providers block then do 'terraform init' to pull the latest changes.
Else update the version to 0.0.4 as shown:
terraform {
required_providers {
ziti = {
source = "netfoundry/ziti"
version = "0.0.4"
}
}
}
thanks yes it works, but can i save jwt via terraform itself? so that it will be easy?
JWT token is not returned as part of the create API but gets created asynchronously. Hence it is not wired to save it via terraform.
Ok thanks! One more thing is it possible to use admin username and password along with mfa to do this operation?
Hi, I'm automating my Openziti network creationg with terraform and using docker to host the controller and edge router.
For now I've something like this that creates the edge router, grabs the enrollment token and passes it to the docker image :
command = [
<<EOT
if [ ! -f /ziti-router/enroll.jwt ]; then
ziti edge login ${var.controller.fqdn}:${var.controller.public_apis_port} -u ${local.openziti_controller_username} -p ${local.openziti_controller_password} -y
ziti edge create edge-router "${local.openziti_edge_router_name}" --tunneler-enabled --jwt-output-file=/ziti-router/enroll.jwt
export ZITI_ENROLL_TOKEN=$(cat /ziti-router/enroll.jwt)
fi
/entrypoint.bash run config.yml
EOT
]
I'm not sure I understand your comment, you're saying that there's no way to grab the enrollment token using the ziti terraform provider ?
i think what he says is you can create edge router via terraform, but the jwt cant be saved via terraform, you need to call seperate api or command line download respective jwt and then we could automate it.