From 93ead283858fdd6bf1769199c4756f051e70e383 Mon Sep 17 00:00:00 2001
From: scarlson <scarlson@insyncsolutions.com.au>
Date: Tue, 29 Oct 2024 02:21:23 +1030
Subject: [PATCH] Adding permissions to admin role custom schema

---
 docs/resources/admin_role_custom.md     | 88 ++++++++++++++++---------
 okta/resource_okta_admin_role_custom.go | 88 ++++++++++++++++---------
 2 files changed, 112 insertions(+), 64 deletions(-)

diff --git a/docs/resources/admin_role_custom.md b/docs/resources/admin_role_custom.md
index ac3137ec6..8c071cd0c 100644
--- a/docs/resources/admin_role_custom.md
+++ b/docs/resources/admin_role_custom.md
@@ -32,38 +32,62 @@ resource "okta_admin_role_custom" "example" {
 ### Optional
 
 - `permissions` (Set of String) The permissions that the new Role grants. At least one
-				permission must be specified when creating custom role. Valid values: "okta.authzServers.manage",
-			  "okta.authzServers.read",
-			  "okta.apps.assignment.manage",
-			  "okta.apps.manage",
-			  "okta.apps.read",
-			  "okta.customizations.manage",
-			  "okta.customizations.read",
-			  "okta.groups.appAssignment.manage",
-			  "okta.groups.create",
-			  "okta.groups.manage",
-			  "okta.groups.members.manage",
-			  "okta.groups.read",
-			  "okta.profilesources.import.run",
-			  "okta.users.appAssignment.manage",
-			  "okta.users.create",
-			  "okta.users.credentials.expirePassword",
-			  "okta.users.credentials.manage",
-			  "okta.users.credentials.resetFactors",
-			  "okta.users.credentials.resetPassword",
-			  "okta.users.groupMembership.manage",
-			  "okta.users.lifecycle.activate",
-			  "okta.users.lifecycle.clearSessions",
-			  "okta.users.lifecycle.deactivate",
-			  "okta.users.lifecycle.delete",
-			  "okta.users.lifecycle.manage",
-			  "okta.users.lifecycle.suspend",
-			  "okta.users.lifecycle.unlock",
-			  "okta.users.lifecycle.unsuspend",
-			  "okta.users.manage",
-			  "okta.users.read",
-			  "okta.users.userprofile.manage",
-			  "okta.workflows.invoke".,
+				permission must be specified when creating custom role. Valid values: "okta.users.manage",
+				"okta.users.create",
+				"okta.users.read",
+				"okta.users.credentials.manage",
+				"okta.users.credentials.resetFactors",
+				"okta.users.credentials.resetPassword",
+				"okta.users.credentials.expirePassword",
+				"okta.users.userprofile.manage",
+				"okta.users.lifecycle.manage",
+				"okta.users.lifecycle.activate",
+				"okta.users.lifecycle.deactivate",
+				"okta.users.lifecycle.suspend",
+				"okta.users.lifecycle.unsuspend",
+				"okta.users.lifecycle.delete",
+				"okta.users.lifecycle.unlock",
+				"okta.users.lifecycle.clearSessions",
+				"okta.users.groupMembership.manage",
+				"okta.users.appAssignment.manage",
+				"okta.users.apitokens.manage",
+				"okta.users.apitokens.read",
+				"okta.groups.manage",
+				"okta.groups.create",
+				"okta.groups.members.manage",
+				"okta.groups.read",
+				"okta.groups.appAssignment.manage",
+				"okta.apps.read",
+				"okta.apps.manage",
+				"okta.apps.assignment.manage",
+				"okta.profilesources.import.run",
+				"okta.authzServers.read",
+				"okta.users.userprofile.manage",
+				"okta.authzServers.manage",
+				"okta.customizations.read",
+				"okta.customizations.manage",
+				"okta.identityProviders.read",
+				"okta.identityProviders.manage",
+				"okta.workflows.read",
+				"okta.workflows.invoke".
+				"okta.governance.accessCertifications.manage",
+				"okta.governance.accessRequests.manage",
+				"okta.apps.manageFirstPartyApps",
+				"okta.agents.manage",
+				"okta.agents.register",
+				"okta.agents.view",
+				"okta.directories.manage",
+				"okta.directories.read",
+				"okta.devices.manage",
+				"okta.devices.lifecycle.manage",
+				"okta.devices.lifecycle.activate",
+				"okta.devices.lifecycle.deactivate",
+				"okta.devices.lifecycle.suspend",
+				"okta.devices.lifecycle.unsuspend",
+				"okta.devices.lifecycle.delete",
+				"okta.devices.read",
+				"okta.iam.read",
+				"okta.support.cases.manage".,
 
 ### Read-Only
 
diff --git a/okta/resource_okta_admin_role_custom.go b/okta/resource_okta_admin_role_custom.go
index 018ed5a24..629df2b08 100644
--- a/okta/resource_okta_admin_role_custom.go
+++ b/okta/resource_okta_admin_role_custom.go
@@ -41,38 +41,62 @@ These operations allow the creation and manipulation of custom roles as custom c
 					Type: schema.TypeString,
 				},
 				Description: `The permissions that the new Role grants. At least one
-				permission must be specified when creating custom role. Valid values: "okta.authzServers.manage",
-			  "okta.authzServers.read",
-			  "okta.apps.assignment.manage",
-			  "okta.apps.manage",
-			  "okta.apps.read",
-			  "okta.customizations.manage",
-			  "okta.customizations.read",
-			  "okta.groups.appAssignment.manage",
-			  "okta.groups.create",
-			  "okta.groups.manage",
-			  "okta.groups.members.manage",
-			  "okta.groups.read",
-			  "okta.profilesources.import.run",
-			  "okta.users.appAssignment.manage",
-			  "okta.users.create",
-			  "okta.users.credentials.expirePassword",
-			  "okta.users.credentials.manage",
-			  "okta.users.credentials.resetFactors",
-			  "okta.users.credentials.resetPassword",
-			  "okta.users.groupMembership.manage",
-			  "okta.users.lifecycle.activate",
-			  "okta.users.lifecycle.clearSessions",
-			  "okta.users.lifecycle.deactivate",
-			  "okta.users.lifecycle.delete",
-			  "okta.users.lifecycle.manage",
-			  "okta.users.lifecycle.suspend",
-			  "okta.users.lifecycle.unlock",
-			  "okta.users.lifecycle.unsuspend",
-			  "okta.users.manage",
-			  "okta.users.read",
-			  "okta.users.userprofile.manage",
-			  "okta.workflows.invoke".,`,
+				permission must be specified when creating custom role. Valid values: "okta.users.manage",
+				"okta.users.create",
+				"okta.users.read",
+				"okta.users.credentials.manage",
+				"okta.users.credentials.resetFactors",
+				"okta.users.credentials.resetPassword",
+				"okta.users.credentials.expirePassword",
+				"okta.users.userprofile.manage",
+				"okta.users.lifecycle.manage",
+				"okta.users.lifecycle.activate",
+				"okta.users.lifecycle.deactivate",
+				"okta.users.lifecycle.suspend",
+				"okta.users.lifecycle.unsuspend",
+				"okta.users.lifecycle.delete",
+				"okta.users.lifecycle.unlock",
+				"okta.users.lifecycle.clearSessions",
+				"okta.users.groupMembership.manage",
+				"okta.users.appAssignment.manage",
+				"okta.users.apitokens.manage",
+				"okta.users.apitokens.read",
+				"okta.groups.manage",
+				"okta.groups.create",
+				"okta.groups.members.manage",
+				"okta.groups.read",
+				"okta.groups.appAssignment.manage",
+				"okta.apps.read",
+				"okta.apps.manage",
+				"okta.apps.assignment.manage",
+				"okta.profilesources.import.run",
+				"okta.authzServers.read",
+				"okta.users.userprofile.manage",
+				"okta.authzServers.manage",
+				"okta.customizations.read",
+				"okta.customizations.manage",
+				"okta.identityProviders.read",
+				"okta.identityProviders.manage",
+				"okta.workflows.read",
+				"okta.workflows.invoke".
+				"okta.governance.accessCertifications.manage",
+				"okta.governance.accessRequests.manage",
+				"okta.apps.manageFirstPartyApps",
+				"okta.agents.manage",
+				"okta.agents.register",
+				"okta.agents.view",
+				"okta.directories.manage",
+				"okta.directories.read",
+				"okta.devices.manage",
+				"okta.devices.lifecycle.manage",
+				"okta.devices.lifecycle.activate",
+				"okta.devices.lifecycle.deactivate",
+				"okta.devices.lifecycle.suspend",
+				"okta.devices.lifecycle.unsuspend",
+				"okta.devices.lifecycle.delete",
+				"okta.devices.read",
+				"okta.iam.read",
+				"okta.support.cases.manage".,`,
 			},
 		},
 	}