Merge pull request #1061 from BalaGanaparthi/fix_issue1060_oldpassword

Fix issue1060 remove old_password as required from user update
okta · Apr 13, 2022 · 0a7a74d · 0a7a74d
2 parents 494cce8 + bb67237
commit 0a7a74d
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 14 deletions.
diff --git a/examples/okta_user/basic_with_credentials_updated_old_password.tf b/examples/okta_user/basic_with_credentials_updated_old_password.tf
@@ -0,0 +1,10 @@
+resource "okta_user" "test" {
+  first_name        = "TestAcc"
+  last_name         = "Smith"
+  login             = "testAcc-replace_with_uuid@example.com"
+  email             = "testAcc-replace_with_uuid@example.com"
+  password          = "Super#Secret@007"
+  old_password      = "SuperSecret007"
+  recovery_question = "0011 & 1010"
+  recovery_answer   = "0010"
+}
diff --git a/okta/resource_okta_user.go b/okta/resource_okta_user.go
@@ -599,23 +599,39 @@ func resourceUserUpdate(ctx context.Context, d *schema.ResourceData, m interface
 
 	if passwordChange {
 		oldPassword, newPassword := d.GetChange("password")
-		old, ok := d.GetOk("old_password")
-		if ok {
+		old, oldPasswordExist := d.GetOk("old_password")
+		if oldPasswordExist {
 			oldPassword = old
 		}
-		op := &okta.PasswordCredential{
-			Value: oldPassword.(string),
-		}
-		np := &okta.PasswordCredential{
-			Value: newPassword.(string),
-		}
-		npr := &okta.ChangePasswordRequest{
-			OldPassword: op,
-			NewPassword: np,
+		if oldPasswordExist {
+			op := &okta.PasswordCredential{
+				Value: oldPassword.(string),
+			}
+			np := &okta.PasswordCredential{
+				Value: newPassword.(string),
+			}
+			npr := &okta.ChangePasswordRequest{
+				OldPassword: op,
+				NewPassword: np,
+			}
+			_, _, err := client.User.ChangePassword(ctx, d.Id(), *npr, nil)
+			if err != nil {
+				return diag.Errorf("failed to update user's password: %v", err)
+			}
 		}
-		_, _, err := client.User.ChangePassword(ctx, d.Id(), *npr, nil)
-		if err != nil {
-			return diag.Errorf("failed to update user's password: %v", err)
+		if !oldPasswordExist {
+			password, _ := newPassword.(string)
+			user := okta.User{
+				Credentials: &okta.UserCredentials{
+					Password: &okta.PasswordCredential{
+						Value: password,
+					},
+				},
+			}
+			_, _, err := client.User.UpdateUser(ctx, d.Id(), user, nil)
+			if err != nil {
+				return diag.Errorf("failed to set user's password: %v", err)
+			}
 		}
 	}
 

diff --git a/okta/resource_okta_user_test.go b/okta/resource_okta_user_test.go
@@ -241,6 +241,7 @@ func TestAccOktaUser_updateCredentials(t *testing.T) {
 	mgr := newFixtureManager(user)
 	config := mgr.GetFixtures("basic_with_credentials.tf", ri, t)
 	minimalConfigWithCredentials := mgr.GetFixtures("basic_with_credentials_updated.tf", ri, t)
+	minimalConfigWithCredentialsOldPassword := mgr.GetFixtures("basic_with_credentials_updated_old_password.tf", ri, t)
 	resourceName := fmt.Sprintf("%s.test", user)
 	email := fmt.Sprintf("testAcc-%d@example.com", ri)
 
@@ -271,6 +272,18 @@ func TestAccOktaUser_updateCredentials(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "recovery_answer", "Asterisk"),
 				),
 			},
+			{
+				Config: minimalConfigWithCredentialsOldPassword,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "first_name", "TestAcc"),
+					resource.TestCheckResourceAttr(resourceName, "last_name", "Smith"),
+					resource.TestCheckResourceAttr(resourceName, "login", email),
+					resource.TestCheckResourceAttr(resourceName, "email", email),
+					resource.TestCheckResourceAttr(resourceName, "password", "Super#Secret@007"),
+					resource.TestCheckResourceAttr(resourceName, "old_password", "SuperSecret007"),
+					resource.TestCheckResourceAttr(resourceName, "recovery_answer", "0010"),
+				),
+			},
 		},
 	})
 }