Merge pull request #249 from articulate/feature/app_group_assignment

okta_app_user and okta_app_group_assignment
articulate · Aug 19, 2019 · 309fdd1 · 309fdd1
2 parents 7334b41 + d001ba4
commit 309fdd1
Show file tree

Hide file tree

Showing 60 changed files with 654 additions and 678 deletions.
diff --git a/examples/README.md b/examples/README.md
@@ -12,35 +12,39 @@ Anything that lies underneath a resource directory is config we use as fixtures
 
 ## Resources & Data Sources
 
-* [okta_app_saml](./okta_app_saml) Supports the management of Okta SAML Applications.
+* [okta_app_auto_login](./okta_app_auto_login) Supports the management of Okta Auto Login Applications.
+* [okta_app_bookmark](./okta_app_bookmark) Supports the management Okta Bookmark Application.
 * [okta_app_metadata_saml](./okta_app_metadata_saml) Data source for SAML app metadata.
 * [okta_app_oauth](./okta_app_oauth) Supports the management of Okta OIDC Applications.
-* [okta_app_bookmark](./okta_app_bookmark) Supports the management Okta Bookmark Application.
+* [okta_app_saml](./okta_app_saml) Supports the management of Okta SAML Applications.
+* [okta_app_secure_password_store](./okta_app_secure_password_store) Supports the management of Okta Secure Password Store Applications.
+* [okta_app_swa](./okta_app_swa) Supports the management of Okta SWA Applications.
+* [okta_app_three_field](./okta_app_three_field) Supports the management of Okta Three Field Applications.
 * [okta_app](./okta_app) Generic Application data source.
-* [okta_user](./okta_user) Supports the management of Okta Users.
-* [okta_users](./okta_users) Data source to retrieve a group of users.
-* [okta_group](./okta_group) Supports the management of Okta Groups.
-* [okta_group_roles](./okta_group_roles) Supports the management of Okta Group Administrator Roles.
-* [okta_group_rule](./okta_group_rule) Supports the management of Okta Group Rules.
-* [okta_trusted_origin](./okta_trusted_origin) Supports the management of Okta Trusted Sources and Origins.
-* [okta_user_schema](./okta_user_schema) Supports the management of Okta defined User Profile Attribute Schemas.
-* [okta_user_base_schema](./okta_user_base_schema) Supports the management of Okta User Profile Attribute Schemas.
-* [okta_auth_server](./okta_auth_server) Supports the management of Okta Authorization servers.
-* [okta_auth_server_policy](./okta_auth_server_policy) Supports the management of Okta Authorization servers policies.
+* [okta_auth_server_claim](./okta_auth_server_claim) Supports the management of Okta Authorization servers claims.
 * [okta_auth_server_policy_rule](./okta_auth_server_policy_rule) Supports the management of Okta Authorization servers policy rules.
+* [okta_auth_server_policy](./okta_auth_server_policy) Supports the management of Okta Authorization servers policies.
 * [okta_auth_server_scope](./okta_auth_server_scope) Supports the management of Okta Authorization servers scopes.
-* [okta_auth_server_claim](./okta_auth_server_claim) Supports the management of Okta Authorization servers claims.
-* [okta_inline_hook](./okta_inline_hook) Supports the management of Okta Inline Hooks EA feature.
-* [okta_idp](./okta_idp) Supports the management of Okta OIDC Identity Providers.
-* [okta_idp_social](./okta_idp_social) Supports the management of Okta Social Identity Providers. Such as Google, Facebook, Microsoft, and LinkedIn.
+* [okta_auth_server](./okta_auth_server) Supports the management of Okta Authorization servers.
+* [okta_group_roles](./okta_group_roles) Supports the management of Okta Group Administrator Roles.
+* [okta_group_rule](./okta_group_rule) Supports the management of Okta Group Rules.
+* [okta_group](./okta_group) Supports the management of Okta Groups.
+* [okta_idp_metadata_saml](./okta_app_metadata_saml) Data source for SAML IdP metadata.
 * [okta_idp_saml](./okta_idp_saml) Supports the management of Okta SAML Identity Providers.
+* [okta_idp_social](./okta_idp_social) Supports the management of Okta Social Identity Providers. Such as Google, Facebook, Microsoft, and LinkedIn.
+* [okta_idp](./okta_idp) Supports the management of Okta OIDC Identity Providers.
+* [okta_inline_hook](./okta_inline_hook) Supports the management of Okta Inline Hooks EA feature.
 * [okta_network_zone](./okta_network_zone) Supports the management of Okta Network Zones for whitelisting IPs or countries dynamically.
-* [okta_idp_metadata_saml](./okta_app_metadata_saml) Data source for SAML IdP metadata.
-* [okta_policy_signon](./okta_policy_signon) Supports the management of sign on policies.
-* [okta_policy_rule_signon](./okta_policy_rule_signon) Supports the management of sign on policy rules.
 * [okta_policy_mfa](./okta_policy_mfa) Supports the management of MFA policies.
 * [okta_policy_password](./okta_policy_password) Supports the management of password policies.
+* [okta_policy_rule_signon](./okta_policy_rule_signon) Supports the management of sign on policy rules.
+* [okta_policy_signon](./okta_policy_signon) Supports the management of sign on policies.
 * [okta_template_email](./okta_template_email) Supports the management of custom email templates.
+* [okta_trusted_origin](./okta_trusted_origin) Supports the management of Okta Trusted Sources and Origins.
+* [okta_user_base_schema](./okta_user_base_schema) Supports the management of Okta User Profile Attribute Schemas.
+* [okta_user_schema](./okta_user_schema) Supports the management of Okta defined User Profile Attribute Schemas.
+* [okta_user](./okta_user) Supports the management of Okta Users.
+* [okta_users](./okta_users) Data source to retrieve a group of users.
 * [okta_app_oauth_redirect_uri](./okta_app_oauth_redirect_uri) Supports decentralizing redirect uri config. Due to Okta's API not allowing this field to be null, you must set a redirect uri in your app, and ignore changes to this attribute. We follow TF best practices and detect config drift. The best case scenario is Okta makes this field nullable and we can not detect config drift when this attr is not present.
 
 ## Deprecated Resources

diff --git a/examples/okta_app_auto_login/README.md b/examples/okta_app_auto_login/README.md
@@ -0,0 +1,5 @@
+# okta_app_auto_login
+
+Resource for managing Auto Login Okta Applications. [See Okta documentation for more details](https://developer.okta.com/docs/api/resources/apps).
+
+* Simple example [can be found here](./basic.tf)
diff --git a/examples/okta_app_auto_login/basic.tf b/examples/okta_app_auto_login/basic.tf
@@ -0,0 +1,7 @@
+resource okta_app_auto_login test {
+  label                = "testAcc_replace_with_uuid"
+  sign_on_url          = "https://example.com/login.html"
+  sign_on_redirect_url = "https://example.com"
+  reveal_password      = true
+  credentials_scheme   = "EDIT_USERNAME_AND_PASSWORD"
+}
diff --git a/examples/okta_app_auto_login/updated.tf b/examples/okta_app_auto_login/updated.tf
@@ -0,0 +1,10 @@
+resource okta_app_auto_login test {
+  label                = "testAcc_replace_with_uuid"
+  status               = "INACTIVE"
+  sign_on_url          = "https://exampleupdate.com/login.html"
+  sign_on_redirect_url = "https://exampleupdate.com"
+  reveal_password      = false
+  credentials_scheme   = "SHARED_USERNAME_AND_PASSWORD"
+  shared_username      = "sharedusername"
+  shared_password      = "sharedpassword"
+}
diff --git a/examples/okta_app_bookmark/basic_updated.tf b/examples/okta_app_bookmark/basic_updated.tf
@@ -2,8 +2,8 @@ resource "okta_user" "user" {
   admin_roles = ["APP_ADMIN", "USER_ADMIN"]
   first_name  = "TestAcc"
   last_name   = "blah"
-  login       = "test-acc-replace_with_uuid@testing.com"
-  email       = "test-acc-replace_with_uuid@testing.com"
+  login       = "test-acc-replace_with_uuid@example.com"
+  email       = "test-acc-replace_with_uuid@example.com"
 }
 
 resource "okta_group" "group" {

diff --git a/examples/okta_app_group_assignment/basic.tf b/examples/okta_app_group_assignment/basic.tf
@@ -0,0 +1,21 @@
+resource okta_app_oauth test {
+  label          = "testAcc_replace_with_uuid"
+  type           = "web"
+  grant_types    = ["implicit", "authorization_code"]
+  redirect_uris  = ["http://d.com/"]
+  response_types = ["code", "token", "id_token"]
+  issuer_mode    = "ORG_URL"
+
+  lifecycle {
+    ignore_changes = ["users", "groups"]
+  }
+}
+
+resource okta_group test {
+  name = "testAcc_replace_with_uuid"
+}
+
+resource okta_app_group_assignment test {
+  app_id   = "${okta_app_oauth.test.id}"
+  group_id = "${okta_group.test.id}"
+}
diff --git a/examples/okta_app_oauth/oauth_app.tf → examples/okta_app_oauth/basic.tf b/examples/okta_app_oauth/oauth_app.tf → examples/okta_app_oauth/basic.tf
diff --git a/...a_app_oauth/oauth_app_groups_and_users.tf → examples/okta_app_oauth/groups_and_users.tf b/...a_app_oauth/oauth_app_groups_and_users.tf → examples/okta_app_oauth/groups_and_users.tf
@@ -6,8 +6,8 @@ resource "okta_user" "user" {
   admin_roles = ["APP_ADMIN", "USER_ADMIN"]
   first_name  = "TestAcc"
   last_name   = "blah"
-  login       = "test-acc-replace_with_uuid@testing.com"
-  email       = "test-acc-replace_with_uuid@testing.com"
+  login       = "test-acc-replace_with_uuid@example.com"
+  email       = "test-acc-replace_with_uuid@example.com"
   status      = "ACTIVE"
 }
 

diff --git a/examples/okta_app_oauth/oauth_app_remove_groups_and_users.tf b/examples/okta_app_oauth/oauth_app_remove_groups_and_users.tf
diff --git a/examples/okta_app_oauth/oauth_app_updated.tf → examples/okta_app_oauth/updated.tf b/examples/okta_app_oauth/oauth_app_updated.tf → examples/okta_app_oauth/updated.tf
diff --git a/...kta_app_oauth/oauth_app_updated_status.tf → examples/okta_app_oauth/updated_status.tf b/...kta_app_oauth/oauth_app_updated_status.tf → examples/okta_app_oauth/updated_status.tf
diff --git a/examples/okta_app_saml/custom_saml_app.tf → examples/okta_app_saml/basic.tf b/examples/okta_app_saml/custom_saml_app.tf → examples/okta_app_saml/basic.tf
@@ -1,4 +1,4 @@
-resource "okta_app_saml" "testAcc_replace_with_uuid" {
+resource okta_app_saml test {
   label                    = "testAcc_replace_with_uuid"
   sso_url                  = "http://google.com"
   recipient                = "http://here.com"

diff --git a/examples/okta_app_saml/import.tf b/examples/okta_app_saml/import.tf
@@ -1,4 +1,4 @@
-resource "okta_app_saml" "testAcc_replace_with_uuid" {
+resource okta_app_saml test {
   preconfigured_app = "pagerduty"
   label             = "testAcc_replace_with_uuid"
 

diff --git a/.../okta_app_saml/custom_saml_app_updated.tf → examples/okta_app_saml/inactive.tf b/.../okta_app_saml/custom_saml_app_updated.tf → examples/okta_app_saml/inactive.tf
@@ -1,4 +1,4 @@
-resource "okta_app_saml" "testAcc_replace_with_uuid" {
+resource okta_app_saml test {
   label                    = "testAcc_replace_with_uuid"
   sso_url                  = "http://google.com"
   recipient                = "http://here.com"

diff --git a/...ta_app_saml/custom_saml_app_all_fields.tf → examples/okta_app_saml/updated.tf b/...ta_app_saml/custom_saml_app_all_fields.tf → examples/okta_app_saml/updated.tf
@@ -1,4 +1,4 @@
-resource "okta_app_saml" "testAcc_replace_with_uuid" {
+resource okta_app_saml test {
   label                    = "testAcc_replace_with_uuid"
   sso_url                  = "http://google.com"
   recipient                = "http://here.com"

diff --git a/...pp_saml/saml_app_with_groups_and_users.tf → examples/okta_app_saml/user_groups.tf b/...pp_saml/saml_app_with_groups_and_users.tf → examples/okta_app_saml/user_groups.tf
@@ -14,16 +14,16 @@ resource "okta_user" "user" {
   admin_roles = ["APP_ADMIN", "USER_ADMIN"]
   first_name  = "TestAcc"
   last_name   = "blah"
-  login       = "test-acc-replace_with_uuid@testing.com"
-  email       = "test-acc-replace_with_uuid@testing.com"
+  login       = "test-acc-replace_with_uuid@example.com"
+  email       = "test-acc-replace_with_uuid@example.com"
   status      = "ACTIVE"
 }
 
 resource "okta_user" "user1" {
   first_name = "TestAcc1"
   last_name  = "blah"
-  login      = "test-acc-1-replace_with_uuid@testing.com"
-  email      = "test-acc-1-replace_with_uuid@testing.com"
+  login      = "test-acc-1-replace_with_uuid@example.com"
+  email      = "test-acc-1-replace_with_uuid@example.com"
   status     = "ACTIVE"
 }
 

diff --git a/...saml_app_with_groups_and_users_updated.tf → ...ples/okta_app_saml/user_groups_updated.tf b/...saml_app_with_groups_and_users_updated.tf → ...ples/okta_app_saml/user_groups_updated.tf
@@ -18,16 +18,16 @@ resource "okta_user" "user" {
   admin_roles = ["APP_ADMIN", "USER_ADMIN"]
   first_name  = "TestAcc"
   last_name   = "blah"
-  login       = "test-acc-replace_with_uuid@testing.com"
-  email       = "test-acc-replace_with_uuid@testing.com"
+  login       = "test-acc-replace_with_uuid@example.com"
+  email       = "test-acc-replace_with_uuid@example.com"
   status      = "ACTIVE"
 }
 
 resource "okta_user" "user1" {
   first_name = "TestAcc1"
   last_name  = "blah"
-  login      = "test-acc-1-replace_with_uuid@testing.com"
-  email      = "test-acc-1-replace_with_uuid@testing.com"
+  login      = "test-acc-1-replace_with_uuid@example.com"
+  email      = "test-acc-1-replace_with_uuid@example.com"
   status     = "ACTIVE"
 }
 

diff --git a/examples/okta_app_secure_password_store/README.md b/examples/okta_app_secure_password_store/README.md
@@ -0,0 +1,5 @@
+# okta_app_secure_password_store
+
+Resource for managing Secure Password Store Okta Applications. [See Okta documentation for more details](https://developer.okta.com/docs/api/resources/apps).
+
+* Simple example [can be found here](./basic.tf)
diff --git a/examples/okta_app_secure_password_store/basic.tf b/examples/okta_app_secure_password_store/basic.tf
@@ -0,0 +1,7 @@
+resource okta_app_secure_password_store test {
+  label              = "testAcc_replace_with_uuid"
+  username_field     = "user"
+  password_field     = "pass"
+  url                = "http://test.com"
+  credentials_scheme = "ADMIN_SETS_CREDENTIALS"
+}
diff --git a/examples/okta_app_secure_password_store/updated.tf b/examples/okta_app_secure_password_store/updated.tf
@@ -0,0 +1,8 @@
+resource okta_app_secure_password_store test {
+  label              = "testAcc_replace_with_uuid"
+  status             = "INACTIVE"
+  username_field     = "user"
+  password_field     = "pass"
+  url                = "http://test.com"
+  credentials_scheme = "EXTERNAL_PASSWORD_SYNC"
+}
diff --git a/examples/okta_app_swa/README.md b/examples/okta_app_swa/README.md
@@ -0,0 +1,10 @@
+# okta_app_swa
+
+This resource represents an Okta SWA Application in various configuration states. For more information see the [API docs](https://developer.okta.com/docs/api/resources/apps#add-custom-swa-application)
+
+* Example of a custom SWA app [can be found here](./custom.tf)
+* Example of a preconfigured SWA app [can be found here](./preconfig.tf)
+
+## Preconfigured Applications
+
+There are some configuration options that cannot be configured on certain "preconfigured" OAuth applications due to limitations in the Okta API.
diff --git a/examples/okta_app_swa/custom.tf b/examples/okta_app_swa/custom.tf
@@ -0,0 +1,7 @@
+resource okta_app_swa test {
+  label          = "testAcc_replace_with_uuid"
+  button_field   = "btn-login"
+  password_field = "txtbox-password"
+  username_field = "txtbox-username"
+  url            = "https://example.com/login.html"
+}
diff --git a/examples/okta_app_swa/custom_updated.tf b/examples/okta_app_swa/custom_updated.tf
@@ -0,0 +1,8 @@
+resource okta_app_swa test {
+  label          = "testAcc_replace_with_uuid"
+  status         = "INACTIVE"
+  button_field   = "btn-login-updated"
+  password_field = "txtbox-password-updated"
+  username_field = "txtbox-username-updated"
+  url            = "https://example.com/login-updated.html"
+}
diff --git a/examples/okta_app_swa/preconfig.tf b/examples/okta_app_swa/preconfig.tf
@@ -0,0 +1,4 @@
+resource okta_app_swa test {
+  preconfigured_app = "aws_console"
+  label             = "testAcc_replace_with_uuid"
+}
diff --git a/examples/okta_app_swa/preconfig_updated.tf b/examples/okta_app_swa/preconfig_updated.tf
@@ -0,0 +1,5 @@
+resource okta_app_swa test {
+  preconfigured_app = "aws_console"
+  label             = "testAcc_replace_with_uuid"
+  status            = "INACTIVE"
+}
diff --git a/examples/okta_app_three_field/README.md b/examples/okta_app_three_field/README.md
@@ -0,0 +1,5 @@
+# okta_app_three_field
+
+Resource for managing Three Field Okta Applications. [See Okta documentation for more details](https://developer.okta.com/docs/api/resources/apps).
+
+* Simple example [can be found here](./basic.tf)
diff --git a/examples/okta_app_three_field/basic.tf b/examples/okta_app_three_field/basic.tf
@@ -0,0 +1,9 @@
+resource okta_app_three_field test {
+  label                = "testAcc_replace_with_uuid"
+  button_selector      = "btn"
+  username_selector    = "user"
+  password_selector    = "pass"
+  url                  = "http://example.com"
+  extra_field_selector = "third"
+  extra_field_value    = "third"
+}
diff --git a/examples/okta_app_three_field/updated.tf b/examples/okta_app_three_field/updated.tf
@@ -0,0 +1,10 @@
+resource okta_app_three_field test {
+  label                = "testAcc_replace_with_uuid"
+  status               = "INACTIVE"
+  button_selector      = "btn1"
+  username_selector    = "user1"
+  password_selector    = "pass1"
+  url                  = "http://example.com"
+  extra_field_selector = "mfa"
+  extra_field_value    = "mfa"
+}
diff --git a/examples/okta_app_user/basic.tf b/examples/okta_app_user/basic.tf
@@ -0,0 +1,25 @@
+resource okta_app_oauth test {
+  label          = "testAcc_replace_with_uuid"
+  type           = "web"
+  grant_types    = ["implicit", "authorization_code"]
+  redirect_uris  = ["http://d.com/"]
+  response_types = ["code", "token", "id_token"]
+  issuer_mode    = "ORG_URL"
+
+  lifecycle {
+    ignore_changes = ["users", "groups"]
+  }
+}
+
+resource okta_user test {
+  first_name = "TestAcc"
+  last_name  = "Smith"
+  login      = "[email protected]"
+  email      = "[email protected]"
+}
+
+resource okta_app_user test {
+  app_id   = "${okta_app_oauth.test.id}"
+  user_id  = "${okta_user.test.id}"
+  username = "${okta_user.test.email}"
+}
diff --git a/examples/okta_app_user/update.tf b/examples/okta_app_user/update.tf
@@ -0,0 +1,25 @@
+resource okta_app_oauth test {
+  label          = "testAcc_replace_with_uuid"
+  type           = "web"
+  grant_types    = ["implicit", "authorization_code"]
+  redirect_uris  = ["http://d.com/"]
+  response_types = ["code", "token", "id_token"]
+  issuer_mode    = "ORG_URL"
+
+  lifecycle {
+    ignore_changes = ["users", "groups"]
+  }
+}
+
+resource okta_user test {
+  first_name = "TestAcc"
+  last_name  = "Smith"
+  login      = "[email protected]"
+  email      = "[email protected]"
+}
+
+resource okta_app_user test {
+  app_id   = "${okta_app_oauth.test.id}"
+  user_id  = "${okta_user.test.id}"
+  username = "testAcc_replace_with_uuid"
+}
diff --git a/examples/okta_group_roles/all_roles.tf b/examples/okta_group_roles/all_roles.tf
@@ -21,7 +21,7 @@ resource okta_group_roles test {
 resource okta_user test {
   first_name        = "TestAcc"
   last_name         = "Smith"
-  login             = "test-acc-replace_with_uuid@testing.com"
-  email             = "test-acc-replace_with_uuid@testing.com"
+  login             = "test-acc-replace_with_uuid@example.com"
+  email             = "test-acc-replace_with_uuid@example.com"
   group_memberships = ["${okta_group.test.id}"]
 }
diff --git a/examples/okta_group_roles/basic.tf b/examples/okta_group_roles/basic.tf
@@ -11,7 +11,7 @@ resource okta_group_roles test {
 resource okta_user test {
   first_name        = "TestAcc"
   last_name         = "Smith"
-  login             = "test-acc-replace_with_uuid@testing.com"
-  email             = "test-acc-replace_with_uuid@testing.com"
+  login             = "test-acc-replace_with_uuid@example.com"
+  email             = "test-acc-replace_with_uuid@example.com"
   group_memberships = ["${okta_group.test.id}"]
 }
diff --git a/examples/okta_user/all_attributes.tf b/examples/okta_user/all_attributes.tf
@@ -2,8 +2,8 @@ resource "okta_user" "testAcc_replace_with_uuid" {
   admin_roles        = ["ORG_ADMIN"]
   first_name         = "TestAcc"
   last_name          = "Smith"
-  login              = "test-acc-replace_with_uuid@testing.com"
-  email              = "test-acc-replace_with_uuid@testing.com"
+  login              = "test-acc-replace_with_uuid@example.com"
+  email              = "test-acc-replace_with_uuid@example.com"
   city               = "New York"
   cost_center        = "10"
   country_code       = "US"
@@ -24,7 +24,7 @@ resource "okta_user" "testAcc_replace_with_uuid" {
   preferred_language = "en-us"
   primary_phone      = "4445556666"
   profile_url        = "http://www.example.com/profile"
-  second_email       = "test2-replace_with_uuid@testing.com"
+  second_email       = "test2-replace_with_uuid@example.com"
   state              = "NY"
   street_address     = "5678 Testing Ave."
   timezone           = "America/New_York"