Add app exclude and platform scenario

articulate · Aug 22, 2019 · 7ff67a0 · 7ff67a0
1 parent 938083c
commit 7ff67a0
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 61 deletions.
diff --git a/examples/okta_policy_rule_idp_discovery/app_exclude_platform.tf b/examples/okta_policy_rule_idp_discovery/app_exclude_platform.tf
@@ -0,0 +1,32 @@
+resource okta_policy_rule_idp_discovery test {
+  policyid = "${data.okta_policy.test.id}"
+  priority = 1
+  name     = "testAcc_replace_with_uuid"
+  idp_type = "OKTA"
+
+  app_exclude {
+    type = "APP"
+    id   = "${okta_app_oauth.test.id}"
+  }
+
+  platform_include {
+    type    = "MOBILE"
+    os_type = "ANY"
+  }
+}
+
+data okta_policy test {
+  name = "Idp Discovery Policy"
+  type = "IDP_DISCOVERY"
+}
+
+resource okta_app_oauth test {
+  label                      = "testAcc_replace_with_uuid"
+  type                       = "web"
+  grant_types                = ["authorization_code"]
+  redirect_uris              = ["http://d.com/"]
+  response_types             = ["code"]
+  client_basic_secret        = "something_from_somewhere"
+  custom_client_id           = "something_from_somewhere"
+  token_endpoint_auth_method = "client_secret_basic"
+}
diff --git a/examples/okta_policy_rule_idp_discovery/app_include.tf b/examples/okta_policy_rule_idp_discovery/app_include.tf
@@ -1,13 +1,12 @@
 resource okta_policy_rule_idp_discovery test {
-  policyid             = "${data.okta_policy.test.id}"
-  priority             = 1
-  name                 = "testAcc_replace_with_uuid"
-  idp_type             = "SAML2"
-  idp_id               = "${okta_idp_saml.test.id}"
+  policyid = "${data.okta_policy.test.id}"
+  priority = 1
+  name     = "testAcc_replace_with_uuid"
+  idp_type = "OKTA"
 
   app_include {
     type = "APP"
-    id = "${okta_app_oauth.test.id}"
+    id   = "${okta_app_oauth.test.id}"
   }
 }
 
@@ -16,24 +15,6 @@ data okta_policy test {
   type = "IDP_DISCOVERY"
 }
 
-resource okta_idp_saml test {
-  name                     = "testAcc_replace_with_uuid"
-  acs_binding              = "HTTP-POST"
-  acs_type                 = "INSTANCE"
-  sso_url                  = "https://idp.example.com"
-  sso_destination          = "https://idp.example.com"
-  sso_binding              = "HTTP-POST"
-  username_template        = "idpuser.email"
-  issuer                   = "https://idp.example.com"
-  request_signature_scope  = "REQUEST"
-  response_signature_scope = "ANY"
-  kid                      = "${okta_idp_saml_key.test.id}"
-}
-
-resource okta_idp_saml_key test {
-  x5c = ["${okta_app_saml.test.certificate}"]
-}
-
 resource okta_app_oauth test {
   label                      = "testAcc_replace_with_uuid"
   type                       = "web"
@@ -44,39 +25,3 @@ resource okta_app_oauth test {
   custom_client_id           = "something_from_somewhere"
   token_endpoint_auth_method = "client_secret_basic"
 }
-
-resource okta_app_saml test {
-  label                    = "testAcc_replace_with_uuid"
-  sso_url                  = "http://google.com"
-  recipient                = "http://here.com"
-  destination              = "http://its-about-the-journey.com"
-  audience                 = "http://audience.com"
-  subject_name_id_template = "$${user.userName}"
-  subject_name_id_format   = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-  response_signed          = true
-  signature_algorithm      = "RSA_SHA256"
-  digest_algorithm         = "SHA256"
-  honor_force_authn        = false
-  authn_context_class_ref  = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
-
-  attribute_statements {
-    name   = "firstName"
-    values = ["user.firstName"]
-  }
-
-  attribute_statements {
-    name   = "lastName"
-    values = ["user.lastName"]
-  }
-
-  attribute_statements {
-    name   = "email"
-    values = ["user.email"]
-  }
-
-  attribute_statements {
-    name   = "company"
-    values = ["Articulate"]
-  }
-}
-
diff --git a/okta/resource_policy_rule_idp_discovery_test.go b/okta/resource_policy_rule_idp_discovery_test.go
@@ -19,6 +19,7 @@ func TestAccOktaPolicyRuleIdpDiscovery(t *testing.T) {
 	updatedConfig := mgr.GetFixtures("basic_domain.tf", ri, t)
 	deactivatedConfig := mgr.GetFixtures("basic_deactivated.tf", ri, t)
 	appIncludeConfig := mgr.GetFixtures("app_include.tf", ri, t)
+	appExcludeConfig := mgr.GetFixtures("app_exclude_platform.tf", ri, t)
 	resourceName := fmt.Sprintf("%s.test", policyRuleIdpDiscovery)
 
 	resource.Test(t, resource.TestCase{
@@ -60,7 +61,18 @@ func TestAccOktaPolicyRuleIdpDiscovery(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "name", buildResourceName(ri)),
 					resource.TestCheckResourceAttr(resourceName, "status", "ACTIVE"),
 					resource.TestCheckResourceAttr(resourceName, "app_include.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "idp_type", "SAML2"),
+					resource.TestCheckResourceAttr(resourceName, "idp_type", "OKTA"),
+				),
+			},
+			{
+				Config: appExcludeConfig,
+				Check: resource.ComposeTestCheckFunc(
+					ensureRuleExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "name", buildResourceName(ri)),
+					resource.TestCheckResourceAttr(resourceName, "status", "ACTIVE"),
+					resource.TestCheckResourceAttr(resourceName, "app_exclude.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "idp_type", "OKTA"),
+					resource.TestCheckResourceAttr(resourceName, "platform_include.#", "1"),
 				),
 			},
 		},