From f72d71f6b4d35ed9c713912bd3195a77a027fc60 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Date: Fri, 3 Feb 2023 14:43:48 -0500 Subject: [PATCH 1/2] remove role suppression in data_source_okta_user --- okta/data_source_okta_user.go | 4 +++ okta/data_source_okta_user_test.go | 6 +++++ okta/user.go | 43 ++++++++++++++++++++++++++++++ 3 files changed, 53 insertions(+) diff --git a/okta/data_source_okta_user.go b/okta/data_source_okta_user.go index 1e1998fe5..dede65156 100644 --- a/okta/data_source_okta_user.go +++ b/okta/data_source_okta_user.go @@ -135,6 +135,10 @@ func dataSourceUserRead(ctx context.Context, d *schema.ResourceData, m interface if err != nil { return diag.Errorf("failed to set user's admin roles: %v", err) } + err = setRoles(ctx, d, m) + if err != nil { + return diag.Errorf("failed to set user's roles: %v", err) + } } } diff --git a/okta/data_source_okta_user_test.go b/okta/data_source_okta_user_test.go index 1b6231cfd..d9016bcf7 100644 --- a/okta/data_source_okta_user_test.go +++ b/okta/data_source_okta_user_test.go @@ -75,6 +75,7 @@ func TestAccDataSourceOktaUser_SkipAdminRoles(t *testing.T) { Config: mgr.ConfigReplace(testOktaUserRolesGroupsConfig(false, true), ri), Check: resource.ComposeTestCheckFunc( resource.TestCheckNoResourceAttr("data.okta_user.test", "admin_roles.#"), // skipped + resource.TestCheckNoResourceAttr("data.okta_user.test", "roles.#"), // skipped resource.TestCheckResourceAttr("data.okta_user.test", "group_memberships.#", "2"), // Everyone, A Group ), }, @@ -82,6 +83,7 @@ func TestAccDataSourceOktaUser_SkipAdminRoles(t *testing.T) { }) } +// TODU // TestAccDataSourceOktaUser_SkipGroups pertains to https://github.com/okta/terraform-provider-okta/pull/1137 and https://github.com/okta/terraform-provider-okta/issues/1014 func TestAccDataSourceOktaUser_SkipGroups(t *testing.T) { ri := acctest.RandInt() @@ -95,6 +97,7 @@ func TestAccDataSourceOktaUser_SkipGroups(t *testing.T) { Config: mgr.ConfigReplace(testOktaUserRolesGroupsConfig(true, false), ri), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("data.okta_user.test", "admin_roles.#", "2"), // SUPER_ADMIN, APP_ADMIN + resource.TestCheckResourceAttr("data.okta_user.test", "roles.#", "2"), // SUPER_ADMIN, APP_ADMIN resource.TestCheckResourceAttr("data.okta_user.test", "group_memberships.#", "0"), // skipped ), }, @@ -115,6 +118,7 @@ func TestAccDataSourceOktaUser_SkipGroupsSkipRoles(t *testing.T) { Config: mgr.ConfigReplace(testOktaUserRolesGroupsConfig(true, true), ri), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("data.okta_user.test", "admin_roles.#", "0"), // skipped + resource.TestCheckResourceAttr("data.okta_user.test", "roles.#", "0"), // skipped resource.TestCheckResourceAttr("data.okta_user.test", "group_memberships.#", "0"), // skipped ), }, @@ -122,6 +126,7 @@ func TestAccDataSourceOktaUser_SkipGroupsSkipRoles(t *testing.T) { }) } +// TODU // TestAccDataSourceOktaUser_NoSkips pertains to https://github.com/okta/terraform-provider-okta/pull/1137 and https://github.com/okta/terraform-provider-okta/issues/1014 func TestAccDataSourceOktaUser_NoSkips(t *testing.T) { ri := acctest.RandInt() @@ -137,6 +142,7 @@ func TestAccDataSourceOktaUser_NoSkips(t *testing.T) { Config: mgr.ConfigReplace(testOktaUserRolesGroupsConfig(false, false), ri), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("data.okta_user.test", "admin_roles.#", "2"), // SUPER_ADMIN, APP_ADMIN + resource.TestCheckResourceAttr("data.okta_user.test", "roles.#", "2"), // SUPER_ADMIN, APP_ADMIN resource.TestCheckResourceAttr("data.okta_user.test", "group_memberships.#", "2"), // Everyone, A Group resource.TestMatchOutput("output_admin_roles", allAdminRolesRegexp), resource.TestMatchOutput("output_group_memberships", allGroupMembershipsRegexp), diff --git a/okta/user.go b/okta/user.go index 02ff90929..4aea52c15 100644 --- a/okta/user.go +++ b/okta/user.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "log" + "net/http" "reflect" "time" @@ -36,6 +37,11 @@ var userProfileDataSchema = map[string]*schema.Schema{ Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, }, + "roles": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, "city": { Type: schema.TypeString, Computed: true, @@ -260,6 +266,43 @@ func populateUserProfile(d *schema.ResourceData) *okta.UserProfile { return &profile } +func listUserRoles(ctx context.Context, c *okta.Client, userID string) (userOnlyRoles []*okta.Role, resp *okta.Response, err error) { + roles, resp, err := c.User.ListAssignedRolesForUser(ctx, userID, nil) + if err != nil { + return + } + userOnlyRoles = append(userOnlyRoles, roles...) + return +} + +func getRoles(ctx context.Context, id string, c *okta.Client) ([]interface{}, error) { + roleTypes := make([]interface{}, 0) + roles, resp, err := listUserRoles(ctx, c, id) + if err != nil { + if resp != nil && resp.StatusCode == http.StatusForbidden { + // no-op + } else { + return nil, err + } + } else { + for _, role := range roles { + roleTypes = append(roleTypes, role.Type) + } + } + return roleTypes, err +} + +func setRoles(ctx context.Context, d *schema.ResourceData, m interface{}) error { + roleTypes, err := getRoles(ctx, d.Id(), getOktaClientFromMetadata(m)) + if err != nil { + return fmt.Errorf("failed to get roles: %v", err) + } + // set the custom_profile_attributes values + return setNonPrimitives(d, map[string]interface{}{ + "roles": schema.NewSet(schema.HashString, roleTypes), + }) +} + func listUserOnlyRoles(ctx context.Context, c *okta.Client, userID string) (userOnlyRoles []*okta.Role, resp *okta.Response, err error) { roles, resp, err := c.User.ListAssignedRolesForUser(ctx, userID, nil) if err != nil { From 1a1f93da5447f47530030b799b363396dd364335 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Date: Fri, 10 Feb 2023 13:25:16 -0500 Subject: [PATCH 2/2] remove the todo --- okta/data_source_okta_user_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/okta/data_source_okta_user_test.go b/okta/data_source_okta_user_test.go index d9016bcf7..1f20fa848 100644 --- a/okta/data_source_okta_user_test.go +++ b/okta/data_source_okta_user_test.go @@ -83,7 +83,6 @@ func TestAccDataSourceOktaUser_SkipAdminRoles(t *testing.T) { }) } -// TODU // TestAccDataSourceOktaUser_SkipGroups pertains to https://github.com/okta/terraform-provider-okta/pull/1137 and https://github.com/okta/terraform-provider-okta/issues/1014 func TestAccDataSourceOktaUser_SkipGroups(t *testing.T) { ri := acctest.RandInt() @@ -126,7 +125,6 @@ func TestAccDataSourceOktaUser_SkipGroupsSkipRoles(t *testing.T) { }) } -// TODU // TestAccDataSourceOktaUser_NoSkips pertains to https://github.com/okta/terraform-provider-okta/pull/1137 and https://github.com/okta/terraform-provider-okta/issues/1014 func TestAccDataSourceOktaUser_NoSkips(t *testing.T) { ri := acctest.RandInt()