Create an OAuth client for use with Dynatrace Configuration as Code via Terraform
This guide shows you how to create an OAuth client for use with Dynatrace Configuration as Code via Terraform.
Create an OAuth client
-
Go to Account Management.
-
Select Identity & access management > OAuth clients.
-
Select Create client.
-
Enter the email address of the user who owns the client.
-
Enter a description of the new client.
-
Select the required scopes.
Each available type of platform configuration requires specific OAuth scopes.
Configure an OAuth client with all of the permissions below to be compatible with all OAuth-based Terraform resources, or provide a subset of permissions based on required use cases.
PurposeScopesView and create settings objectssettings:objects:read
,settings:objects:write
View and manage workflowsautomation:workflows:read
,automation:workflows:write
,automation:calendars:read
,automation:calendars:write
,automation:rules:read
,automation:rules:write
Access all workflows1automation:workflows:admin
View and manage documentsdocument:documents:read
,document:documents:write
,document:documents:delete
,document:trash.documents:delete
View and manage direct document sharingdocument:direct-shares:read
,document:direct-shares:write
,document:direct-shares:delete
View business eventsstorage:bizevents:read
View and manage Grail bucketsstorage:bucket-definitions:read
,storage:bucket-definitions:write
View and manage users and groupsaccount-idm-read
,account-idm-write
View and manage policiesiam-policies-management
View environmentsaccount-env-read
1To use the
automation:workflows:admin
scope, you need to create a custom policy granting that scope, bind a group to it, and assign your user to that group in Account Management before creating the OAuth client. For detailed information on managing policies, see Manage IAM policies. -
Select Create client.
-
Copy the generated client ID and secret and store them in a safe place.
You can only access your client secret once upon creation. You can't reveal it afterward.
Ensure service user permissions
In addition to the scopes available to the OAuth client, permissions can be further limited via policies applied to the user's groups.
For details on how permissions can be controlled, see Working with policies.
To ensure your OAuth client works as intended, verify that the service user's groups grant the same scopes as the OAuth client you have created for all environments you want to use it with.
Use your OAuth client
- Follow the instructions for your operating system or CI/CD tool on making the client ID and secret available as environment variables.
- The Dynatrace Terraform Provider will request OAuth access tokens using your client credentials to make authenticated API calls.