Merge pull request #1379 from okta/issue_1367_okta_authenticator

Resource and Data Source `okta_authenticator` improvements

examples/okta_authenticator/on_prem_provider_json.tf

@@ -0,0 +1,17 @@
+resource "okta_authenticator" "test" {
+  name = "On-Prem MFA"
+  key = "onprem_mfa"
+  provider_json = jsonencode(
+	{
+		"type": "DEL_OATH",
+		"configuration": {
+		  "authPort": 999,
+		  "userNameTemplate": {
+			"template": "global.assign.userName.login"
+		  },
+		  "hostName": "localhost",
+		  "sharedSecret": "Sh4r3d s3cr3t"
+		}
+	  }
+  )
+}

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/hashicorp/go-hclog v1.3.1
 	github.com/hashicorp/go-retryablehttp v0.7.1
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.19.0
-	github.com/okta/okta-sdk-golang/v2 v2.14.1-0.20221028200237-77af9c89f8f3
+	github.com/okta/okta-sdk-golang/v2 v2.14.1-0.20221118044255-7f74a659b1d6
 	github.com/stretchr/testify v1.8.1
 )
 

go.sum

@@ -226,6 +226,10 @@ github.com/okta/okta-sdk-golang/v2 v2.14.1-0.20221004202115-54b1d8b60afe h1:sfh3
 github.com/okta/okta-sdk-golang/v2 v2.14.1-0.20221004202115-54b1d8b60afe/go.mod h1:dz30v3ctAiMb7jpsCngGfQUAEGm1/NsWT92uTbNDQIs=
 github.com/okta/okta-sdk-golang/v2 v2.14.1-0.20221028200237-77af9c89f8f3 h1:fSnYLCs/70m2/5kIBd+YJYZpk07G5a7o/r+CCujsbf4=
 github.com/okta/okta-sdk-golang/v2 v2.14.1-0.20221028200237-77af9c89f8f3/go.mod h1:dz30v3ctAiMb7jpsCngGfQUAEGm1/NsWT92uTbNDQIs=
+github.com/okta/okta-sdk-golang/v2 v2.14.1-0.20221117172752-975486ea0e42 h1:ApLoRKqg/Fx5yS2ZoI7VRs1D4IAarOmgfFaxFZhZG34=
+github.com/okta/okta-sdk-golang/v2 v2.14.1-0.20221117172752-975486ea0e42/go.mod h1:dz30v3ctAiMb7jpsCngGfQUAEGm1/NsWT92uTbNDQIs=
+github.com/okta/okta-sdk-golang/v2 v2.14.1-0.20221118044255-7f74a659b1d6 h1:eEbwfO6G8NcztOgUZ3MiV0Q+K4vYHQFYSIm5SaYfBgY=
+github.com/okta/okta-sdk-golang/v2 v2.14.1-0.20221118044255-7f74a659b1d6/go.mod h1:dz30v3ctAiMb7jpsCngGfQUAEGm1/NsWT92uTbNDQIs=
 github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627 h1:pSCLCl6joCFRnjpeojzOpEYs4q7Vditq8fySFG5ap3Y=
 github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=

okta/data_source_okta_authenticator.go

@@ -43,16 +43,21 @@ func dataSourceAuthenticator() *schema.Resource {
 				Computed:    true,
 				Description: "Type of the authenticator",
 			},
-			"provider_hostname": {
+			"provider_json": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: "Server host name or IP address",
+				Description: "Authenticator Provider in JSON format",
 			},
 			"provider_auth_port": {
 				Type:        schema.TypeInt,
 				Computed:    true,
 				Description: "The RADIUS server port (for example 1812). This is defined when the On-Prem RADIUS server is configured",
 			},
+			"provider_hostname": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Server host name or IP address",
+			},
 			"provider_instance_id": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -103,10 +108,26 @@ func dataSourceAuthenticatorRead(ctx context.Context, d *schema.ResourceData, m
 		_ = d.Set("settings", string(b))
 	}
 	if authenticator.Provider != nil {
+		b, _ := json.Marshal(authenticator.Provider)
+		dataMap := map[string]interface{}{}
+		_ = json.Unmarshal([]byte(string(b)), &dataMap)
+		b, _ = json.Marshal(dataMap)
+		_ = d.Set("provider_json", string(b))
+
 		_ = d.Set("provider_type", authenticator.Provider.Type)
-		_ = d.Set("provider_hostname", authenticator.Provider.Configuration.HostName)
-		_ = d.Set("provider_auth_port", authenticator.Provider.Configuration.AuthPort)
-		_ = d.Set("provider_instance_id", authenticator.Provider.Configuration.InstanceId)
+
+		if authenticator.Type == "security_key" {
+			_ = d.Set("provider_hostname", authenticator.Provider.Configuration.HostName)
+			_ = d.Set("provider_auth_port", authenticator.Provider.Configuration.AuthPort)
+			_ = d.Set("provider_instance_id", authenticator.Provider.Configuration.InstanceId)
+		}
+
+		if authenticator.Provider.Type == "DUO" {
+			_ = d.Set("provider_host", authenticator.Provider.Configuration.Host)
+			_ = d.Set("provider_secret_key", authenticator.Provider.Configuration.SecretKey)
+			_ = d.Set("provider_integration_key", authenticator.Provider.Configuration.IntegrationKey)
+		}
+
 		if authenticator.Provider.Configuration.UserNameTemplate != nil {
 			_ = d.Set("provider_user_name_template", authenticator.Provider.Configuration.UserNameTemplate.Template)
 		}

okta/data_source_okta_authenticator_test.go

@@ -12,8 +12,8 @@ func TestAccOktaDataSourceAuthenticator_read(t *testing.T) {
 	ri := acctest.RandInt()
 	mgr := newFixtureManager(authenticator)
 	config := mgr.GetFixtures("datasource.tf", ri, t)
-	resourceName := fmt.Sprintf("data.%s.test", authenticator)
-	resourceName1 := fmt.Sprintf("data.%s.test_1", authenticator)
+	resourceName := fmt.Sprintf("data.%s.test", authenticator)    // security question
+	resourceName1 := fmt.Sprintf("data.%s.test_1", authenticator) // okta verify
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:          testAccPreCheck(t),
@@ -23,22 +23,36 @@ func TestAccOktaDataSourceAuthenticator_read(t *testing.T) {
 			{
 				Config: config,
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttrSet(resourceName, "id"),
-					resource.TestCheckResourceAttrSet(resourceName, "key"),
-					resource.TestCheckResourceAttrSet(resourceName, "name"),
-					resource.TestCheckResourceAttrSet(resourceName, "status"),
-					resource.TestCheckResourceAttrSet(resourceName, "settings"),
 					resource.TestCheckResourceAttr(resourceName, "type", "security_question"),
 					resource.TestCheckResourceAttr(resourceName, "key", "security_question"),
 					resource.TestCheckResourceAttr(resourceName, "name", "Security Question"),
-					resource.TestCheckResourceAttrSet(resourceName1, "id"),
-					resource.TestCheckResourceAttrSet(resourceName1, "key"),
-					resource.TestCheckResourceAttrSet(resourceName1, "name"),
-					resource.TestCheckResourceAttrSet(resourceName1, "status"),
-					resource.TestCheckResourceAttrSet(resourceName1, "settings"),
+					resource.TestCheckResourceAttrSet(resourceName, "id"),
+					resource.TestCheckResourceAttrSet(resourceName, "status"),
+					resource.TestCheckResourceAttrSet(resourceName, "settings"),
+					resource.TestCheckNoResourceAttr(resourceName, "provider"),
+					resource.TestCheckNoResourceAttr(resourceName, "provider_type"),
+					resource.TestCheckNoResourceAttr(resourceName, "provider_hostname"),
+					resource.TestCheckNoResourceAttr(resourceName, "provider_auth_port"),
+					resource.TestCheckNoResourceAttr(resourceName, "provider_instance_id"),
+					resource.TestCheckNoResourceAttr(resourceName, "provider_host"),
+					resource.TestCheckNoResourceAttr(resourceName, "provider_secret_key"),
+					resource.TestCheckNoResourceAttr(resourceName, "provider_integration_key"),
+
 					resource.TestCheckResourceAttr(resourceName1, "type", "app"),
 					resource.TestCheckResourceAttr(resourceName1, "key", "okta_verify"),
 					resource.TestCheckResourceAttr(resourceName1, "name", "Okta Verify"),
+					resource.TestCheckResourceAttrSet(resourceName1, "id"),
+					resource.TestCheckResourceAttrSet(resourceName1, "status"),
+					resource.TestCheckResourceAttrSet(resourceName1, "settings"),
+					resource.TestCheckNoResourceAttr(resourceName1, "provider"),
+					resource.TestCheckNoResourceAttr(resourceName1, "provider"),
+					resource.TestCheckNoResourceAttr(resourceName1, "provider_type"),
+					resource.TestCheckNoResourceAttr(resourceName1, "provider_hostname"),
+					resource.TestCheckNoResourceAttr(resourceName1, "provider_auth_port"),
+					resource.TestCheckNoResourceAttr(resourceName1, "provider_instance_id"),
+					resource.TestCheckNoResourceAttr(resourceName1, "provider_host"),
+					resource.TestCheckNoResourceAttr(resourceName1, "provider_secret_key"),
+					resource.TestCheckNoResourceAttr(resourceName1, "provider_integration_key"),
 				),
 			},
 		},