From a96431d00278c3c3b115e05fd048521dd641c6ae Mon Sep 17 00:00:00 2001
From: Mike Mondragon <mikemondragon@gmail.com>
Date: Tue, 17 May 2022 10:51:15 -0700
Subject: [PATCH] - Add `system` attribute to resource `okta_auth_server_scope`
 - Add ACC test for import - Update docs - Closes #887

---
 examples/okta_auth_server_scope/import.tf     | 13 ++++++++
 okta/resource_okta_auth_server_scope.go       |  6 ++++
 okta/resource_okta_auth_server_scope_test.go  | 33 +++++++++++++++++++
 .../docs/r/auth_server_scope.html.markdown    |  2 ++
 4 files changed, 54 insertions(+)
 create mode 100644 examples/okta_auth_server_scope/import.tf

diff --git a/examples/okta_auth_server_scope/import.tf b/examples/okta_auth_server_scope/import.tf
new file mode 100644
index 000000000..5bca606ee
--- /dev/null
+++ b/examples/okta_auth_server_scope/import.tf
@@ -0,0 +1,13 @@
+resource "okta_auth_server_scope" "test" {
+  consent        = "REQUIRED"
+  description    = "test"
+  name           = "test:something"
+  display_name   = "test"
+  auth_server_id = okta_auth_server.test.id
+}
+
+resource "okta_auth_server" "test" {
+  name        = "testAcc_replace_with_uuid"
+  description = "test"
+  audiences   = ["whatever.rise.zone"]
+}
diff --git a/okta/resource_okta_auth_server_scope.go b/okta/resource_okta_auth_server_scope.go
index b0ccc13e5..ec28ae09d 100644
--- a/okta/resource_okta_auth_server_scope.go
+++ b/okta/resource_okta_auth_server_scope.go
@@ -54,6 +54,11 @@ func resourceAuthServerScope() *schema.Resource {
 				Default:     false,
 				Description: "A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.",
 			},
+			"system": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Whether Okta created the Scope",
+			},
 		},
 	}
 }
@@ -82,6 +87,7 @@ func resourceAuthServerScopeRead(ctx context.Context, d *schema.ResourceData, m
 	_ = d.Set("display_name", scope.DisplayName)
 	_ = d.Set("metadata_publish", scope.MetadataPublish)
 	_ = d.Set("default", scope.Default)
+	_ = d.Set("system", scope.System)
 	if scope.Consent != "" {
 		_ = d.Set("consent", scope.Consent)
 	}
diff --git a/okta/resource_okta_auth_server_scope_test.go b/okta/resource_okta_auth_server_scope_test.go
index 7465b8ae7..a29bed6bc 100644
--- a/okta/resource_okta_auth_server_scope_test.go
+++ b/okta/resource_okta_auth_server_scope_test.go
@@ -1,11 +1,14 @@
 package okta
 
 import (
+	"errors"
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 )
 
 func TestAccOktaAuthServerScope_crud(t *testing.T) {
@@ -14,6 +17,7 @@ func TestAccOktaAuthServerScope_crud(t *testing.T) {
 	mgr := newFixtureManager(authServerScope)
 	config := mgr.GetFixtures("basic.tf", ri, t)
 	updatedConfig := mgr.GetFixtures("basic_updated.tf", ri, t)
+	importConfig := mgr.GetFixtures("import.tf", ri, t)
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:          func() { testAccPreCheck(t) },
@@ -27,6 +31,7 @@ func TestAccOktaAuthServerScope_crud(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "name", "test:something"),
 					resource.TestCheckResourceAttr(resourceName, "description", "test"),
 					resource.TestCheckResourceAttr(resourceName, "display_name", "test"),
+					resource.TestCheckResourceAttr(resourceName, "system", "false"),
 				),
 			},
 			{
@@ -36,8 +41,36 @@ func TestAccOktaAuthServerScope_crud(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "name", "test:something"),
 					resource.TestCheckResourceAttr(resourceName, "description", "test_updated"),
 					resource.TestCheckResourceAttr(resourceName, "display_name", "test_updated"),
+					resource.TestCheckResourceAttr(resourceName, "system", "false"),
 				),
 			},
+			{
+				Config: importConfig,
+			},
+			{
+				ResourceName: resourceName,
+				ImportState:  true,
+				ImportStateIdFunc: func(s *terraform.State) (string, error) {
+					rs, ok := s.RootModule().Resources[resourceName]
+					if !ok {
+						return "", fmt.Errorf("failed to find %s", resourceName)
+					}
+					return fmt.Sprintf("%s/%s", rs.Primary.Attributes["auth_server_id"], rs.Primary.Attributes["id"]), nil
+				},
+				ImportStateCheck: func(s []*terraform.InstanceState) (err error) {
+					if len(s) != 1 {
+						err = errors.New("failed to import into resource into state")
+						return
+					}
+
+					id := s[0].Attributes["id"]
+
+					if strings.Contains(id, "@") {
+						err = fmt.Errorf("user resource id incorrectly set, %s", id)
+					}
+					return
+				},
+			},
 		},
 	})
 }
diff --git a/website/docs/r/auth_server_scope.html.markdown b/website/docs/r/auth_server_scope.html.markdown
index ba71098c0..b5d87cea0 100644
--- a/website/docs/r/auth_server_scope.html.markdown
+++ b/website/docs/r/auth_server_scope.html.markdown
@@ -47,6 +47,8 @@ The following arguments are supported:
 
 - `auth_server_id` - The ID of the Auth Server.
 
+- `system` - Whether Okta created the Scope
+
 ## Import
 
 Okta Auth Server Scope can be imported via the Auth Server ID and Scope ID.