Force 'okta_app_user_schema' resource recreate when changing scope (#331

)
okta · Feb 16, 2021 · dc11f02 · dc11f02
1 parent 6c569ef
commit dc11f02
Show file tree

Hide file tree

Showing 18 changed files with 79 additions and 44 deletions.
diff --git a/examples/okta_user_schema/basic.tf b/examples/okta_user_schema/basic.tf
@@ -9,6 +9,7 @@ resource "okta_user_schema" "testAcc_replace_with_uuid" {
   permissions = "READ_ONLY"
   master      = "PROFILE_MASTER"
   enum        = ["S", "M", "L", "XL"]
+  scope       = "SELF"
 
   one_of {
     const = "S"

diff --git a/examples/okta_user_schema/updated.tf b/examples/okta_user_schema/updated.tf
@@ -10,6 +10,7 @@ resource "okta_user_schema" "testAcc_replace_with_uuid" {
   master      = "OKTA"
   enum        = ["S", "M", "L", "XXL"]
   pattern     = ".+"
+  scope       = "NONE"
 
   one_of {
     const = "S"

diff --git a/okta/provider_sweeper_test.go b/okta/provider_sweeper_test.go
@@ -51,7 +51,6 @@ func setupSweeper(resourceType string, del func(*testClient) error) {
 		Name: resourceType,
 		F: func(_ string) error {
 			client, apiSupplement, err := sharedClient()
-
 			if err != nil {
 				return err
 			}

diff --git a/okta/provider_test.go b/okta/provider_test.go
@@ -10,8 +10,10 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
-var testAccProvidersFactories map[string]func() (*schema.Provider, error)
-var testAccProvider *schema.Provider
+var (
+	testAccProvidersFactories map[string]func() (*schema.Provider, error)
+	testAccProvider           *schema.Provider
+)
 
 func init() {
 	testAccProvider = Provider()
@@ -29,7 +31,7 @@ func TestProvider(t *testing.T) {
 }
 
 func TestProvider_impl(t *testing.T) {
-	var _ = Provider()
+	_ = Provider()
 }
 
 func oktaConfig() (*Config, error) {

diff --git a/okta/resource_okta_app_group_assignment.go b/okta/resource_okta_app_group_assignment.go
@@ -29,7 +29,6 @@ func resourceAppGroupAssignment() *schema.Resource {
 
 				assignment, _, err := getOktaClientFromMetadata(m).Application.
 					GetApplicationGroupAssignment(ctx, parts[0], parts[1], nil)
-
 				if err != nil {
 					return nil, err
 				}

diff --git a/okta/resource_okta_app_user.go b/okta/resource_okta_app_user.go
@@ -29,7 +29,6 @@ func resourceAppUser() *schema.Resource {
 
 				assignment, _, err := getOktaClientFromMetadata(m).Application.
 					GetApplicationUser(ctx, parts[0], parts[1], nil)
-
 				if err != nil {
 					return nil, err
 				}

diff --git a/okta/resource_okta_app_user_base_schema.go b/okta/resource_okta_app_user_base_schema.go
@@ -36,7 +36,8 @@ func resourceAppUserBaseSchema() *schema.Resource {
 				"app_id": {
 					Type:     schema.TypeString,
 					Required: true,
-				}}),
+				},
+			}),
 		SchemaVersion: 1,
 		StateUpgraders: []schema.StateUpgrader{
 			{

diff --git a/okta/resource_okta_app_user_schema.go b/okta/resource_okta_app_user_schema.go
@@ -44,6 +44,13 @@ func resourceAppUserSchema() *schema.Resource {
 					Default:       false,
 					ConflictsWith: []string{"enum"},
 				},
+				"scope": {
+					Type:             schema.TypeString,
+					Optional:         true,
+					Default:          "NONE",
+					ValidateDiagFunc: stringInSlice([]string{"SELF", "NONE", ""}),
+					ForceNew:         true, // since the `scope` is read-only attribute, the resource should be recreated
+				},
 			}),
 		SchemaVersion: 2,
 		StateUpgraders: []schema.StateUpgrader{
@@ -73,6 +80,13 @@ func resourceAppUserSchemaResourceV1() *schema.Resource {
 			Type:     schema.TypeString,
 			Required: true,
 		},
+		"scope": {
+			Type:             schema.TypeString,
+			Optional:         true,
+			Default:          "NONE",
+			ValidateDiagFunc: stringInSlice([]string{"SELF", "NONE", ""}),
+			ForceNew:         true, // since the `scope` is read-only attribute, the resource should be recreated
+		},
 	}, userSchemaSchema, userBaseSchemaSchema, userTypeSchema, userPatternSchema)}
 }
 
@@ -82,6 +96,13 @@ func resourceAppUserSchemaResourceV0() *schema.Resource {
 			Type:     schema.TypeString,
 			Required: true,
 		},
+		"scope": {
+			Type:             schema.TypeString,
+			Optional:         true,
+			Default:          "NONE",
+			ValidateDiagFunc: stringInSlice([]string{"SELF", "NONE", ""}),
+			ForceNew:         true, // since the `scope` is read-only attribute, the resource should be recreated
+		},
 	}, userSchemaSchema, userBaseSchemaSchema)}
 }
 

diff --git a/okta/resource_okta_group_membership.go b/okta/resource_okta_group_membership.go
@@ -3,6 +3,7 @@ package okta
 import (
 	"context"
 	"fmt"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/okta/okta-sdk-golang/v2/okta"

diff --git a/okta/resource_okta_group_membership_test.go b/okta/resource_okta_group_membership_test.go
@@ -3,10 +3,11 @@ package okta
 import (
 	"context"
 	"fmt"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"strings"
 	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 )
 
 func TestAccOktaGroupMembership_crud(t *testing.T) {

diff --git a/okta/resource_okta_group_role.go b/okta/resource_okta_group_role.go
@@ -3,11 +3,12 @@ package okta
 import (
 	"context"
 	"fmt"
+	"strings"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/okta/okta-sdk-golang/v2/okta"
-	"strings"
 )
 
 func resourceGroupRole() *schema.Resource {

diff --git a/okta/resource_okta_profile_mapping.go b/okta/resource_okta_profile_mapping.go
@@ -8,27 +8,25 @@ import (
 	"github.com/oktadeveloper/terraform-provider-okta/sdk"
 )
 
-var (
-	mappingResource = &schema.Resource{
-		Schema: map[string]*schema.Schema{
-			"id": {
-				Type:        schema.TypeString,
-				Required:    true,
-				Description: "The mapping property key.",
-			},
-			"expression": {
-				Type:     schema.TypeString,
-				Required: true,
-			},
-			"push_status": {
-				Type:             schema.TypeString,
-				Optional:         true,
-				Default:          dontPush,
-				ValidateDiagFunc: stringInSlice([]string{push, dontPush}),
-			},
+var mappingResource = &schema.Resource{
+	Schema: map[string]*schema.Schema{
+		"id": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "The mapping property key.",
 		},
-	}
-)
+		"expression": {
+			Type:     schema.TypeString,
+			Required: true,
+		},
+		"push_status": {
+			Type:             schema.TypeString,
+			Optional:         true,
+			Default:          dontPush,
+			ValidateDiagFunc: stringInSlice([]string{push, dontPush}),
+		},
+	},
+}
 
 const (
 	push     = "PUSH"

diff --git a/okta/resource_okta_user_base_schema_test.go b/okta/resource_okta_user_base_schema_test.go
@@ -152,7 +152,7 @@ func testOktaUserBaseSchemasExists(name string) resource.TestCheckFunc {
 		if !ok {
 			return fmt.Errorf("not found: %s", name)
 		}
-		var schemaUserType = "default"
+		schemaUserType := "default"
 		if rs.Primary.Attributes["user_type"] != "" {
 			schemaUserType = rs.Primary.Attributes["user_type"]
 		}

diff --git a/okta/resource_okta_user_schema.go b/okta/resource_okta_user_schema.go
@@ -39,6 +39,14 @@ func resourceUserSchema() *schema.Resource {
 			userSchemaSchema,
 			userTypeSchema,
 			userPatternSchema,
+			map[string]*schema.Schema{
+				"scope": {
+					Type:             schema.TypeString,
+					Optional:         true,
+					Default:          "NONE",
+					ValidateDiagFunc: stringInSlice([]string{"SELF", "NONE", ""}),
+				},
+			},
 		),
 		SchemaVersion: 1,
 		StateUpgraders: []schema.StateUpgrader{
@@ -55,7 +63,14 @@ func resourceUserSchema() *schema.Resource {
 }
 
 func resourceUserSchemaResourceV0() *schema.Resource {
-	return &schema.Resource{Schema: buildSchema(userBaseSchemaSchema, userSchemaSchema)}
+	return &schema.Resource{Schema: buildSchema(userBaseSchemaSchema, userSchemaSchema, map[string]*schema.Schema{
+		"scope": {
+			Type:             schema.TypeString,
+			Optional:         true,
+			Default:          "NONE",
+			ValidateDiagFunc: stringInSlice([]string{"SELF", "NONE", ""}),
+		},
+	})}
 }
 
 // Sometime Okta API does not update or create custom property on the first try, thus that require running

diff --git a/okta/resource_okta_user_schema_test.go b/okta/resource_okta_user_schema_test.go
@@ -66,6 +66,7 @@ func TestAccOktaUserSchema_crud(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "enum.3", "XL"),
 					resource.TestCheckResourceAttr(resourceName, "one_of.#", "4"),
 					resource.TestCheckResourceAttr(resourceName, "pattern", ""),
+					resource.TestCheckResourceAttr(resourceName, "scope", "SELF"),
 				),
 			},
 			{
@@ -87,6 +88,7 @@ func TestAccOktaUserSchema_crud(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "enum.3", "XXL"),
 					resource.TestCheckResourceAttr(resourceName, "one_of.#", "4"),
 					resource.TestCheckResourceAttr(resourceName, "pattern", ".+"),
+					resource.TestCheckResourceAttr(resourceName, "scope", "NONE"),
 				),
 			},
 			{
@@ -208,7 +210,7 @@ func TestAccOktaUserSchema_arrayString(t *testing.T) {
 func checkOktaUserSchemasDestroy() resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		for _, rs := range s.RootModule().Resources {
-			var schemaUserType = "default"
+			schemaUserType := "default"
 			if rs.Primary.Attributes["user_type"] != "" {
 				schemaUserType = rs.Primary.Attributes["user_type"]
 			}
@@ -229,7 +231,7 @@ func testOktaUserSchemasExists(name string) resource.TestCheckFunc {
 			return fmt.Errorf("not found: %s", name)
 		}
 
-		var schemaUserType = "default"
+		schemaUserType := "default"
 		if rs.Primary.Attributes["user_type"] != "" {
 			schemaUserType = rs.Primary.Attributes["user_type"]
 		}

diff --git a/okta/user.go b/okta/user.go
@@ -225,10 +225,12 @@ func populateUserProfile(d *schema.ResourceData) *okta.UserProfile {
 	profile["login"] = d.Get("login").(string)
 	profile["email"] = d.Get("email").(string)
 
-	getSetParams := []string{"city", "costCenter", "countryCode", "department", "displayName", "division",
+	getSetParams := []string{
+		"city", "costCenter", "countryCode", "department", "displayName", "division",
 		"employeeNumber", "honorificPrefix", "honorificSuffix", "locale", "manager", "managerId", "middleName",
 		"mobilePhone", "nickName", "organization", "preferredLanguage", "primaryPhone", "profileUrl",
-		"secondEmail", "state", "streetAddress", "timezone", "title", "userType", "zipCode"}
+		"secondEmail", "state", "streetAddress", "timezone", "title", "userType", "zipCode",
+	}
 
 	for i := range getSetParams {
 		if res, ok := d.GetOk(camelCaseToUnderscore(getSetParams[i])); ok {

diff --git a/okta/user_schema.go b/okta/user_schema.go
@@ -66,12 +66,6 @@ var (
 			ConflictsWith: []string{"array_type"},
 			Elem:          &schema.Schema{Type: schema.TypeString},
 		},
-		"scope": {
-			Type:             schema.TypeString,
-			Optional:         true,
-			Default:          "NONE",
-			ValidateDiagFunc: stringInSlice([]string{"SELF", "NONE", ""}),
-		},
 		"one_of": {
 			Type:          schema.TypeList,
 			ForceNew:      true,

diff --git a/sdk/mappings.go b/sdk/mappings.go
@@ -31,7 +31,6 @@ type (
 func (m *ApiSupplement) GetProfileMappingBySourceId(ctx context.Context, sourceId, targetId string) (*Mapping, *okta.Response, error) {
 	url := fmt.Sprintf("/api/v1/mappings?sourceId=%s&targetId=%s", sourceId, targetId)
 	req, err := m.RequestExecutor.NewRequest("GET", url, nil)
-
 	if err != nil {
 		return nil, nil, err
 	}
@@ -90,7 +89,6 @@ func (m *ApiSupplement) FindProfileMappingSource(ctx context.Context, name, typ
 	}
 
 	req, err := m.RequestExecutor.NewRequest("GET", uri, nil)
-
 	if err != nil {
 		return nil, nil, err
 	}