-
Notifications
You must be signed in to change notification settings - Fork 206
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #692 from okta/app_settings
Added new `okta_app_saml_app_settings` resource
- Loading branch information
Showing
22 changed files
with
304 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# okta_app_saml_app_settings | ||
|
||
This resource represents App Settings of an Okta SAML Application. For more information see the [API docs](https://developer.okta.com/docs/api/resources/apps#add-custom-saml-application) | ||
|
||
- Example [can be found here](./preconfigured.tf) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
resource "okta_app_saml" "test" { | ||
preconfigured_app = "amazon_aws" | ||
label = "testAcc_replace_with_uuid" | ||
status = "ACTIVE" | ||
} | ||
|
||
resource "okta_app_saml_app_settings" "test" { | ||
app_id = okta_app_saml.test.id | ||
settings = jsonencode( | ||
{ | ||
"appFilter" : "okta", | ||
"awsEnvironmentType" : "aws.amazon", | ||
"groupFilter" : "aws_(?{{accountid}}\\\\d+)_(?{{role}}[a-zA-Z0-9+=,.@\\\\-_]+)", | ||
"joinAllRoles" : false, | ||
"loginURL" : "https://console.aws.amazon.com/ec2/home", | ||
"roleValuePattern" : "arn:aws:iam::$${accountid}:saml-provider/OKTA,arn:aws:iam::$${accountid}:role/$${role}", | ||
"sessionDuration" : 7600, | ||
"useGroupMapping" : false | ||
} | ||
) | ||
} |
21 changes: 21 additions & 0 deletions
21
examples/okta_app_saml_app_settings/preconfigured_updated.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
resource "okta_app_saml" "test" { | ||
preconfigured_app = "amazon_aws" | ||
label = "testAcc_replace_with_uuid" | ||
status = "ACTIVE" | ||
} | ||
|
||
resource "okta_app_saml_app_settings" "test" { | ||
app_id = okta_app_saml.test.id | ||
settings = jsonencode( | ||
{ | ||
"appFilter" : "okta", | ||
"awsEnvironmentType" : "aws.amazon", | ||
"groupFilter" : "aws_(?{{accountid}}\\\\d+)_(?{{role}}[a-zA-Z0-9+=,.@\\\\-_]+)", | ||
"joinAllRoles" : false, | ||
"loginURL" : "https://console.aws.amazon.com/ec2/home", | ||
"roleValuePattern" : "arn:aws:iam::$${accountid}:saml-provider/OKTA,arn:aws:iam::$${accountid}:role/$${role}", | ||
"sessionDuration" : 3200, | ||
"useGroupMapping" : false | ||
} | ||
) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
package okta | ||
|
||
import ( | ||
"context" | ||
"encoding/json" | ||
"fmt" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/diag" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
"github.com/okta/okta-sdk-golang/v2/okta" | ||
) | ||
|
||
func resourceAppSamlAppSettings() *schema.Resource { | ||
return &schema.Resource{ | ||
CreateContext: resourceAppSamlSettingsCreate, | ||
ReadContext: resourceAppSamlSettingsRead, | ||
UpdateContext: resourceAppSamlSettingsUpdate, | ||
DeleteContext: resourceAppSamlSettingsDelete, | ||
Importer: &schema.ResourceImporter{ | ||
StateContext: schema.ImportStatePassthroughContext, | ||
}, | ||
Schema: map[string]*schema.Schema{ | ||
"app_id": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Description: "Application ID", | ||
ForceNew: true, | ||
}, | ||
"settings": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Description: "Application settings in JSON format", | ||
ValidateDiagFunc: stringIsJSON, | ||
StateFunc: normalizeDataJSON, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func resourceAppSamlSettingsCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
id, err := updateOrCreateAppSettings(ctx, d, m) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
d.SetId(id) | ||
return resourceAppSamlSettingsRead(ctx, d, m) | ||
} | ||
|
||
func resourceAppSamlSettingsRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
app := okta.NewSamlApplication() | ||
err := fetchApp(ctx, d, m, app) | ||
if err != nil { | ||
return diag.Errorf("failed to get SAML application: %v", err) | ||
} | ||
if app.Id == "" { | ||
d.SetId("") | ||
return nil | ||
} | ||
flatMap := map[string]interface{}{} | ||
for key, val := range *app.Settings.App { | ||
if str, ok := val.(string); ok { | ||
if str != "" { | ||
flatMap[key] = str | ||
} | ||
} else if val != nil { | ||
flatMap[key] = val | ||
} | ||
} | ||
payload, _ := json.Marshal(flatMap) | ||
_ = d.Set("settings", string(payload)) | ||
_ = d.Set("app_id", app.Id) | ||
return nil | ||
} | ||
|
||
func resourceAppSamlSettingsUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
_, err := updateOrCreateAppSettings(ctx, d, m) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
return resourceAppSamlSettingsRead(ctx, d, m) | ||
} | ||
|
||
func updateOrCreateAppSettings(ctx context.Context, d *schema.ResourceData, m interface{}) (string, error) { | ||
app := okta.NewSamlApplication() | ||
appID := d.Get("app_id").(string) | ||
err := fetchAppByID(ctx, appID, m, app) | ||
if err != nil { | ||
return "", fmt.Errorf("failed to get SAML application: %v", err) | ||
} | ||
if app.Id == "" { | ||
return "", fmt.Errorf("application with id %s does not exist", appID) | ||
} | ||
settings := make(okta.ApplicationSettingsApplication) | ||
_ = json.Unmarshal([]byte(d.Get("settings").(string)), &settings) | ||
app.Settings.App = &settings | ||
_, _, err = getOktaClientFromMetadata(m).Application.UpdateApplication(ctx, appID, app) | ||
if err != nil { | ||
return "", fmt.Errorf("failed to update SAML application's settings: %v", err) | ||
} | ||
return app.Id, nil | ||
} | ||
|
||
func resourceAppSamlSettingsDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
package okta | ||
|
||
import ( | ||
"context" | ||
"encoding/json" | ||
"fmt" | ||
"reflect" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform" | ||
"github.com/okta/okta-sdk-golang/v2/okta" | ||
) | ||
|
||
func TestAccAppSamlAppSettings_crud(t *testing.T) { | ||
ri := acctest.RandInt() | ||
mgr := newFixtureManager(appSamlAppSettings) | ||
preconfigured := mgr.GetFixtures("preconfigured.tf", ri, t) | ||
updated := mgr.GetFixtures("preconfigured_updated.tf", ri, t) | ||
resourceName := fmt.Sprintf("%s.test", appSamlAppSettings) | ||
|
||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
ProviderFactories: testAccProvidersFactories, | ||
CheckDestroy: createCheckResourceDestroy(appSaml, createDoesAppExist(okta.NewSamlApplication())), | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: preconfigured, | ||
Check: resource.ComposeTestCheckFunc( | ||
checkAppSamlAppSettingsExists(resourceName), | ||
resource.TestCheckResourceAttr(resourceName, "settings", "{\"appFilter\":\"okta\",\"awsEnvironmentType\":\"aws.amazon\",\"groupFilter\":\"aws_(?{{accountid}}\\\\\\\\d+)_(?{{role}}[a-zA-Z0-9+=,.@\\\\\\\\-_]+)\",\"joinAllRoles\":false,\"loginURL\":\"https://console.aws.amazon.com/ec2/home\",\"roleValuePattern\":\"arn:aws:iam::${accountid}:saml-provider/OKTA,arn:aws:iam::${accountid}:role/${role}\",\"sessionDuration\":7600,\"useGroupMapping\":false}"), | ||
), | ||
}, | ||
{ | ||
Config: updated, | ||
Check: resource.ComposeTestCheckFunc( | ||
checkAppSamlAppSettingsExists(resourceName), | ||
resource.TestCheckResourceAttr(resourceName, "settings", "{\"appFilter\":\"okta\",\"awsEnvironmentType\":\"aws.amazon\",\"groupFilter\":\"aws_(?{{accountid}}\\\\\\\\d+)_(?{{role}}[a-zA-Z0-9+=,.@\\\\\\\\-_]+)\",\"joinAllRoles\":false,\"loginURL\":\"https://console.aws.amazon.com/ec2/home\",\"roleValuePattern\":\"arn:aws:iam::${accountid}:saml-provider/OKTA,arn:aws:iam::${accountid}:role/${role}\",\"sessionDuration\":3200,\"useGroupMapping\":false}"), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func checkAppSamlAppSettingsExists(name string) resource.TestCheckFunc { | ||
return func(s *terraform.State) error { | ||
missingErr := fmt.Errorf("resource not found: %s", name) | ||
rs, ok := s.RootModule().Resources[name] | ||
if !ok { | ||
return missingErr | ||
} | ||
appID := rs.Primary.Attributes["app_id"] | ||
client := getOktaClientFromMetadata(testAccProvider.Meta()) | ||
app := okta.NewSamlApplication() | ||
_, _, err := client.Application.GetApplication(context.Background(), appID, app, nil) | ||
if err != nil { | ||
return err | ||
} | ||
settings := make(okta.ApplicationSettingsApplication) | ||
_ = json.Unmarshal([]byte(rs.Primary.Attributes["settings"]), &settings) | ||
for k, v := range *app.Settings.App { | ||
if v == nil { | ||
delete(*app.Settings.App, k) | ||
} | ||
} | ||
e := reflect.DeepEqual(*app.Settings.App, settings) | ||
if !e { | ||
return fmt.Errorf("settings are not equal: actual: %+v , expected: %+v", *app.Settings.App, settings) | ||
} | ||
return nil | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.