Merge pull request #1351 from okta/issue_1217_okta_user_base_schema_p…

…roperty

Address parallelism in `okta_user_base_schema_property` resource

okta/provider.go

@@ -505,3 +505,7 @@ func resourceOIEOnlyFeatureError(name string) diag.Diagnostics {
 func datasourceOIEOnlyFeatureError(name string) diag.Diagnostics {
 	return oieOnlyFeatureError("data-sources", name)
 }
+
+func resourceFuncNoOp(context.Context, *schema.ResourceData, interface{}) diag.Diagnostics {
+	return nil
+}

okta/resource_okta_admin_role_targets.go

@@ -216,6 +216,9 @@ func removeAllTargets(ctx context.Context, d *schema.ResourceData, m interface{}
 		d.SetId("")
 		return "", fmt.Errorf("failed to assign '%s' role back to user: %v", d.Get("role_type").(string), err)
 	}
+	if role == nil {
+		return "", errors.New("role was nil")
+	}
 	return role.Id, nil
 }
 

okta/resource_okta_app_oauth_post_logout_redirect_uri.go

@@ -12,7 +12,7 @@ import (
 func resourceAppOAuthPostLogoutRedirectURI() *schema.Resource {
 	return &schema.Resource{
 		CreateContext: resourceAppOAuthPostLogoutRedirectURICreate,
-		ReadContext:   resourceAppOAuthPostLogoutRedirectURIRead,
+		ReadContext:   resourceFuncNoOp,
 		UpdateContext: resourceAppOAuthPostLogoutRedirectURIUpdate,
 		DeleteContext: resourceAppOAuthPostLogoutRedirectURIDelete,
 		// The id for this is the uri
@@ -39,12 +39,7 @@ func resourceAppOAuthPostLogoutRedirectURICreate(ctx context.Context, d *schema.
 		return diag.Errorf("failed to create post logout redirect URI: %v", err)
 	}
 	d.SetId(d.Get("uri").(string))
-	return resourceAppOAuthPostLogoutRedirectURIRead(ctx, d, m)
-}
-
-// read does nothing due to the nature of this resource
-func resourceAppOAuthPostLogoutRedirectURIRead(context.Context, *schema.ResourceData, interface{}) diag.Diagnostics {
-	return nil
+	return resourceFuncNoOp(ctx, d, m)
 }
 
 func resourceAppOAuthPostLogoutRedirectURIUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
@@ -53,7 +48,7 @@ func resourceAppOAuthPostLogoutRedirectURIUpdate(ctx context.Context, d *schema.
 	}
 	// Normally not advisable, but ForceNew generated unnecessary calls
 	d.SetId(d.Get("uri").(string))
-	return resourceAppOAuthPostLogoutRedirectURIRead(ctx, d, m)
+	return resourceFuncNoOp(ctx, d, m)
 }
 
 func resourceAppOAuthPostLogoutRedirectURIDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {

okta/resource_okta_app_oauth_redirect_uri.go

@@ -12,7 +12,7 @@ import (
 func resourceAppOAuthRedirectURI() *schema.Resource {
 	return &schema.Resource{
 		CreateContext: resourceAppOAuthRedirectURICreate,
-		ReadContext:   resourceAppOAuthRedirectURIRead,
+		ReadContext:   resourceFuncNoOp,
 		UpdateContext: resourceAppOAuthRedirectURIUpdate,
 		DeleteContext: resourceAppOAuthRedirectURIDelete,
 		// The id for this is the uri
@@ -39,12 +39,7 @@ func resourceAppOAuthRedirectURICreate(ctx context.Context, d *schema.ResourceDa
 		return diag.Errorf("failed to create redirect URI: %v", err)
 	}
 	d.SetId(d.Get("uri").(string))
-	return resourceAppOAuthRedirectURIRead(ctx, d, m)
-}
-
-// read does nothing due to the nature of this resource
-func resourceAppOAuthRedirectURIRead(context.Context, *schema.ResourceData, interface{}) diag.Diagnostics {
-	return nil
+	return resourceFuncNoOp(ctx, d, m)
 }
 
 func resourceAppOAuthRedirectURIUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
@@ -53,7 +48,7 @@ func resourceAppOAuthRedirectURIUpdate(ctx context.Context, d *schema.ResourceDa
 	}
 	// Normally not advisable, but ForceNew generated unnecessary calls
 	d.SetId(d.Get("uri").(string))
-	return resourceAppOAuthRedirectURIRead(ctx, d, m)
+	return resourceFuncNoOp(ctx, d, m)
 }
 
 func resourceAppOAuthRedirectURIDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {

okta/resource_okta_app_saml_app_settings.go

@@ -15,7 +15,7 @@ func resourceAppSamlAppSettings() *schema.Resource {
 		CreateContext: resourceAppSamlSettingsCreate,
 		ReadContext:   resourceAppSamlSettingsRead,
 		UpdateContext: resourceAppSamlSettingsUpdate,
-		DeleteContext: resourceAppSamlSettingsDelete,
+		DeleteContext: resourceFuncNoOp,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},
@@ -99,7 +99,3 @@ func updateOrCreateAppSettings(ctx context.Context, d *schema.ResourceData, m in
 	}
 	return app.Id, nil
 }
-
-func resourceAppSamlSettingsDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
-	return nil
-}

okta/resource_okta_app_user_base_schema_property.go

@@ -13,7 +13,7 @@ func resourceAppUserBaseSchemaProperty() *schema.Resource {
 		CreateContext: resourceAppUserBaseSchemaCreate,
 		ReadContext:   resourceAppUserBaseSchemaRead,
 		UpdateContext: resourceAppUserBaseSchemaUpdate,
-		DeleteContext: resourceAppUserBaseSchemaDelete,
+		DeleteContext: resourceFuncNoOp,
 		Importer:      createNestedResourceImporter([]string{"app_id", "index"}),
 		Schema: buildSchema(
 			userBaseSchemaSchema,
@@ -85,11 +85,6 @@ func resourceAppUserBaseSchemaUpdate(ctx context.Context, d *schema.ResourceData
 	return resourceAppUserBaseSchemaRead(ctx, d, m)
 }
 
-// can't delete Base
-func resourceAppUserBaseSchemaDelete(context.Context, *schema.ResourceData, interface{}) diag.Diagnostics {
-	return nil
-}
-
 // create or modify a subschema
 func updateAppUserBaseSubschema(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	err := validateAppUserBaseSchema(d)

okta/resource_okta_app_user_custom_schema_property_test.go

@@ -601,3 +601,95 @@ func testAppUserSchemaExists(index string) (bool, error) {
 	}
 	return false, nil
 }
+
+// TestAccOktaAppUserSchemas_parallel_api_calls test coverage to ensure backoff
+// in create, update, delete for okta_app_user_schema_property resource is
+// operating correctly.
+func TestAccOktaAppUserSchemas_parallel_api_calls(t *testing.T) {
+	config := `
+resource "okta_app_oauth" "test" {
+	label          = "testAcc_replace_with_uuid"
+	type           = "native"
+	grant_types    = ["authorization_code"]
+	redirect_uris  = ["http://d.com/"]
+	response_types = ["code"]
+}
+resource "okta_app_user_schema_property" "one" {
+	app_id      = okta_app_oauth.test.id
+	index       = "testAcc_replace_with_uuid_one"
+	title       = "one"
+	type  = "string"
+	permissions = "%s"
+}
+resource "okta_app_user_schema_property" "two" {
+	app_id      = okta_app_oauth.test.id
+	index       = "testAcc_replace_with_uuid_two"
+	title       = "two"
+	type  = "string"
+	permissions = "%s"
+}
+resource "okta_app_user_schema_property" "three" {
+	app_id      = okta_app_oauth.test.id
+	index       = "testAcc_replace_with_uuid_three"
+	title       = "three"
+	type  = "string"
+	permissions = "%s"
+}
+resource "okta_app_user_schema_property" "four" {
+	app_id      = okta_app_oauth.test.id
+	index       = "testAcc_replace_with_uuid_four"
+	title       = "four"
+	type  = "string"
+	permissions = "%s"
+}
+resource "okta_app_user_schema_property" "five" {
+	app_id      = okta_app_oauth.test.id
+	index       = "testAcc_replace_with_uuid_five"
+	title       = "five"
+	type  = "string"
+	permissions = "%s"
+}
+`
+	ri := acctest.RandInt()
+	mgr := newFixtureManager(appUserSchemaProperty)
+	ro := make([]interface{}, 5)
+	for i := 0; i < 5; i++ {
+		ro[i] = "READ_ONLY"
+	}
+	rw := make([]interface{}, 5)
+	for i := 0; i < 5; i++ {
+		rw[i] = "READ_WRITE"
+	}
+	roConfig := fmt.Sprintf(config, ro...)
+	roConfig = mgr.ConfigReplace(roConfig, ri)
+	rwConfig := fmt.Sprintf(config, rw...)
+	rwConfig = mgr.ConfigReplace(rwConfig, ri)
+	resource.Test(t, resource.TestCase{
+		PreCheck:          testAccPreCheck(t),
+		ErrorCheck:        testAccErrorChecks(t),
+		ProviderFactories: testAccProvidersFactories,
+		CheckDestroy:      createCheckResourceDestroy(appUserSchemaProperty, testAppUserSchemaExists),
+		Steps: []resource.TestStep{
+			{
+				Config: roConfig,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("okta_app_user_schema_property.one", "permissions", "READ_ONLY"),
+					resource.TestCheckResourceAttr("okta_app_user_schema_property.two", "permissions", "READ_ONLY"),
+					resource.TestCheckResourceAttr("okta_app_user_schema_property.three", "permissions", "READ_ONLY"),
+					resource.TestCheckResourceAttr("okta_app_user_schema_property.four", "permissions", "READ_ONLY"),
+					resource.TestCheckResourceAttr("okta_app_user_schema_property.five", "permissions", "READ_ONLY"),
+				),
+			},
+			{
+				Config: rwConfig,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("okta_app_user_schema_property.one", "permissions", "READ_WRITE"),
+					resource.TestCheckResourceAttr("okta_app_user_schema_property.two", "permissions", "READ_WRITE"),
+					resource.TestCheckResourceAttr("okta_app_user_schema_property.three", "permissions", "READ_WRITE"),
+					resource.TestCheckResourceAttr("okta_app_user_schema_property.four", "permissions", "READ_WRITE"),
+					resource.TestCheckResourceAttr("okta_app_user_schema_property.five", "permissions", "READ_WRITE"),
+				),
+			},
+		},
+	})
+}

okta/resource_okta_auth_server_claim_default.go

@@ -15,7 +15,7 @@ func resourceAuthServerClaimDefault() *schema.Resource {
 		CreateContext: resourceAuthServerClaimDefaultUpdate,
 		ReadContext:   resourceAuthServerClaimDefaultRead,
 		UpdateContext: resourceAuthServerClaimDefaultUpdate,
-		DeleteContext: resourceAuthServerClaimDefaultDelete,
+		DeleteContext: resourceFuncNoOp,
 		Importer: &schema.ResourceImporter{
 			StateContext: func(ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
 				parts := strings.Split(d.Id(), "/")
@@ -150,11 +150,6 @@ func resourceAuthServerClaimDefaultUpdate(ctx context.Context, d *schema.Resourc
 	return resourceAuthServerClaimDefaultRead(ctx, d, m)
 }
 
-// Default claims are immutable.
-func resourceAuthServerClaimDefaultDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
-	return nil
-}
-
 func buildAuthServerClaimDefault(d *schema.ResourceData) okta.OAuth2Claim {
 	return okta.OAuth2Claim{
 		Status:               d.Get("status").(string),

okta/resource_okta_default_auth_server.go

@@ -12,7 +12,7 @@ func resourceAuthServerDefault() *schema.Resource {
 		CreateContext: resourceAuthServerDefaultUpdate,
 		ReadContext:   resourceAuthServerDefaultRead,
 		UpdateContext: resourceAuthServerDefaultUpdate,
-		DeleteContext: resourceAuthServerDefaultDelete,
+		DeleteContext: resourceFuncNoOp,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},
@@ -139,8 +139,3 @@ func resourceAuthServerDefaultUpdate(ctx context.Context, d *schema.ResourceData
 	d.SetId(authServer.Id)
 	return resourceAuthServerDefaultRead(ctx, d, m)
 }
-
-// Default authorization server can not be removed
-func resourceAuthServerDefaultDelete(context.Context, *schema.ResourceData, interface{}) diag.Diagnostics {
-	return nil
-}

okta/resource_okta_domain_certificate.go

@@ -13,9 +13,9 @@ import (
 func resourceDomainCertificate() *schema.Resource {
 	return &schema.Resource{
 		CreateContext: resourceDomainCertificateCreate,
-		ReadContext:   resourceDomainCertificateRead,
+		ReadContext:   resourceFuncNoOp,
 		UpdateContext: resourceDomainCertificateUpdate,
-		DeleteContext: resourceDomainCertificateDelete,
+		DeleteContext: resourceFuncNoOp,
 		Importer:      nil,
 		Schema: map[string]*schema.Schema{
 			"domain_id": {
@@ -80,10 +80,6 @@ func resourceDomainCertificateCreate(ctx context.Context, d *schema.ResourceData
 	return nil
 }
 
-func resourceDomainCertificateRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
-	return nil
-}
-
 func resourceDomainCertificateUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	c := buildDomainCertificate(d)
 	_, err := getOktaClientFromMetadata(m).Domain.CreateCertificate(ctx, d.Get("domain_id").(string), c)
@@ -93,11 +89,6 @@ func resourceDomainCertificateUpdate(ctx context.Context, d *schema.ResourceData
 	return nil
 }
 
-// nothing to do here, since domain's certificate can be deleted
-func resourceDomainCertificateDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
-	return nil
-}
-
 func buildDomainCertificate(d *schema.ResourceData) okta.DomainCertificate {
 	return okta.DomainCertificate{
 		Certificate:      d.Get("certificate").(string),

okta/resource_okta_domain_verification.go

@@ -13,8 +13,8 @@ import (
 func resourceDomainVerification() *schema.Resource {
 	return &schema.Resource{
 		CreateContext: resourceDomainVerificationCreate,
-		ReadContext:   resourceDomainVerificationRead,
-		DeleteContext: resourceDomainVerificationDelete,
+		ReadContext:   resourceFuncNoOp,
+		DeleteContext: resourceFuncNoOp,
 		Importer:      nil,
 		Schema: map[string]*schema.Schema{
 			"domain_id": {
@@ -48,16 +48,6 @@ func resourceDomainVerificationCreate(ctx context.Context, d *schema.ResourceDat
 	return nil
 }
 
-// nothing to do here, since domain should be already verified during creation.
-func resourceDomainVerificationRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
-	return nil
-}
-
-// nothing to do here, since domain cannot be re-verified
-func resourceDomainVerificationDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
-	return nil
-}
-
 // Status of the domain. Accepted values: NOT_STARTED, IN_PROGRESS, VERIFIED, COMPLETED
 func isDomainValidated(validationStatus string) bool {
 	switch validationStatus {

okta/resource_okta_email_sender_verification.go

@@ -11,8 +11,8 @@ import (
 func resourceEmailSenderVerification() *schema.Resource {
 	return &schema.Resource{
 		CreateContext: resourceEmailSenderVerificationCreate,
-		ReadContext:   resourceEmailSenderVerificationRead,
-		DeleteContext: resourceEmailSenderVerificationDelete,
+		ReadContext:   resourceFuncNoOp,
+		DeleteContext: resourceFuncNoOp,
 		Importer:      nil,
 		Schema: map[string]*schema.Schema{
 			"sender_id": {
@@ -44,11 +44,3 @@ func resourceEmailSenderVerificationCreate(ctx context.Context, d *schema.Resour
 	d.SetId(d.Get("sender_id").(string))
 	return nil
 }
-
-func resourceEmailSenderVerificationRead(context.Context, *schema.ResourceData, interface{}) diag.Diagnostics {
-	return nil
-}
-
-func resourceEmailSenderVerificationDelete(context.Context, *schema.ResourceData, interface{}) diag.Diagnostics {
-	return nil
-}

okta/resource_okta_event_hook_verification.go

@@ -10,8 +10,8 @@ import (
 func resourceEventHookVerification() *schema.Resource {
 	return &schema.Resource{
 		CreateContext: resourceEventHookVerificationCreate,
-		ReadContext:   resourceEventHookVerificationRead,
-		DeleteContext: resourceEventHookVerificationDelete,
+		ReadContext:   resourceFuncNoOp,
+		DeleteContext: resourceFuncNoOp,
 		Importer:      nil,
 		Schema: map[string]*schema.Schema{
 			"event_hook_id": {
@@ -32,11 +32,3 @@ func resourceEventHookVerificationCreate(ctx context.Context, d *schema.Resource
 	d.SetId(d.Get("event_hook_id").(string))
 	return nil
 }
-
-func resourceEventHookVerificationRead(context.Context, *schema.ResourceData, interface{}) diag.Diagnostics {
-	return nil
-}
-
-func resourceEventHookVerificationDelete(context.Context, *schema.ResourceData, interface{}) diag.Diagnostics {
-	return nil
-}

okta/resource_okta_group_custom_schema_property.go

@@ -127,7 +127,6 @@ func alterCustomGroupSchema(ctx context.Context, m interface{}, index string, sc
 		stringifyGroupSchemaPropertyEnums(schema)
 
 		if err != nil {
-			logger(m).Error(err.Error())
 			if resp != nil && resp.StatusCode == 500 {
 				return fmt.Errorf("updating group custom schema property caused 500 error: %w", err)
 			}
@@ -146,9 +145,11 @@ func alterCustomGroupSchema(ctx context.Context, m interface{}, index string, sc
 		} else if schemaAttribute != nil && reflect.DeepEqual(schemaAttribute, updated.Definitions.Custom.Properties[index]) {
 			return nil
 		}
-		logger(m).Error("failed to apply changes after several retries")
 		return errors.New("failed to apply changes after several retries")
 	}, bc)
+	if err != nil {
+		logger(m).Error("failed to apply changes after several retries %+v", err)
+	}
 	return schemaAttribute, err
 }