test variable replacement by creation ID

Access_Controls-Applications-Infrastructure.tf

@@ -41,7 +41,9 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_ssh_infra" {
     name     = "SSH GCP Infrastructure Policy"
     decision = "allow"
 
-    allowed_idps                = [var.cloudflare_okta_identity_provider_id]
+    allowed_idps                = [
+      cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
+    ]
     auto_redirect_to_identity   = true
     allow_authenticate_via_warp = false
 

Access_Controls-Applications-rdp.tf

@@ -44,7 +44,9 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_rdp_domain"
   }]
 
   # Identity provider settings
-  allowed_idps               = [var.cloudflare_okta_identity_provider_id]
+  allowed_idps               = [
+    cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
+  ]
   auto_redirect_to_identity  = true
   enable_binding_cookie      = false
   http_only_cookie_attribute = false

Access_Controls-Applications-self_hosted.tf

@@ -50,7 +50,9 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_web_competit
     uri  = var.cloudflare_subdomain_web_sensitive
   }]
 
-  allowed_idps                = [var.cloudflare_okta_identity_provider_id]
+  allowed_idps                = [
+    cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
+  ]
   auto_redirect_to_identity   = true
   allow_authenticate_via_warp = false
 
@@ -81,7 +83,9 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_web_intranet
     uri  = var.cloudflare_subdomain_web
   }]
 
-  allowed_idps                = [var.cloudflare_okta_identity_provider_id]
+  allowed_idps                = [
+    cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
+  ]
   auto_redirect_to_identity   = true
   allow_authenticate_via_warp = false
 

Access_Controls-Applications-ssh.tf

@@ -24,7 +24,10 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_ssh_browser"
     uri  = var.cloudflare_subdomain_ssh
   }]
 
-  allowed_idps                = [var.cloudflare_okta_identity_provider_id, var.cloudflare_otp_identity_provider_id]
+  allowed_idps                = [
+    cloudflare_zero_trust_access_identity_provider.gmail.id,
+    cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
+  ]
   auto_redirect_to_identity   = false
   allow_authenticate_via_warp = false
 

Access_Controls-Applications-vnc.tf

@@ -24,7 +24,10 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_vnc_browser"
     uri  = var.cloudflare_subdomain_vnc
   }]
 
-  allowed_idps                = [var.cloudflare_okta_identity_provider_id, var.cloudflare_otp_identity_provider_id]
+  allowed_idps                = [
+    cloudflare_zero_trust_access_identity_provider.gmail.id,
+    cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
+  ]
   auto_redirect_to_identity   = false
   allow_authenticate_via_warp = false
 

Integrations-Identity_providers.tf

@@ -34,3 +34,10 @@ resource "cloudflare_zero_trust_access_identity_provider" "authentik_oidc" {
     token_url        = "https://authentik.${var.cloudflare_authentik_domain}/application/o/token/"
   }
 }
+
+data "cloudflare_zero_trust_access_identity_provider" "gmail" {
+  account_id = local.cloudflare_account_id
+  
+  identity_provider_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
+  zone_id = "zone_id"
+}