From 7ff67a0fc1fde48a07976983628755960768ceca Mon Sep 17 00:00:00 2001 From: Andy Gertjejansen Date: Thu, 22 Aug 2019 09:10:06 -0500 Subject: [PATCH] Add app exclude and platform scenario --- .../app_exclude_platform.tf | 32 +++++++++ .../app_include.tf | 65 ++----------------- ...resource_policy_rule_idp_discovery_test.go | 14 +++- 3 files changed, 50 insertions(+), 61 deletions(-) create mode 100644 examples/okta_policy_rule_idp_discovery/app_exclude_platform.tf diff --git a/examples/okta_policy_rule_idp_discovery/app_exclude_platform.tf b/examples/okta_policy_rule_idp_discovery/app_exclude_platform.tf new file mode 100644 index 00000000..ef2b970b --- /dev/null +++ b/examples/okta_policy_rule_idp_discovery/app_exclude_platform.tf @@ -0,0 +1,32 @@ +resource okta_policy_rule_idp_discovery test { + policyid = "${data.okta_policy.test.id}" + priority = 1 + name = "testAcc_replace_with_uuid" + idp_type = "OKTA" + + app_exclude { + type = "APP" + id = "${okta_app_oauth.test.id}" + } + + platform_include { + type = "MOBILE" + os_type = "ANY" + } +} + +data okta_policy test { + name = "Idp Discovery Policy" + type = "IDP_DISCOVERY" +} + +resource okta_app_oauth test { + label = "testAcc_replace_with_uuid" + type = "web" + grant_types = ["authorization_code"] + redirect_uris = ["http://d.com/"] + response_types = ["code"] + client_basic_secret = "something_from_somewhere" + custom_client_id = "something_from_somewhere" + token_endpoint_auth_method = "client_secret_basic" +} diff --git a/examples/okta_policy_rule_idp_discovery/app_include.tf b/examples/okta_policy_rule_idp_discovery/app_include.tf index ec1b08c8..3f2e8c9a 100644 --- a/examples/okta_policy_rule_idp_discovery/app_include.tf +++ b/examples/okta_policy_rule_idp_discovery/app_include.tf @@ -1,13 +1,12 @@ resource okta_policy_rule_idp_discovery test { - policyid = "${data.okta_policy.test.id}" - priority = 1 - name = "testAcc_replace_with_uuid" - idp_type = "SAML2" - idp_id = "${okta_idp_saml.test.id}" + policyid = "${data.okta_policy.test.id}" + priority = 1 + name = "testAcc_replace_with_uuid" + idp_type = "OKTA" app_include { type = "APP" - id = "${okta_app_oauth.test.id}" + id = "${okta_app_oauth.test.id}" } } @@ -16,24 +15,6 @@ data okta_policy test { type = "IDP_DISCOVERY" } -resource okta_idp_saml test { - name = "testAcc_replace_with_uuid" - acs_binding = "HTTP-POST" - acs_type = "INSTANCE" - sso_url = "https://idp.example.com" - sso_destination = "https://idp.example.com" - sso_binding = "HTTP-POST" - username_template = "idpuser.email" - issuer = "https://idp.example.com" - request_signature_scope = "REQUEST" - response_signature_scope = "ANY" - kid = "${okta_idp_saml_key.test.id}" -} - -resource okta_idp_saml_key test { - x5c = ["${okta_app_saml.test.certificate}"] -} - resource okta_app_oauth test { label = "testAcc_replace_with_uuid" type = "web" @@ -44,39 +25,3 @@ resource okta_app_oauth test { custom_client_id = "something_from_somewhere" token_endpoint_auth_method = "client_secret_basic" } - -resource okta_app_saml test { - label = "testAcc_replace_with_uuid" - sso_url = "http://google.com" - recipient = "http://here.com" - destination = "http://its-about-the-journey.com" - audience = "http://audience.com" - subject_name_id_template = "$${user.userName}" - subject_name_id_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" - response_signed = true - signature_algorithm = "RSA_SHA256" - digest_algorithm = "SHA256" - honor_force_authn = false - authn_context_class_ref = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" - - attribute_statements { - name = "firstName" - values = ["user.firstName"] - } - - attribute_statements { - name = "lastName" - values = ["user.lastName"] - } - - attribute_statements { - name = "email" - values = ["user.email"] - } - - attribute_statements { - name = "company" - values = ["Articulate"] - } -} - diff --git a/okta/resource_policy_rule_idp_discovery_test.go b/okta/resource_policy_rule_idp_discovery_test.go index 8ec8dabd..502b01cf 100644 --- a/okta/resource_policy_rule_idp_discovery_test.go +++ b/okta/resource_policy_rule_idp_discovery_test.go @@ -19,6 +19,7 @@ func TestAccOktaPolicyRuleIdpDiscovery(t *testing.T) { updatedConfig := mgr.GetFixtures("basic_domain.tf", ri, t) deactivatedConfig := mgr.GetFixtures("basic_deactivated.tf", ri, t) appIncludeConfig := mgr.GetFixtures("app_include.tf", ri, t) + appExcludeConfig := mgr.GetFixtures("app_exclude_platform.tf", ri, t) resourceName := fmt.Sprintf("%s.test", policyRuleIdpDiscovery) resource.Test(t, resource.TestCase{ @@ -60,7 +61,18 @@ func TestAccOktaPolicyRuleIdpDiscovery(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "name", buildResourceName(ri)), resource.TestCheckResourceAttr(resourceName, "status", "ACTIVE"), resource.TestCheckResourceAttr(resourceName, "app_include.#", "1"), - resource.TestCheckResourceAttr(resourceName, "idp_type", "SAML2"), + resource.TestCheckResourceAttr(resourceName, "idp_type", "OKTA"), + ), + }, + { + Config: appExcludeConfig, + Check: resource.ComposeTestCheckFunc( + ensureRuleExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "name", buildResourceName(ri)), + resource.TestCheckResourceAttr(resourceName, "status", "ACTIVE"), + resource.TestCheckResourceAttr(resourceName, "app_exclude.#", "1"), + resource.TestCheckResourceAttr(resourceName, "idp_type", "OKTA"), + resource.TestCheckResourceAttr(resourceName, "platform_include.#", "1"), ), }, },