Merge pull request #1437 from okta/user-remove-role-suppression

remove role suppression in data_source_okta_user
okta · Feb 10, 2023 · da4e536 · da4e536
2 parents a08454a + 1a1f93d
commit da4e536
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 0 deletions.
diff --git a/okta/data_source_okta_user.go b/okta/data_source_okta_user.go
@@ -135,6 +135,10 @@ func dataSourceUserRead(ctx context.Context, d *schema.ResourceData, m interface
 			if err != nil {
 				return diag.Errorf("failed to set user's admin roles: %v", err)
 			}
+			err = setRoles(ctx, d, m)
+			if err != nil {
+				return diag.Errorf("failed to set user's roles: %v", err)
+			}
 		}
 	}
 

diff --git a/okta/data_source_okta_user_test.go b/okta/data_source_okta_user_test.go
@@ -75,6 +75,7 @@ func TestAccDataSourceOktaUser_SkipAdminRoles(t *testing.T) {
 				Config: mgr.ConfigReplace(testOktaUserRolesGroupsConfig(false, true), ri),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckNoResourceAttr("data.okta_user.test", "admin_roles.#"),          // skipped
+					resource.TestCheckNoResourceAttr("data.okta_user.test", "roles.#"),                // skipped
 					resource.TestCheckResourceAttr("data.okta_user.test", "group_memberships.#", "2"), // Everyone, A Group
 				),
 			},
@@ -95,6 +96,7 @@ func TestAccDataSourceOktaUser_SkipGroups(t *testing.T) {
 				Config: mgr.ConfigReplace(testOktaUserRolesGroupsConfig(true, false), ri),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("data.okta_user.test", "admin_roles.#", "2"),       // SUPER_ADMIN, APP_ADMIN
+					resource.TestCheckResourceAttr("data.okta_user.test", "roles.#", "2"),             // SUPER_ADMIN, APP_ADMIN
 					resource.TestCheckResourceAttr("data.okta_user.test", "group_memberships.#", "0"), // skipped
 				),
 			},
@@ -115,6 +117,7 @@ func TestAccDataSourceOktaUser_SkipGroupsSkipRoles(t *testing.T) {
 				Config: mgr.ConfigReplace(testOktaUserRolesGroupsConfig(true, true), ri),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("data.okta_user.test", "admin_roles.#", "0"),       // skipped
+					resource.TestCheckResourceAttr("data.okta_user.test", "roles.#", "0"),             // skipped
 					resource.TestCheckResourceAttr("data.okta_user.test", "group_memberships.#", "0"), // skipped
 				),
 			},
@@ -137,6 +140,7 @@ func TestAccDataSourceOktaUser_NoSkips(t *testing.T) {
 				Config: mgr.ConfigReplace(testOktaUserRolesGroupsConfig(false, false), ri),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("data.okta_user.test", "admin_roles.#", "2"),       // SUPER_ADMIN, APP_ADMIN
+					resource.TestCheckResourceAttr("data.okta_user.test", "roles.#", "2"),             // SUPER_ADMIN, APP_ADMIN
 					resource.TestCheckResourceAttr("data.okta_user.test", "group_memberships.#", "2"), // Everyone, A Group
 					resource.TestMatchOutput("output_admin_roles", allAdminRolesRegexp),
 					resource.TestMatchOutput("output_group_memberships", allGroupMembershipsRegexp),

diff --git a/okta/user.go b/okta/user.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"net/http"
 	"reflect"
 	"time"
 
@@ -36,6 +37,11 @@ var userProfileDataSchema = map[string]*schema.Schema{
 		Computed: true,
 		Elem:     &schema.Schema{Type: schema.TypeString},
 	},
+	"roles": {
+		Type:     schema.TypeSet,
+		Computed: true,
+		Elem:     &schema.Schema{Type: schema.TypeString},
+	},
 	"city": {
 		Type:     schema.TypeString,
 		Computed: true,
@@ -260,6 +266,43 @@ func populateUserProfile(d *schema.ResourceData) *okta.UserProfile {
 	return &profile
 }
 
+func listUserRoles(ctx context.Context, c *okta.Client, userID string) (userOnlyRoles []*okta.Role, resp *okta.Response, err error) {
+	roles, resp, err := c.User.ListAssignedRolesForUser(ctx, userID, nil)
+	if err != nil {
+		return
+	}
+	userOnlyRoles = append(userOnlyRoles, roles...)
+	return
+}
+
+func getRoles(ctx context.Context, id string, c *okta.Client) ([]interface{}, error) {
+	roleTypes := make([]interface{}, 0)
+	roles, resp, err := listUserRoles(ctx, c, id)
+	if err != nil {
+		if resp != nil && resp.StatusCode == http.StatusForbidden {
+			// no-op
+		} else {
+			return nil, err
+		}
+	} else {
+		for _, role := range roles {
+			roleTypes = append(roleTypes, role.Type)
+		}
+	}
+	return roleTypes, err
+}
+
+func setRoles(ctx context.Context, d *schema.ResourceData, m interface{}) error {
+	roleTypes, err := getRoles(ctx, d.Id(), getOktaClientFromMetadata(m))
+	if err != nil {
+		return fmt.Errorf("failed to get roles: %v", err)
+	}
+	// set the custom_profile_attributes values
+	return setNonPrimitives(d, map[string]interface{}{
+		"roles": schema.NewSet(schema.HashString, roleTypes),
+	})
+}
+
 func listUserOnlyRoles(ctx context.Context, c *okta.Client, userID string) (userOnlyRoles []*okta.Role, resp *okta.Response, err error) {
 	roles, resp, err := c.User.ListAssignedRolesForUser(ctx, userID, nil)
 	if err != nil {