From 93a91e25a35ad1dc9f54dd9d1cec5ca6d133909e Mon Sep 17 00:00:00 2001 From: Tien Nguyen Date: Mon, 22 Apr 2024 16:08:56 -0400 Subject: [PATCH] fix_custom_otp authenticator suppress name Signed-off-by: Tien Nguyen --- .../resources/okta_authenticator/resource.tf | 16 +++++++++++ okta/resource_okta_authenticator.go | 28 +++++++++++++------ okta/resource_okta_authenticator_test.go | 1 + 3 files changed, 37 insertions(+), 8 deletions(-) diff --git a/examples/resources/okta_authenticator/resource.tf b/examples/resources/okta_authenticator/resource.tf index 869b7fad6..233b5931c 100644 --- a/examples/resources/okta_authenticator/resource.tf +++ b/examples/resources/okta_authenticator/resource.tf @@ -7,3 +7,19 @@ resource "okta_authenticator" "test" { } ) } + +resource "okta_authenticator" "otp" { + name = "Custom OTP" + key = "custom_otp" + status = "ACTIVE" + settings = jsonencode({ + "protocol" : "TOTP", + "acceptableAdjacentIntervals" : 3, + "timeIntervalInSeconds" : 30, + "encoding" : "base32", + "algorithm" : "HMacSHA256", + "passCodeLength" : 6 + }) + // required to be false for custom_otp + legacy_ignore_name = false +} diff --git a/okta/resource_okta_authenticator.go b/okta/resource_okta_authenticator.go index a1908c16b..0274ae838 100644 --- a/okta/resource_okta_authenticator.go +++ b/okta/resource_okta_authenticator.go @@ -34,6 +34,8 @@ multiple custom_otp authenticator. To create new custom_otp authenticator, a new name and key = custom_otp is required. If an old name is used, it will simply reactivate the old custom_otp authenticator +-> **Update:** custom_otp authenticator cannot be updated + -> **Delete:** Authenticators can not be truly deleted therefore delete is soft. Delete will attempt to deativate the authenticator. An authenticator can only be deactivated if it's not in use by any other policy.`, @@ -49,7 +51,7 @@ deactivated if it's not in use by any other policy.`, Required: true, Description: "Display name of the Authenticator", DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { - return true + return d.Get("legacy_ignore_name").(bool) }, }, "settings": { @@ -157,6 +159,12 @@ deactivated if it's not in use by any other policy.`, Computed: true, Description: "Provider type. Supported value for Duo: `DUO`. Supported value for Custom App: `PUSH`", }, + "legacy_ignore_name": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Name does not trigger change detection (legacy behavior)", + }, }, } } @@ -358,13 +366,17 @@ func buildOTP(d *schema.ResourceData) (*sdk.OTP, error) { func validateAuthenticator(d *schema.ResourceData) error { typ := d.Get("type").(string) if typ == "security_key" { - h := d.Get("provider_hostname").(string) - _, pok := d.GetOk("provider_auth_port") - s := d.Get("provider_shared_secret").(string) - templ := d.Get("provider_user_name_template").(string) - if h == "" || s == "" || templ == "" || !pok { - return fmt.Errorf("for authenticator type '%s' fields 'provider_hostname', "+ - "'provider_auth_port', 'provider_shared_secret' and 'provider_user_name_template' are required", typ) + if d.Get("key").(string) != "custom_otp" { + h := d.Get("provider_hostname").(string) + _, pok := d.GetOk("provider_auth_port") + s := d.Get("provider_shared_secret").(string) + templ := d.Get("provider_user_name_template").(string) + if h == "" || s == "" || templ == "" || !pok { + return fmt.Errorf("for authenticator type '%s' fields 'provider_hostname', "+ + "'provider_auth_port', 'provider_shared_secret' and 'provider_user_name_template' are required", typ) + } + } else { + return fmt.Errorf("custom_otp is not updatable") } } diff --git a/okta/resource_okta_authenticator_test.go b/okta/resource_okta_authenticator_test.go index 96d6b7840..6c478e9d0 100644 --- a/okta/resource_okta_authenticator_test.go +++ b/okta/resource_okta_authenticator_test.go @@ -21,6 +21,7 @@ func TestAccResourceOktaAuthenticatorOTP(t *testing.T) { "algorithm" : "HMacSHA256", "passCodeLength" : 6 }) + legacy_ignore_name = false }` resourceName := fmt.Sprintf("%s.otp", authenticator)