Salesforce Provider for HashiCorp Terraform Now in Tech Preview
Manage Salesforce users, roles, and profiles with HashiCorp Terraform using the new Salesforce provider — now in tech preview.
Salesforce built the most popular CRM in the world, making it a common tool to manage all of an organization’s interactions with its customers and prospects. The new Salesforce provider for HashiCorp Terraform allows you to create and manage Salesforce users, roles, and profiles programmatically using the Terraform workflow. This provider is currently a technical preview, which means it's a community-supported project that requires incremental testing and polishing to mature into an officially supported HashiCorp project.
This post will cover use cases, requirements, configuration, and examples for the Salesforce provider for Terraform and show how to create your first user, role, and profile. We welcome your feedback, so please detail your experience while using the provider and file your issues on the Salesforce provider GitHub page.
» Salesforce Provider for Terraform Use Cases
The Salesforce provider was built with administrators in mind. It allows the creation and management of a core set of fields for users, profiles, and roles. You will be able to use Terraform's ability to interpolate resources among each other to associate users to newly created or existing profiles. You will also be able to create role hierarchies and assign them to users. Full examples with instructions are available in the provider repository.
» Requirements
In order to use the Salesforce provider, you will need:
- A Salesforce organization
- A Salesforce user account with a system administrator profile
- A connected app created for Terraform
» Configuring the Provider
The provider requires system administrator level permissions to a Salesforce organization. This is accomplished by creating a connected app within your organization and having Terraform authenticate as a user with a system administrator profile. You can find instructions in the Provider Configuration Reference.
Once the Client ID is known after creating the app, the provider can be configured as follows:
provider "salesforce" {
client_id = "ABCDEFG"
private_key = "/Users/mscott/priv.pem"
api_version = "53.0"
username = "user@example.com"
}
The private key can be a location or the content of the file. The API version must be >= 53.0. If the organization is a sandbox organization, please set the optional field: login_url = "https://test.salesforce.com".
» Creating Role Hierarchies
You can create role hierarchies with the role resource. The developer_name
is the unique name of the role, and the name
represents the label in the web user interface:
resource "salesforce_user_role" "ceo" {
name = "CEO"
developer_name = "ceo"
}
resource "salesforce_user_role" "vp" {
name = "Vice President"
developer_name = "vp"
parent_role_id = salesforce_user_role.ceo.id
}
» Creating Your First Profile
Outside of the predefined profiles provided by Salesforce, new profiles can be created using the profile resource. Use the user license datasource to specify which license to base the profile from. A list of license definition keys can be found in the Salesforce User License documentation. Permissions can be manually enabled/disabled using the permissions map:
data "salesforce_user_license" "sf-platform" {
license_definition_key = "AUL"
}
resource "salesforce_profile" "standard" {
name = "standard"
user_license_id = data.salesforce_user_license.sf-platform.id
description = "standard profile"
permissions = {
EmailSingle = true
EditTask = true
}
}
» Create Your First User
Users can be created using the user resource. You must assign the user a profile, which can be a custom one or a pre-existing Salesforce profile (look them up using the profile datasource). You may also assign a role to the user. Please note users cannot be deleted from Salesforce after creation. Their unique username will be taken forever and they will be deactivated and dropped from Terraform state only if a destroy
command is run. Set reset_password = true
to have the reset password email sent to the new user:
data "salesforce_profile" "standard" {
name = "Standard User"
}
resource "salesforce_user_role" "ceo" {
name = "ceo"
developer_name = "ceo"
}
resource "salesforce_user" "michael" {
alias = "michael"
email = "michael.scott@example.com"
last_name = "scott"
username = "michael.scott@example.com"
profile_id = data.salesforce_profile.standard.id
user_role_id = salesforce_user_role.ceo.id
email_encoding_key = "UTF-8"
language_locale_key = "en_US"
time_zone_sid_key = "America/Chicago"
locale_sid_key = "en_US"
reset_password = true
}
» Please Share Your Feedback
We would love to hear your feedback on this project! The Salesforce provider for Terraform was built with a small initial scope in mind and we would love your help shaping its future. You can post bugs and feature requests for the Salesforce provider by opening an issue on GitHub. You can also engage with us and the community on HashiCorp Discuss.
Sign up for the latest HashiCorp news
More blog posts like this one
New Terraform integrations with Crowdstrike, Datadog, JFrog, Red Hat, and more
12 new Terraform integrations from 9 partners provide more options to automate and secure cloud infrastructure management.
Terraform delivers launch-day support for Amazon S3 Tables, EKS Hybrid Nodes, and more at re:Invent
The Terraform provider for AWS now enables users to manage a variety of new services just announced at re:Invent.
HashiCorp at re:Invent 2024: Infrastructure Lifecycle Management with AWS
A recap of HashiCorp infrastructure news and developments on AWS from the past year, from a new provider launch to simplifying infrastructure provisioning and more.