Merge pull request #1588 from okta/add-email-domain

add resource email domain
okta · Jun 13, 2023 · 7fc2bf1 · 7fc2bf1
2 parents 5a0a989 + f5eb55e
commit 7fc2bf1
Show file tree

Hide file tree

Showing 9 changed files with 253 additions and 3 deletions.
diff --git a/examples/okta_email_domain/basic.tf b/examples/okta_email_domain/basic.tf
@@ -0,0 +1,9 @@
+data "okta_brands" "test" {
+}
+
+resource "okta_email_domain" "test" {
+  brand_id     = tolist(data.okta_brands.test.brands)[0].id
+  domain       = "example.com"
+  display_name = "test"
+  user_name    = "fff"
+}
diff --git a/go.mod b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/hashicorp/terraform-plugin-docs v0.14.1
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1
 	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/okta/okta-sdk-golang/v3 v3.0.2
+	github.com/okta/okta-sdk-golang/v3 v3.0.6
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/stretchr/testify v1.8.3
 	gopkg.in/square/go-jose.v2 v2.6.0

diff --git a/go.sum b/go.sum
@@ -299,8 +299,8 @@ github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3P
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
-github.com/okta/okta-sdk-golang/v3 v3.0.2 h1:f3cmHSVqP7Lmhy0f/XjFk6sZxb+/n9ALG3dUgyEP8pY=
-github.com/okta/okta-sdk-golang/v3 v3.0.2/go.mod h1:7fDqgCvPaxgjhYHaxRwvc6RMioVcQ+XHN5a5hUe4nnw=
+github.com/okta/okta-sdk-golang/v3 v3.0.6 h1:Ee7i3fqs2L3dvQ9bIQTqWcfTYae1VVe3Qg8JPVFPpmk=
+github.com/okta/okta-sdk-golang/v3 v3.0.6/go.mod h1:7fDqgCvPaxgjhYHaxRwvc6RMioVcQ+XHN5a5hUe4nnw=
 github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=

diff --git a/okta/provider.go b/okta/provider.go
@@ -63,6 +63,8 @@ const (
 	domain                        = "okta_domain"
 	domainCertificate             = "okta_domain_certificate"
 	domainVerification            = "okta_domain_verification"
+	emailDomain                   = "okta_email_domain"
+	emailDomainVerification       = "okta_email_domain_verification"
 	emailSender                   = "okta_email_sender"
 	emailSenderVerification       = "okta_email_sender_verification"
 	emailCustomization            = "okta_email_customization"
@@ -288,6 +290,8 @@ func Provider() *schema.Provider {
 			domainCertificate:             resourceDomainCertificate(),
 			domainVerification:            resourceDomainVerification(),
 			emailCustomization:            resourceEmailCustomization(),
+			emailDomain:                   resourceEmailDomain(),
+			emailDomainVerification:       resourceEmailDomainVerification(),
 			emailSender:                   resourceEmailSender(),
 			emailSenderVerification:       resourceEmailSenderVerification(),
 			eventHook:                     resourceEventHook(),

diff --git a/okta/resource_okta_email_domain.go b/okta/resource_okta_email_domain.go
@@ -0,0 +1,158 @@
+package okta
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/okta/okta-sdk-golang/v3/okta"
+)
+
+func resourceEmailDomain() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceEmailDomainCreate,
+		ReadContext:   resourceEmailDomainRead,
+		UpdateContext: resourceEmailDomainUpdate,
+		DeleteContext: resourceEmailDomainDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"brand_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Brand id",
+			},
+			"domain": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Domain name",
+			},
+			"display_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Display name",
+			},
+			"user_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "User name",
+			},
+			"validation_status": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Status of the email domain. Values: NOT_STARTED, IN_PROGRESS, VERIFIED, COMPLETED",
+			},
+			"dns_validation_records": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "TXT and cname records to be registered for the email Domain",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"fqdn": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "DNS record name",
+						},
+						"record_type": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Record type can be TXT or cname",
+						},
+						"values": {
+							Type:        schema.TypeList,
+							Computed:    true,
+							Elem:        &schema.Schema{Type: schema.TypeString},
+							Description: "DNS record values",
+						},
+						"expiration": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "DNS TXT record expiration",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func resourceEmailDomainCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	emailDomain, _, err := getOktaV3ClientFromMetadata(m).EmailDomainApi.CreateEmailDomain(ctx).EmailDomain(buildEmailDomain(d)).Execute()
+	if err != nil {
+		return diag.Errorf("failed to create email domain: %v", err)
+	}
+	d.SetId(emailDomain.GetId())
+	return resourceEmailDomainRead(ctx, d, m)
+}
+
+func resourceEmailDomainRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	emailDomain, resp, err := getOktaV3ClientFromMetadata(m).EmailDomainApi.GetEmailDomain(ctx, d.Id()).Execute()
+	if err := v3suppressErrorOn404(resp, err); err != nil {
+		return diag.Errorf("failed to get email domain: %v", err)
+	}
+	if emailDomain == nil || emailDomain.GetValidationStatus() == "DELETED" {
+		d.SetId("")
+		return nil
+	}
+	_ = d.Set("validation_status", emailDomain.GetValidationStatus())
+	_ = d.Set("domain", emailDomain.GetDomain())
+	_ = d.Set("display_name", emailDomain.GetDisplayName())
+	_ = d.Set("user_name", emailDomain.GetUserName())
+	dnsValidation := emailDomain.GetDnsValidationRecords()
+	arr := make([]map[string]interface{}, len(dnsValidation))
+	for i := range dnsValidation {
+		arr[i] = map[string]interface{}{
+			"fqdn":        dnsValidation[i].GetFqdn(),
+			"record_type": dnsValidation[i].GetRecordType(),
+			"expiration":  dnsValidation[i].GetExpiration(),
+		}
+		if len(dnsValidation[i].GetValues()) > 0 {
+			arr[i]["value"] = dnsValidation[i].GetValues()
+		}
+	}
+	err = setNonPrimitives(d, map[string]interface{}{"dns_validation_records": arr})
+	if err != nil {
+		return diag.Errorf("failed to set DNS validation records: %v", err)
+	}
+	return nil
+}
+
+func resourceEmailDomainUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	_, _, err := getOktaV3ClientFromMetadata(m).EmailDomainApi.ReplaceEmailDomain(ctx, d.Id()).UpdateEmailDomain(buildUpdateEmailDomain(d)).Execute()
+	if err != nil {
+		return diag.Errorf("failed to update email domain: %v", err)
+	}
+	return resourceEmailDomainRead(ctx, d, m)
+}
+
+func resourceEmailDomainDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	emailDomain, resp, err := getOktaV3ClientFromMetadata(m).EmailDomainApi.GetEmailDomain(ctx, d.Id()).Execute()
+	if err := v3suppressErrorOn404(resp, err); err != nil {
+		return diag.Errorf("failed to get email domain: %v", err)
+	}
+	if emailDomain == nil || emailDomain.GetValidationStatus() == "DELETED" {
+		return nil
+	}
+	_, err = getOktaV3ClientFromMetadata(m).EmailDomainApi.DeleteEmailDomain(ctx, emailDomain.GetId()).Execute()
+	if err := v3suppressErrorOn404(resp, err); err != nil {
+		return diag.Errorf("failed to delete email domain: %v", err)
+	}
+	return nil
+}
+
+func buildEmailDomain(d *schema.ResourceData) okta.EmailDomain {
+	return okta.EmailDomain{
+		BrandId:     d.Get("brand_id").(string),
+		Domain:      d.Get("domain").(string),
+		DisplayName: d.Get("display_name").(string),
+		UserName:    d.Get("user_name").(string),
+	}
+}
+
+func buildUpdateEmailDomain(d *schema.ResourceData) okta.UpdateEmailDomain {
+	return okta.UpdateEmailDomain{
+		DisplayName: d.Get("display_name").(string),
+		UserName:    d.Get("user_name").(string),
+	}
+}
diff --git a/okta/resource_okta_email_domain_test.go b/okta/resource_okta_email_domain_test.go
@@ -0,0 +1,43 @@
+package okta
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccOktaEmailDomain(t *testing.T) {
+	mgr := newFixtureManager(emailDomain, t.Name())
+	config := mgr.GetFixtures("basic.tf", t)
+	resourceName := fmt.Sprintf("%s.test", emailDomain)
+
+	oktaResourceTest(t, resource.TestCase{
+		PreCheck:          testAccPreCheck(t),
+		ErrorCheck:        testAccErrorChecks(t),
+		ProviderFactories: testAccProvidersFactories,
+		CheckDestroy:      createCheckResourceDestroy(emailDomain, emailDomainExists),
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					ensureResourceExists(resourceName, emailDomainExists),
+					resource.TestCheckResourceAttrSet(resourceName, "brand_id"),
+					resource.TestCheckResourceAttr(resourceName, "domain", "example.com"),
+					resource.TestCheckResourceAttr(resourceName, "display_name", "test"),
+					resource.TestCheckResourceAttr(resourceName, "user_name", "fff"),
+				),
+			},
+		},
+	})
+}
+
+func emailDomainExists(id string) (bool, error) {
+	client := oktaV3ClientForTest()
+	emailDomain, resp, err := client.EmailDomainApi.GetEmailDomain(context.Background(), id).Execute()
+	if err := v3suppressErrorOn404(resp, err); err != nil {
+		return false, err
+	}
+	return emailDomain != nil && emailDomain.GetValidationStatus() != "DELETED", nil
+}
diff --git a/okta/resource_okta_email_domain_verification.go b/okta/resource_okta_email_domain_verification.go
@@ -0,0 +1,34 @@
+package okta
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func resourceEmailDomainVerification() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceEmailDomainVerificationCreate,
+		ReadContext:   resourceFuncNoOp,
+		DeleteContext: resourceFuncNoOp,
+		Importer:      nil,
+		Schema: map[string]*schema.Schema{
+			"email_domain_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Email domain ID",
+			},
+		},
+	}
+}
+
+func resourceEmailDomainVerificationCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	_, _, err := getOktaV3ClientFromMetadata(m).EmailDomainApi.VerifyEmailDomain(ctx, d.Get("email_domain_id").(string)).Execute()
+	if err != nil {
+		return diag.Errorf("failed to verify email domain: %v", err)
+	}
+	d.SetId(d.Get("email_domain_id").(string))
+	return nil
+}
diff --git a/okta/resource_okta_email_sender.go b/okta/resource_okta_email_sender.go
@@ -64,6 +64,7 @@ func resourceEmailSender() *schema.Resource {
 				},
 			},
 		},
+		DeprecationMessage: "The api for this resource has been deprecated. Please use okta_email_domain instead",
 	}
 }
 

diff --git a/okta/resource_okta_email_sender_verification.go b/okta/resource_okta_email_sender_verification.go
@@ -22,6 +22,7 @@ func resourceEmailSenderVerification() *schema.Resource {
 				Description: "Email sender ID",
 			},
 		},
+		DeprecationMessage: "The api for this resource has been deprecated. Please use okta_email_domain_verification instead",
 	}
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -64,6 +64,7 @@ func resourceEmailSender() *schema.Resource { @@
     				},
     			},
     		},
+    		DeprecationMessage: "The api for this resource has been deprecated. Please use okta_email_domain instead",
     	}
     }
@@ Expand Down @@