Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add access_token to the provider config #1222

Merged
merged 3 commits into from
Jul 29, 2022
Merged

feat: add access_token to the provider config #1222

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
391ed1d
feat: add `access_token` to the provider config
ericnorris Jul 27, 2022
d5646ea
docs: add `access_token`
ericnorris Jul 28, 2022
825c3ad
Merge branch 'master' into feat-access-token-config
ericnorris Jul 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 21 additions & 7 deletions okta/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ type (
orgName string
domain string
httpProxy string
accessToken string
apiToken string
clientID string
privateKey string
Expand Down Expand Up @@ -104,21 +105,34 @@ func (c *Config) loadAndValidate(ctx context.Context) error {

setters := []okta.ConfigSetter{
okta.WithOrgUrl(orgUrl),
okta.WithToken(c.apiToken),
okta.WithClientId(c.clientID),
okta.WithPrivateKey(c.privateKey),
okta.WithPrivateKeyId(c.privateKeyId),
okta.WithScopes(c.scopes),
okta.WithCache(false),
okta.WithHttpClientPtr(httpClient),
okta.WithRateLimitMaxBackOff(int64(c.maxWait)),
okta.WithRequestTimeout(int64(c.requestTimeout)),
okta.WithRateLimitMaxRetries(int32(c.retryCount)),
okta.WithUserAgentExtra("okta-terraform/3.31.0"),
}
if c.apiToken == "" {
setters = append(setters, okta.WithAuthorizationMode("PrivateKey"))

switch {
case c.accessToken != "":
setters = append(
setters,
okta.WithToken(c.accessToken), okta.WithAuthorizationMode("Bearer"),
)

case c.apiToken != "":
setters = append(
setters,
okta.WithToken(c.apiToken), okta.WithAuthorizationMode("SSWS"),
)

case c.privateKey != "":
setters = append(
setters,
okta.WithPrivateKey(c.privateKey), okta.WithPrivateKeyId(c.privateKeyId), okta.WithScopes(c.scopes), okta.WithAuthorizationMode("PrivateKey"),
)
}

if disableHTTPS {
setters = append(setters, okta.WithTestingDisableHttpsCheck(true))
}
Expand Down
16 changes: 12 additions & 4 deletions okta/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,34 +144,41 @@ func Provider() *schema.Provider {
DefaultFunc: schema.EnvDefaultFunc("OKTA_ORG_NAME", nil),
Description: "The organization to manage in Okta.",
},
"access_token": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("OKTA_ACCESS_TOKEN", nil),
Description: "Bearer token granting privileges to Okta API.",
ConflictsWith: []string{"api_token", "client_id", "scopes", "private_key"},
},
"api_token": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("OKTA_API_TOKEN", nil),
Description: "API Token granting privileges to Okta API.",
ConflictsWith: []string{"client_id", "scopes", "private_key"},
ConflictsWith: []string{"access_token", "client_id", "scopes", "private_key"},
},
"client_id": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("OKTA_API_CLIENT_ID", nil),
Description: "API Token granting privileges to Okta API.",
ConflictsWith: []string{"api_token"},
ConflictsWith: []string{"access_token", "api_token"},
},
"scopes": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
DefaultFunc: envDefaultSetFunc("OKTA_API_SCOPES", nil),
Description: "API Token granting privileges to Okta API.",
ConflictsWith: []string{"api_token"},
ConflictsWith: []string{"access_token", "api_token"},
},
"private_key": {
Optional: true,
Type: schema.TypeString,
DefaultFunc: schema.EnvDefaultFunc("OKTA_API_PRIVATE_KEY", nil),
Description: "API Token granting privileges to Okta API.",
ConflictsWith: []string{"api_token"},
ConflictsWith: []string{"access_token", "api_token"},
},
"private_key_id": {
Optional: true,
Expand Down Expand Up @@ -422,6 +429,7 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
orgName: d.Get("org_name").(string),
domain: d.Get("base_url").(string),
apiToken: d.Get("api_token").(string),
accessToken: d.Get("access_token").(string),
clientID: d.Get("client_id").(string),
privateKey: d.Get("private_key").(string),
privateKeyId: d.Get("private_key_id").(string),
Expand Down
20 changes: 11 additions & 9 deletions website/docs/index.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ explained below:

### Environment variables

You can provide your credentials via the `OKTA_ORG_NAME`, `OKTA_BASE_URL`, `OKTA_API_TOKEN`, `OKTA_API_CLIENT_ID`,
`OKTA_API_SCOPES` and `OKTA_API_PRIVATE_KEY` environment variables, representing your Okta Organization Name,
Okta Base URL (i.e. `"okta.com"` or `"oktapreview.com"`), Okta API Token, Okta Client ID, Okta API scopes
and Okta API private key respectively.
You can provide your credentials via the `OKTA_ORG_NAME`, `OKTA_BASE_URL`, `OKTA_ACCESS_TOKEN`, `OKTA_API_TOKEN`,
`OKTA_API_CLIENT_ID`, `OKTA_API_SCOPES` and `OKTA_API_PRIVATE_KEY` environment variables, representing your Okta
Organization Name, Okta Base URL (i.e. `"okta.com"` or `"oktapreview.com"`), Okta Access Token, Okta API Token,
Okta Client ID, Okta API scopes and Okta API private key respectively.

```hcl
provider "okta" {}
Expand All @@ -70,7 +70,7 @@ $ terraform plan

## Argument Reference

Note: `api_token` is mutually exclusive of the set `client_id`, `private_key`, and `scopes`. `api_token` is utilized for Okta's [SSWS Authorization Scheme](https://developer.okta.com/docs/reference/core-okta-api/#authentication) and applies to org level operations. `client_id`, `private_key`, and `scopes` are for [OAuth 2.0 client](https://developer.okta.com/docs/reference/api/apps/#add-oauth-2-0-client-application) authentication for application operations.
Note: `api_token` is mutually exclusive of the set `access_token`, `client_id`, `private_key`, and `scopes`. `api_token` is utilized for Okta's [SSWS Authorization Scheme](https://developer.okta.com/docs/reference/core-okta-api/#authentication) and applies to org level operations. `client_id`, `private_key`, and `scopes` are for [OAuth 2.0 client](https://developer.okta.com/docs/reference/api/apps/#add-oauth-2-0-client-application) authentication for application operations. `access_token` is used in situations where the caller has already performed the OAuth 2.0 client authentication process.

In addition to [generic `provider` arguments](https://www.terraform.io/docs/configuration/providers.html)
(e.g. `alias` and `version`), the following arguments are supported in the Okta `provider` block:
Expand All @@ -81,13 +81,15 @@ In addition to [generic `provider` arguments](https://www.terraform.io/docs/conf

- `http_proxy` - (Optional) This is a custom URL endpoint that can be used for unit testing or local caching proxies. Can also be sourced from the `OKTA_HTTP_PROXY` environment variable.

- `api_token` - (Optional) This is the API token to interact with your Okta org. It can also be sourced from the `OKTA_API_TOKEN` environment variable. `api_token` conflicts with `client_id`, `scopes` and `private_key`.
- `access_token` - (Optional) This is an OAuth 2.0 access token to interact with your Okta org. It can be sourced from the `OKTA_ACCESS_TOKEN` environment variable. `access_token` conflicts with `api_token`, `client_id`, `scopes` and `private_key`.

- `client_id` - (Optional) This is the client ID for obtaining the API token. It can also be sourced from the `OKTA_API_CLIENT_ID` environment variable. `client_id` conflicts with `api_token`.
- `api_token` - (Optional) This is the API token to interact with your Okta org. It can also be sourced from the `OKTA_API_TOKEN` environment variable. `api_token` conflicts with `access_token`, `client_id`, `scopes` and `private_key`.

- `scopes` - (Optional) These are scopes for obtaining the API token in form of a comma separated list. It can also be sourced from the `OKTA_API_SCOPES` environment variable. `scopes` conflicts with `api_token`.
- `client_id` - (Optional) This is the client ID for obtaining the API token. It can also be sourced from the `OKTA_API_CLIENT_ID` environment variable. `client_id` conflicts with `access_token` and `api_token`.

- `private_key` - (Optional) This is the private key for obtaining the API token (can be represented by a filepath, or the key itself). It can also be sourced from the `OKTA_API_PRIVATE_KEY` environment variable. `private_key` conflicts with `api_token`.
- `scopes` - (Optional) These are scopes for obtaining the API token in form of a comma separated list. It can also be sourced from the `OKTA_API_SCOPES` environment variable. `scopes` conflicts with `access_token` and `api_token`.

- `private_key` - (Optional) This is the private key for obtaining the API token (can be represented by a filepath, or the key itself). It can also be sourced from the `OKTA_API_PRIVATE_KEY` environment variable. `private_key` conflicts with `access_token` and `api_token`.

- `private_key_id` - (Optional) This is the private key ID (kid) for obtaining the API token. It can also be sourced from `OKTA_API_PRIVATE_KEY_ID` environmental variable. `private_key_id` conflicts with `api_token`.

Expand Down