How to check if trusted origins are already exist in okta via terraform

Question

I wanted to create a trusted origin in okta via terraform by using "okta_trusted_origin" form a list of urls. I would like to know how can I check if the URL is already exist in okta trusted origins, don't create a new one.

I tried using a filter in "okta_trusted_origins" data source, but I'm not sure what would be the correct search criteria

Here is my code:

resource "okta_trusted_origin" "trusted_origin" {
  count = length(data.okta_trusted_origins.all.trusted_origins) == 0 ? 1 : 0

  name   = var.name
  origin = var.origin
  scopes = var.scopes
}

data "okta_trusted_origins" "all" {
  filter = "trusted_origins.origin eq ${var.origin}"
}

Answer 1

The correct filter syntax is:

data "okta_trusted_origins" "all" {
  filter = "origin eq \"${var.origin}\""
}

Answer 2

Terraform is a "desired state" system, and so a declaration like "this object should exist if it doesn't exist" is a contradiction: the object can't both exist and not exist at the same time.

If you were to succeed in telling Terraform that rule then you would create a configuration that cannot converge: the first run would detect that the object doesn't exist and propose to create it, and then the second run would detect that the object exists and propose to destroy it.

Instead, you must explicitly tell Terraform whether each object should exist or not. It's your responsibility as the author of your configurations to decide which system is responsible for managing each object, and (when any of those systems are Terraform-based) declare the object only in the configuration that ought to be managing it.

Terraform expects that you will tell it whether the object should already exist (using a data block) or whether Terraform should ensure that it exists (using a resource block). There is no way to make that decision automatically because then it would be ambiguous which configuration is the one responsible for updating and destroying the object in future.