Merge pull request #245 from oktadeveloper/fix-documentatin

Fixed documentation and several bugs

CHANGELOG.md

@@ -1,3 +1,18 @@
+# Changelog
+
+## 3.7.2 (December 18, 2020)
+
+ENHANCEMENTS:
+
+* Add logs to group data source for different cases [#150](https://github.com/oktadeveloper/terraform-provider-okta/pull/150). Thanks [@nathanbartlett](https://github.com/nathanbartlett)!
+* Added missing documentation [#245](https://github.com/oktadeveloper/terraform-provider-okta/pull/245). Thanks [@me](https://github.com/bogdanprodan-okta)!
+
+BUGS:
+
+* Fix default name for idp_discovery [#244](https://github.com/oktadeveloper/terraform-provider-okta/pull/244). Thanks [@nickerzb](https://github.com/nickerzb)!
+* Fix okta auth server policy rule resource causing panic [#245](https://github.com/oktadeveloper/terraform-provider-okta/pull/245). Thanks [@SBerda](https://github.com/SBerda) for submitting the [issue](https://github.com/oktadeveloper/terraform-provider-okta/issues/202) and [@me](https://github.com/bogdanprodan-okta) for fixing it!
+* Fix `key_years_valid` defaulting to `2` during resource import [#245](https://github.com/oktadeveloper/terraform-provider-okta/pull/245). Thanks [@btsteve](https://github.com/btsteve) for submitting the [issue](https://github.com/oktadeveloper/terraform-provider-okta/issues/201) and [@me](https://github.com/bogdanprodan-okta) for fixing it!
+
 ## 3.7.1 (December 16, 2020)
 
 ENHANCEMENTS:
@@ -20,27 +35,32 @@ ENHANCEMENTS:
 * General documentation updates [#224](https://github.com/oktadeveloper/terraform-provider-okta/pull/224). Thanks, [@bryantbiggs](https://github.com/bryantbiggs)!
 
 BUGS:
+
 * Changed `okta_app_basic_auth` optional fields to required [issue 223](https://github.com/oktadeveloper/terraform-provider-okta/issues/223). Thanks, [@bryantbiggs](https://github.com/bryantbiggs)!
 * Add idp discovery to allowed list of default policies [#233](https://github.com/oktadeveloper/terraform-provider-okta/pull/233). Thanks, [@nickerzb](https://github.com/nickerzb)!
 
 ## 3.6.1 (November 14, 2020)
 
 ENHANCEMENTS:
+
 * Remove 3rd party Okta SDK [#215](https://github.com/oktadeveloper/terraform-provider-okta/pull/215). Thanks, [@bogdanprodan-okta](https://github.com/bogdanprodan-okta)
 * Enhance `okta_app_auto_login` resource [#164](https://github.com/oktadeveloper/terraform-provider-okta/pull/164). Thanks, [@isometry](https://github.com/isometry)!
 * Add group name to the error for group data call [#156](https://github.com/oktadeveloper/terraform-provider-okta/pull/156). Thanks, [@ymylei](https://github.com/ymylei)!
 
 BUGS:
+
 * Fix population of the user 'status' attribute [#206](https://github.com/oktadeveloper/terraform-provider-okta/pull/206). Thanks, [@isometry](https://github.com/isometry)!
 
 ## 3.6.0 (October 12, 2020)
 
 ENHANCEMENTS:
+
 * Upgrade to Okta SDK 2.0.0 [#203](https://github.com/oktadeveloper/terraform-provider-okta/pull/203). Thanks a ton! [@bogdanprodan-okta](https://github.com/bogdanprodan-okta)
 * Fix validation false positive when api_token is set via environment variable. [#147](https://github.com/oktadeveloper/terraform-provider-okta/pull/147). Thanks, [@jgeurts](https://github.com/jgeurts)
 * Update required to optional and more [#208](https://github.com/oktadeveloper/terraform-provider-okta/pull/208), Thanks, me! :smile:
 
 BUGS:
+
 * Update config.go [#207](https://github.com/oktadeveloper/terraform-provider-okta/pull/207), Thanks, me! :smile:
 
 ## 3.5.1 (October 9, 2020)
@@ -67,7 +87,6 @@ BUGS:
 * Fix inline hook example code to match version that is supported. [#175](https://github.com/oktadeveloper/terraform-provider-okta/pull/175), Thanks, [@noinarisak](https://github.com/noinarisak) me again! :smiley:
 * Update app_group_assignment.html.markdown. [#165](https://github.com/oktadeveloper/terraform-provider-okta/pull/165), Thanks, [snolan-amount](https://github.com/snolan-amount)!
 
-
 ## 3.4.1 (July 31, 2020)
 
 RELEASE:
@@ -104,6 +123,7 @@ BUG FIXES:
 ENHANCEMENTS:
 
 * Improve app filtering and update Terraform SDK. [#97](https://github.com/terraform-providers/terraform-provider-okta/pull/97) Thanks, [quantumew](https://github.com/quantumew)! :tada:
+
 ## 3.1.1 (March 18, 2020)
 
 ENHANCEMENTS:
@@ -206,8 +226,8 @@ FEATURES:
 
 BUG FIXES:
 
-* Fix occasional panic when creating a user schema see https://github.com/terraform-providers/terraform-provider-okta/issues/144
-* Users in LOCKED_OUT state are unlocked when config is ACTIVE https://github.com/terraform-providers/terraform-provider-okta/issues/225
+* Fix occasional panic when creating a user schema see [issue 144](https://github.com/terraform-providers/terraform-provider-okta/issues/144)
+* Users in LOCKED_OUT state are unlocked when config is ACTIVE [issue 225](https://github.com/terraform-providers/terraform-provider-okta/issues/225)
 
 ## 3.0.12
 
@@ -241,8 +261,8 @@ ENHANCEMENTS:
 ## 3.0.16
 
 * Fix issues around `okta_policy_rule_idp_discovery`
-    * `app_include` and `app_exlcude` were missing required properties
-    * `user_identifier_type` was being added even when not defined, causing API errors
+  * `app_include` and `app_exlcude` were missing required properties
+  * `user_identifier_type` was being added even when not defined, causing API errors
 * Fix integer array type
 
 ## 3.0.17

README.md

@@ -1,5 +1,12 @@
+[![Build Status](https://img.shields.io/travis/oktadeveloper/terraform-provider-okta.svg?logo=travis)](https://travis-ci.com/github/oktadeveloper/terraform-provider-okta)
+<br/><br/>
+
 <a href="https://terraform.io">
-    <img src="https://cdn.rawgit.com/hashicorp/terraform-website/master/content/source/assets/images/logo-hashicorp.svg" alt="Terraform logo" title="Terraform" align="right" height="50" />
+    <img src="https://cdn.rawgit.com/hashicorp/terraform-website/master/content/source/assets/images/logo-hashicorp.svg" alt="Terraform logo" title="Terraform" height="50" />
+</a>
+
+<a href="https://www.okta.com/">
+    <img src="https://www.okta.com/sites/default/files/Dev_Logo-03_Large.png" alt="OKTA logo" title="OKTA" height="50" />
 </a>
 
 # Terraform Provider for Okta
@@ -73,4 +80,5 @@ Terraform is the work of thousands of contributors. We appreciate your help!
 
 To contribute, please read the contribution guidelines: [Contributing to Terraform - Okta Provider](.github/CONTRIBUTING.md)
 
-Issues on GitHub are intended to be related to bugs or feature requests with provider codebase. See https://www.terraform.io/docs/extend/community/index.html for a list of community resources to ask questions about Terraform.
+Issues on GitHub are intended to be related to bugs or feature requests with provider codebase. 
+See [Plugin SDK Community](https://www.terraform.io/docs/extend/community/index.html) for a list of community resources to ask questions about Terraform.

okta/policy.go

@@ -47,30 +47,6 @@ var (
 		},
 	}
 
-	// Pattern used in a few spots, whitelisting/blacklisting users and groups
-	peopleSchema = map[string]*schema.Schema{
-		"user_whitelist": {
-			Type:     schema.TypeSet,
-			Elem:     &schema.Schema{Type: schema.TypeString},
-			Optional: true,
-		},
-		"user_blacklist": {
-			Type:     schema.TypeSet,
-			Elem:     &schema.Schema{Type: schema.TypeString},
-			Optional: true,
-		},
-		"group_whitelist": {
-			Type:     schema.TypeSet,
-			Elem:     &schema.Schema{Type: schema.TypeString},
-			Optional: true,
-		},
-		"group_blacklist": {
-			Type:     schema.TypeSet,
-			Elem:     &schema.Schema{Type: schema.TypeString},
-			Optional: true,
-		},
-	}
-
 	statusSchema = &schema.Schema{
 		Type:             schema.TypeString,
 		Optional:         true,
@@ -79,20 +55,6 @@ var (
 	}
 )
 
-func addPeopleAssignments(target map[string]*schema.Schema) map[string]*schema.Schema {
-	return buildSchema(peopleSchema, target)
-}
-
-func setPeopleAssignments(d *schema.ResourceData, c *okta.GroupRulePeopleCondition) error {
-	// Don't think the API omits these when they are empty thus the unguarded accessing
-	return setNonPrimitives(d, map[string]interface{}{
-		"group_whitelist": convertStringSetToInterface(c.Groups.Include),
-		"group_blacklist": convertStringSetToInterface(c.Groups.Exclude),
-		"user_whitelist":  convertStringSetToInterface(c.Users.Include),
-		"user_blacklist":  convertStringSetToInterface(c.Users.Exclude),
-	})
-}
-
 func getPeopleConditions(d *schema.ResourceData) *okta.GroupRulePeopleCondition {
 	return &okta.GroupRulePeopleCondition{
 		Groups: &okta.GroupRuleGroupCondition{

okta/resource_okta_app_bookmark.go

@@ -21,10 +21,6 @@ func resourceAppBookmark() *schema.Resource {
 		// For those familiar with Terraform schemas be sure to check the base application schema and/or
 		// the examples in the documentation
 		Schema: buildAppSchemaWithVisibility(map[string]*schema.Schema{
-			"label": {
-				Type:     schema.TypeString,
-				Required: true,
-			},
 			"url": {
 				Type:     schema.TypeString,
 				Required: true,

okta/resource_okta_app_saml.go

@@ -55,9 +55,10 @@ func resourceAppSaml() *schema.Resource {
 				},
 			},
 			"key_name": {
-				Type:        schema.TypeString,
-				Description: "Certificate name. This modulates the rotation of keys. New name == new key.",
-				Optional:    true,
+				Type:         schema.TypeString,
+				Description:  "Certificate name. This modulates the rotation of keys. New name == new key.",
+				Optional:     true,
+				RequiredWith: []string{"key_years_valid"},
 			},
 			"key_id": {
 				Type:        schema.TypeString,
@@ -67,7 +68,6 @@ func resourceAppSaml() *schema.Resource {
 			"key_years_valid": {
 				Type:             schema.TypeInt,
 				Optional:         true,
-				Default:          2,
 				ValidateDiagFunc: intBetween(2, 10),
 				Description:      "Number of years the certificate is valid.",
 			},

okta/resource_okta_auth_server_policy_rule.go

@@ -2,9 +2,11 @@ package okta
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/okta/okta-sdk-golang/v2/okta"
 	"github.com/oktadeveloper/terraform-provider-okta/sdk"
 )
 
@@ -15,7 +17,22 @@ func resourceAuthServerPolicyRule() *schema.Resource {
 		UpdateContext: resourceAuthServerPolicyRuleUpdate,
 		DeleteContext: resourceAuthServerPolicyRuleDelete,
 		Importer:      createNestedResourceImporter([]string{"auth_server_id", "policy_id", "id"}),
-		Schema: addPeopleAssignments(map[string]*schema.Schema{
+		CustomizeDiff: func(_ context.Context, d *schema.ResourceDiff, v interface{}) error {
+			if w, ok := d.GetOk("grant_type_whitelist"); ok {
+				for _, v := range convertInterfaceToStringSet(w) {
+					if v != implicit {
+						continue
+					}
+					_, okUsers := d.GetOk("user_whitelist")
+					_, okGroups := d.GetOk("group_whitelist")
+					if !okUsers && !okGroups {
+						return fmt.Errorf(`at least "user_whitelist" or "group_whitelist" should be provided when using '%s' in "grant_type_whitelist"`, implicit)
+					}
+				}
+			}
+			return nil
+		},
+		Schema: map[string]*schema.Schema{
 			"type": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -44,10 +61,13 @@ func resourceAuthServerPolicyRule() *schema.Resource {
 				Description: "Priority of the auth server policy rule",
 			},
 			"grant_type_whitelist": {
-				Type:        schema.TypeSet,
-				Required:    true,
-				Elem:        &schema.Schema{Type: schema.TypeString},
-				Description: "Accepted grant type values: authorization_code, implicit, password.",
+				Type:     schema.TypeSet,
+				Required: true,
+				Elem: &schema.Schema{
+					Type:             schema.TypeString,
+					ValidateDiagFunc: stringInSlice([]string{authorizationCode, implicit, password, clientCredentials}),
+				},
+				Description: "Accepted grant type values: authorization_code, implicit, password, client_credentials",
 			},
 			"scope_whitelist": {
 				Type:     schema.TypeSet,
@@ -76,7 +96,27 @@ func resourceAuthServerPolicyRule() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
-		}),
+			"user_whitelist": {
+				Type:     schema.TypeSet,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Optional: true,
+			},
+			"user_blacklist": {
+				Type:     schema.TypeSet,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Optional: true,
+			},
+			"group_whitelist": {
+				Type:     schema.TypeSet,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Optional: true,
+			},
+			"group_blacklist": {
+				Type:     schema.TypeSet,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Optional: true,
+			},
+		},
 	}
 }
 
@@ -190,3 +230,24 @@ func buildAuthServerPolicyRule(d *schema.ResourceData) *sdk.AuthorizationServerP
 		},
 	}
 }
+
+func setPeopleAssignments(d *schema.ResourceData, c *okta.GroupRulePeopleCondition) error {
+	if c.Groups != nil {
+		err := setNonPrimitives(d, map[string]interface{}{
+			"group_whitelist": convertStringSetToInterface(c.Groups.Include),
+			"group_blacklist": convertStringSetToInterface(c.Groups.Exclude),
+		})
+		if err != nil {
+			return err
+		}
+	} else {
+		_ = setNonPrimitives(d, map[string]interface{}{
+			"group_whitelist": convertStringSetToInterface([]string{}),
+			"group_blacklist": convertStringSetToInterface([]string{}),
+		})
+	}
+	return setNonPrimitives(d, map[string]interface{}{
+		"user_whitelist": convertStringSetToInterface(c.Users.Include),
+		"user_blacklist": convertStringSetToInterface(c.Users.Exclude),
+	})
+}

okta/resource_okta_policy_mfa.go

@@ -20,10 +20,7 @@ func resourcePolicyMfa() *schema.Resource {
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},
-		Schema: buildPolicySchema(
-			// List of factor provider above, they all follow the same schema
-			buildFactorProviders(map[string]*schema.Schema{}),
-		),
+		Schema: buildPolicySchema(buildFactorProviders()),
 	}
 }
 
@@ -156,14 +153,16 @@ var factorProviders = []string{
 	"yubikey_token",
 }
 
-func buildFactorProviders(target map[string]*schema.Schema) map[string]*schema.Schema {
+// List of factor provider above, they all follow the same schema
+func buildFactorProviders() map[string]*schema.Schema {
+	res := make(map[string]*schema.Schema)
 	for _, key := range factorProviders {
 		sMap := getPolicyFactorSchema(key)
 		for nestedKey, nestedVal := range sMap {
-			target[nestedKey] = nestedVal
+			res[nestedKey] = nestedVal
 		}
 	}
-	return target
+	return res
 }
 
 func getPolicyFactorSchema(key string) map[string]*schema.Schema {

okta/validators.go

@@ -61,7 +61,7 @@ func stringInSlice(valid []string) schema.SchemaValidateDiagFunc {
 				return nil
 			}
 		}
-		return diag.Errorf("expected %v to be one of %v, got %s", k, valid, v)
+		return diag.Errorf("expected %v to be one of %v, got %s", k, strings.Join(valid, ","), v)
 	}
 }
 

website/docs/r/app_basic_auth.html.markdown

@@ -28,9 +28,21 @@ The following arguments are supported:
 
 - `label` - (Required) The Application's display name.
 
-* `url` - (Required) The URL of the sign-in page for this app.
+- `url` - (Required) The URL of the sign-in page for this app.
 
-* `auth_url` - (Required) The URL of the authenticating site for this app.
+- `auth_url` - (Required) The URL of the authenticating site for this app.
+
+- `users` - (Optional) Users associated with the application.
+
+- `groups` - (Optional) Groups associated with the application.
+
+- `status` - (Optional) Status of application. (`"ACTIVE"` or `"INACTIVE"`).
+
+- `hide_web` - (Optional) Do not display application icon to users.
+
+- `hide_ios` - (Optional) Do not display application icon on mobile app.
+
+- `auto_submit_toolbar` - (Optional) Display auto submit toolbar.
 
 ## Attributes Reference
 

website/docs/r/app_bookmark.html.markdown

@@ -31,6 +31,18 @@ The following arguments are supported:
 
 - `request_integration` - (Optional) Would you like Okta to add an integration for this app?
 
+- `users` - (Optional) Users associated with the application.
+
+- `groups` - (Optional) Groups associated with the application.
+
+- `status` - (Optional) Status of application. (`"ACTIVE"` or `"INACTIVE"`).
+
+- `hide_web` - (Optional) Do not display application icon to users.
+
+- `hide_ios` - (Optional) Do not display application icon on mobile app.
+
+- `auto_submit_toolbar` - (Optional) Display auto submit toolbar.
+
 ## Attributes Reference
 
 - `id` - ID of the Application.

website/docs/r/app_oauth.html.markdown

@@ -77,7 +77,7 @@ The following arguments are supported:
 
 - `response_types` - (Optional) List of OAuth 2.0 response type strings.
 
-- `grant_types` - (Optional) List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
+- `grant_types` - (Optional) List of OAuth 2.0 grant types. Conditional validation params found [here](https://developer.okta.com/docs/api/resources/apps#credentials-settings-details). Defaults to minimum requirements per app type.
 
 - `tos_uri` - (Optional) URI to web page providing client tos (terms of service).