From 46aa3a676eaeda62ffedc5122e84b09a1a79e44e Mon Sep 17 00:00:00 2001 From: Vijet Mahabaleshwar Date: Tue, 12 Nov 2019 11:53:39 -0800 Subject: [PATCH] Adds support for basic auth application --- examples/okta_app_basic_auth/README.md | 6 + examples/okta_app_basic_auth/basic.tf | 10 ++ examples/okta_app_basic_auth/basic_updated.tf | 22 +++ okta/provider.go | 3 + okta/resource_okta_app_basic_auth.go | 131 ++++++++++++++++++ okta/resource_okta_app_basic_auth_test.go | 48 +++++++ 6 files changed, 220 insertions(+) create mode 100644 examples/okta_app_basic_auth/README.md create mode 100644 examples/okta_app_basic_auth/basic.tf create mode 100644 examples/okta_app_basic_auth/basic_updated.tf create mode 100644 okta/resource_okta_app_basic_auth.go create mode 100644 okta/resource_okta_app_basic_auth_test.go diff --git a/examples/okta_app_basic_auth/README.md b/examples/okta_app_basic_auth/README.md new file mode 100644 index 00000000..26f8bee1 --- /dev/null +++ b/examples/okta_app_basic_auth/README.md @@ -0,0 +1,6 @@ +# okta_app_bookmark + +Represents an Okta Basic Auth App. [See Okta documentation for more details](https://developer.okta.com/docs/reference/api/apps/#add-basic-authentication-application). + +* Example of an app with a group association [can be found here](./basic.tf) +* Example of an app with a user association [can be found here](./basic_updated.tf) diff --git a/examples/okta_app_basic_auth/basic.tf b/examples/okta_app_basic_auth/basic.tf new file mode 100644 index 00000000..1faa2144 --- /dev/null +++ b/examples/okta_app_basic_auth/basic.tf @@ -0,0 +1,10 @@ +resource "okta_group" "group" { + name = "testAcc_replace_with_uuid" +} + +resource "okta_app_basic_auth" "test" { + label = "testAcc_replace_with_uuid" + url = "https://example.com/login.html" + auth_url = "https://example.com/auth.html" + groups = ["${okta_group.group.id}"] +} diff --git a/examples/okta_app_basic_auth/basic_updated.tf b/examples/okta_app_basic_auth/basic_updated.tf new file mode 100644 index 00000000..099b5561 --- /dev/null +++ b/examples/okta_app_basic_auth/basic_updated.tf @@ -0,0 +1,22 @@ +resource "okta_user" "user" { + admin_roles = ["APP_ADMIN", "USER_ADMIN"] + first_name = "TestAcc" + last_name = "blah" + login = "test-acc-replace_with_uuid@example.com" + email = "test-acc-replace_with_uuid@example.com" +} + +resource "okta_group" "group" { + name = "testAcc_replace_with_uuid" +} + +resource "okta_app_basic_auth" "test" { + label = "testAcc_replace_with_uuid" + url = "https://example.com/login.html" + auth_url = "https://example.com/auth.html" + + users { + id = "${okta_user.user.id}" + username = "${okta_user.user.email}" + } +} diff --git a/okta/provider.go b/okta/provider.go index a65af8d1..21b28049 100644 --- a/okta/provider.go +++ b/okta/provider.go @@ -14,6 +14,7 @@ import ( const ( appAutoLogin = "okta_app_auto_login" appBookmark = "okta_app_bookmark" + appBasicAuth = "okta_app_basic_auth" appGroupAssignment = "okta_app_group_assignment" appUser = "okta_app_user" appOAuth = "okta_app_oauth" @@ -116,6 +117,7 @@ func Provider() terraform.ResourceProvider { ResourcesMap: map[string]*schema.Resource{ appAutoLogin: resourceAppAutoLogin(), appBookmark: resourceAppBookmark(), + appBasicAuth: resourceAppBasicAuth(), appGroupAssignment: resourceAppGroupAssignment(), appUser: resourceAppUser(), appOAuth: resourceAppOAuth(), @@ -160,6 +162,7 @@ func Provider() terraform.ResourceProvider { "okta_saml_idp_signing_key": deprecateIncorrectNaming(resourceIdpSigningKey(), idpSamlKey), "okta_social_idp": deprecateIncorrectNaming(resourceIdpSocial(), idpSocial), "okta_bookmark_app": deprecateIncorrectNaming(resourceAppBookmark(), appBookmark), + "okta_basic_auth_app": deprecateIncorrectNaming(resourceAppBasicAuth(), appBasicAuth), "okta_saml_app": deprecateIncorrectNaming(resourceAppSaml(), appSaml), "okta_oauth_app": deprecateIncorrectNaming(resourceAppOAuth(), appOAuth), "okta_oauth_app_redirect_uri": deprecateIncorrectNaming(resourceAppOAuthRedirectUri(), appOAuthRedirectUri), diff --git a/okta/resource_okta_app_basic_auth.go b/okta/resource_okta_app_basic_auth.go new file mode 100644 index 00000000..ad5911fe --- /dev/null +++ b/okta/resource_okta_app_basic_auth.go @@ -0,0 +1,131 @@ +package okta + +import ( + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/okta/okta-sdk-golang/okta" + "github.com/okta/okta-sdk-golang/okta/query" +) + +func resourceAppBasicAuth() *schema.Resource { + return &schema.Resource{ + CustomizeDiff: func(d *schema.ResourceDiff, v interface{}) error { + return nil + }, + Create: resourceAppBasicAuthCreate, + Read: resourceAppBasicAuthRead, + Update: resourceAppBasicAuthUpdate, + Delete: resourceAppBasicAuthDelete, + Exists: resourceAppExists, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: buildAppSchemaWithVisibility(map[string]*schema.Schema{ + "auth_url": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Description: "Login button field", + }, + "url": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Description: "Login password field", + }, + }), + } +} + +func resourceAppBasicAuthCreate(d *schema.ResourceData, m interface{}) error { + client := getOktaClientFromMetadata(m) + app := buildAppBasicAuth(d, m) + activate := d.Get("status").(string) == "ACTIVE" + params := &query.Params{Activate: &activate} + _, _, err := client.Application.CreateApplication(app, params) + + if err != nil { + return err + } + + d.SetId(app.Id) + + err = handleAppGroupsAndUsers(app.Id, d, m) + + if err != nil { + return err + } + + return resourceAppBasicAuthRead(d, m) +} + +func resourceAppBasicAuthRead(d *schema.ResourceData, m interface{}) error { + app := okta.NewBasicAuthApplication() + err := fetchApp(d, m, app) + + if app == nil { + d.SetId("") + return nil + } + + if err != nil { + return err + } + + d.Set("url", app.Settings.App.Url) + d.Set("auth_url", app.Settings.App.AuthURL) + appRead(d, app.Name, app.Status, app.SignOnMode, app.Label, app.Accessibility, app.Visibility) + + return syncGroupsAndUsers(app.Id, d, m) +} + +func resourceAppBasicAuthUpdate(d *schema.ResourceData, m interface{}) error { + client := getOktaClientFromMetadata(m) + app := buildAppBasicAuth(d, m) + _, _, err := client.Application.UpdateApplication(d.Id(), app) + + if err != nil { + return err + } + + desiredStatus := d.Get("status").(string) + err = setAppStatus(d, client, app.Status, desiredStatus) + + if err != nil { + return err + } + + err = handleAppGroupsAndUsers(app.Id, d, m) + + if err != nil { + return err + } + + return resourceAppBasicAuthRead(d, m) +} + +func resourceAppBasicAuthDelete(d *schema.ResourceData, m interface{}) error { + client := getOktaClientFromMetadata(m) + _, err := client.Application.DeactivateApplication(d.Id()) + if err != nil { + return err + } + + _, err = client.Application.DeleteApplication(d.Id()) + + return err +} + +func buildAppBasicAuth(d *schema.ResourceData, m interface{}) *okta.BasicAuthApplication { + // Abstracts away name and SignOnMode which are constant for this app type. + app := okta.NewBasicAuthApplication() + app.Label = d.Get("label").(string) + + app.Settings = &okta.BasicApplicationSettings{ + App: &okta.BasicApplicationSettingsApplication{ + AuthURL: d.Get("auth_url").(string), + Url: d.Get("url").(string), + }, + } + app.Visibility = buildVisibility(d) + + return app +} diff --git a/okta/resource_okta_app_basic_auth_test.go b/okta/resource_okta_app_basic_auth_test.go new file mode 100644 index 00000000..621ae08d --- /dev/null +++ b/okta/resource_okta_app_basic_auth_test.go @@ -0,0 +1,48 @@ +package okta + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/okta/okta-sdk-golang/okta" +) + +func TestAccAppBasicAuthApplication_crud(t *testing.T) { + ri := acctest.RandInt() + mgr := newFixtureManager(appBasicAuth) + config := mgr.GetFixtures("basic.tf", ri, t) + updatedConfig := mgr.GetFixtures("basic_updated.tf", ri, t) + resourceName := fmt.Sprintf("%s.test", appBasicAuth) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: createCheckResourceDestroy(appBasicAuth, createDoesAppExist(okta.NewBasicAuthApplication())), + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + ensureResourceExists(resourceName, createDoesAppExist(okta.NewBasicAuthApplication())), + resource.TestCheckResourceAttr(resourceName, "label", buildResourceName(ri)), + resource.TestCheckResourceAttr(resourceName, "status", "ACTIVE"), + resource.TestCheckResourceAttr(resourceName, "url", "https://example.com/login.html"), + resource.TestCheckResourceAttr(resourceName, "auth_url", "https://example.com/auth.html"), + resource.TestCheckResourceAttr(resourceName, "groups.#", "1"), + ), + }, + { + Config: updatedConfig, + Check: resource.ComposeTestCheckFunc( + ensureResourceExists(resourceName, createDoesAppExist(okta.NewBasicAuthApplication())), + resource.TestCheckResourceAttr(resourceName, "label", buildResourceName(ri)), + resource.TestCheckResourceAttr(resourceName, "status", "ACTIVE"), + resource.TestCheckResourceAttr(resourceName, "url", "https://example.com/login.html"), + resource.TestCheckResourceAttr(resourceName, "auth_url", "https://example.com/auth.html"), + resource.TestCheckResourceAttr(resourceName, "users.#", "1"), + ), + }, + }, + }) +}