Add the data source okta_app_signon_policy_rule

[HeroesFR]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

---

Description

When creating a okta_app_signon_policy, it automatically create a default rule named "Catch-all Rule" which can only be managed via Terraform after an import. This import requires to retrieve the id of the rule and this cannot be done automatically via Terraform, we need manual action to manage it

• we can retrieve the rule ID
  • going through the API
  • going in the developer tool of our beloved web browser and check the request parameter when doing an update via the UI

The goal here is to reduce the manual work and automatize the process.

New or Affected Resource(s)

The goal here is to create the data source named okta_app_signon_policy_rule.
With this data source, we could have the following automatic workflow

Potential Terraform Configuration

First we would create the policy :

resource "okta_app_signon_policy" "my_policy" {
  name        = "my_policy"
  description = "Test App Signon Policy"
}

Then declare this data source to retrieve the rules of the policy:

data "okta_app_signon_policy_rule" "my_policy_rules" {
  policy_id = okta_app_signon_policy.my_policy.id
}

The output of this data source could be a list of policy rules with the following structure:

[
  {
    rule_id = "rulfn05yzjcR8PB80417"
    name    = "Catch-all Rule"
  },
  {
    rule_id = "rodspwmyzjcR8PB46838"
    name    = "my_rule"
  }
  # ...
]

We now just need to filter and select only the rule with the name "Catch-all Rule" and update it

locals {
  catch_all_rule = lookup(data.okta_app_signon_policy_rule.my_policy_rules.rules, "Catch-all Rule", null)
}

resource "okta_app_signon_policy_rule" "catch_all_rule" {
  count = local.catch_all_rule != null ? 1 : 0

  policy_id = local.catch_all_rule.rule_id
  name      = "Catch-all Rule"

  # Define all the other attributes of the rule
  # ...

  # We need to be careful with the order of the resources to avoid a cyclic dependency
  depends_on = [data.okta_app_signon_policy_rule.my_policy_rules]
}

References

I've looked at the following PR having the same issue (I'm also currently facing this issue right now), and this could help more developers to use the Okta provider

• Unable to manage Default Catch-all Rule in Application Authentication Policy via Terraform after importing resource into Terraform State #1275
• inactivity_period default value causing API error for catch all okta_app_signon_policy_rules #1245

The API to retrieve the rules of a policy already exists here

Thanks for reading.

[duytiennguyen-okta]

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-824509