diff --git a/CHANGELOG.md b/CHANGELOG.md index fd960d473..d07a0dea5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,18 @@ +# Changelog + +## 3.7.2 (December 18, 2020) + +ENHANCEMENTS: + +* Add logs to group data source for different cases [#150](https://github.com/oktadeveloper/terraform-provider-okta/pull/150). Thanks [@nathanbartlett](https://github.com/nathanbartlett)! +* Added missing documentation [#245](https://github.com/oktadeveloper/terraform-provider-okta/pull/245). Thanks [@me](https://github.com/bogdanprodan-okta)! + +BUGS: + +* Fix default name for idp_discovery [#244](https://github.com/oktadeveloper/terraform-provider-okta/pull/244). Thanks [@nickerzb](https://github.com/nickerzb)! +* Fix okta auth server policy rule resource causing panic [#245](https://github.com/oktadeveloper/terraform-provider-okta/pull/245). Thanks [@SBerda](https://github.com/SBerda) for submitting the [issue](https://github.com/oktadeveloper/terraform-provider-okta/issues/202) and [@me](https://github.com/bogdanprodan-okta) for fixing it! +* Fix `key_years_valid` defaulting to `2` during resource import [#245](https://github.com/oktadeveloper/terraform-provider-okta/pull/245). Thanks [@btsteve](https://github.com/btsteve) for submitting the [issue](https://github.com/oktadeveloper/terraform-provider-okta/issues/201) and [@me](https://github.com/bogdanprodan-okta) for fixing it! + ## 3.7.1 (December 16, 2020) ENHANCEMENTS: @@ -20,27 +35,32 @@ ENHANCEMENTS: * General documentation updates [#224](https://github.com/oktadeveloper/terraform-provider-okta/pull/224). Thanks, [@bryantbiggs](https://github.com/bryantbiggs)! BUGS: + * Changed `okta_app_basic_auth` optional fields to required [issue 223](https://github.com/oktadeveloper/terraform-provider-okta/issues/223). Thanks, [@bryantbiggs](https://github.com/bryantbiggs)! * Add idp discovery to allowed list of default policies [#233](https://github.com/oktadeveloper/terraform-provider-okta/pull/233). Thanks, [@nickerzb](https://github.com/nickerzb)! ## 3.6.1 (November 14, 2020) ENHANCEMENTS: + * Remove 3rd party Okta SDK [#215](https://github.com/oktadeveloper/terraform-provider-okta/pull/215). Thanks, [@bogdanprodan-okta](https://github.com/bogdanprodan-okta) * Enhance `okta_app_auto_login` resource [#164](https://github.com/oktadeveloper/terraform-provider-okta/pull/164). Thanks, [@isometry](https://github.com/isometry)! * Add group name to the error for group data call [#156](https://github.com/oktadeveloper/terraform-provider-okta/pull/156). Thanks, [@ymylei](https://github.com/ymylei)! BUGS: + * Fix population of the user 'status' attribute [#206](https://github.com/oktadeveloper/terraform-provider-okta/pull/206). Thanks, [@isometry](https://github.com/isometry)! ## 3.6.0 (October 12, 2020) ENHANCEMENTS: + * Upgrade to Okta SDK 2.0.0 [#203](https://github.com/oktadeveloper/terraform-provider-okta/pull/203). Thanks a ton! [@bogdanprodan-okta](https://github.com/bogdanprodan-okta) * Fix validation false positive when api_token is set via environment variable. [#147](https://github.com/oktadeveloper/terraform-provider-okta/pull/147). Thanks, [@jgeurts](https://github.com/jgeurts) * Update required to optional and more [#208](https://github.com/oktadeveloper/terraform-provider-okta/pull/208), Thanks, me! :smile: BUGS: + * Update config.go [#207](https://github.com/oktadeveloper/terraform-provider-okta/pull/207), Thanks, me! :smile: ## 3.5.1 (October 9, 2020) @@ -67,7 +87,6 @@ BUGS: * Fix inline hook example code to match version that is supported. [#175](https://github.com/oktadeveloper/terraform-provider-okta/pull/175), Thanks, [@noinarisak](https://github.com/noinarisak) me again! :smiley: * Update app_group_assignment.html.markdown. [#165](https://github.com/oktadeveloper/terraform-provider-okta/pull/165), Thanks, [snolan-amount](https://github.com/snolan-amount)! - ## 3.4.1 (July 31, 2020) RELEASE: @@ -104,6 +123,7 @@ BUG FIXES: ENHANCEMENTS: * Improve app filtering and update Terraform SDK. [#97](https://github.com/terraform-providers/terraform-provider-okta/pull/97) Thanks, [quantumew](https://github.com/quantumew)! :tada: + ## 3.1.1 (March 18, 2020) ENHANCEMENTS: @@ -206,8 +226,8 @@ FEATURES: BUG FIXES: -* Fix occasional panic when creating a user schema see https://github.com/terraform-providers/terraform-provider-okta/issues/144 -* Users in LOCKED_OUT state are unlocked when config is ACTIVE https://github.com/terraform-providers/terraform-provider-okta/issues/225 +* Fix occasional panic when creating a user schema see [issue 144](https://github.com/terraform-providers/terraform-provider-okta/issues/144) +* Users in LOCKED_OUT state are unlocked when config is ACTIVE [issue 225](https://github.com/terraform-providers/terraform-provider-okta/issues/225) ## 3.0.12 @@ -241,8 +261,8 @@ ENHANCEMENTS: ## 3.0.16 * Fix issues around `okta_policy_rule_idp_discovery` - * `app_include` and `app_exlcude` were missing required properties - * `user_identifier_type` was being added even when not defined, causing API errors + * `app_include` and `app_exlcude` were missing required properties + * `user_identifier_type` was being added even when not defined, causing API errors * Fix integer array type ## 3.0.17 diff --git a/README.md b/README.md index 6f49d2c62..d8f87c3c9 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,12 @@ +[![Build Status](https://img.shields.io/travis/oktadeveloper/terraform-provider-okta.svg?logo=travis)](https://travis-ci.com/github/oktadeveloper/terraform-provider-okta) +

+ - Terraform logo + Terraform logo + + + + OKTA logo # Terraform Provider for Okta @@ -73,4 +80,5 @@ Terraform is the work of thousands of contributors. We appreciate your help! To contribute, please read the contribution guidelines: [Contributing to Terraform - Okta Provider](.github/CONTRIBUTING.md) -Issues on GitHub are intended to be related to bugs or feature requests with provider codebase. See https://www.terraform.io/docs/extend/community/index.html for a list of community resources to ask questions about Terraform. +Issues on GitHub are intended to be related to bugs or feature requests with provider codebase. +See [Plugin SDK Community](https://www.terraform.io/docs/extend/community/index.html) for a list of community resources to ask questions about Terraform. diff --git a/okta/policy.go b/okta/policy.go index 7a197f131..f4347a276 100644 --- a/okta/policy.go +++ b/okta/policy.go @@ -47,30 +47,6 @@ var ( }, } - // Pattern used in a few spots, whitelisting/blacklisting users and groups - peopleSchema = map[string]*schema.Schema{ - "user_whitelist": { - Type: schema.TypeSet, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, - }, - "user_blacklist": { - Type: schema.TypeSet, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, - }, - "group_whitelist": { - Type: schema.TypeSet, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, - }, - "group_blacklist": { - Type: schema.TypeSet, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, - }, - } - statusSchema = &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -79,20 +55,6 @@ var ( } ) -func addPeopleAssignments(target map[string]*schema.Schema) map[string]*schema.Schema { - return buildSchema(peopleSchema, target) -} - -func setPeopleAssignments(d *schema.ResourceData, c *okta.GroupRulePeopleCondition) error { - // Don't think the API omits these when they are empty thus the unguarded accessing - return setNonPrimitives(d, map[string]interface{}{ - "group_whitelist": convertStringSetToInterface(c.Groups.Include), - "group_blacklist": convertStringSetToInterface(c.Groups.Exclude), - "user_whitelist": convertStringSetToInterface(c.Users.Include), - "user_blacklist": convertStringSetToInterface(c.Users.Exclude), - }) -} - func getPeopleConditions(d *schema.ResourceData) *okta.GroupRulePeopleCondition { return &okta.GroupRulePeopleCondition{ Groups: &okta.GroupRuleGroupCondition{ diff --git a/okta/resource_okta_app_bookmark.go b/okta/resource_okta_app_bookmark.go index bd6a7cfe1..d1e8bd434 100644 --- a/okta/resource_okta_app_bookmark.go +++ b/okta/resource_okta_app_bookmark.go @@ -21,10 +21,6 @@ func resourceAppBookmark() *schema.Resource { // For those familiar with Terraform schemas be sure to check the base application schema and/or // the examples in the documentation Schema: buildAppSchemaWithVisibility(map[string]*schema.Schema{ - "label": { - Type: schema.TypeString, - Required: true, - }, "url": { Type: schema.TypeString, Required: true, diff --git a/okta/resource_okta_app_saml.go b/okta/resource_okta_app_saml.go index 973beaa7a..ea4e2b8bc 100644 --- a/okta/resource_okta_app_saml.go +++ b/okta/resource_okta_app_saml.go @@ -55,9 +55,10 @@ func resourceAppSaml() *schema.Resource { }, }, "key_name": { - Type: schema.TypeString, - Description: "Certificate name. This modulates the rotation of keys. New name == new key.", - Optional: true, + Type: schema.TypeString, + Description: "Certificate name. This modulates the rotation of keys. New name == new key.", + Optional: true, + RequiredWith: []string{"key_years_valid"}, }, "key_id": { Type: schema.TypeString, @@ -67,7 +68,6 @@ func resourceAppSaml() *schema.Resource { "key_years_valid": { Type: schema.TypeInt, Optional: true, - Default: 2, ValidateDiagFunc: intBetween(2, 10), Description: "Number of years the certificate is valid.", }, diff --git a/okta/resource_okta_auth_server_policy_rule.go b/okta/resource_okta_auth_server_policy_rule.go index f40878d2c..71143f286 100644 --- a/okta/resource_okta_auth_server_policy_rule.go +++ b/okta/resource_okta_auth_server_policy_rule.go @@ -2,9 +2,11 @@ package okta import ( "context" + "fmt" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/okta/okta-sdk-golang/v2/okta" "github.com/oktadeveloper/terraform-provider-okta/sdk" ) @@ -15,7 +17,22 @@ func resourceAuthServerPolicyRule() *schema.Resource { UpdateContext: resourceAuthServerPolicyRuleUpdate, DeleteContext: resourceAuthServerPolicyRuleDelete, Importer: createNestedResourceImporter([]string{"auth_server_id", "policy_id", "id"}), - Schema: addPeopleAssignments(map[string]*schema.Schema{ + CustomizeDiff: func(_ context.Context, d *schema.ResourceDiff, v interface{}) error { + if w, ok := d.GetOk("grant_type_whitelist"); ok { + for _, v := range convertInterfaceToStringSet(w) { + if v != implicit { + continue + } + _, okUsers := d.GetOk("user_whitelist") + _, okGroups := d.GetOk("group_whitelist") + if !okUsers && !okGroups { + return fmt.Errorf(`at least "user_whitelist" or "group_whitelist" should be provided when using '%s' in "grant_type_whitelist"`, implicit) + } + } + } + return nil + }, + Schema: map[string]*schema.Schema{ "type": { Type: schema.TypeString, Optional: true, @@ -44,10 +61,13 @@ func resourceAuthServerPolicyRule() *schema.Resource { Description: "Priority of the auth server policy rule", }, "grant_type_whitelist": { - Type: schema.TypeSet, - Required: true, - Elem: &schema.Schema{Type: schema.TypeString}, - Description: "Accepted grant type values: authorization_code, implicit, password.", + Type: schema.TypeSet, + Required: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateDiagFunc: stringInSlice([]string{authorizationCode, implicit, password, clientCredentials}), + }, + Description: "Accepted grant type values: authorization_code, implicit, password, client_credentials", }, "scope_whitelist": { Type: schema.TypeSet, @@ -76,7 +96,27 @@ func resourceAuthServerPolicyRule() *schema.Resource { Type: schema.TypeString, Optional: true, }, - }), + "user_whitelist": { + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Optional: true, + }, + "user_blacklist": { + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Optional: true, + }, + "group_whitelist": { + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Optional: true, + }, + "group_blacklist": { + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Optional: true, + }, + }, } } @@ -190,3 +230,24 @@ func buildAuthServerPolicyRule(d *schema.ResourceData) *sdk.AuthorizationServerP }, } } + +func setPeopleAssignments(d *schema.ResourceData, c *okta.GroupRulePeopleCondition) error { + if c.Groups != nil { + err := setNonPrimitives(d, map[string]interface{}{ + "group_whitelist": convertStringSetToInterface(c.Groups.Include), + "group_blacklist": convertStringSetToInterface(c.Groups.Exclude), + }) + if err != nil { + return err + } + } else { + _ = setNonPrimitives(d, map[string]interface{}{ + "group_whitelist": convertStringSetToInterface([]string{}), + "group_blacklist": convertStringSetToInterface([]string{}), + }) + } + return setNonPrimitives(d, map[string]interface{}{ + "user_whitelist": convertStringSetToInterface(c.Users.Include), + "user_blacklist": convertStringSetToInterface(c.Users.Exclude), + }) +} diff --git a/okta/resource_okta_policy_mfa.go b/okta/resource_okta_policy_mfa.go index b2572f11d..da2a83681 100644 --- a/okta/resource_okta_policy_mfa.go +++ b/okta/resource_okta_policy_mfa.go @@ -20,10 +20,7 @@ func resourcePolicyMfa() *schema.Resource { Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, }, - Schema: buildPolicySchema( - // List of factor provider above, they all follow the same schema - buildFactorProviders(map[string]*schema.Schema{}), - ), + Schema: buildPolicySchema(buildFactorProviders()), } } @@ -156,14 +153,16 @@ var factorProviders = []string{ "yubikey_token", } -func buildFactorProviders(target map[string]*schema.Schema) map[string]*schema.Schema { +// List of factor provider above, they all follow the same schema +func buildFactorProviders() map[string]*schema.Schema { + res := make(map[string]*schema.Schema) for _, key := range factorProviders { sMap := getPolicyFactorSchema(key) for nestedKey, nestedVal := range sMap { - target[nestedKey] = nestedVal + res[nestedKey] = nestedVal } } - return target + return res } func getPolicyFactorSchema(key string) map[string]*schema.Schema { diff --git a/okta/validators.go b/okta/validators.go index ff2ef0379..46b91ed78 100644 --- a/okta/validators.go +++ b/okta/validators.go @@ -61,7 +61,7 @@ func stringInSlice(valid []string) schema.SchemaValidateDiagFunc { return nil } } - return diag.Errorf("expected %v to be one of %v, got %s", k, valid, v) + return diag.Errorf("expected %v to be one of %v, got %s", k, strings.Join(valid, ","), v) } } diff --git a/website/docs/r/app_basic_auth.html.markdown b/website/docs/r/app_basic_auth.html.markdown index 13e71422e..bee156cc6 100644 --- a/website/docs/r/app_basic_auth.html.markdown +++ b/website/docs/r/app_basic_auth.html.markdown @@ -28,9 +28,21 @@ The following arguments are supported: - `label` - (Required) The Application's display name. -* `url` - (Required) The URL of the sign-in page for this app. +- `url` - (Required) The URL of the sign-in page for this app. -* `auth_url` - (Required) The URL of the authenticating site for this app. +- `auth_url` - (Required) The URL of the authenticating site for this app. + +- `users` - (Optional) Users associated with the application. + +- `groups` - (Optional) Groups associated with the application. + +- `status` - (Optional) Status of application. (`"ACTIVE"` or `"INACTIVE"`). + +- `hide_web` - (Optional) Do not display application icon to users. + +- `hide_ios` - (Optional) Do not display application icon on mobile app. + +- `auto_submit_toolbar` - (Optional) Display auto submit toolbar. ## Attributes Reference diff --git a/website/docs/r/app_bookmark.html.markdown b/website/docs/r/app_bookmark.html.markdown index 2c7670214..43dba57cf 100644 --- a/website/docs/r/app_bookmark.html.markdown +++ b/website/docs/r/app_bookmark.html.markdown @@ -31,6 +31,18 @@ The following arguments are supported: - `request_integration` - (Optional) Would you like Okta to add an integration for this app? +- `users` - (Optional) Users associated with the application. + +- `groups` - (Optional) Groups associated with the application. + +- `status` - (Optional) Status of application. (`"ACTIVE"` or `"INACTIVE"`). + +- `hide_web` - (Optional) Do not display application icon to users. + +- `hide_ios` - (Optional) Do not display application icon on mobile app. + +- `auto_submit_toolbar` - (Optional) Display auto submit toolbar. + ## Attributes Reference - `id` - ID of the Application. diff --git a/website/docs/r/app_oauth.html.markdown b/website/docs/r/app_oauth.html.markdown index 4a5f80ad4..93734ad20 100644 --- a/website/docs/r/app_oauth.html.markdown +++ b/website/docs/r/app_oauth.html.markdown @@ -77,7 +77,7 @@ The following arguments are supported: - `response_types` - (Optional) List of OAuth 2.0 response type strings. -- `grant_types` - (Optional) List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type. +- `grant_types` - (Optional) List of OAuth 2.0 grant types. Conditional validation params found [here](https://developer.okta.com/docs/api/resources/apps#credentials-settings-details). Defaults to minimum requirements per app type. - `tos_uri` - (Optional) URI to web page providing client tos (terms of service). diff --git a/website/docs/r/app_saml.html.markdown b/website/docs/r/app_saml.html.markdown index dca50269a..58eff8044 100644 --- a/website/docs/r/app_saml.html.markdown +++ b/website/docs/r/app_saml.html.markdown @@ -136,7 +136,7 @@ The following arguments are supported: - `entity_key` - Entity ID, the ID portion of the `entity_url`. -- `entity_url` - Entity URL for instance http://www.okta.com/exk1fcia6d6EMsf331d8. +- `entity_url` - Entity URL for instance [http://www.okta.com/exk1fcia6d6EMsf331d8](http://www.okta.com/exk1fcia6d6EMsf331d8). ## Import diff --git a/website/docs/r/auth_server_policy_rule.html.markdown b/website/docs/r/auth_server_policy_rule.html.markdown index 6c3326e99..a8b60f4bb 100644 --- a/website/docs/r/auth_server_policy_rule.html.markdown +++ b/website/docs/r/auth_server_policy_rule.html.markdown @@ -40,15 +40,15 @@ The following arguments are supported: - `priority` - (Required) Priority of the auth server policy rule. -- `user_whitelist` - (Optional) Specifies a set of Users to be included +- `user_whitelist` - (Optional) Specifies a set of Users to be included. -- `user_blacklist` - (Optional) Specifies a set of Users to be excluded +- `user_blacklist` - (Optional) Specifies a set of Users to be excluded. -- `group_whitelist` - (Optional) Specifies a set of Groups whose Users are to be included +- `group_whitelist` - (Optional) Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following: "EVERYONE". -- `group_blacklist` - (Optional) Specifies a set of Groups whose Users are to be excluded +- `group_blacklist` - (Optional) Specifies a set of Groups whose Users are to be excluded. -- `grant_type_whitelist` - (Required) Accepted grant type values, `"authorization_code"`, `"implicit"`, `"password"` +- `grant_type_whitelist` - (Required) Accepted grant type values, `"authorization_code"`, `"implicit"`, `"password"` or `"client_credentials"`. For `"implicit"` value either `user_whitelist` or `group_whitelist` should be set. - `scope_whitelist` - (Required) Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with `"*"`. diff --git a/website/docs/r/policy_rule_idp_discovery.html.markdown b/website/docs/r/policy_rule_idp_discovery.html.markdown index aa3f95994..5ff1c2d8f 100644 --- a/website/docs/r/policy_rule_idp_discovery.html.markdown +++ b/website/docs/r/policy_rule_idp_discovery.html.markdown @@ -27,30 +27,30 @@ resource "okta_policy_rule_idp_discovery" "example" { user_identifier_attribute = "company" app_exclude { - id = "" - type = "APP" + id = "" + type = "APP" } - + app_exclude { - name = "yahoo_mail" - type = "APP_TYPE" + name = "yahoo_mail" + type = "APP_TYPE" } - + app_include { - id = "" - type = "APP" + id = "" + type = "APP" } - + app_include { - name = "" - type = "APP_TYPE" + name = "" + type = "APP_TYPE" } platform_include { - type = "MOBILE" - os_type = "OSX" + type = "MOBILE" + os_type = "OSX" } - + user_identifier_patterns { match_type = "EQUALS" value = "Articulate" @@ -62,69 +62,80 @@ resource "okta_policy_rule_idp_discovery" "example" { The following arguments are supported: -* `policyid` - (Required) Policy ID. +- `policyid` - (Required) Policy ID. + +- `name` - (Required) Policy rule name. + +- `idp_id` - (Optional) The identifier for the Idp the rule should route to if all conditions are met. + +- `idp_type` - (Optional) Type of Idp. One of: `"SAML2"`, `"IWA"`, `"AgentlessDSSO"`, `"X509"`, `"FACEBOOK"`, `"GOOGLE"`, `"LINKEDIN"`, `"MICROSOFT"`, `"OIDC"` + +- `network_connection` - (Optional) The network selection mode. One of `"ANYWEHRE"` or `"ZONE"`. -* `name` - (Required) Policy rule name. +- `network_includes` - Required if `network_connection` = `"ZONE"`. Indicates the network zones to include. -* `idp_id` - (Optional) The identifier for the Idp the rule should route to if all conditions are met. +- `network_excludes` - Required if `network_connection` = `"ZONE"`. Indicates the network zones to exclude. -* `idp_type` - (Optional) Type of Idp. One of: `"SAML2"`, `"IWA"`, `"AgentlessDSSO"`, `"X509"`, `"FACEBOOK"`, `"GOOGLE"`, `"LINKEDIN"`, `"MICROSOFT"`, `"OIDC"` +- `priority` - (Optional) Idp rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last/lowest if not provided. -* `network_connection` - (Optional) The network selection mode. One of `"ANYWEHRE"` or `"ZONE"`. +- `status` - (Optional) Idp rule status: `"ACTIVE"` or `"INACTIVE"`. By default it is `"ACTIVE"`. -* `network_includes` - Required if `network_connection` = `"ZONE"`. Indicates the network zones to include. +- `user_identifier_type` - (Optional) One of: `"IDENTIFIER"`, `"ATTRIBUTE"` -* `network_excludes` - Required if `network_connection` = `"ZONE"`. Indicates the network zones to exclude. +- `user_identifier_attribute` - (Optional) Profile attribute matching can only have a single value that describes the type indicated in `user_identifier_type`. This is the attribute or identifier that the `user_identifier_patterns` are checked against. -* `priority` - (Optional) Idp rule priority. This attribute can be set to a valid priority. To avoid an endless diff situation an error is thrown if an invalid property is provided. The Okta API defaults to the last/lowest if not provided. +- `app_include` - (Optional) Applications to include in discovery rule. -* `status` - (Optional) Idp rule status: `"ACTIVE"` or `"INACTIVE"`. By default it is `"ACTIVE"`. + - `id` - (Optional) Use if `type` is `"APP"` to indicate the application Id to include. -* `user_identifier_type` - (Optional) One of: `"IDENTIFIER"`, `"ATTRIBUTE"` + - `name` - (Optional) Use if the `type` is `"APP_TYPE"` to indicate the type of application(s) to include in instances where an entire group (i.e. `yahoo_mail`) of applications should be included. -* `user_identifier_attribute` - (Optional) Profile attribute matching can only have a single value that describes the type indicated in `user_identifier_type`. This is the attribute or identifier that the `user_identifier_patterns` are checked against. + - `type` - (Optional) One of: `"APP"`, `"APP_TYPE"` -* `app_include` - (Optional) Applications to include in discovery rule. -** `id` - (Optional) Use if `type` is `"APP"` to indicate the application Id to include. -** `name` - (Optional) Use if the `type` is `"APP_TYPE"` to indicate the type of application(s) to include in instances where an entire group (i.e. `yahoo_mail`) of applications should be included. -** `type` - (Optional) One of: `"APP"`, `"APP_TYPE"` ```hcl app_include { - id = string - type = string - name = string + id = string + type = string + name = string } ``` -* `app_exclude` - (Optional) Applications to exclude in discovery. See `app_include` for details. +- `app_exclude` - (Optional) Applications to exclude in discovery. See `app_include` for details. + ```hcl app_exclude { - id = string - type = string - name = string + id = string + type = string + name = string } ``` -* `platform_include` - (Optional) -** `type` - (Optional) One of: `"ANY"`, `"MOBILE"`, `"DESKTOP"` -** `os_expression` - (Optional) Only available when using `os_type = "OTHER"` -** `os_type` - (Optional) One of: `"ANY"`, `"IOS"`, `"WINDOWS"`, `"ANDROID"`, `"OTHER"`, `"OSX"` +- `platform_include` - (Optional) + + - `type` - (Optional) One of: `"ANY"`, `"MOBILE"`, `"DESKTOP"` + + - `os_expression` - (Optional) Only available when using `os_type = "OTHER"` + + - `os_type` - (Optional) One of: `"ANY"`, `"IOS"`, `"WINDOWS"`, `"ANDROID"`, `"OTHER"`, `"OSX"` + ```hcl app_exclude { - type = string - os_expression = string - os_type = string + type = string + os_expression = string + os_type = string } ``` -* `user_identifier_patterns` - (Optional) Specifies a User Identifier pattern condition to match against. If `match_type` of `"EXPRESSION"` is used, only a *single* element can be set. Otherwise multiple elements of matching patterns may be provided. -** `match_type` - (Optional) The kind of pattern. For regex, use `"EXPRESSION"`. For simple string matches, use one of the following: `"SUFFIX"`, `"EQUALS"`, `"STARTS_WITH"`, `"CONTAINS"` -** `value` - (Optional) The regex or simple match string to match against. +- `user_identifier_patterns` - (Optional) Specifies a User Identifier pattern condition to match against. If `match_type` of `"EXPRESSION"` is used, only a *single* element can be set. Otherwise multiple elements of matching patterns may be provided. + + - `match_type` - (Optional) The kind of pattern. For regex, use `"EXPRESSION"`. For simple string matches, use one of the following: `"SUFFIX"`, `"EQUALS"`, `"STARTS_WITH"`, `"CONTAINS"` + + - `value` - (Optional) The regex or simple match string to match against. + ```hcl user_identifier_patterns { - match_type = string - os_expression = string - os_type = string + match_type = string + value = string } ```