okta · bogdanprodan-okta · Oct 21, 2021 · Oct 21, 2021
diff --git a/examples/okta_auth_server_claim/datasource.tf b/examples/okta_auth_server_claim/datasource.tf
@@ -0,0 +1,10 @@
+resource "okta_auth_server" "test" {
+  name        = "testAcc_replace_with_uuid"
+  description = "test"
+  audiences   = ["whatever.rise.zone"]
+}
+
+data "okta_auth_server_claim" "test" {
+  auth_server_id = okta_auth_server.test.id
+  name           = "birthdate"
+}
diff --git a/examples/okta_auth_server_claim/datasource_create_auth_server.tf b/examples/okta_auth_server_claim/datasource_create_auth_server.tf
@@ -0,0 +1,5 @@
+resource "okta_auth_server" "test" {
+  name        = "testAcc_replace_with_uuid"
+  description = "test"
+  audiences   = ["whatever.rise.zone"]
+}
diff --git a/okta/data_source_okta_app_saml_metadata_test.go b/okta/data_source_okta_app_saml_metadata_test.go
@@ -9,7 +9,7 @@ import (
 
 func TestAccOktaDataSourceAppMetadataSaml_read(t *testing.T) {
 	ri := acctest.RandInt()
-	mgr := newFixtureManager("okta_app_metadata_saml")
+	mgr := newFixtureManager(appMetadataSaml)
 	config := mgr.GetFixtures("datasource.tf", ri, t)
 	resourceName := "data.okta_app_metadata_saml.test"
 

diff --git a/okta/data_source_okta_app_test.go b/okta/data_source_okta_app_test.go
@@ -10,7 +10,7 @@ import (
 
 func TestAccOktaDataSourceApp_read(t *testing.T) {
 	ri := acctest.RandInt()
-	mgr := newFixtureManager("okta_app")
+	mgr := newFixtureManager(app)
 	config := mgr.GetFixtures("datasource.tf", ri, t)
 	appCreate := buildTestApp(ri)
 

diff --git a/okta/data_source_okta_auth_server_claim.go b/okta/data_source_okta_auth_server_claim.go
@@ -0,0 +1,103 @@
+package okta
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/okta/okta-sdk-golang/v2/okta"
+)
+
+func dataSourceAuthServerClaim() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceAuthServerClaimRead,
+		Schema: map[string]*schema.Schema{
+			"auth_server_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Auth server ID",
+			},
+			"id": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				ConflictsWith: []string{"name"},
+			},
+			"name": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				ConflictsWith: []string{"id"},
+			},
+			"scopes": {
+				Type:        schema.TypeSet,
+				Computed:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Description: "Auth server claim list of scopes",
+			},
+			"status": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"value": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"value_type": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"claim_type": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"always_include_in_token": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceAuthServerClaimRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	id := d.Get("id").(string)
+	name := d.Get("name").(string)
+	if id == "" && name == "" {
+		return diag.Errorf("config must provide either 'id' or 'name' to retrieve the auth server claim")
+	}
+	var (
+		err   error
+		claim *okta.OAuth2Claim
+	)
+	if id != "" {
+		claim, _, err = getOktaClientFromMetadata(m).AuthorizationServer.GetOAuth2Claim(ctx, d.Get("auth_server_id").(string), id)
+	} else {
+		claim, err = getAuthServerClaimByName(ctx, m, d.Get("auth_server_id").(string), name)
+	}
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	d.SetId(claim.Id)
+	_ = d.Set("name", claim.Name)
+	_ = d.Set("status", claim.Status)
+	_ = d.Set("value", claim.Value)
+	_ = d.Set("value_type", claim.ValueType)
+	_ = d.Set("claim_type", claim.ClaimType)
+	_ = d.Set("always_include_in_token", claim.AlwaysIncludeInToken)
+	if claim.Conditions != nil && len(claim.Conditions.Scopes) > 0 {
+		_ = d.Set("scopes", convertStringSliceToSet(claim.Conditions.Scopes))
+	}
+	return nil
+}
+
+func getAuthServerClaimByName(ctx context.Context, m interface{}, authServerID, name string) (*okta.OAuth2Claim, error) {
+	claims, _, err := getOktaClientFromMetadata(m).AuthorizationServer.ListOAuth2Claims(ctx, authServerID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list authorization server claims: %v", err)
+	}
+	for i := range claims {
+		if claims[i].Name == name {
+			return claims[i], nil
+		}
+	}
+	return nil, fmt.Errorf("auth server claim with name '%s' does not exist", name)
+}
diff --git a/okta/data_source_okta_auth_server_claim_test.go b/okta/data_source_okta_auth_server_claim_test.go
@@ -0,0 +1,38 @@
+package okta
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccOktaDataSourceAuthServerClaim(t *testing.T) {
+	ri := acctest.RandInt()
+	mgr := newFixtureManager(authServerClaim)
+	config := mgr.GetFixtures("datasource.tf", ri, t)
+	createUser := mgr.GetFixtures("datasource_create_auth_server.tf", ri, t)
+	resourceName := fmt.Sprintf("data.%s.test", authServerClaim)
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		ProviderFactories: testAccProvidersFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: createUser,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("okta_auth_server.test", "id"),
+				),
+			},
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(resourceName, "id"),
+					resource.TestCheckResourceAttr(resourceName, "claim_type", "IDENTITY"),
+				),
+			},
+		},
+	})
+}
diff --git a/okta/data_source_okta_auth_server_claims.go b/okta/data_source_okta_auth_server_claims.go
@@ -0,0 +1,97 @@
+package okta
+
+import (
+	"context"
+	"fmt"
+	"hash/crc32"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/okta/okta-sdk-golang/v2/okta"
+)
+
+func dataSourceAuthServerClaims() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceAuthServerClaimsRead,
+		Schema: map[string]*schema.Schema{
+			"auth_server_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Auth server ID",
+			},
+			"claims": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"scopes": {
+							Type:     schema.TypeSet,
+							Computed: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
+						"status": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"value": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"value_type": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"claim_type": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"always_include_in_token": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceAuthServerClaimsRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	claims, _, err := getOktaClientFromMetadata(m).AuthorizationServer.ListOAuth2Claims(ctx, d.Get("auth_server_id").(string))
+	if err != nil {
+		return diag.Errorf("failed to list authorization server claims: %v", err)
+	}
+	var s string
+	arr := make([]map[string]interface{}, len(claims))
+	for i := range claims {
+		s += claims[i].Name
+		arr[i] = flattenClaim(claims[i])
+	}
+	_ = d.Set("claims", arr)
+	d.SetId(fmt.Sprintf("%s.%d", d.Get("auth_server_id").(string), crc32.ChecksumIEEE([]byte(s))))
+	return nil
+}
+
+func flattenClaim(c *okta.OAuth2Claim) map[string]interface{} {
+	m := map[string]interface{}{
+		"id":                      c.Id,
+		"name":                    c.Name,
+		"status":                  c.Status,
+		"value":                   c.Value,
+		"value_type":              c.ValueType,
+		"claim_type":              c.ClaimType,
+		"always_include_in_token": c.AlwaysIncludeInToken,
+	}
+	if c.Conditions != nil && len(c.Conditions.Scopes) > 0 {
+		m["scopes"] = convertStringSliceToSet(c.Conditions.Scopes)
+	}
+	return m
+}
diff --git a/okta/data_source_okta_auth_server_scopes_test.go b/okta/data_source_okta_auth_server_scopes_test.go
@@ -9,7 +9,7 @@ import (
 
 func TestAccOktaDataSourceAuthServerScopes(t *testing.T) {
 	ri := acctest.RandInt()
-	mgr := newFixtureManager("okta_auth_server_scopes")
+	mgr := newFixtureManager(authServerScopes)
 	config := mgr.GetFixtures("datasource.tf", ri, t)
 
 	resource.Test(t, resource.TestCase{

diff --git a/okta/data_source_okta_default_policy.go b/okta/data_source_okta_default_policy.go
@@ -10,7 +10,7 @@ import (
 )
 
 // data source to retrieve information on a Default Policy
-func dataSourceDefaultPolicies() *schema.Resource {
+func dataSourceDefaultPolicy() *schema.Resource {
 	return &schema.Resource{
 		ReadContext: dataSourceDefaultPolicyRead,
 		Schema: map[string]*schema.Schema{

diff --git a/okta/data_source_okta_group_test.go b/okta/data_source_okta_group_test.go
@@ -10,7 +10,7 @@ import (
 
 func TestAccOktaDataSourceGroup_read(t *testing.T) {
 	ri := acctest.RandInt()
-	mgr := newFixtureManager(oktaGroup)
+	mgr := newFixtureManager(group)
 	groupCreate := mgr.GetFixtures("okta_group.tf", ri, t)
 	config := mgr.GetFixtures("datasource.tf", ri, t)
 	configInvalid := mgr.GetFixtures("datasource_not_found.tf", ri, t)

diff --git a/okta/data_source_okta_groups_test.go b/okta/data_source_okta_groups_test.go
@@ -9,7 +9,7 @@ import (
 
 func TestAccOktaDataSourceGroups_read(t *testing.T) {
 	ri := acctest.RandInt()
-	mgr := newFixtureManager(oktaGroups)
+	mgr := newFixtureManager(groups)
 	groups := mgr.GetFixtures("okta_groups.tf", ri, t)
 	config := mgr.GetFixtures("datasource.tf", ri, t)
 	resource.Test(t, resource.TestCase{

diff --git a/okta/data_source_okta_idp_metadata_saml_test.go b/okta/data_source_okta_idp_metadata_saml_test.go
@@ -9,7 +9,7 @@ import (
 
 func TestAccOktaDataSourceIdpMetadataSaml_read(t *testing.T) {
 	ri := acctest.RandInt()
-	mgr := newFixtureManager("okta_idp_metadata_saml")
+	mgr := newFixtureManager(idpMetadataSaml)
 	config := mgr.GetFixtures("datasource.tf", ri, t)
 	resourceName := "data.okta_idp_metadata_saml.test"
 

diff --git a/okta/data_source_okta_user_test.go b/okta/data_source_okta_user_test.go
@@ -9,7 +9,7 @@ import (
 
 func TestAccOktaDataSourceUser_read(t *testing.T) {
 	ri := acctest.RandInt()
-	mgr := newFixtureManager(oktaUser)
+	mgr := newFixtureManager(user)
 	config := mgr.GetFixtures("datasource.tf", ri, t)
 	createUser := mgr.GetFixtures("datasource_create_user.tf", ri, t)
 

diff --git a/okta/data_source_okta_users_test.go b/okta/data_source_okta_users_test.go
@@ -9,7 +9,7 @@ import (
 
 func TestAccOktaDataSourceUsers_read(t *testing.T) {
 	ri := acctest.RandInt()
-	mgr := newFixtureManager("okta_users")
+	mgr := newFixtureManager(users)
 	users := mgr.GetFixtures("users.tf", ri, t)
 	config := mgr.GetFixtures("basic.tf", ri, t)