Salesforce Provider

The Salesforce provider provides resources to interact with a Salesforce organization.

Example Usage

provider "salesforce" {
  client_id   = "ABCDEFG"
  private_key = "/Users/mscott/priv.pem"
  api_version = "53.0"
  username    = "user@example.com"
}

Setup

Authorization

The provider performs actions on behalf of a user, the expectation is that the user has System Administrator level permissions. This is most easily accomplished by assigning the "System Administrator" premade profile to the user being used by Terraform. The profile chosen must also be assigned to the "connected app", which will be covered below.

Authentication

A connected app provides headless interaction with salesforce, it can perform authentication for the admin user account via OAuth. The following guide was adapted from this blog post and this github guide.

Create a self-signed private key and x509 certificate

$ openssl genrsa -out privatekey.pem 1024
$ openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 3650

You can enter filler data when prompted, this certificate is used exclusively for authentication of the provider and the Salesforce REST API and is not signed by a certificate authority.

Create a connected app

  1. From the lightning experience UI, navigate to Setup > App Manager > New connected app
  2. Fill in required fields (name, email, etc)
  3. Enable OAuth settings
  4. Fill in a callback URL, this URL isn't needed but setting it to https://oauthdebugger.com/debug can be useful.
  5. Click use digital signatures
  6. Upload the publickey.cer file
  7. Add OAuth scopes: api refresh_token offline_access. This should be enough for the provider, more can be added as needed.
  8. Save
  9. Note down the Consumer Key, this corresponds to client_id in OAuth terms. You can also make note of the Consumer Secret, however it is not needed in the authentication process.

Manage connected app

  1. From the lightning experience UI, navigate to Setup > App Manager > click on the newly created connected app and click "manage" (not view/edit).
  2. Click Edit Policies
  3. Under OAuth Policies ensure "Permitted Users" is set to "Admin approved users are pre-authorized".
  4. Save
  5. Back at the manage page, under the Profiles section click "manage".
  6. Ensure that the "System Administrator" profile (or whichever profile is assigned to the user for terraform) is checked.
  7. Save

Configure the provider

The provider can be configured using the example provider block, or using the environment variables

SALESFORCE_CLIENT_ID
SALESFORCE_PRIVATE_KEY
SALESFORCE_API_VERSION
SALESFORCE_USERNAME

Schema

Optional