okta · bogdanprodan-okta · Jun 22, 2021 · May 31, 2021 · May 31, 2021 · May 31, 2021
diff --git a/examples/okta_app_group_assignments/datasource.tf b/examples/okta_app_group_assignments/datasource.tf
@@ -0,0 +1,46 @@
+resource "okta_app_oauth" "test" {
+  label          = "testAcc_replace_with_uuid"
+  type           = "web"
+  grant_types    = ["implicit", "authorization_code"]
+  redirect_uris  = ["http://d.com/"]
+  response_types = ["code", "token", "id_token"]
+  issuer_mode    = "ORG_URL"
+
+  lifecycle {
+    ignore_changes = ["users", "groups"]
+  }
+}
+
+resource "okta_group" "test1" {
+  name = "testAcc_replace_with_uuid"
+}
+
+resource "okta_group" "test2" {
+  name = "testAcc_replace_with_uuid_2"
+}
+
+resource "okta_group" "test3" {
+  name = "testAcc_replace_with_uuid_3"
+}
+
+resource "okta_app_group_assignments" "test" {
+  app_id = okta_app_oauth.test.id
+
+  group {
+    id       = okta_group.test1.id
+    priority = 1
+  }
+  group {
+    id       = okta_group.test2.id
+    priority = 2
+  }
+  group {
+    id       = okta_group.test3.id
+    priority = 3
+  }
+}
+
+data "okta_app_group_assignments" "test" {
+  depends_on = [okta_app_group_assignments.test]
+  id         = okta_app_oauth.test.id
+}
diff --git a/okta/data_source_okta_app_group_assignments.go b/okta/data_source_okta_app_group_assignments.go
@@ -0,0 +1,61 @@
+package okta
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/okta/okta-sdk-golang/v2/okta"
+	"github.com/okta/okta-sdk-golang/v2/okta/query"
+)
+
+func dataSourceAppGroupAssignments() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceAppGroupAssignmentsRead,
+		Schema: map[string]*schema.Schema{
+			"id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "ID of the Okta App being queried for groups",
+				ForceNew:    true,
+			},
+			"groups": {
+				Type:        schema.TypeSet,
+				Computed:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Description: "List of groups IDs assigned to the app",
+			},
+		},
+	}
+}
+
+func dataSourceAppGroupAssignmentsRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	client := getOktaClientFromMetadata(m)
+	id := d.Get("id").(string)
+
+	groupAssignments, resp, err := client.Application.ListApplicationGroupAssignments(ctx, id, &query.Params{})
+	if err != nil {
+		return diag.Errorf("unable to query for groups from app (%s): %s", id, err)
+	}
+
+	for {
+		var moreAssignments []*okta.ApplicationGroupAssignment
+		if resp.HasNextPage() {
+			resp, err = resp.Next(ctx, &moreAssignments)
+			if err != nil {
+				return diag.Errorf("unable to query for groups from app (%s): %s", id, err)
+			}
+			groupAssignments = append(groupAssignments, moreAssignments...)
+		} else {
+			break
+		}
+	}
+
+	var groups []string
+	for _, assignment := range groupAssignments {
+		groups = append(groups, assignment.Id)
+	}
+	_ = d.Set("groups", convertStringSetToInterface(groups))
+	d.SetId(id)
+	return nil
+}
diff --git a/okta/data_source_okta_app_group_assignments_test.go b/okta/data_source_okta_app_group_assignments_test.go
@@ -0,0 +1,27 @@
+package okta
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccOktaDataSourceAppGroupAssignments_read(t *testing.T) {
+	ri := acctest.RandInt()
+	mgr := newFixtureManager(appGroupAssignments)
+	config := mgr.GetFixtures("datasource.tf", ri, t)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: testAccProvidersFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.okta_app_group_assignments.test", "groups.#"),
+				),
+			},
+		},
+	})
+}
diff --git a/okta/provider.go b/okta/provider.go
@@ -248,6 +248,7 @@ func Provider() *schema.Provider {
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"okta_app":                         dataSourceApp(),
+			appGroupAssignments:                dataSourceAppGroupAssignments(),
 			appSaml:                            dataSourceAppSaml(),
 			appOAuth:                           dataSourceAppOauth(),
 			"okta_app_metadata_saml":           dataSourceAppMetadataSaml(),

diff --git a/website/docs/d/app_group_assignments.html.markdown b/website/docs/d/app_group_assignments.html.markdown
@@ -0,0 +1,30 @@
+---
+layout: 'okta'
+page_title: 'Okta: okta_app_group_assignments'
+sidebar_current: 'docs-okta-datasource-app-group-assignments'
+description: |-
+Get a set of groups assigned to an Okta application.
+---
+
+
+# okta_app_group_assignments
+
+Use this data source to retrieve the list of groups assigned to the given Okta application (by ID).
+
+## Example Usage
+
+```hcl
+data "okta_app_group_assignments" "test" {
+  id         = okta_app_oauth.test.id
+}
+```
+
+## Argument Reference
+
+- `id` - (Required) The ID of the Okta application you want to retrieve the groups for.
+
+## Attribute Reference
+
+- `id` - ID of application.
+
+- `groups` - List of groups IDs assigned to the application.