Merge pull request #2118 from sinsync/okta-admin-role-custom-permissi…

…ons-update Updated permissions for custom role resource
okta · Oct 29, 2024 · 6670eff · 6670eff
2 parents dde3a88 + 93ead28
commit 6670eff
Show file tree

Hide file tree

Showing 2 changed files with 112 additions and 64 deletions.
diff --git a/docs/resources/admin_role_custom.md b/docs/resources/admin_role_custom.md
@@ -32,38 +32,62 @@ resource "okta_admin_role_custom" "example" {
 ### Optional
 
 - `permissions` (Set of String) The permissions that the new Role grants. At least one
-				permission must be specified when creating custom role. Valid values: "okta.authzServers.manage",
-			  "okta.authzServers.read",
-			  "okta.apps.assignment.manage",
-			  "okta.apps.manage",
-			  "okta.apps.read",
-			  "okta.customizations.manage",
-			  "okta.customizations.read",
-			  "okta.groups.appAssignment.manage",
-			  "okta.groups.create",
-			  "okta.groups.manage",
-			  "okta.groups.members.manage",
-			  "okta.groups.read",
-			  "okta.profilesources.import.run",
-			  "okta.users.appAssignment.manage",
-			  "okta.users.create",
-			  "okta.users.credentials.expirePassword",
-			  "okta.users.credentials.manage",
-			  "okta.users.credentials.resetFactors",
-			  "okta.users.credentials.resetPassword",
-			  "okta.users.groupMembership.manage",
-			  "okta.users.lifecycle.activate",
-			  "okta.users.lifecycle.clearSessions",
-			  "okta.users.lifecycle.deactivate",
-			  "okta.users.lifecycle.delete",
-			  "okta.users.lifecycle.manage",
-			  "okta.users.lifecycle.suspend",
-			  "okta.users.lifecycle.unlock",
-			  "okta.users.lifecycle.unsuspend",
-			  "okta.users.manage",
-			  "okta.users.read",
-			  "okta.users.userprofile.manage",
-			  "okta.workflows.invoke".,
+				permission must be specified when creating custom role. Valid values: "okta.users.manage",
+				"okta.users.create",
+				"okta.users.read",
+				"okta.users.credentials.manage",
+				"okta.users.credentials.resetFactors",
+				"okta.users.credentials.resetPassword",
+				"okta.users.credentials.expirePassword",
+				"okta.users.userprofile.manage",
+				"okta.users.lifecycle.manage",
+				"okta.users.lifecycle.activate",
+				"okta.users.lifecycle.deactivate",
+				"okta.users.lifecycle.suspend",
+				"okta.users.lifecycle.unsuspend",
+				"okta.users.lifecycle.delete",
+				"okta.users.lifecycle.unlock",
+				"okta.users.lifecycle.clearSessions",
+				"okta.users.groupMembership.manage",
+				"okta.users.appAssignment.manage",
+				"okta.users.apitokens.manage",
+				"okta.users.apitokens.read",
+				"okta.groups.manage",
+				"okta.groups.create",
+				"okta.groups.members.manage",
+				"okta.groups.read",
+				"okta.groups.appAssignment.manage",
+				"okta.apps.read",
+				"okta.apps.manage",
+				"okta.apps.assignment.manage",
+				"okta.profilesources.import.run",
+				"okta.authzServers.read",
+				"okta.users.userprofile.manage",
+				"okta.authzServers.manage",
+				"okta.customizations.read",
+				"okta.customizations.manage",
+				"okta.identityProviders.read",
+				"okta.identityProviders.manage",
+				"okta.workflows.read",
+				"okta.workflows.invoke".
+				"okta.governance.accessCertifications.manage",
+				"okta.governance.accessRequests.manage",
+				"okta.apps.manageFirstPartyApps",
+				"okta.agents.manage",
+				"okta.agents.register",
+				"okta.agents.view",
+				"okta.directories.manage",
+				"okta.directories.read",
+				"okta.devices.manage",
+				"okta.devices.lifecycle.manage",
+				"okta.devices.lifecycle.activate",
+				"okta.devices.lifecycle.deactivate",
+				"okta.devices.lifecycle.suspend",
+				"okta.devices.lifecycle.unsuspend",
+				"okta.devices.lifecycle.delete",
+				"okta.devices.read",
+				"okta.iam.read",
+				"okta.support.cases.manage".,
 
 ### Read-Only
 

diff --git a/okta/resource_okta_admin_role_custom.go b/okta/resource_okta_admin_role_custom.go
@@ -41,38 +41,62 @@ These operations allow the creation and manipulation of custom roles as custom c
 					Type: schema.TypeString,
 				},
 				Description: `The permissions that the new Role grants. At least one
-				permission must be specified when creating custom role. Valid values: "okta.authzServers.manage",
-			  "okta.authzServers.read",
-			  "okta.apps.assignment.manage",
-			  "okta.apps.manage",
-			  "okta.apps.read",
-			  "okta.customizations.manage",
-			  "okta.customizations.read",
-			  "okta.groups.appAssignment.manage",
-			  "okta.groups.create",
-			  "okta.groups.manage",
-			  "okta.groups.members.manage",
-			  "okta.groups.read",
-			  "okta.profilesources.import.run",
-			  "okta.users.appAssignment.manage",
-			  "okta.users.create",
-			  "okta.users.credentials.expirePassword",
-			  "okta.users.credentials.manage",
-			  "okta.users.credentials.resetFactors",
-			  "okta.users.credentials.resetPassword",
-			  "okta.users.groupMembership.manage",
-			  "okta.users.lifecycle.activate",
-			  "okta.users.lifecycle.clearSessions",
-			  "okta.users.lifecycle.deactivate",
-			  "okta.users.lifecycle.delete",
-			  "okta.users.lifecycle.manage",
-			  "okta.users.lifecycle.suspend",
-			  "okta.users.lifecycle.unlock",
-			  "okta.users.lifecycle.unsuspend",
-			  "okta.users.manage",
-			  "okta.users.read",
-			  "okta.users.userprofile.manage",
-			  "okta.workflows.invoke".,`,
+				permission must be specified when creating custom role. Valid values: "okta.users.manage",
+				"okta.users.create",
+				"okta.users.read",
+				"okta.users.credentials.manage",
+				"okta.users.credentials.resetFactors",
+				"okta.users.credentials.resetPassword",
+				"okta.users.credentials.expirePassword",
+				"okta.users.userprofile.manage",
+				"okta.users.lifecycle.manage",
+				"okta.users.lifecycle.activate",
+				"okta.users.lifecycle.deactivate",
+				"okta.users.lifecycle.suspend",
+				"okta.users.lifecycle.unsuspend",
+				"okta.users.lifecycle.delete",
+				"okta.users.lifecycle.unlock",
+				"okta.users.lifecycle.clearSessions",
+				"okta.users.groupMembership.manage",
+				"okta.users.appAssignment.manage",
+				"okta.users.apitokens.manage",
+				"okta.users.apitokens.read",
+				"okta.groups.manage",
+				"okta.groups.create",
+				"okta.groups.members.manage",
+				"okta.groups.read",
+				"okta.groups.appAssignment.manage",
+				"okta.apps.read",
+				"okta.apps.manage",
+				"okta.apps.assignment.manage",
+				"okta.profilesources.import.run",
+				"okta.authzServers.read",
+				"okta.users.userprofile.manage",
+				"okta.authzServers.manage",
+				"okta.customizations.read",
+				"okta.customizations.manage",
+				"okta.identityProviders.read",
+				"okta.identityProviders.manage",
+				"okta.workflows.read",
+				"okta.workflows.invoke".
+				"okta.governance.accessCertifications.manage",
+				"okta.governance.accessRequests.manage",
+				"okta.apps.manageFirstPartyApps",
+				"okta.agents.manage",
+				"okta.agents.register",
+				"okta.agents.view",
+				"okta.directories.manage",
+				"okta.directories.read",
+				"okta.devices.manage",
+				"okta.devices.lifecycle.manage",
+				"okta.devices.lifecycle.activate",
+				"okta.devices.lifecycle.deactivate",
+				"okta.devices.lifecycle.suspend",
+				"okta.devices.lifecycle.unsuspend",
+				"okta.devices.lifecycle.delete",
+				"okta.devices.read",
+				"okta.iam.read",
+				"okta.support.cases.manage".,`,
 			},
 		},
 	}