Added new okta_captcha and okta_captcha_org_wide_settings resources

examples/okta_captcha/README.md

@@ -0,0 +1,6 @@
+# okta_captcha
+
+This resource represents a CAPTCHA. For more information see
+the [API docs](https://developer.okta.com/docs/reference/api/captchas/)
+
+- Example of a CAPTCHA [can be found here](./basic.tf)

examples/okta_captcha/basic.tf

@@ -0,0 +1,6 @@
+resource "okta_captcha" "test" {
+  name       = "testAcc_replace_with_uuid"
+  type       = "HCAPTCHA"
+  site_key   = "random_key"
+  secret_key = "random_key"
+}

examples/okta_captcha/updated.tf

@@ -0,0 +1,6 @@
+resource "okta_captcha" "test" {
+  name       = "testAcc_replace_with_uuid_updated"
+  type       = "HCAPTCHA"
+  site_key   = "random_key_updated"
+  secret_key = "random_key"
+}

examples/okta_captcha_org_wide_settings/README.md

@@ -0,0 +1,6 @@
+# okta_captcha_org_wide_settings
+
+This resource represents Org-wide CAPTCHA Settings. For more information see
+the [API docs](https://developer.okta.com/docs/reference/api/captchas/#org-wide-captcha-settings-operations)
+
+- Example of Org-wide CAPTCHA Settings [can be found here](./basic.tf)

examples/okta_captcha_org_wide_settings/basic.tf

@@ -0,0 +1,11 @@
+resource "okta_captcha" "test" {
+  name       = "testAcc_replace_with_uuid"
+  type       = "HCAPTCHA"
+  site_key   = "random_key"
+  secret_key = "random_key"
+}
+
+resource "okta_captcha_org_wide_settings" "test" {
+  captcha_id  = okta_captcha.test.id
+  enabled_for = ["SSR"]
+}

examples/okta_captcha_org_wide_settings/empty.tf

@@ -0,0 +1,9 @@
+resource "okta_captcha" "test" {
+  name       = "testAcc_replace_with_uuid"
+  type       = "HCAPTCHA"
+  site_key   = "random_key"
+  secret_key = "random_key"
+}
+
+resource "okta_captcha_org_wide_settings" "test" {
+}

examples/okta_captcha_org_wide_settings/updated.tf

@@ -0,0 +1,11 @@
+resource "okta_captcha" "test" {
+  name       = "testAcc_replace_with_uuid"
+  type       = "HCAPTCHA"
+  site_key   = "random_key"
+  secret_key = "random_key"
+}
+
+resource "okta_captcha_org_wide_settings" "test" {
+  captcha_id  = okta_captcha.test.id
+  enabled_for = ["SSR", "SSPR", "SIGN_IN"]
+}

okta/provider.go

@@ -52,6 +52,8 @@ const (
 	authServerScopes            = "okta_auth_server_scopes"
 	behavior                    = "okta_behavior"
 	behaviors                   = "okta_behaviors"
+	captcha                     = "okta_captcha"
+	captchaOrgWideSettings      = "okta_captcha_org_wide_settings"
 	defaultPolicies             = "okta_default_policies"
 	defaultPolicy               = "okta_default_policy"
 	domain                      = "okta_domain"
@@ -251,6 +253,8 @@ func Provider() *schema.Provider {
 			authServerPolicyRule:        resourceAuthServerPolicyRule(),
 			authServerScope:             resourceAuthServerScope(),
 			behavior:                    resourceBehavior(),
+			captcha:                     resourceCaptcha(),
+			captchaOrgWideSettings:      resourceCaptchaOrgWideSettings(),
 			domain:                      resourceDomain(),
 			domainCertificate:           resourceDomainCertificate(),
 			domainVerification:          resourceDomainVerification(),

okta/resource_okta_capcha.go

@@ -0,0 +1,96 @@
+package okta
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/okta/terraform-provider-okta/sdk"
+)
+
+func resourceCaptcha() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceCaptchaCreate,
+		ReadContext:   resourceCaptchaRead,
+		UpdateContext: resourceCaptchaUpdate,
+		DeleteContext: resourceCaptchaDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Name of the CAPTCHA",
+			},
+			"type": {
+				Type:             schema.TypeString,
+				Required:         true,
+				ForceNew:         true,
+				ValidateDiagFunc: elemInSlice([]string{"HCAPTCHA", "RECAPTCHA_V2"}),
+				Description:      "Captcha type",
+			},
+			"site_key": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Site key issued from the CAPTCHA vendor to render a CAPTCHA on a page",
+			},
+			"secret_key": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Sensitive:   true,
+				Description: "Secret key issued from the CAPTCHA vendor to perform server-side validation for a CAPTCHA token",
+			},
+		},
+	}
+}
+
+func resourceCaptchaCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	captcha, _, err := getSupplementFromMetadata(m).CreateCaptcha(ctx, buildCaptcha(d))
+	if err != nil {
+		return diag.Errorf("failed to create CAPTCHA: %v", err)
+	}
+	d.SetId(captcha.Id)
+	return nil
+}
+
+func resourceCaptchaRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	captcha, resp, err := getSupplementFromMetadata(m).GetCaptcha(ctx, d.Id())
+	if err := suppressErrorOn404(resp, err); err != nil {
+		return diag.Errorf("failed to find CAPTCHA: %v", err)
+	}
+	if captcha == nil {
+		d.SetId("")
+		return nil
+	}
+	_ = d.Set("name", captcha.Name)
+	_ = d.Set("type", captcha.Type)
+	_ = d.Set("site_key", captcha.SiteKey)
+	return nil
+}
+
+func resourceCaptchaUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	_, _, err := getSupplementFromMetadata(m).UpdateCaptcha(ctx, d.Id(), buildCaptcha(d))
+	if err != nil {
+		return diag.Errorf("failed to update CAPTCHA: %v", err)
+	}
+	return nil
+}
+
+func resourceCaptchaDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	logger(m).Info("deleting Captcha", "name", d.Get("name").(string))
+	_, err := getSupplementFromMetadata(m).DeleteCaptcha(ctx, d.Id())
+	if err != nil {
+		return diag.Errorf("failed to delete CAPTCHA: %v", err)
+	}
+	return nil
+}
+
+func buildCaptcha(d *schema.ResourceData) sdk.Captcha {
+	return sdk.Captcha{
+		Name:      d.Get("name").(string),
+		SiteKey:   d.Get("site_key").(string),
+		SecretKey: d.Get("secret_key").(string),
+		Type:      d.Get("type").(string),
+	}
+}

okta/resource_okta_capcha_org_wide_settings.go

@@ -0,0 +1,94 @@
+package okta
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/okta/terraform-provider-okta/sdk"
+)
+
+func resourceCaptchaOrgWideSettings() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceCaptchaOrgWideSettingsCreate,
+		ReadContext:   resourceCaptchaOrgWideSettingsRead,
+		UpdateContext: resourceCaptchaOrgWideSettingsUpdate,
+		DeleteContext: resourceCaptchaOrgWideSettingsDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"captcha_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "ID of the CAPTCHA",
+			},
+			"enabled_for": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type:             schema.TypeString,
+					ValidateDiagFunc: elemInSlice([]string{"SSR", "SSPR", "SIGN_IN"}),
+				},
+				Description:  "Set of pages that have CAPTCHA enabled",
+				RequiredWith: []string{"captcha_id"},
+			},
+		},
+	}
+}
+
+func resourceCaptchaOrgWideSettingsCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	captcha, _, err := getSupplementFromMetadata(m).UpdateOrgWideCaptchaSettings(ctx, buildCaptchaOrgWideSettings(d))
+	if err != nil {
+		return diag.Errorf("failed to set org-wide CAPTCHA settings: %v", err)
+	}
+	_ = d.Set("captcha_id", captcha.CaptchaId)
+	_ = d.Set("enabled_for", convertStringSliceToSetNullable(captcha.EnabledPages))
+	d.SetId("org_wide_captcha")
+	return nil
+}
+
+func resourceCaptchaOrgWideSettingsRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	captcha, _, err := getSupplementFromMetadata(m).GetOrgWideCaptchaSettings(ctx)
+	if err != nil {
+		return diag.Errorf("failed to get org-wide CAPTCHA settings: %v", err)
+	}
+	if captcha == nil {
+		d.SetId("")
+		return nil
+	}
+	_ = d.Set("captcha_id", captcha.CaptchaId)
+	_ = d.Set("enabled_for", convertStringSliceToSetNullable(captcha.EnabledPages))
+	d.SetId("org_wide_captcha")
+	return nil
+}
+
+func resourceCaptchaOrgWideSettingsUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	captcha, _, err := getSupplementFromMetadata(m).UpdateOrgWideCaptchaSettings(ctx, buildCaptchaOrgWideSettings(d))
+	if err != nil {
+		return diag.Errorf("failed to update org-wide CAPTCHA settings: %v", err)
+	}
+	_ = d.Set("captcha_id", captcha.CaptchaId)
+	_ = d.Set("enabled_for", convertStringSliceToSetNullable(captcha.EnabledPages))
+	return nil
+}
+
+func resourceCaptchaOrgWideSettingsDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	_, err := getSupplementFromMetadata(m).DeleteOrgWideCaptchaSettings(ctx)
+	if err != nil {
+		return diag.Errorf("failed to delete org-wide CAPTCHA settings: %v", err)
+	}
+	return nil
+}
+
+func buildCaptchaOrgWideSettings(d *schema.ResourceData) sdk.OrgWideCaptchaSettings {
+	s := sdk.OrgWideCaptchaSettings{
+		EnabledPages: convertInterfaceToStringSet(d.Get("enabled_for")),
+	}
+	captchID, ok := d.GetOk("captcha_id")
+	if ok {
+		id := captchID.(string)
+		s.CaptchaId = &id
+	}
+	return s
+}

okta/resource_okta_capcha_org_wide_settings_test.go

@@ -0,0 +1,54 @@
+package okta
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccOktaCaptchaOrgWideSettings(t *testing.T) {
+	ri := acctest.RandInt()
+	mgr := newFixtureManager(captchaOrgWideSettings)
+	config := mgr.GetFixtures("basic.tf", ri, t)
+	updated := mgr.GetFixtures("updated.tf", ri, t)
+	empty := mgr.GetFixtures("empty.tf", ri, t)
+	resourceName := fmt.Sprintf("%s.test", captchaOrgWideSettings)
+	resource.Test(
+		t, resource.TestCase{
+			PreCheck:          func() { testAccPreCheck(t) },
+			ProviderFactories: testAccProvidersFactories,
+			CheckDestroy:      createCheckResourceDestroy(captchaOrgWideSettings, doesCaptchaOrgWideSettingsExist),
+			Steps: []resource.TestStep{
+				{
+					Config: config,
+					Check: resource.ComposeTestCheckFunc(
+						resource.TestCheckResourceAttr(resourceName, "enabled_for.#", "1"),
+					),
+				},
+				{
+					Config: updated,
+					Check: resource.ComposeTestCheckFunc(
+						resource.TestCheckResourceAttr(resourceName, "enabled_for.#", "3"),
+					),
+				},
+				{
+					Config: empty,
+					Check: resource.ComposeTestCheckFunc(
+						resource.TestCheckResourceAttr(resourceName, "enabled_for.#", "0"),
+						resource.TestCheckResourceAttr(resourceName, "captcha_id", ""),
+					),
+				},
+			},
+		})
+}
+
+func doesCaptchaOrgWideSettingsExist(string) (bool, error) {
+	settings, _, err := getSupplementFromMetadata(testAccProvider.Meta()).GetOrgWideCaptchaSettings(context.Background())
+	if err != nil {
+		return false, err
+	}
+	return settings != nil && settings.CaptchaId != nil, nil
+}

okta/resource_okta_capcha_test.go

@@ -0,0 +1,46 @@
+package okta
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccOktaCaptcha(t *testing.T) {
+	ri := acctest.RandInt()
+	mgr := newFixtureManager(captcha)
+	config := mgr.GetFixtures("basic.tf", ri, t)
+	updated := mgr.GetFixtures("updated.tf", ri, t)
+	resourceName := fmt.Sprintf("%s.test", captcha)
+	resource.Test(
+		t, resource.TestCase{
+			PreCheck:          func() { testAccPreCheck(t) },
+			ProviderFactories: testAccProvidersFactories,
+			CheckDestroy:      createCheckResourceDestroy(captcha, doesCaptchaExist),
+			Steps: []resource.TestStep{
+				{
+					Config: config,
+					Check: resource.ComposeTestCheckFunc(
+						resource.TestCheckResourceAttr(resourceName, "name", buildResourceName(ri)),
+						resource.TestCheckResourceAttr(resourceName, "type", "HCAPTCHA"),
+						resource.TestCheckResourceAttr(resourceName, "site_key", "random_key"),
+					),
+				},
+				{
+					Config: updated,
+					Check: resource.ComposeTestCheckFunc(
+						resource.TestCheckResourceAttr(resourceName, "name", buildResourceName(ri)+"_updated"),
+						resource.TestCheckResourceAttr(resourceName, "type", "HCAPTCHA"),
+						resource.TestCheckResourceAttr(resourceName, "site_key", "random_key_updated")),
+				},
+			},
+		})
+}
+
+func doesCaptchaExist(id string) (bool, error) {
+	_, response, err := getSupplementFromMetadata(testAccProvider.Meta()).GetCaptcha(context.Background(), id)
+	return doesResourceExist(response, err)
+}

okta/resource_okta_rate_limiting.go

@@ -65,6 +65,7 @@ func resourceRateLimitingRead(ctx context.Context, d *schema.ResourceData, m int
 		return diag.Errorf("failed to get rate limiting communications: %v", err)
 	}
 	_ = d.Set("communications_enabled", *comm.RateLimitNotification)
+	d.SetId("rate_limiting")
 	return nil
 }