Manage Salesforce users, roles, and profiles with HashiCorp Terraform using the new Salesforce provider — now in tech preview.
Salesforce built the most popular CRM in the world, making it a common tool to manage all of an organization’s interactions with its customers and prospects. The new Salesforce provider for HashiCorp Terraform allows you to create and manage Salesforce users, roles, and profiles programmatically using the Terraform workflow. This provider is currently a technical preview, which means it's a community-supported project that requires incremental testing and polishing to mature into an officially supported HashiCorp project.
This post will cover use cases, requirements, configuration, and examples for the Salesforce provider for Terraform and show how to create your first user, role, and profile. We welcome your feedback, so please detail your experience while using the provider and file your issues on the Salesforce provider GitHub page.
The Salesforce provider was built with administrators in mind. It allows the creation and management of a core set of fields for users, profiles, and roles. You will be able to use Terraform's ability to interpolate resources among each other to associate users to newly created or existing profiles. You will also be able to create role hierarchies and assign them to users. Full examples with instructions are available in the provider repository.
In order to use the Salesforce provider, you will need:
The provider requires system administrator level permissions to a Salesforce organization. This is accomplished by creating a connected app within your organization and having Terraform authenticate as a user with a system administrator profile. You can find instructions in the Provider Configuration Reference.
Once the Client ID is known after creating the app, the provider can be configured as follows:
provider "salesforce" { client_id = "ABCDEFG" private_key = "/Users/mscott/priv.pem" api_version = "53.0" username = "user@example.com"}
The private key can be a location or the content of the file. The API version must be >= 53.0. If the organization is a sandbox organization, please set the optional field: login_url = "https://test.salesforce.com".
You can create role hierarchies with the role resource. The developer_name
is the unique name of the role, and the name
represents the label in the web user interface:
resource "salesforce_user_role" "ceo" { name = "CEO" developer_name = "ceo"} resource "salesforce_user_role" "vp" { name = "Vice President" developer_name = "vp" parent_role_id = salesforce_user_role.ceo.id}
Outside of the predefined profiles provided by Salesforce, new profiles can be created using the profile resource. Use the user license datasource to specify which license to base the profile from. A list of license definition keys can be found in the Salesforce User License documentation. Permissions can be manually enabled/disabled using the permissions map:
data "salesforce_user_license" "sf-platform" { license_definition_key = "AUL"} resource "salesforce_profile" "standard" { name = "standard" user_license_id = data.salesforce_user_license.sf-platform.id description = "standard profile" permissions = { EmailSingle = true EditTask = true }}
Users can be created using the user resource. You must assign the user a profile, which can be a custom one or a pre-existing Salesforce profile (look them up using the profile datasource). You may also assign a role to the user. Please note users cannot be deleted from Salesforce after creation. Their unique username will be taken forever and they will be deactivated and dropped from Terraform state only if a destroy
command is run. Set reset_password = true
to have the reset password email sent to the new user:
data "salesforce_profile" "standard" { name = "Standard User"} resource "salesforce_user_role" "ceo" { name = "ceo" developer_name = "ceo"} resource "salesforce_user" "michael" { alias = "michael" email = "michael.scott@example.com" last_name = "scott" username = "michael.scott@example.com" profile_id = data.salesforce_profile.standard.id user_role_id = salesforce_user_role.ceo.id email_encoding_key = "UTF-8" language_locale_key = "en_US" time_zone_sid_key = "America/Chicago" locale_sid_key = "en_US" reset_password = true}
We would love to hear your feedback on this project! The Salesforce provider for Terraform was built with a small initial scope in mind and we would love your help shaping its future. You can post bugs and feature requests for the Salesforce provider by opening an issue on GitHub. You can also engage with us and the community on HashiCorp Discuss.
Customers can now deploy Terraform Enterprise using Podman on Red Hat Enterprise Linux. Recent releases also improve VCS, policy, and run task workflows at scale.
Golden patterns for infrastructure and security automation workflows lie at the core of The Infrastructure Cloud. Here’s how to implement them using HashiCorp Cloud Platform services.
Learn about Terraform features that can optimize cloud spending at every stage of growth.