From a183e2fa570acb31719d0f8466dfd6ab1a4ccdb4 Mon Sep 17 00:00:00 2001 From: bogdanprodan-okta Date: Tue, 13 Jul 2021 16:19:30 +0300 Subject: [PATCH 1/3] Don't recreate user_schema resource if 'array_enum', 'array_one_of', 'enum' or 'one_of' fields has changed --- okta/resource_okta_user_schema.go | 3 +++ okta/user_schema.go | 4 ---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/okta/resource_okta_user_schema.go b/okta/resource_okta_user_schema.go index 2122004ca..2299633f8 100644 --- a/okta/resource_okta_user_schema.go +++ b/okta/resource_okta_user_schema.go @@ -126,6 +126,9 @@ loop: case <-ticker.C: updated, _, err := getSupplementFromMetadata(m).UpdateCustomUserSchemaProperty(ctx, schemaUrl, d.Get("index").(string), userSubSchema(d)) if err != nil { + if strings.Contains(err.Error(), "Wait until the data clean up process finishes and then try again") { + continue + } return diag.Errorf("failed to create user custom schema: %v", err) } d.SetId(d.Get("index").(string)) diff --git a/okta/user_schema.go b/okta/user_schema.go index 51f8b0ab9..f37d44b84 100644 --- a/okta/user_schema.go +++ b/okta/user_schema.go @@ -19,13 +19,11 @@ var ( "array_enum": { Type: schema.TypeList, Optional: true, - ForceNew: true, Description: "Custom Subschema enumerated value of a property of type array.", Elem: &schema.Schema{Type: schema.TypeString}, }, "array_one_of": { Type: schema.TypeList, - ForceNew: true, Optional: true, Description: "array of valid JSON schemas for property type array.", Elem: &schema.Resource{ @@ -63,14 +61,12 @@ var ( "enum": { Type: schema.TypeList, Optional: true, - ForceNew: true, Description: "Custom Subschema enumerated value of the property. see: developer.okta.com/docs/api/resources/schemas#user-profile-schema-property-object", ConflictsWith: []string{"array_type"}, Elem: &schema.Schema{Type: schema.TypeString}, }, "one_of": { Type: schema.TypeList, - ForceNew: true, Optional: true, Description: "Custom Subschema json schemas. see: developer.okta.com/docs/api/resources/schemas#user-profile-schema-property-object", ConflictsWith: []string{"array_type"}, From 1eb22c2769ccdbae43b69800487f80f3afbf8ac3 Mon Sep 17 00:00:00 2001 From: bogdanprodan-okta Date: Tue, 13 Jul 2021 17:14:39 +0300 Subject: [PATCH 2/3] Added ForceNew to the 'unique' field --- okta/resource_okta_user_schema.go | 5 +++-- okta/user_schema.go | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/okta/resource_okta_user_schema.go b/okta/resource_okta_user_schema.go index 2299633f8..e6112190e 100644 --- a/okta/resource_okta_user_schema.go +++ b/okta/resource_okta_user_schema.go @@ -114,8 +114,8 @@ func resourceUserSchemaCreateOrUpdate(ctx context.Context, d *schema.ResourceDat return diag.Errorf("failed to create user custom schema: %v", err) } var subschema *sdk.UserSubSchema - timer := time.NewTimer(time.Second * 3) - ticker := time.NewTicker(time.Millisecond * 500) + timer := time.NewTimer(time.Second * 30) // sometimes it takes some time to recreate user schema + ticker := time.NewTicker(time.Second) loop: for { select { @@ -124,6 +124,7 @@ loop: case <-timer.C: return diag.Errorf("failed to create user custom schema: no more attempts left") case <-ticker.C: + time.Sleep(time.Second) updated, _, err := getSupplementFromMetadata(m).UpdateCustomUserSchemaProperty(ctx, schemaUrl, d.Get("index").(string), userSubSchema(d)) if err != nil { if strings.Contains(err.Error(), "Wait until the data clean up process finishes and then try again") { diff --git a/okta/user_schema.go b/okta/user_schema.go index f37d44b84..022d98e73 100644 --- a/okta/user_schema.go +++ b/okta/user_schema.go @@ -103,6 +103,7 @@ var ( Description: "Subschema unique restriction", ValidateDiagFunc: elemInSlice([]string{"UNIQUE_VALIDATED", "NOT_UNIQUE"}), ConflictsWith: []string{"one_of", "enum", "array_type"}, + ForceNew: true, }, } From 528e973ebfc826c62b01fef5ac9ffcc488df7208 Mon Sep 17 00:00:00 2001 From: bogdanprodan-okta Date: Wed, 14 Jul 2021 15:05:40 +0300 Subject: [PATCH 3/3] Fixed acceptance tests --- .../okta_group_membership.tf | 3 ++ .../okta_group_membership_removed.tf | 3 ++ .../okta_group_membership_updated.tf | 6 ++++ examples/okta_group_memberships/basic.tf | 3 ++ .../okta_group_memberships/basic_removal.tf | 3 ++ .../okta_group_memberships/basic_update.tf | 3 ++ examples/okta_group_role/basic.tf | 3 ++ examples/okta_group_role/group_targets.tf | 3 ++ .../okta_group_role/group_targets_removed.tf | 3 ++ .../okta_group_role/group_targets_updated.tf | 3 ++ examples/okta_group_roles/all_roles.tf | 3 ++ examples/okta_group_roles/basic.tf | 3 ++ .../factor_sequence.tf | 31 ++++++++++++++++--- examples/okta_user/group_assigned.tf | 3 ++ examples/okta_user/group_unassigned.tf | 3 ++ examples/okta_user_group_memberships/basic.tf | 12 +++++++ .../basic_removal.tf | 12 +++++++ .../basic_update.tf | 12 +++++++ okta/resource_okta_user_test.go | 2 +- 19 files changed, 109 insertions(+), 5 deletions(-) diff --git a/examples/okta_group_membership/okta_group_membership.tf b/examples/okta_group_membership/okta_group_membership.tf index 7eabdf939..097480a5e 100644 --- a/examples/okta_group_membership/okta_group_membership.tf +++ b/examples/okta_group_membership/okta_group_membership.tf @@ -13,6 +13,9 @@ resource "okta_user" "test" { resource "okta_group" "test" { name = "testAcc_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group_membership" "test" { diff --git a/examples/okta_group_membership/okta_group_membership_removed.tf b/examples/okta_group_membership/okta_group_membership_removed.tf index 138d6e8fd..d6a6c915a 100644 --- a/examples/okta_group_membership/okta_group_membership_removed.tf +++ b/examples/okta_group_membership/okta_group_membership_removed.tf @@ -13,6 +13,9 @@ resource "okta_user" "test" { resource "okta_group" "test_2" { name = "testAcc_2_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group_membership" "test_2" { diff --git a/examples/okta_group_membership/okta_group_membership_updated.tf b/examples/okta_group_membership/okta_group_membership_updated.tf index 862118a51..cd2b944b1 100644 --- a/examples/okta_group_membership/okta_group_membership_updated.tf +++ b/examples/okta_group_membership/okta_group_membership_updated.tf @@ -13,6 +13,9 @@ resource "okta_user" "test" { resource "okta_group" "test" { name = "testAcc_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group_membership" "test" { @@ -23,6 +26,9 @@ resource "okta_group_membership" "test" { resource "okta_group" "test_2" { name = "testAcc_2_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group_membership" "test_2" { diff --git a/examples/okta_group_memberships/basic.tf b/examples/okta_group_memberships/basic.tf index d43dd53b5..a2106426f 100644 --- a/examples/okta_group_memberships/basic.tf +++ b/examples/okta_group_memberships/basic.tf @@ -1,6 +1,9 @@ resource "okta_group" "test" { name = "testAcc_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_user" "test1" { diff --git a/examples/okta_group_memberships/basic_removal.tf b/examples/okta_group_memberships/basic_removal.tf index f10f6b8ed..9edc8e231 100644 --- a/examples/okta_group_memberships/basic_removal.tf +++ b/examples/okta_group_memberships/basic_removal.tf @@ -1,6 +1,9 @@ resource "okta_group" "test" { name = "testAcc_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_user" "test1" { diff --git a/examples/okta_group_memberships/basic_update.tf b/examples/okta_group_memberships/basic_update.tf index 289e92735..2df9defa1 100644 --- a/examples/okta_group_memberships/basic_update.tf +++ b/examples/okta_group_memberships/basic_update.tf @@ -1,6 +1,9 @@ resource "okta_group" "test" { name = "testAcc_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_user" "test1" { diff --git a/examples/okta_group_role/basic.tf b/examples/okta_group_role/basic.tf index f10f52fd5..facebb72c 100644 --- a/examples/okta_group_role/basic.tf +++ b/examples/okta_group_role/basic.tf @@ -2,6 +2,9 @@ resource "okta_group" "test" { name = "testAcc_replace_with_uuid" description = "testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_user" "test" { diff --git a/examples/okta_group_role/group_targets.tf b/examples/okta_group_role/group_targets.tf index ebdd775dd..c17773c76 100644 --- a/examples/okta_group_role/group_targets.tf +++ b/examples/okta_group_role/group_targets.tf @@ -2,6 +2,9 @@ resource "okta_group" "test" { name = "testAcc_replace_with_uuid" description = "testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_user" "test" { diff --git a/examples/okta_group_role/group_targets_removed.tf b/examples/okta_group_role/group_targets_removed.tf index 6e89df9f9..7975001dc 100644 --- a/examples/okta_group_role/group_targets_removed.tf +++ b/examples/okta_group_role/group_targets_removed.tf @@ -2,6 +2,9 @@ resource "okta_group" "test" { name = "testAcc_replace_with_uuid" description = "testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_user" "test" { diff --git a/examples/okta_group_role/group_targets_updated.tf b/examples/okta_group_role/group_targets_updated.tf index 1ac9f56cb..46305604b 100644 --- a/examples/okta_group_role/group_targets_updated.tf +++ b/examples/okta_group_role/group_targets_updated.tf @@ -2,6 +2,9 @@ resource "okta_group" "test" { name = "testAcc_replace_with_uuid" description = "testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_user" "test" { diff --git a/examples/okta_group_roles/all_roles.tf b/examples/okta_group_roles/all_roles.tf index d70695c85..89ecec573 100644 --- a/examples/okta_group_roles/all_roles.tf +++ b/examples/okta_group_roles/all_roles.tf @@ -1,6 +1,9 @@ resource "okta_group" "test" { name = "testAcc_replace_with_uuid" description = "testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group_roles" "test" { diff --git a/examples/okta_group_roles/basic.tf b/examples/okta_group_roles/basic.tf index ce2e115a3..d927603fe 100644 --- a/examples/okta_group_roles/basic.tf +++ b/examples/okta_group_roles/basic.tf @@ -1,6 +1,9 @@ resource "okta_group" "test" { name = "testAcc_replace_with_uuid" description = "testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group_roles" "test" { diff --git a/examples/okta_policy_rule_signon/factor_sequence.tf b/examples/okta_policy_rule_signon/factor_sequence.tf index b32420ced..dfe2fbddd 100644 --- a/examples/okta_policy_rule_signon/factor_sequence.tf +++ b/examples/okta_policy_rule_signon/factor_sequence.tf @@ -15,10 +15,15 @@ data "okta_behavior" "new_city" { } resource "okta_network_zone" "test" { - name = "testAcc_replace_with_uuid" - type = "IP" - gateways = ["1.2.3.4/24", "2.3.4.5-2.3.4.15"] - proxies = ["2.2.3.4/24", "3.3.4.5-3.3.4.15"] + name = "testAcc_replace_with_uuid" + type = "IP" + gateways = [ + "1.2.3.4/24", + "2.3.4.5-2.3.4.15"] + proxies = [ + "2.2.3.4/24", + "3.3.4.5-3.3.4.15"] + depends_on = [okta_policy_rule_signon.test] } resource "okta_policy_rule_signon" "test" { @@ -48,4 +53,22 @@ resource "okta_policy_rule_signon" "test" { primary_criteria_factor_type = "token:hotp" primary_criteria_provider = "CUSTOM" } + + depends_on = [ + okta_factor.okta_sms, + okta_factor.okta_email, + okta_factor.hotp] } + +resource "okta_factor" "okta_sms" { + provider_id = "okta_sms" +} + +resource "okta_factor" "okta_email" { + provider_id = "okta_email" +} + +resource "okta_factor" "hotp" { + provider_id = "hotp" +} + diff --git a/examples/okta_user/group_assigned.tf b/examples/okta_user/group_assigned.tf index 0e245227f..4edc4e35c 100644 --- a/examples/okta_user/group_assigned.tf +++ b/examples/okta_user/group_assigned.tf @@ -1,6 +1,9 @@ resource "okta_group" "test" { name = "TestACC-replace_with_uuid" description = "An acceptance test created group" + lifecycle { + ignore_changes = [users] + } } resource "okta_user" "test" { diff --git a/examples/okta_user/group_unassigned.tf b/examples/okta_user/group_unassigned.tf index 1efd1e834..9c5a4bec8 100644 --- a/examples/okta_user/group_unassigned.tf +++ b/examples/okta_user/group_unassigned.tf @@ -1,6 +1,9 @@ resource "okta_group" "test" { name = "TestACC-replace_with_uuid" description = "An acceptance test created group" + lifecycle { + ignore_changes = [users] + } } resource "okta_user" "test" { diff --git a/examples/okta_user_group_memberships/basic.tf b/examples/okta_user_group_memberships/basic.tf index 2f58270d9..a8075fd96 100644 --- a/examples/okta_user_group_memberships/basic.tf +++ b/examples/okta_user_group_memberships/basic.tf @@ -12,21 +12,33 @@ resource "okta_user" "test" { resource "okta_group" "test_1" { name = "testAcc_1_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group" "test_2" { name = "testAcc_2_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group" "test_3" { name = "testAcc_3_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group" "test_4" { name = "testAcc_4_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_user_group_memberships" "test" { diff --git a/examples/okta_user_group_memberships/basic_removal.tf b/examples/okta_user_group_memberships/basic_removal.tf index 11ca04e1d..5ccf2b2af 100644 --- a/examples/okta_user_group_memberships/basic_removal.tf +++ b/examples/okta_user_group_memberships/basic_removal.tf @@ -12,21 +12,33 @@ resource "okta_user" "test" { resource "okta_group" "test_1" { name = "testAcc_1_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group" "test_2" { name = "testAcc_2_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group" "test_3" { name = "testAcc_3_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group" "test_4" { name = "testAcc_4_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_user_group_memberships" "test" { diff --git a/examples/okta_user_group_memberships/basic_update.tf b/examples/okta_user_group_memberships/basic_update.tf index cda05c3c2..27b8bfb5b 100644 --- a/examples/okta_user_group_memberships/basic_update.tf +++ b/examples/okta_user_group_memberships/basic_update.tf @@ -12,21 +12,33 @@ resource "okta_user" "test" { resource "okta_group" "test_1" { name = "testAcc_1_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group" "test_2" { name = "testAcc_2_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group" "test_3" { name = "testAcc_3_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_group" "test_4" { name = "testAcc_4_replace_with_uuid" description = "testing, testing" + lifecycle { + ignore_changes = [users] + } } resource "okta_user_group_memberships" "test" { diff --git a/okta/resource_okta_user_test.go b/okta/resource_okta_user_test.go index 49fa563f3..6de5dae97 100644 --- a/okta/resource_okta_user_test.go +++ b/okta/resource_okta_user_test.go @@ -338,7 +338,7 @@ func TestAccOktaUser_validRole(t *testing.T) { Steps: []resource.TestStep{ { Config: testOktaUserConfigValidRole(rName), - ExpectError: regexp.MustCompile("'GROUP_ADMIN' is not a valid Okta role"), + ExpectError: regexp.MustCompile("expected value to be one of 'SUPER_ADMIN', 'ORG_ADMIN', 'API_ACCESS_MANAGEMENT_ADMIN', 'APP_ADMIN', 'USER_ADMIN', 'MOBILE_ADMIN', 'READ_ONLY_ADMIN', 'HELP_DESK_ADMIN', 'REPORT_ADMIN', 'GROUP_MEMBERSHIP_ADMIN', got 'GROUP_ADMIN'"), }, }, })