From 619b4b88f7ff531fb756ada0c4d18a0e6be32621 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Date: Tue, 1 Aug 2023 17:44:44 -0400 Subject: [PATCH 1/8] add support device assurance --- go.mod | 24 +- go.sum | 18 +- main.go | 42 +- okta/config.go | 69 ++- okta/framework_provider.go | 253 ++++++++++ okta/provider.go | 32 -- ...rce_okta_policy_device_assurance_androi.go | 383 +++++++++++++++ ...kta_policy_device_assurance_androi_test.go | 69 +++ ...e_okta_policy_device_assurance_chromeOS.go | 439 ++++++++++++++++++ ...source_okta_policy_device_assurance_iOS.go | 308 ++++++++++++ ...e_okta_policy_device_assurance_iOS_test.go | 45 ++ ...urce_okta_policy_device_assurance_macOS.go | 439 ++++++++++++++++++ ...rce_okta_policy_device_assurance_window.go | 416 +++++++++++++++++ 13 files changed, 2478 insertions(+), 59 deletions(-) create mode 100644 okta/framework_provider.go create mode 100644 okta/resource_okta_policy_device_assurance_androi.go create mode 100644 okta/resource_okta_policy_device_assurance_androi_test.go create mode 100644 okta/resource_okta_policy_device_assurance_chromeOS.go create mode 100644 okta/resource_okta_policy_device_assurance_iOS.go create mode 100644 okta/resource_okta_policy_device_assurance_iOS_test.go create mode 100644 okta/resource_okta_policy_device_assurance_macOS.go create mode 100644 okta/resource_okta_policy_device_assurance_window.go diff --git a/go.mod b/go.mod index 40dfe12a6..556b60167 100644 --- a/go.mod +++ b/go.mod @@ -12,6 +12,10 @@ require ( github.com/hashicorp/go-hclog v1.5.0 github.com/hashicorp/go-retryablehttp v0.7.4 github.com/hashicorp/terraform-plugin-docs v0.16.0 + github.com/hashicorp/terraform-plugin-framework v1.3.2 + github.com/hashicorp/terraform-plugin-framework-validators v0.10.0 + github.com/hashicorp/terraform-plugin-go v0.18.0 + github.com/hashicorp/terraform-plugin-mux v0.11.2 github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0 github.com/kelseyhightower/envconfig v1.4.0 github.com/okta/okta-sdk-golang/v3 v3.0.11 @@ -21,27 +25,21 @@ require ( gopkg.in/yaml.v3 v3.0.1 ) -require ( - github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect - github.com/cloudflare/circl v1.3.3 // indirect - github.com/go-jose/go-jose/v3 v3.0.0 // indirect - github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect - github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect - golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect -) - require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect github.com/Masterminds/sprig/v3 v3.2.2 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/armon/go-radix v1.0.0 // indirect github.com/beevik/etree v1.1.0 // indirect github.com/bgentry/speakeasy v0.1.0 // indirect + github.com/cloudflare/circl v1.3.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dnaeon/go-vcr v1.2.0 github.com/fatih/color v1.13.0 // indirect + github.com/go-jose/go-jose/v3 v3.0.0 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/uuid v1.3.0 // indirect @@ -56,7 +54,6 @@ require ( github.com/hashicorp/logutils v1.0.0 // indirect github.com/hashicorp/terraform-exec v0.18.1 // indirect github.com/hashicorp/terraform-json v0.17.1 // indirect - github.com/hashicorp/terraform-plugin-go v0.16.0 // indirect github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect github.com/hashicorp/terraform-registry-address v0.2.1 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect @@ -81,8 +78,11 @@ require ( github.com/shopspring/decimal v1.3.1 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect + github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect + github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/zclconf/go-cty v1.13.2 // indirect golang.org/x/crypto v0.10.0 // indirect + golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect golang.org/x/mod v0.11.0 // indirect golang.org/x/net v0.11.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect @@ -90,7 +90,7 @@ require ( golang.org/x/text v0.11.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect - google.golang.org/grpc v1.56.0 // indirect - google.golang.org/protobuf v1.30.0 // indirect + google.golang.org/grpc v1.56.1 // indirect + google.golang.org/protobuf v1.31.0 // indirect gopkg.in/yaml.v2 v2.3.0 // indirect ) diff --git a/go.sum b/go.sum index c6c9f0bce..caaa4c54a 100644 --- a/go.sum +++ b/go.sum @@ -198,10 +198,16 @@ github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQH github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o= github.com/hashicorp/terraform-plugin-docs v0.16.0 h1:UmxFr3AScl6Wged84jndJIfFccGyBZn52KtMNsS12dI= github.com/hashicorp/terraform-plugin-docs v0.16.0/go.mod h1:M3ZrlKBJAbPMtNOPwHicGi1c+hZUh7/g0ifT/z7TVfA= -github.com/hashicorp/terraform-plugin-go v0.16.0 h1:DSOQ0rz5FUiVO4NUzMs8ln9gsPgHMTsfns7Nk+6gPuE= -github.com/hashicorp/terraform-plugin-go v0.16.0/go.mod h1:4sn8bFuDbt+2+Yztt35IbOrvZc0zyEi87gJzsTgCES8= +github.com/hashicorp/terraform-plugin-framework v1.3.2 h1:aQ6GSD0CTnvoALEWvKAkcH/d8jqSE0Qq56NYEhCexUs= +github.com/hashicorp/terraform-plugin-framework v1.3.2/go.mod h1:oimsRAPJOYkZ4kY6xIGfR0PHjpHLDLaknzuptl6AvnY= +github.com/hashicorp/terraform-plugin-framework-validators v0.10.0 h1:4L0tmy/8esP6OcvocVymw52lY0HyQ5OxB7VNl7k4bS0= +github.com/hashicorp/terraform-plugin-framework-validators v0.10.0/go.mod h1:qdQJCdimB9JeX2YwOpItEu+IrfoJjWQ5PhLpAOMDQAE= +github.com/hashicorp/terraform-plugin-go v0.18.0 h1:IwTkOS9cOW1ehLd/rG0y+u/TGLK9y6fGoBjXVUquzpE= +github.com/hashicorp/terraform-plugin-go v0.18.0/go.mod h1:l7VK+2u5Kf2y+A+742GX0ouLut3gttudmvMgN0PA74Y= github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= +github.com/hashicorp/terraform-plugin-mux v0.11.2 h1:XMkAmWQN+6F+l4jwNeqdPom/8Vly6ZNDxHoKjiRHx5c= +github.com/hashicorp/terraform-plugin-mux v0.11.2/go.mod h1:qjoF/pI49rILSNQzKIuDtU+ZX9mpQD0B8YNE1GceLPc= github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0 h1:I8efBnjuDrgPjNF1MEypHy48VgcTIUY4X6rOFunrR3Y= github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0/go.mod h1:cUEP4ly/nxlHy5HzD6YRrHydtlheGvGRJDhiWqqVik4= github.com/hashicorp/terraform-registry-address v0.2.1 h1:QuTf6oJ1+WSflJw6WYOHhLgwUiQ0FrROpHPYFtwTYWM= @@ -586,8 +592,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE= -google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/grpc v1.56.1 h1:z0dNfjIl0VpaZ9iSVjA6daGatAYwPGstTjt5vkRMFkQ= +google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -600,8 +606,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/main.go b/main.go index 3cf02bce6..56299d6dc 100644 --- a/main.go +++ b/main.go @@ -2,8 +2,13 @@ package main import ( - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/v2/plugin" + "context" + "log" + + "github.com/hashicorp/terraform-plugin-framework/providerserver" + "github.com/hashicorp/terraform-plugin-go/tfprotov5" + "github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server" + "github.com/hashicorp/terraform-plugin-mux/tf5muxserver" "github.com/okta/terraform-provider-okta/okta" ) @@ -14,11 +19,32 @@ import ( //go:generate go run github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs func main() { - // Set descriptions to support Markdown syntax, - // this will be used in document generation. - schema.DescriptionKind = schema.StringMarkdown + var debug bool + providers := []func() tfprotov5.ProviderServer{ + // v2 plugin + okta.Provider().GRPCProvider, + // v3 plugin + providerserver.NewProtocol5(okta.NewFWProvider(okta.OktaTerraformProviderVersion)), + } + + // use the muxer + muxServer, err := tf5muxserver.NewMuxServer(context.Background(), providers...) + if err != nil { + log.Fatalf(err.Error()) + } + + var serveOpts []tf5server.ServeOpt + + if debug { + serveOpts = append(serveOpts, tf5server.WithManagedDebug()) + } - plugin.Serve(&plugin.ServeOpts{ - ProviderFunc: okta.Provider, - }) + err = tf5server.Serve( + "okta/okta", + muxServer.ProviderServer, + serveOpts..., + ) + if err != nil { + log.Fatal(err) + } } diff --git a/okta/config.go b/okta/config.go index 16ecfc6af..efb1ecc07 100644 --- a/okta/config.go +++ b/okta/config.go @@ -6,12 +6,15 @@ import ( "fmt" "net/http" "os" + "strconv" "strings" "time" "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-retryablehttp" + "github.com/hashicorp/terraform-plugin-framework/attr" + "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/logging" "github.com/okta/okta-sdk-golang/v3/okta" "github.com/okta/terraform-provider-okta/okta/internal/apimutex" @@ -19,7 +22,8 @@ import ( "github.com/okta/terraform-provider-okta/sdk" ) -const OktaTerraformProviderUserAgent = "okta-terraform/4.1.0" +const OktaTerraformProviderVersion = "4.1.0" +const OktaTerraformProviderUserAgent = "okta-terraform/" + OktaTerraformProviderVersion func (adt *AddHeaderTransport) RoundTrip(req *http.Request) (*http.Response, error) { req.Header.Add("User-Agent", "Okta Terraform Provider") @@ -125,6 +129,69 @@ func (c *Config) loadAndValidate(ctx context.Context) error { return nil } +func (c *Config) handleDefaults(ctx context.Context, data *FrameworkProviderData) error { + var err error + if data.OrgName.IsNull() && os.Getenv("OKTA_ORG_NAME") != "" { + data.OrgName = types.StringValue(os.Getenv("OKTA_ORG_NAME")) + } + if data.AccessToken.IsNull() && os.Getenv("OKTA_ACCESS_TOKEN") != "" { + data.AccessToken = types.StringValue(os.Getenv("OKTA_ACCESS_TOKEN")) + } + if data.APIToken.IsNull() && os.Getenv("OKTA_API_TOKEN") != "" { + data.APIToken = types.StringValue(os.Getenv("OKTA_API_TOKEN")) + } + if data.ClientID.IsNull() && os.Getenv("OKTA_API_CLIENT_ID") != "" { + data.ClientID = types.StringValue(os.Getenv("OKTA_API_CLIENT_ID")) + } + if data.Scopes.IsNull() && os.Getenv("OKTA_API_SCOPES") != "" { + v := os.Getenv("OKTA_API_SCOPES") + scopes := strings.Split(v, ",") + if len(scopes) > 0 { + scopesTF := make([]attr.Value, 0) + for _, scope := range scopes { + scopesTF = append(scopesTF, types.StringValue(scope)) + } + data.Scopes, _ = types.SetValue(types.StringType, scopesTF) + } + } + if data.PrivateKey.IsNull() && os.Getenv("OKTA_API_PRIVATE_KEY") != "" { + data.PrivateKey = types.StringValue(os.Getenv("OKTA_API_PRIVATE_KEY")) + } + if data.PrivateKeyID.IsNull() && os.Getenv("OKTA_API_PRIVATE_KEY_ID") != "" { + data.PrivateKeyID = types.StringValue(os.Getenv("OKTA_API_PRIVATE_KEY_ID")) + } + if data.BaseURL.IsNull() { + if os.Getenv("OKTA_BASE_URL") != "" { + data.BaseURL = types.StringValue(os.Getenv("OKTA_API_PRIVATE_KEY_ID")) + } else { + data.BaseURL = types.StringValue("okta.com") + } + } + if data.HTTPProxy.IsNull() && os.Getenv("OKTA_HTTP_PROXY") != "" { + data.HTTPProxy = types.StringValue(os.Getenv("OKTA_HTTP_PROXY")) + } + if data.MaxAPICapacity.IsNull() { + if os.Getenv("MAX_API_CAPACITY") != "" { + mac, err := strconv.ParseInt(os.Getenv("MAX_API_CAPACITY"), 10, 64) + if err != nil { + return err + } + data.MaxAPICapacity = types.Int64Value(mac) + } else { + data.MaxAPICapacity = types.Int64Value(100) + } + } + data.Backoff = types.BoolValue(true) + data.MinWaitSeconds = types.Int64Value(30) + data.MaxWaitSeconds = types.Int64Value(300) + data.MaxRetries = types.Int64Value(5) + data.Parallelism = types.Int64Value(1) + data.LogLevel = types.Int64Value(int64(hclog.Error)) + data.RequestTimeout = types.Int64Value(0) + + return err +} + func providerLogger(c *Config) hclog.Logger { logLevel := hclog.Level(c.logLevel) if os.Getenv("TF_LOG") != "" { diff --git a/okta/framework_provider.go b/okta/framework_provider.go new file mode 100644 index 000000000..76a5f1769 --- /dev/null +++ b/okta/framework_provider.go @@ -0,0 +1,253 @@ +package okta + +import ( + "context" + "strings" + + "github.com/hashicorp/terraform-plugin-framework-validators/int64validator" + "github.com/hashicorp/terraform-plugin-framework-validators/setvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/provider" + "github.com/hashicorp/terraform-plugin-framework/provider/schema" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" +) + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ provider.Provider = &FrameworkProvider{} +) + +// New is a helper function to simplify provider server and testing implementation. +func NewFWProvider(version string) provider.Provider { + return &FrameworkProvider{} +} + +type FrameworkProvider struct { + Config + Version string +} + +type FrameworkProviderData struct { + OrgName types.String `tfsdk:"org_name"` + AccessToken types.String `tfsdk:"access_token"` + APIToken types.String `tfsdk:"api_token"` + ClientID types.String `tfsdk:"client_id"` + Scopes types.Set `tfsdk:"scopes"` + PrivateKey types.String `tfsdk:"private_key"` + PrivateKeyID types.String `tfsdk:"private_key_id"` + BaseURL types.String `tfsdk:"base_url"` + HTTPProxy types.String `tfsdk:"http_proxy"` + Backoff types.Bool `tfsdk:"backoff"` + MinWaitSeconds types.Int64 `tfsdk:"min_wait_seconds"` + MaxWaitSeconds types.Int64 `tfsdk:"max_wait_seconds"` + MaxRetries types.Int64 `tfsdk:"max_retries"` + Parallelism types.Int64 `tfsdk:"parallelism"` + LogLevel types.Int64 `tfsdk:"log_level"` + MaxAPICapacity types.Int64 `tfsdk:"max_api_capacity"` + RequestTimeout types.Int64 `tfsdk:"request_timeout"` +} + +// Metadata returns the provider type name. +func (p *FrameworkProvider) Metadata(_ context.Context, _ provider.MetadataRequest, resp *provider.MetadataResponse) { + resp.TypeName = "okta" + resp.Version = p.Version +} + +// Schema defines the provider-level schema for configuration data. +func (p *FrameworkProvider) Schema(_ context.Context, _ provider.SchemaRequest, resp *provider.SchemaResponse) { + resp.Schema = schema.Schema{ + Attributes: map[string]schema.Attribute{ + "org_name": schema.StringAttribute{ + Optional: true, + Description: "The organization to manage in Okta.", + }, + "access_token": schema.StringAttribute{ + Optional: true, + Description: "Bearer token granting privileges to Okta API.", + Validators: []validator.String{ + stringvalidator.ConflictsWith(path.Expressions{ + path.MatchRoot("api_token"), + path.MatchRoot("client_id"), + path.MatchRoot("scopes"), + path.MatchRoot("private_key"), + }...), + }, + }, + "api_token": schema.StringAttribute{ + Optional: true, + Description: "API Token granting privileges to Okta API.", + Validators: []validator.String{ + stringvalidator.ConflictsWith(path.Expressions{ + path.MatchRoot("access_token"), + path.MatchRoot("client_id"), + path.MatchRoot("scopes"), + path.MatchRoot("private_key"), + }...), + }, + }, + "client_id": schema.StringAttribute{ + Optional: true, + Description: "API Token granting privileges to Okta API.", + Validators: []validator.String{ + stringvalidator.ConflictsWith(path.Expressions{ + path.MatchRoot("access_token"), + path.MatchRoot("api_token"), + }...), + }, + }, + "scopes": schema.SetAttribute{ + Optional: true, + Description: "API Token granting privileges to Okta API.", + ElementType: types.StringType, + Validators: []validator.Set{ + setvalidator.ConflictsWith(path.Expressions{ + path.MatchRoot("access_token"), + path.MatchRoot("api_token"), + }...), + }, + }, + "private_key": schema.StringAttribute{ + Optional: true, + Description: "API Token granting privileges to Okta API.", + Validators: []validator.String{ + stringvalidator.ConflictsWith(path.Expressions{ + path.MatchRoot("access_token"), + path.MatchRoot("api_token"), + }...), + }, + }, + "private_key_id": schema.StringAttribute{ + Optional: true, + Description: "API Token Id granting privileges to Okta API.", + Validators: []validator.String{ + stringvalidator.ConflictsWith(path.Expressions{ + path.MatchRoot("api_token"), + }...), + }, + }, + "base_url": schema.StringAttribute{ + Optional: true, + Description: "The Okta url. (Use 'oktapreview.com' for Okta testing)", + }, + "http_proxy": schema.StringAttribute{ + Optional: true, + Description: "Alternate HTTP proxy of scheme://hostname or scheme://hostname:port format", + }, + "backoff": schema.BoolAttribute{ + Optional: true, + Description: "Use exponential back off strategy for rate limits.", + }, + "min_wait_seconds": schema.Int64Attribute{ + Optional: true, + Description: "minimum seconds to wait when rate limit is hit. We use exponential backoffs when backoff is enabled.", + }, + "max_wait_seconds": schema.Int64Attribute{ + Optional: true, + Description: "maximum seconds to wait when rate limit is hit. We use exponential backoffs when backoff is enabled.", + }, + "max_retries": schema.Int64Attribute{ + Optional: true, + Description: "maximum number of retries to attempt before erroring out.", + Validators: []validator.Int64{ + int64validator.AtMost(100), + }, + }, + "parallelism": schema.Int64Attribute{ + Optional: true, + Description: "Number of concurrent requests to make within a resource where bulk operations are not possible. Take note of https://developer.okta.com/docs/api/getting_started/rate-limits.", + }, + "log_level": schema.Int64Attribute{ + Optional: true, + Description: "providers log level. Minimum is 1 (TRACE), and maximum is 5 (ERROR)", + Validators: []validator.Int64{ + int64validator.AtLeast(1), + int64validator.AtMost(5), + }, + }, + "max_api_capacity": schema.Int64Attribute{ + Optional: true, + Description: "(Experimental) sets what percentage of capacity the provider can use of the total rate limit " + + "capacity while making calls to the Okta management API endpoints. Okta API operates in one minute buckets. " + + "See Okta Management API Rate Limits: https://developer.okta.com/docs/reference/rl-global-mgmt/", + Validators: []validator.Int64{ + int64validator.AtLeast(1), + int64validator.AtMost(100), + }, + }, + "request_timeout": schema.Int64Attribute{ + Optional: true, + Description: "Timeout for single request (in seconds) which is made to Okta, the default is `0` (means no limit is set). The maximum value can be `300`.", + Validators: []validator.Int64{ + int64validator.AtLeast(0), + int64validator.AtMost(300), + }, + }, + }, + } +} + +func (p *FrameworkProvider) Configure(ctx context.Context, req provider.ConfigureRequest, resp *provider.ConfigureResponse) { + // Retrieve provider data from configuration + var data FrameworkProviderData + resp.Diagnostics.Append(req.Config.Get(ctx, &data)...) + if resp.Diagnostics.HasError() { + return + } + + err := p.handleDefaults(ctx, &data) + if err != nil { + resp.Diagnostics.AddError("failed to load default value to provider", err.Error()) + return + } + + p.orgName = data.OrgName.ValueString() + p.accessToken = data.AccessToken.ValueString() + p.apiToken = data.APIToken.ValueString() + p.clientID = data.ClientID.ValueString() + p.privateKey = data.PrivateKey.ValueString() + p.privateKeyId = data.PrivateKeyID.ValueString() + p.domain = data.BaseURL.ValueString() + p.maxAPICapacity = int(data.MaxWaitSeconds.ValueInt64()) + p.backoff = data.Backoff.ValueBool() + p.minWait = int(data.MinWaitSeconds.ValueInt64()) + p.maxWait = int(data.MaxRetries.ValueInt64()) + p.retryCount = int(data.MaxRetries.ValueInt64()) + p.parallelism = int(data.Parallelism.ValueInt64()) + p.logLevel = int(data.LogLevel.ValueInt64()) + p.requestTimeout = int(data.RequestTimeout.ValueInt64()) + scopes := data.Scopes.String() + sanitizeScope := scopes[1 : len(scopes)-1] + p.scopes = strings.Split(sanitizeScope, ",") + if !data.HTTPProxy.IsNull() { + p.httpProxy = data.HTTPProxy.ValueString() + } + + err = p.loadAndValidate(ctx) + if err != nil { + resp.Diagnostics.AddError("failed to load default value to provider", err.Error()) + return + } + + resp.DataSourceData = &p.Config + resp.ResourceData = &p.Config +} + +// DataSources defines the data sources implemented in the provider. +func (p *FrameworkProvider) DataSources(_ context.Context) []func() datasource.DataSource { + return nil +} + +// DataSources defines the data sources implemented in the provider. +func (p *FrameworkProvider) Resources(_ context.Context) []func() resource.Resource { + return []func() resource.Resource{ + NewPolicyDeviceAssuranceAndroidResource, + NewPolicyDeviceAssuranceIOSResource, + NewPolicyDeviceAssuranceChromeOSResource, + NewPolicyDeviceAssuranceMacOSResource, + NewPolicyDeviceAssuranceWindowsResource, + } +} diff --git a/okta/provider.go b/okta/provider.go index 94b0b57a1..ca8b7f8b4 100644 --- a/okta/provider.go +++ b/okta/provider.go @@ -10,7 +10,6 @@ import ( "time" "github.com/cenkalti/backoff" - "github.com/hashicorp/go-hclog" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -139,27 +138,23 @@ func Provider() *schema.Provider { "org_name": { Type: schema.TypeString, Optional: true, - DefaultFunc: schema.EnvDefaultFunc("OKTA_ORG_NAME", nil), Description: "The organization to manage in Okta.", }, "access_token": { Type: schema.TypeString, Optional: true, - DefaultFunc: schema.EnvDefaultFunc("OKTA_ACCESS_TOKEN", nil), Description: "Bearer token granting privileges to Okta API.", ConflictsWith: []string{"api_token", "client_id", "scopes", "private_key"}, }, "api_token": { Type: schema.TypeString, Optional: true, - DefaultFunc: schema.EnvDefaultFunc("OKTA_API_TOKEN", nil), Description: "API Token granting privileges to Okta API.", ConflictsWith: []string{"access_token", "client_id", "scopes", "private_key"}, }, "client_id": { Type: schema.TypeString, Optional: true, - DefaultFunc: schema.EnvDefaultFunc("OKTA_API_CLIENT_ID", nil), Description: "API Token granting privileges to Okta API.", ConflictsWith: []string{"access_token", "api_token"}, }, @@ -167,71 +162,60 @@ func Provider() *schema.Provider { Type: schema.TypeSet, Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, - DefaultFunc: envDefaultSetFunc("OKTA_API_SCOPES", nil), Description: "API Token granting privileges to Okta API.", ConflictsWith: []string{"access_token", "api_token"}, }, "private_key": { Optional: true, Type: schema.TypeString, - DefaultFunc: schema.EnvDefaultFunc("OKTA_API_PRIVATE_KEY", nil), Description: "API Token granting privileges to Okta API.", ConflictsWith: []string{"access_token", "api_token"}, }, "private_key_id": { Optional: true, Type: schema.TypeString, - DefaultFunc: schema.EnvDefaultFunc("OKTA_API_PRIVATE_KEY_ID", nil), Description: "API Token Id granting privileges to Okta API.", ConflictsWith: []string{"api_token"}, }, "base_url": { Type: schema.TypeString, Optional: true, - DefaultFunc: schema.EnvDefaultFunc("OKTA_BASE_URL", "okta.com"), Description: "The Okta url. (Use 'oktapreview.com' for Okta testing)", }, "http_proxy": { Type: schema.TypeString, Optional: true, - DefaultFunc: schema.EnvDefaultFunc("OKTA_HTTP_PROXY", ""), Description: "Alternate HTTP proxy of scheme://hostname or scheme://hostname:port format", }, "backoff": { Type: schema.TypeBool, Optional: true, - Default: true, Description: "Use exponential back off strategy for rate limits.", }, "min_wait_seconds": { Type: schema.TypeInt, Optional: true, - Default: 30, Description: "minimum seconds to wait when rate limit is hit. We use exponential backoffs when backoff is enabled.", }, "max_wait_seconds": { Type: schema.TypeInt, Optional: true, - Default: 300, Description: "maximum seconds to wait when rate limit is hit. We use exponential backoffs when backoff is enabled.", }, "max_retries": { Type: schema.TypeInt, Optional: true, - Default: 5, ValidateDiagFunc: intAtMost(100), Description: "maximum number of retries to attempt before erroring out.", }, "parallelism": { Type: schema.TypeInt, Optional: true, - Default: 1, Description: "Number of concurrent requests to make within a resource where bulk operations are not possible. Take note of https://developer.okta.com/docs/api/getting_started/rate-limits.", }, "log_level": { Type: schema.TypeInt, Optional: true, - Default: int(hclog.Error), ValidateDiagFunc: intBetween(1, 5), Description: "providers log level. Minimum is 1 (TRACE), and maximum is 5 (ERROR)", }, @@ -239,7 +223,6 @@ func Provider() *schema.Provider { Type: schema.TypeInt, Optional: true, ValidateDiagFunc: intBetween(1, 100), - DefaultFunc: schema.EnvDefaultFunc("MAX_API_CAPACITY", 100), Description: "(Experimental) sets what percentage of capacity the provider can use of the total rate limit " + "capacity while making calls to the Okta management API endpoints. Okta API operates in one minute buckets. " + "See Okta Management API Rate Limits: https://developer.okta.com/docs/reference/rl-global-mgmt/", @@ -247,7 +230,6 @@ func Provider() *schema.Provider { "request_timeout": { Type: schema.TypeInt, Optional: true, - Default: 0, ValidateDiagFunc: intBetween(0, 300), Description: "Timeout for single request (in seconds) which is made to Okta, the default is `0` (means no limit is set). The maximum value can be `300`.", }, @@ -432,20 +414,6 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{} // This is a global MutexKV for use within this plugin. var oktaMutexKV = mutexkv.NewMutexKV() -func envDefaultSetFunc(k string, dv interface{}) schema.SchemaDefaultFunc { - return func() (interface{}, error) { - if v := os.Getenv(k); v != "" { - stringList := strings.Split(v, ",") - arr := make([]interface{}, len(stringList)) - for i := range stringList { - arr[i] = stringList[i] - } - return arr, nil - } - return dv, nil - } -} - func isClassicOrg(ctx context.Context, m interface{}) bool { if config, ok := m.(*Config); ok && config.IsClassicOrg(ctx) { return true diff --git a/okta/resource_okta_policy_device_assurance_androi.go b/okta/resource_okta_policy_device_assurance_androi.go new file mode 100644 index 000000000..b88ce050e --- /dev/null +++ b/okta/resource_okta_policy_device_assurance_androi.go @@ -0,0 +1,383 @@ +package okta + +import ( + "context" + "fmt" + + "github.com/hashicorp/terraform-plugin-framework-validators/boolvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/setvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/diag" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/okta/okta-sdk-golang/v3/okta" +) + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ resource.Resource = &policyDeviceAssuranceAndroidResource{} + _ resource.ResourceWithConfigure = &policyDeviceAssuranceAndroidResource{} + // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} +) + +func NewPolicyDeviceAssuranceAndroidResource() resource.Resource { + return &policyDeviceAssuranceAndroidResource{} +} + +type policyDeviceAssuranceAndroidResource struct { + *Config +} + +type policyDeviceAssuranceAndroidResourceModel struct { + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Platform types.String `tfsdk:"platform"` + DiskEncryptionType []types.String `tfsdk:"disk_encryption_type"` + JailBreak types.Bool `tfsdk:"jailbreak"` + OsVersion types.String `tfsdk:"os_version"` + SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` + ScreenLockType []types.String `tfsdk:"screenlock_type"` + CreateDate types.String `tfsdk:"created_date"` + CreateBy types.String `tfsdk:"created_by"` + LastUpdate types.String `tfsdk:"last_update"` + LastUpdatedBy types.String `tfsdk:"last_updated_by"` +} + +func (r *policyDeviceAssuranceAndroidResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_policy_device_assurance_android" +} + +func (r *policyDeviceAssuranceAndroidResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + Description: "Manages device assurance on policy", + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + Description: "Policy assurance id", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "name": schema.StringAttribute{ + Description: "Policy device assurance name", + Required: true, + }, + "platform": schema.StringAttribute{ + Description: "Policy device assurance platform", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + // use set to avoid order change as v3 does not have diff suppress func + "disk_encryption_type": schema.SetAttribute{ + Description: "List of disk encryption type, can be FULL, USER", + Optional: true, + ElementType: types.StringType, + Validators: []validator.Set{ + setvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("jailbreak"), + path.MatchRoot("os_version"), + path.MatchRoot("secure_hardware_present"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "jailbreak": schema.BoolAttribute{ + Description: "The device jailbreak. Only for android and iOS platform", + Optional: true, + Validators: []validator.Bool{ + boolvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("os_version"), + path.MatchRoot("secure_hardware_present"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "os_version": schema.StringAttribute{ + Description: "The device os minimum version", + Optional: true, + Validators: []validator.String{ + stringvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("jailbreak"), + path.MatchRoot("secure_hardware_present"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "secure_hardware_present": schema.BoolAttribute{ + Description: "Indicates if the device constains a secure hardware functionality", + Optional: true, + Validators: []validator.Bool{ + boolvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("jailbreak"), + path.MatchRoot("os_version"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "screenlock_type": schema.SetAttribute{ + Description: "List of screenlock type, can be BIOMETRIC, PASSCODE", + Optional: true, + ElementType: types.StringType, + Validators: []validator.Set{ + setvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("jailbreak"), + path.MatchRoot("os_version"), + path.MatchRoot("secure_hardware_present"), + }...), + }, + }, + "created_date": schema.StringAttribute{ + Description: "Created date", + Computed: true, + }, + "created_by": schema.StringAttribute{ + Description: "Created by", + Computed: true, + }, + "last_update": schema.StringAttribute{ + Description: "Last update", + Computed: true, + }, + "last_updated_by": schema.StringAttribute{ + Description: "Last updated by", + Computed: true, + }, + }, + } +} + +// Configure adds the provider configured client to the resource. +func (r *policyDeviceAssuranceAndroidResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + p, ok := req.ProviderData.(*Config) + if !ok { + resp.Diagnostics.AddError( + "Unexpected Resource Configure Type", + fmt.Sprintf("Expected *Config, got: %T. Please report this issue to the provider developers.", req.ProviderData), + ) + return + } + + r.Config = p +} + +func (r *policyDeviceAssuranceAndroidResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var state policyDeviceAssuranceAndroidResourceModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + + reqBody, err := buildDeviceAssuranceAndroidPolicyRequest(state) + if err != nil { + resp.Diagnostics.AddError( + "failed to build device assurance request", + err.Error(), + ) + return + } + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.CreateDeviceAssurancePolicy(ctx).DeviceAssurance(reqBody).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to create device assurance", + err.Error(), + ) + return + } + + // TODU need to do additional read? + resp.Diagnostics.Append(mapDeviceAssuranceAndroidToState(deviceAssurance, &state)...) + if resp.Diagnostics.HasError() { + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +func (r *policyDeviceAssuranceAndroidResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state policyDeviceAssuranceAndroidResourceModel + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.GetDeviceAssurancePolicy(ctx, state.ID.ValueString()).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to read device assurance", + err.Error(), + ) + return + } + + resp.Diagnostics.Append(mapDeviceAssuranceAndroidToState(deviceAssurance, &state)...) + if resp.Diagnostics.HasError() { + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +func (r *policyDeviceAssuranceAndroidResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state policyDeviceAssuranceAndroidResourceModel + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + + _, err := r.v3Client.DeviceAssuranceApi.DeleteDeviceAssurancePolicy(ctx, state.ID.ValueString()).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to delete device assurance", + err.Error(), + ) + return + } +} + +func (r *policyDeviceAssuranceAndroidResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var state policyDeviceAssuranceAndroidResourceModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + + reqBody, err := buildDeviceAssuranceAndroidPolicyRequest(state) + if err != nil { + resp.Diagnostics.AddError( + "failed to build device assurance request", + err.Error(), + ) + return + } + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.ReplaceDeviceAssurancePolicy(ctx, state.ID.ValueString()).DeviceAssurance(reqBody).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to create device assurance", + err.Error(), + ) + return + } + + // TODU need to do additional read? + resp.Diagnostics.Append(mapDeviceAssuranceAndroidToState(deviceAssurance, &state)...) + if resp.Diagnostics.HasError() { + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +func buildDeviceAssuranceAndroidPolicyRequest(model policyDeviceAssuranceAndroidResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, error) { + var android = &okta.DeviceAssuranceAndroidPlatform{} + android.SetName(model.Name.ValueString()) + android.SetPlatform(okta.PLATFORM_ANDROID) + if len(model.DiskEncryptionType) > 0 { + diskEncryptionType := make([]okta.DiskEncryptionType, 0) + for _, det := range model.DiskEncryptionType { + v, err := okta.NewDiskEncryptionTypeFromValue(det.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceAndroidPlatform: android}, err + } + diskEncryptionType = append(diskEncryptionType, *v) + } + android.DiskEncryptionType = &okta.DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType{Include: diskEncryptionType} + } + android.Jailbreak = model.JailBreak.ValueBoolPointer() + if !model.OsVersion.IsNull() { + android.OsVersion = &okta.OSVersion{Minimum: model.OsVersion.ValueStringPointer()} + } + if len(model.ScreenLockType) > 0 { + screenlockType := make([]okta.ScreenLockType, 0) + for _, det := range model.ScreenLockType { + v, err := okta.NewScreenLockTypeFromValue(det.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceAndroidPlatform: android}, err + } + screenlockType = append(screenlockType, *v) + } + android.ScreenLockType = &okta.DeviceAssuranceAndroidPlatformAllOfScreenLockType{Include: screenlockType} + } + android.SecureHardwarePresent = model.SecureHardwarePresent.ValueBoolPointer() + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceAndroidPlatform: android}, nil +} + +// Map response body to schema +func mapDeviceAssuranceAndroidToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state *policyDeviceAssuranceAndroidResourceModel) diag.Diagnostics { + var diags diag.Diagnostics + state.ID = types.StringValue(data.DeviceAssuranceAndroidPlatform.GetId()) + state.Name = types.StringValue(data.DeviceAssuranceAndroidPlatform.GetName()) + state.Platform = types.StringValue(string(data.DeviceAssuranceAndroidPlatform.GetPlatform())) + + if _, ok := data.DeviceAssuranceAndroidPlatform.GetJailbreakOk(); ok { + state.JailBreak = types.BoolValue(data.DeviceAssuranceAndroidPlatform.GetJailbreak()) + } + if _, ok := data.DeviceAssuranceAndroidPlatform.GetSecureHardwarePresentOk(); ok { + state.SecureHardwarePresent = types.BoolValue(data.DeviceAssuranceAndroidPlatform.GetSecureHardwarePresent()) + } + if _, ok := data.DeviceAssuranceAndroidPlatform.GetOsVersionOk(); ok { + state.OsVersion = types.StringValue(data.DeviceAssuranceAndroidPlatform.OsVersion.GetMinimum()) + } + if _, ok := data.DeviceAssuranceAndroidPlatform.DiskEncryptionType.GetIncludeOk(); ok { + diskEncryptionType := make([]types.String, 0) + for _, det := range data.DeviceAssuranceAndroidPlatform.DiskEncryptionType.GetInclude() { + diskEncryptionType = append(diskEncryptionType, types.StringValue(string(det))) + } + state.DiskEncryptionType = diskEncryptionType + } + if _, ok := data.DeviceAssuranceAndroidPlatform.ScreenLockType.GetIncludeOk(); ok { + screenLockType := make([]types.String, 0) + for _, slt := range data.DeviceAssuranceAndroidPlatform.ScreenLockType.GetInclude() { + screenLockType = append(screenLockType, types.StringValue(string(slt))) + } + state.ScreenLockType = screenLockType + } + + state.CreateDate = types.StringValue(string(data.DeviceAssuranceAndroidPlatform.GetCreatedDate())) + state.CreateBy = types.StringValue(string(data.DeviceAssuranceAndroidPlatform.GetCreatedBy())) + state.LastUpdate = types.StringValue(string(data.DeviceAssuranceAndroidPlatform.GetLastUpdate())) + state.LastUpdatedBy = types.StringValue(string(data.DeviceAssuranceAndroidPlatform.GetLastUpdatedBy())) + return diags +} + +// // TODU types.List +// res := model.ScreenLockType.Elements() +// z := make([]string, 0) +// for _, r := range res { +// z = append(z, r.String()) +// } +// // TODU []types.String +// z := make([]string, 0) +// for _, r := range model.ScreenLockType { +// z = append(z, r.ValueString()) +// } +// // TODU []string +// z := make([]string, 0) +// for _, r := range model.ScreenLockType { +// z = append(z, r) +// } diff --git a/okta/resource_okta_policy_device_assurance_androi_test.go b/okta/resource_okta_policy_device_assurance_androi_test.go new file mode 100644 index 000000000..d59cbc533 --- /dev/null +++ b/okta/resource_okta_policy_device_assurance_androi_test.go @@ -0,0 +1,69 @@ +package okta + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-framework/providerserver" + "github.com/hashicorp/terraform-plugin-go/tfprotov6" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +const ( + // providerConfig is a shared configuration to combine with the actual + // test configuration so the HashiCups client is properly configured. + // It is also possible to use the HASHICUPS_ environment variables instead, + // such as updating the Makefile and running the testing through that tool. + providerConfig = ` +` +) + +var ( + // testAccProtoV6ProviderFactories are used to instantiate a provider during + // acceptance testing. The factory function will be invoked for every Terraform + // CLI command executed to create a provider server to which the CLI can + // reattach. + testAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){ + "okta": providerserver.NewProtocol6WithError(NewFWProvider("test")), + } +) + +func TestAccPolicyDeviceAssuranceAndroid(t *testing.T) { + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: providerConfig + ` + resource okta_policy_device_assurance_android test{ + name = "test" + os_version = "12" + disk_encryption_type = toset(["FULL", "USER"]) + jailbreak = false + secure_hardware_present = true + screenlock_type = toset(["BIOMETRIC"]) + }`, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("okta_policy_device_assurance_android.test", "name", "test"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_android.test", "os_version", "12"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_android.test", "jailbreak", "false"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_android.test", "secure_hardware_present", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_android.test", "disk_encryption_type.#", "2"), + ), + }, + { + Config: providerConfig + ` + resource okta_policy_device_assurance_android test{ + name = "test" + os_version = "13" + disk_encryption_type = toset(["FULL", "USER"]) + jailbreak = false + secure_hardware_present = true + screenlock_type = toset(["BIOMETRIC"]) + }`, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("okta_policy_device_assurance_android.test", "name", "test"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_android.test", "os_version", "13"), + ), + }, + }, + }) +} diff --git a/okta/resource_okta_policy_device_assurance_chromeOS.go b/okta/resource_okta_policy_device_assurance_chromeOS.go new file mode 100644 index 000000000..f8993868c --- /dev/null +++ b/okta/resource_okta_policy_device_assurance_chromeOS.go @@ -0,0 +1,439 @@ +package okta + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-framework-validators/boolvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/attr" + "github.com/hashicorp/terraform-plugin-framework/diag" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/okta/okta-sdk-golang/v3/okta" +) + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ resource.Resource = &policyDeviceAssuranceChromeOSResource{} + // _ resource.ResourceWithConfigure = &policyDeviceAssuranceResource{} + // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} +) + +func NewPolicyDeviceAssuranceChromeOSResource() resource.Resource { + return &policyDeviceAssuranceChromeOSResource{} +} + +type policyDeviceAssuranceChromeOSResource struct { + v3Client *okta.APIClient +} + +type policyDeviceAssuranceChromeOSResourceModel struct { + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Platform types.String `tfsdk:"platform"` + DiskEncryptionType types.List `tfsdk:"disk_encryption_type"` + JailBreak types.Bool `tfsdk:"jailbreak"` + OsVersion types.String `tfsdk:"os_version"` + SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` + ScreenLockType types.List `tfsdk:"screenlock_type"` + // TODU + ThirdPartySignalProviders thirdPartySignalProvidersChromeOS `tfsdk:"third_party_signal_providers"` + CreateDate types.String `tfsdk:"created_date"` + CreateBy types.String `tfsdk:"created_by"` + LastUpdate types.String `tfsdk:"last_update"` + LastUpdatedBy types.String `tfsdk:"last_updated_by"` +} + +type thirdPartySignalProvidersChromeOS struct { + AllowScreenLock types.Bool `tfsdk:"allow_screen_lock"` + BrowserVersion types.String `tfsdk:"browser_version, omitempty"` + BuiltInDNSClientEnabled types.Bool `tfsdk:"builtin_dns_client_enabled"` + ChromeRemoteDesktopAppBlocked types.Bool `tfsdk:"chrome_remote_desktop_app_blocked"` + CrowdStrikeAgentID types.String `tfsdk:"crowd_strike_agent_id"` + CrowdStrikeCustomerID types.String `tfsdk:"crowd_strike_customer_id"` + DeviceEnrollementDomain types.String `tfsdk:"device_enrollement_domain"` + DiskEncrypted types.Bool `tfsdk:"disk_encrypted"` + KeyTrustLevel types.String `tfsdk:"key_trust_level"` + OsFirewall types.Bool `tfsdk:"os_firewall"` + OsVersion types.String `tfsdk:"os_version"` + PasswordProctectionWarningTrigger types.String `tfsdk:"password_proctection_warning_trigger"` + RealtimeURLCheckMode types.Bool `tfsdk:"realtime_url_check_mode"` + SafeBrowsingProtectionLevel types.String `tfsdk:"safe_browsing_protection_level"` + ScreenLockSecured types.Bool `tfsdk:"screen_lock_secured"` + SecureBootEnabled types.Bool `tfsdk:"secure_boot_enabled"` + SiteIsolationEnabled types.Bool `tfsdk:"site_isolation_enabled"` + ThirdPartyBlockingEnabled types.Bool `tfsdk:"third_party_blocking_enabled"` + WindowMachineDomain types.String `tfsdk:"window_machine_domain"` + WindowUserDomain types.String `tfsdk:"window_user_domain"` +} + +func (r *policyDeviceAssuranceChromeOSResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_policy_device_assurance_chromeOS" +} + +// TODU different requirement for request and response? +// TODU validation +func (r *policyDeviceAssuranceChromeOSResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + Description: "Manages device assurance on policy", + Attributes: map[string]schema.Attribute{ + // TODU needed? + "id": schema.StringAttribute{ + Description: "Policy assurance id", + Computed: true, + PlanModifiers: []planmodifier.String{ + // TODU + stringplanmodifier.UseStateForUnknown(), + }, + }, + "name": schema.StringAttribute{ + Description: "Policy device assurance name", + Required: true, + }, + "platform": schema.StringAttribute{ + Description: "Policy device assurance platform, can be ANDROID, CHROMEOS, IOS, MACOS or WINDOWS", + Required: true, + }, + "disk_encryption_type": schema.ListAttribute{ + Description: "List of disk encryption type, can be ALL_INTERNAL_VOLUMES, FULL, or USER", + Optional: true, + ElementType: types.StringType, + Validators: []validator.List{ + listvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("jail_break"), + path.MatchRoot("os_version"), + path.MatchRoot("secure_hardware_present"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "jail_break": schema.BoolAttribute{ + Description: "The device jailbreak. Only for android and iOS platform", + Optional: true, + Validators: []validator.Bool{ + boolvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("os_version"), + path.MatchRoot("secure_hardware_present"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "os_version": schema.StringAttribute{ + Description: "The device os version", + Optional: true, + Validators: []validator.String{ + stringvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("jail_break"), + path.MatchRoot("secure_hardware_present"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "secure_hardware_present": schema.BoolAttribute{ + Description: "Indicates if the device constains a secure hardware functionality", + Optional: true, + Validators: []validator.Bool{ + boolvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("jail_break"), + path.MatchRoot("os_version"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "screenlock_type": schema.ListAttribute{ + Description: "List of screenlock type", + Optional: true, + ElementType: types.StringType, + Validators: []validator.List{ + listvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("jail_break"), + path.MatchRoot("os_version"), + path.MatchRoot("secure_hardware_present"), + }...), + }, + }, + "third_party_signal_providers": schema.ObjectAttribute{ + Description: "Settings for third-party signal providers. Required for ChromeOS platform, optional for others", + Optional: true, + AttributeTypes: map[string]attr.Type{ + // TODU chromeOS only + "allow_screen_lock": types.BoolType, + "browser_version": types.StringType, + "builtin_dns_client_enabled": types.BoolType, + "chrome_remote_desktop_app_blocked": types.BoolType, + // TODU window only + "crowd_strike_agent_id": types.StringType, + // TODU window only + "crowd_strike_customer_id": types.StringType, + "device_enrollement_domain": types.StringType, + "disk_encrypted": types.BoolType, + "key_trust_level": types.StringType, + "os_firewall": types.BoolType, + "os_version": types.StringType, + "password_proctection_warning_trigger": types.StringType, + "realtime_url_check_mode": types.BoolType, + "safe_browsing_protection_level": types.StringType, + "screen_lock_secured": types.BoolType, + // TODU window only + "secure_boot_enabled": types.BoolType, + "site_isolation_enabled": types.BoolType, + // TODU window only + "third_party_blocking_enabled": types.BoolType, + // TODU window only + "window_machine_domain": types.StringType, + // TODU window only + "window_user_domain": types.StringType, + }, + }, + "created_date": schema.StringAttribute{ + Description: "Created date", + Computed: true, + }, + "created_by": schema.StringAttribute{ + Description: "Created by", + Computed: true, + }, + "last_update": schema.StringAttribute{ + Description: "Last update", + Computed: true, + }, + "last_updated_by": schema.StringAttribute{ + Description: "Last updated by", + Computed: true, + }, + }, + } +} + +// TODU +func (r *policyDeviceAssuranceChromeOSResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var state policyDeviceAssuranceChromeOSResourceModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + // reqBody, err := buildDeviceAssurancePolicyRequest(state) + // if err != nil { + // resp.Diagnostics.AddError( + // "failed to build device assurance request", + // err.Error(), + // ) + // return + // } + reqBody, diag := buildDeviceAssuranceChromeOSPolicyRequest(state) + resp.Diagnostics.Append(diag) + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.CreateDeviceAssurancePolicy(ctx).DeviceAssurance(reqBody).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to create device assurance", + err.Error(), + ) + return + } + // TODU need to do additional read? + resp.Diagnostics.Append(mapDeviceAssuranceChromeOSToState(deviceAssurance, state)...) + if resp.Diagnostics.HasError() { + return + } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +// TODU +func (r *policyDeviceAssuranceChromeOSResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state policyDeviceAssuranceChromeOSResourceModel + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + _, err := r.v3Client.DeviceAssuranceApi.DeleteDeviceAssurancePolicy(ctx, state.ID.String()).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to delete device assurance", + err.Error(), + ) + return + } +} + +// TODU +func (r *policyDeviceAssuranceChromeOSResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state policyDeviceAssuranceChromeOSResourceModel + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.GetDeviceAssurancePolicy(ctx, state.ID.String()).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to read device assurance", + err.Error(), + ) + return + } + resp.Diagnostics.Append(mapDeviceAssuranceChromeOSToState(deviceAssurance, state)...) + if resp.Diagnostics.HasError() { + return + } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +// TODU +func (r *policyDeviceAssuranceChromeOSResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var state policyDeviceAssuranceChromeOSResourceModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + // reqBody, err := buildDeviceAssurancePolicyRequest(state) + // if err != nil { + // resp.Diagnostics.AddError( + // "failed to build device assurance request", + // err.Error(), + // ) + // return + // } + reqBody, diag := buildDeviceAssuranceChromeOSPolicyRequest(state) + resp.Diagnostics.Append(diag) + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.ReplaceDeviceAssurancePolicy(ctx, state.ID.String()).DeviceAssurance(reqBody).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to create device assurance", + err.Error(), + ) + return + } + // TODU need to do additional read? + resp.Diagnostics.Append(mapDeviceAssuranceChromeOSToState(deviceAssurance, state)...) + if resp.Diagnostics.HasError() { + return + } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +// TODU +// func buildDeviceAssurancePolicyRequest(model policyDeviceAssuranceResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, error) { +// var android = &okta.DeviceAssuranceAndroidPlatform{} +// var iOS = &okta.DeviceAssuranceIOSPlatform{} +// var chromeOS = &okta.DeviceAssuranceChromeOSPlatform{} +// var macOS = &okta.DeviceAssuranceMacOSPlatform{} +// var windows = &okta.DeviceAssuranceWindowsPlatform{} +// switch model.Platform.ValueString() { +// case string(okta.PLATFORM_ANDROID): +// android.SetName(model.Name.ValueString()) +// android.SetPlatform(okta.Platform(model.Platform.ValueString())) +// case string(okta.PLATFORM_IOS): +// iOS.SetName(model.Name.String()) +// iOS.SetPlatform(okta.Platform(model.Platform.String())) +// case string(okta.PLATFORM_CHROMEOS): +// chromeOS.SetName(model.Name.String()) +// chromeOS.SetPlatform(okta.Platform(model.Platform.String())) +// tsp := okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{} +// tsp.Dtc.SetAllowScreenLock(model.ThirdPartySignalProviders.AllowScreenLock.ValueBool()) +// tsp.Dtc.SetBrowserVersion(okta.ChromeBrowserVersion{Minimum: model.ThirdPartySignalProviders.BrowserVersion.ValueStringPointer()}) +// tsp.Dtc.SetBuiltInDnsClientEnabled(model.ThirdPartySignalProviders.BuiltInDNSClientEnabled.ValueBool()) +// tsp.Dtc.SetChromeRemoteDesktopAppBlocked(model.ThirdPartySignalProviders.ChromeRemoteDesktopAppBlocked.ValueBool()) +// tsp.Dtc.SetDeviceEnrollmentDomain(model.ThirdPartySignalProviders.DeviceEnrollementDomain.ValueString()) +// tsp.Dtc.SetDiskEnrypted(model.ThirdPartySignalProviders.DiskEncrypted.ValueBool()) +// tsp.Dtc.SetKeyTrustLevel(okta.KeyTrustLevelOSMode(model.ThirdPartySignalProviders.KeyTrustLevel.ValueString())) +// tsp.Dtc.SetOsFirewall(model.ThirdPartySignalProviders.OsFirewall.ValueBool()) +// tsp.Dtc.SetOsVersion(okta.OSVersion{Minimum: model.ThirdPartySignalProviders.OsVersion.ValueStringPointer()}) +// tsp.Dtc.SetPasswordProtectionWarningTrigger(okta.PasswordProtectionWarningTrigger(model.ThirdPartySignalProviders.PasswordProctectionWarningTrigger.ValueString())) +// tsp.Dtc.SetRealtimeUrlCheckMode(model.ThirdPartySignalProviders.RealtimeURLCheckMode.ValueBool()) +// tsp.Dtc.SetSafeBrowsingProtectionLevel(okta.SafeBrowsingProtectionLevel(model.ThirdPartySignalProviders.SafeBrowsingProtectionLevel.ValueString())) +// tsp.Dtc.SetScreenLockSecured(model.ThirdPartySignalProviders.ScreenLockSecured.ValueBool()) +// tsp.Dtc.SetSiteIsolationEnabled(model.ThirdPartySignalProviders.SiteIsolationEnabled.ValueBool()) +// chromeOS.SetThirdPartySignalProviders(tsp) +// case string(okta.PLATFORM_MACOS): +// macOS.SetName(model.Name.String()) +// macOS.SetPlatform(okta.Platform(model.Platform.String())) +// case string(okta.PLATFORM_WINDOWS): +// windows.SetName(model.Name.String()) +// windows.SetPlatform(okta.Platform(model.Platform.String())) +// default: +// return okta.ListDeviceAssurancePolicies200ResponseInner{}, errors.New("unidentified platform") +// } +// return okta.ListDeviceAssurancePolicies200ResponseInner{ +// DeviceAssuranceAndroidPlatform: android, +// DeviceAssuranceIOSPlatform: iOS, +// DeviceAssuranceChromeOSPlatform: chromeOS, +// DeviceAssuranceMacOSPlatform: macOS, +// DeviceAssuranceWindowsPlatform: windows, +// }, nil +// } + +func buildDeviceAssuranceChromeOSPolicyRequest(model policyDeviceAssuranceChromeOSResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, diag.Diagnostic) { + var android = &okta.DeviceAssuranceAndroidPlatform{} + var iOS = &okta.DeviceAssuranceIOSPlatform{} + var chromeOS = &okta.DeviceAssuranceChromeOSPlatform{} + var macOS = &okta.DeviceAssuranceMacOSPlatform{} + var windows = &okta.DeviceAssuranceWindowsPlatform{} + switch model.Platform.ValueString() { + case string(okta.PLATFORM_ANDROID): + android.SetName(model.Name.ValueString()) + android.SetPlatform(okta.Platform(model.Platform.ValueString())) + case string(okta.PLATFORM_IOS): + iOS.SetName(model.Name.String()) + iOS.SetPlatform(okta.Platform(model.Platform.String())) + case string(okta.PLATFORM_CHROMEOS): + chromeOS.SetName(model.Name.String()) + chromeOS.SetPlatform(okta.Platform(model.Platform.String())) + tsp := okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{} + tsp.Dtc.SetAllowScreenLock(model.ThirdPartySignalProviders.AllowScreenLock.ValueBool()) + tsp.Dtc.SetBrowserVersion(okta.ChromeBrowserVersion{Minimum: model.ThirdPartySignalProviders.BrowserVersion.ValueStringPointer()}) + tsp.Dtc.SetBuiltInDnsClientEnabled(model.ThirdPartySignalProviders.BuiltInDNSClientEnabled.ValueBool()) + tsp.Dtc.SetChromeRemoteDesktopAppBlocked(model.ThirdPartySignalProviders.ChromeRemoteDesktopAppBlocked.ValueBool()) + tsp.Dtc.SetDeviceEnrollmentDomain(model.ThirdPartySignalProviders.DeviceEnrollementDomain.ValueString()) + tsp.Dtc.SetDiskEnrypted(model.ThirdPartySignalProviders.DiskEncrypted.ValueBool()) + tsp.Dtc.SetKeyTrustLevel(okta.KeyTrustLevelOSMode(model.ThirdPartySignalProviders.KeyTrustLevel.ValueString())) + tsp.Dtc.SetOsFirewall(model.ThirdPartySignalProviders.OsFirewall.ValueBool()) + tsp.Dtc.SetOsVersion(okta.OSVersion{Minimum: model.ThirdPartySignalProviders.OsVersion.ValueStringPointer()}) + tsp.Dtc.SetPasswordProtectionWarningTrigger(okta.PasswordProtectionWarningTrigger(model.ThirdPartySignalProviders.PasswordProctectionWarningTrigger.ValueString())) + tsp.Dtc.SetRealtimeUrlCheckMode(model.ThirdPartySignalProviders.RealtimeURLCheckMode.ValueBool()) + tsp.Dtc.SetSafeBrowsingProtectionLevel(okta.SafeBrowsingProtectionLevel(model.ThirdPartySignalProviders.SafeBrowsingProtectionLevel.ValueString())) + tsp.Dtc.SetScreenLockSecured(model.ThirdPartySignalProviders.ScreenLockSecured.ValueBool()) + tsp.Dtc.SetSiteIsolationEnabled(model.ThirdPartySignalProviders.SiteIsolationEnabled.ValueBool()) + chromeOS.SetThirdPartySignalProviders(tsp) + case string(okta.PLATFORM_MACOS): + macOS.SetName(model.Name.String()) + macOS.SetPlatform(okta.Platform(model.Platform.String())) + case string(okta.PLATFORM_WINDOWS): + windows.SetName(model.Name.String()) + windows.SetPlatform(okta.Platform(model.Platform.String())) + default: + return okta.ListDeviceAssurancePolicies200ResponseInner{}, diag.NewErrorDiagnostic("unidentified platform ", model.Platform.ValueString()) + } + return okta.ListDeviceAssurancePolicies200ResponseInner{ + DeviceAssuranceAndroidPlatform: android, + DeviceAssuranceIOSPlatform: iOS, + DeviceAssuranceChromeOSPlatform: chromeOS, + DeviceAssuranceMacOSPlatform: macOS, + DeviceAssuranceWindowsPlatform: windows, + }, nil +} + +// Map response body to schema +func mapDeviceAssuranceChromeOSToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state policyDeviceAssuranceChromeOSResourceModel) diag.Diagnostics { + var diags diag.Diagnostics + return diags +} diff --git a/okta/resource_okta_policy_device_assurance_iOS.go b/okta/resource_okta_policy_device_assurance_iOS.go new file mode 100644 index 000000000..9f47470b6 --- /dev/null +++ b/okta/resource_okta_policy_device_assurance_iOS.go @@ -0,0 +1,308 @@ +package okta + +import ( + "context" + "fmt" + + "github.com/hashicorp/terraform-plugin-framework-validators/boolvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/setvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/diag" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/okta/okta-sdk-golang/v3/okta" +) + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ resource.Resource = &policyDeviceAssuranceIOSResource{} + _ resource.ResourceWithConfigure = &policyDeviceAssuranceIOSResource{} + // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} +) + +func NewPolicyDeviceAssuranceIOSResource() resource.Resource { + return &policyDeviceAssuranceIOSResource{} +} + +type policyDeviceAssuranceIOSResource struct { + *Config +} + +type policyDeviceAssuranceIOSResourceModel struct { + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Platform types.String `tfsdk:"platform"` + JailBreak types.Bool `tfsdk:"jailbreak"` + OsVersion types.String `tfsdk:"os_version"` + ScreenLockType []types.String `tfsdk:"screenlock_type"` + CreateDate types.String `tfsdk:"created_date"` + CreateBy types.String `tfsdk:"created_by"` + LastUpdate types.String `tfsdk:"last_update"` + LastUpdatedBy types.String `tfsdk:"last_updated_by"` +} + +func (r *policyDeviceAssuranceIOSResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_policy_device_assurance_ios" +} + +func (r *policyDeviceAssuranceIOSResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + Description: "Manages device assurance on policy", + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + Description: "Policy assurance id", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "name": schema.StringAttribute{ + Description: "Policy device assurance name", + Required: true, + }, + "platform": schema.StringAttribute{ + Description: "Policy device assurance platform", + Computed: true, + }, + "jailbreak": schema.BoolAttribute{ + Description: "The device jailbreak. Only for android and iOS platform", + Optional: true, + Validators: []validator.Bool{ + boolvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("os_version"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "os_version": schema.StringAttribute{ + Description: "The device os minimum version", + Optional: true, + Validators: []validator.String{ + stringvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("jailbreak"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "screenlock_type": schema.SetAttribute{ + Description: "List of screenlock type, can be BIOMETRIC and PASSCODE", + Optional: true, + ElementType: types.StringType, + Validators: []validator.Set{ + setvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("jailbreak"), + path.MatchRoot("os_version"), + }...), + }, + }, + "created_date": schema.StringAttribute{ + Description: "Created date", + Computed: true, + }, + "created_by": schema.StringAttribute{ + Description: "Created by", + Computed: true, + }, + "last_update": schema.StringAttribute{ + Description: "Last update", + Computed: true, + }, + "last_updated_by": schema.StringAttribute{ + Description: "Last updated by", + Computed: true, + }, + }, + } +} + +// Configure adds the provider configured client to the resource. +func (r *policyDeviceAssuranceIOSResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + p, ok := req.ProviderData.(*Config) + if !ok { + resp.Diagnostics.AddError( + "Unexpected Resource Configure Type", + fmt.Sprintf("Expected *Config, got: %T. Please report this issue to the provider developers.", req.ProviderData), + ) + return + } + + r.Config = p +} + +func (r *policyDeviceAssuranceIOSResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var state policyDeviceAssuranceIOSResourceModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + + reqBody, err := buildDeviceAssuranceIOSPolicyRequest(state) + if err != nil { + resp.Diagnostics.AddError( + "failed to build device assurance request", + err.Error(), + ) + return + } + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.CreateDeviceAssurancePolicy(ctx).DeviceAssurance(reqBody).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to create device assurance", + err.Error(), + ) + return + } + + // TODU need to do additional read? + resp.Diagnostics.Append(mapDeviceAssuranceIOSToState(deviceAssurance, &state)...) + if resp.Diagnostics.HasError() { + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +func (r *policyDeviceAssuranceIOSResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state policyDeviceAssuranceIOSResourceModel + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.GetDeviceAssurancePolicy(ctx, state.ID.ValueString()).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to read device assurance", + err.Error(), + ) + return + } + + resp.Diagnostics.Append(mapDeviceAssuranceIOSToState(deviceAssurance, &state)...) + if resp.Diagnostics.HasError() { + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +func (r *policyDeviceAssuranceIOSResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state policyDeviceAssuranceIOSResourceModel + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + + _, err := r.v3Client.DeviceAssuranceApi.DeleteDeviceAssurancePolicy(ctx, state.ID.ValueString()).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to delete device assurance", + err.Error(), + ) + return + } +} + +func (r *policyDeviceAssuranceIOSResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var state policyDeviceAssuranceIOSResourceModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + + reqBody, err := buildDeviceAssuranceIOSPolicyRequest(state) + if err != nil { + resp.Diagnostics.AddError( + "failed to build device assurance request", + err.Error(), + ) + return + } + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.ReplaceDeviceAssurancePolicy(ctx, state.ID.ValueString()).DeviceAssurance(reqBody).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to create device assurance", + err.Error(), + ) + return + } + + // TODU need to do additional read? + resp.Diagnostics.Append(mapDeviceAssuranceIOSToState(deviceAssurance, &state)...) + if resp.Diagnostics.HasError() { + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +func buildDeviceAssuranceIOSPolicyRequest(model policyDeviceAssuranceIOSResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, error) { + var iOS = &okta.DeviceAssuranceIOSPlatform{} + iOS.SetName(model.Name.ValueString()) + iOS.SetPlatform(okta.PLATFORM_IOS) + + iOS.Jailbreak = model.JailBreak.ValueBoolPointer() + if !model.OsVersion.IsNull() { + iOS.OsVersion = &okta.OSVersion{Minimum: model.OsVersion.ValueStringPointer()} + } + if len(model.ScreenLockType) > 0 { + screenlockType := make([]okta.ScreenLockType, 0) + for _, det := range model.ScreenLockType { + v, err := okta.NewScreenLockTypeFromValue(det.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceIOSPlatform: iOS}, err + } + screenlockType = append(screenlockType, *v) + } + iOS.ScreenLockType = &okta.DeviceAssuranceAndroidPlatformAllOfScreenLockType{Include: screenlockType} + } + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceIOSPlatform: iOS}, nil +} + +// Map response body to schema +func mapDeviceAssuranceIOSToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state *policyDeviceAssuranceIOSResourceModel) diag.Diagnostics { + var diags diag.Diagnostics + state.ID = types.StringValue(data.DeviceAssuranceIOSPlatform.GetId()) + state.Name = types.StringValue(data.DeviceAssuranceIOSPlatform.GetName()) + state.Platform = types.StringValue(string(data.DeviceAssuranceIOSPlatform.GetPlatform())) + + if _, ok := data.DeviceAssuranceIOSPlatform.GetJailbreakOk(); ok { + state.JailBreak = types.BoolValue(data.DeviceAssuranceIOSPlatform.GetJailbreak()) + } + if _, ok := data.DeviceAssuranceIOSPlatform.GetOsVersionOk(); ok { + state.OsVersion = types.StringValue(data.DeviceAssuranceIOSPlatform.OsVersion.GetMinimum()) + } + if _, ok := data.DeviceAssuranceIOSPlatform.ScreenLockType.GetIncludeOk(); ok { + screenLockType := make([]types.String, 0) + for _, slt := range data.DeviceAssuranceIOSPlatform.ScreenLockType.GetInclude() { + screenLockType = append(screenLockType, types.StringValue(string(slt))) + } + state.ScreenLockType = screenLockType + } + + state.CreateDate = types.StringValue(string(data.DeviceAssuranceIOSPlatform.GetCreatedDate())) + state.CreateBy = types.StringValue(string(data.DeviceAssuranceIOSPlatform.GetCreatedBy())) + state.LastUpdate = types.StringValue(string(data.DeviceAssuranceIOSPlatform.GetLastUpdate())) + state.LastUpdatedBy = types.StringValue(string(data.DeviceAssuranceIOSPlatform.GetLastUpdatedBy())) + return diags +} diff --git a/okta/resource_okta_policy_device_assurance_iOS_test.go b/okta/resource_okta_policy_device_assurance_iOS_test.go new file mode 100644 index 000000000..3356ea56e --- /dev/null +++ b/okta/resource_okta_policy_device_assurance_iOS_test.go @@ -0,0 +1,45 @@ +package okta + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccPolicyDeviceAssuranceIOS(t *testing.T) { + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: providerConfig + ` + resource okta_policy_device_assurance_ios test{ + name = "test" + os_version = "12.4.5" + jailbreak = false + screenlock_type = toset(["BIOMETRIC"]) + }`, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("okta_policy_device_assurance_ios.test", "name", "test"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_ios.test", "os_version", "12.4.5"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_ios.test", "jailbreak", "false"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_ios.test", "screenlock_type.#", "1"), + ), + }, + { + Config: providerConfig + ` + resource okta_policy_device_assurance_ios test{ + name = "test" + os_version = "12.4.6" + jailbreak = false + screenlock_type = toset(["BIOMETRIC", "PASSCODE"]) + }`, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("okta_policy_device_assurance_ios.test", "name", "test"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_ios.test", "os_version", "12.4.6"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_ios.test", "screenlock_type.#", "2"), + resource.TestCheckResourceAttrSet("okta_policy_device_assurance_ios.test", "jailbreak"), + ), + }, + }, + }) +} diff --git a/okta/resource_okta_policy_device_assurance_macOS.go b/okta/resource_okta_policy_device_assurance_macOS.go new file mode 100644 index 000000000..abb5bcc61 --- /dev/null +++ b/okta/resource_okta_policy_device_assurance_macOS.go @@ -0,0 +1,439 @@ +package okta + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-framework-validators/boolvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/attr" + "github.com/hashicorp/terraform-plugin-framework/diag" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/okta/okta-sdk-golang/v3/okta" +) + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ resource.Resource = &policyDeviceAssuranceMacOSResource{} + // _ resource.ResourceWithConfigure = &policyDeviceAssuranceResource{} + // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} +) + +func NewPolicyDeviceAssuranceMacOSResource() resource.Resource { + return &policyDeviceAssuranceMacOSResource{} +} + +type policyDeviceAssuranceMacOSResource struct { + v3Client *okta.APIClient +} + +type policyDeviceAssuranceMacOSResourceModel struct { + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Platform types.String `tfsdk:"platform"` + DiskEncryptionType types.List `tfsdk:"disk_encryption_type"` + JailBreak types.Bool `tfsdk:"jailbreak"` + OsVersion types.String `tfsdk:"os_version"` + SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` + ScreenLockType types.List `tfsdk:"screenlock_type"` + // TODU + ThirdPartySignalProviders thirdPartySignalProviders `tfsdk:"third_party_signal_providers"` + CreateDate types.String `tfsdk:"created_date"` + CreateBy types.String `tfsdk:"created_by"` + LastUpdate types.String `tfsdk:"last_update"` + LastUpdatedBy types.String `tfsdk:"last_updated_by"` +} + +type thirdPartySignalProviders struct { + AllowScreenLock types.Bool `tfsdk:"allow_screen_lock"` + BrowserVersion types.String `tfsdk:"browser_version, omitempty"` + BuiltInDNSClientEnabled types.Bool `tfsdk:"builtin_dns_client_enabled"` + ChromeRemoteDesktopAppBlocked types.Bool `tfsdk:"chrome_remote_desktop_app_blocked"` + CrowdStrikeAgentID types.String `tfsdk:"crowd_strike_agent_id"` + CrowdStrikeCustomerID types.String `tfsdk:"crowd_strike_customer_id"` + DeviceEnrollementDomain types.String `tfsdk:"device_enrollement_domain"` + DiskEncrypted types.Bool `tfsdk:"disk_encrypted"` + KeyTrustLevel types.String `tfsdk:"key_trust_level"` + OsFirewall types.Bool `tfsdk:"os_firewall"` + OsVersion types.String `tfsdk:"os_version"` + PasswordProctectionWarningTrigger types.String `tfsdk:"password_proctection_warning_trigger"` + RealtimeURLCheckMode types.Bool `tfsdk:"realtime_url_check_mode"` + SafeBrowsingProtectionLevel types.String `tfsdk:"safe_browsing_protection_level"` + ScreenLockSecured types.Bool `tfsdk:"screen_lock_secured"` + SecureBootEnabled types.Bool `tfsdk:"secure_boot_enabled"` + SiteIsolationEnabled types.Bool `tfsdk:"site_isolation_enabled"` + ThirdPartyBlockingEnabled types.Bool `tfsdk:"third_party_blocking_enabled"` + WindowMachineDomain types.String `tfsdk:"window_machine_domain"` + WindowUserDomain types.String `tfsdk:"window_user_domain"` +} + +func (r *policyDeviceAssuranceMacOSResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_policy_device_assurance_macOS" +} + +// TODU different requirement for request and response? +// TODU validation +func (r *policyDeviceAssuranceMacOSResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + Description: "Manages device assurance on policy", + Attributes: map[string]schema.Attribute{ + // TODU needed? + "id": schema.StringAttribute{ + Description: "Policy assurance id", + Computed: true, + PlanModifiers: []planmodifier.String{ + // TODU + stringplanmodifier.UseStateForUnknown(), + }, + }, + "name": schema.StringAttribute{ + Description: "Policy device assurance name", + Required: true, + }, + "platform": schema.StringAttribute{ + Description: "Policy device assurance platform, can be ANDROID, CHROMEOS, IOS, MACOS or WINDOWS", + Required: true, + }, + "disk_encryption_type": schema.ListAttribute{ + Description: "List of disk encryption type, can be ALL_INTERNAL_VOLUMES, FULL, or USER", + Optional: true, + ElementType: types.StringType, + Validators: []validator.List{ + listvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("jail_break"), + path.MatchRoot("os_version"), + path.MatchRoot("secure_hardware_present"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "jail_break": schema.BoolAttribute{ + Description: "The device jailbreak. Only for android and iOS platform", + Optional: true, + Validators: []validator.Bool{ + boolvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("os_version"), + path.MatchRoot("secure_hardware_present"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "os_version": schema.StringAttribute{ + Description: "The device os version", + Optional: true, + Validators: []validator.String{ + stringvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("jail_break"), + path.MatchRoot("secure_hardware_present"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "secure_hardware_present": schema.BoolAttribute{ + Description: "Indicates if the device constains a secure hardware functionality", + Optional: true, + Validators: []validator.Bool{ + boolvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("jail_break"), + path.MatchRoot("os_version"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "screenlock_type": schema.ListAttribute{ + Description: "List of screenlock type", + Optional: true, + ElementType: types.StringType, + Validators: []validator.List{ + listvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("jail_break"), + path.MatchRoot("os_version"), + path.MatchRoot("secure_hardware_present"), + }...), + }, + }, + "third_party_signal_providers": schema.ObjectAttribute{ + Description: "Settings for third-party signal providers. Required for ChromeOS platform, optional for others", + Optional: true, + AttributeTypes: map[string]attr.Type{ + // TODU chromeOS only + "allow_screen_lock": types.BoolType, + "browser_version": types.StringType, + "builtin_dns_client_enabled": types.BoolType, + "chrome_remote_desktop_app_blocked": types.BoolType, + // TODU window only + "crowd_strike_agent_id": types.StringType, + // TODU window only + "crowd_strike_customer_id": types.StringType, + "device_enrollement_domain": types.StringType, + "disk_encrypted": types.BoolType, + "key_trust_level": types.StringType, + "os_firewall": types.BoolType, + "os_version": types.StringType, + "password_proctection_warning_trigger": types.StringType, + "realtime_url_check_mode": types.BoolType, + "safe_browsing_protection_level": types.StringType, + "screen_lock_secured": types.BoolType, + // TODU window only + "secure_boot_enabled": types.BoolType, + "site_isolation_enabled": types.BoolType, + // TODU window only + "third_party_blocking_enabled": types.BoolType, + // TODU window only + "window_machine_domain": types.StringType, + // TODU window only + "window_user_domain": types.StringType, + }, + }, + "created_date": schema.StringAttribute{ + Description: "Created date", + Computed: true, + }, + "created_by": schema.StringAttribute{ + Description: "Created by", + Computed: true, + }, + "last_update": schema.StringAttribute{ + Description: "Last update", + Computed: true, + }, + "last_updated_by": schema.StringAttribute{ + Description: "Last updated by", + Computed: true, + }, + }, + } +} + +// TODU +func (r *policyDeviceAssuranceMacOSResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var state policyDeviceAssuranceMacOSResourceModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + // reqBody, err := buildDeviceAssurancePolicyRequest(state) + // if err != nil { + // resp.Diagnostics.AddError( + // "failed to build device assurance request", + // err.Error(), + // ) + // return + // } + reqBody, diag := buildDeviceAssuranceMacOSPolicyRequest(state) + resp.Diagnostics.Append(diag) + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.CreateDeviceAssurancePolicy(ctx).DeviceAssurance(reqBody).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to create device assurance", + err.Error(), + ) + return + } + // TODU need to do additional read? + resp.Diagnostics.Append(mapDeviceAssuranceMacOSToState(deviceAssurance, state)...) + if resp.Diagnostics.HasError() { + return + } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +// TODU +func (r *policyDeviceAssuranceMacOSResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state policyDeviceAssuranceMacOSResourceModel + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + _, err := r.v3Client.DeviceAssuranceApi.DeleteDeviceAssurancePolicy(ctx, state.ID.String()).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to delete device assurance", + err.Error(), + ) + return + } +} + +// TODU +func (r *policyDeviceAssuranceMacOSResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state policyDeviceAssuranceMacOSResourceModel + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.GetDeviceAssurancePolicy(ctx, state.ID.String()).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to read device assurance", + err.Error(), + ) + return + } + resp.Diagnostics.Append(mapDeviceAssuranceMacOSToState(deviceAssurance, state)...) + if resp.Diagnostics.HasError() { + return + } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +// TODU +func (r *policyDeviceAssuranceMacOSResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var state policyDeviceAssuranceMacOSResourceModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + // reqBody, err := buildDeviceAssurancePolicyRequest(state) + // if err != nil { + // resp.Diagnostics.AddError( + // "failed to build device assurance request", + // err.Error(), + // ) + // return + // } + reqBody, diag := buildDeviceAssuranceMacOSPolicyRequest(state) + resp.Diagnostics.Append(diag) + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.ReplaceDeviceAssurancePolicy(ctx, state.ID.String()).DeviceAssurance(reqBody).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to create device assurance", + err.Error(), + ) + return + } + // TODU need to do additional read? + resp.Diagnostics.Append(mapDeviceAssuranceMacOSToState(deviceAssurance, state)...) + if resp.Diagnostics.HasError() { + return + } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +// TODU +// func buildDeviceAssurancePolicyRequest(model policyDeviceAssuranceResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, error) { +// var android = &okta.DeviceAssuranceAndroidPlatform{} +// var iOS = &okta.DeviceAssuranceIOSPlatform{} +// var chromeOS = &okta.DeviceAssuranceChromeOSPlatform{} +// var macOS = &okta.DeviceAssuranceMacOSPlatform{} +// var windows = &okta.DeviceAssuranceWindowsPlatform{} +// switch model.Platform.ValueString() { +// case string(okta.PLATFORM_ANDROID): +// android.SetName(model.Name.ValueString()) +// android.SetPlatform(okta.Platform(model.Platform.ValueString())) +// case string(okta.PLATFORM_IOS): +// iOS.SetName(model.Name.String()) +// iOS.SetPlatform(okta.Platform(model.Platform.String())) +// case string(okta.PLATFORM_CHROMEOS): +// chromeOS.SetName(model.Name.String()) +// chromeOS.SetPlatform(okta.Platform(model.Platform.String())) +// tsp := okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{} +// tsp.Dtc.SetAllowScreenLock(model.ThirdPartySignalProviders.AllowScreenLock.ValueBool()) +// tsp.Dtc.SetBrowserVersion(okta.ChromeBrowserVersion{Minimum: model.ThirdPartySignalProviders.BrowserVersion.ValueStringPointer()}) +// tsp.Dtc.SetBuiltInDnsClientEnabled(model.ThirdPartySignalProviders.BuiltInDNSClientEnabled.ValueBool()) +// tsp.Dtc.SetChromeRemoteDesktopAppBlocked(model.ThirdPartySignalProviders.ChromeRemoteDesktopAppBlocked.ValueBool()) +// tsp.Dtc.SetDeviceEnrollmentDomain(model.ThirdPartySignalProviders.DeviceEnrollementDomain.ValueString()) +// tsp.Dtc.SetDiskEnrypted(model.ThirdPartySignalProviders.DiskEncrypted.ValueBool()) +// tsp.Dtc.SetKeyTrustLevel(okta.KeyTrustLevelOSMode(model.ThirdPartySignalProviders.KeyTrustLevel.ValueString())) +// tsp.Dtc.SetOsFirewall(model.ThirdPartySignalProviders.OsFirewall.ValueBool()) +// tsp.Dtc.SetOsVersion(okta.OSVersion{Minimum: model.ThirdPartySignalProviders.OsVersion.ValueStringPointer()}) +// tsp.Dtc.SetPasswordProtectionWarningTrigger(okta.PasswordProtectionWarningTrigger(model.ThirdPartySignalProviders.PasswordProctectionWarningTrigger.ValueString())) +// tsp.Dtc.SetRealtimeUrlCheckMode(model.ThirdPartySignalProviders.RealtimeURLCheckMode.ValueBool()) +// tsp.Dtc.SetSafeBrowsingProtectionLevel(okta.SafeBrowsingProtectionLevel(model.ThirdPartySignalProviders.SafeBrowsingProtectionLevel.ValueString())) +// tsp.Dtc.SetScreenLockSecured(model.ThirdPartySignalProviders.ScreenLockSecured.ValueBool()) +// tsp.Dtc.SetSiteIsolationEnabled(model.ThirdPartySignalProviders.SiteIsolationEnabled.ValueBool()) +// chromeOS.SetThirdPartySignalProviders(tsp) +// case string(okta.PLATFORM_MACOS): +// macOS.SetName(model.Name.String()) +// macOS.SetPlatform(okta.Platform(model.Platform.String())) +// case string(okta.PLATFORM_WINDOWS): +// windows.SetName(model.Name.String()) +// windows.SetPlatform(okta.Platform(model.Platform.String())) +// default: +// return okta.ListDeviceAssurancePolicies200ResponseInner{}, errors.New("unidentified platform") +// } +// return okta.ListDeviceAssurancePolicies200ResponseInner{ +// DeviceAssuranceAndroidPlatform: android, +// DeviceAssuranceIOSPlatform: iOS, +// DeviceAssuranceChromeOSPlatform: chromeOS, +// DeviceAssuranceMacOSPlatform: macOS, +// DeviceAssuranceWindowsPlatform: windows, +// }, nil +// } + +func buildDeviceAssuranceMacOSPolicyRequest(model policyDeviceAssuranceMacOSResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, diag.Diagnostic) { + var android = &okta.DeviceAssuranceAndroidPlatform{} + var iOS = &okta.DeviceAssuranceIOSPlatform{} + var chromeOS = &okta.DeviceAssuranceChromeOSPlatform{} + var macOS = &okta.DeviceAssuranceMacOSPlatform{} + var windows = &okta.DeviceAssuranceWindowsPlatform{} + switch model.Platform.ValueString() { + case string(okta.PLATFORM_ANDROID): + android.SetName(model.Name.ValueString()) + android.SetPlatform(okta.Platform(model.Platform.ValueString())) + case string(okta.PLATFORM_IOS): + iOS.SetName(model.Name.String()) + iOS.SetPlatform(okta.Platform(model.Platform.String())) + case string(okta.PLATFORM_CHROMEOS): + chromeOS.SetName(model.Name.String()) + chromeOS.SetPlatform(okta.Platform(model.Platform.String())) + tsp := okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{} + tsp.Dtc.SetAllowScreenLock(model.ThirdPartySignalProviders.AllowScreenLock.ValueBool()) + tsp.Dtc.SetBrowserVersion(okta.ChromeBrowserVersion{Minimum: model.ThirdPartySignalProviders.BrowserVersion.ValueStringPointer()}) + tsp.Dtc.SetBuiltInDnsClientEnabled(model.ThirdPartySignalProviders.BuiltInDNSClientEnabled.ValueBool()) + tsp.Dtc.SetChromeRemoteDesktopAppBlocked(model.ThirdPartySignalProviders.ChromeRemoteDesktopAppBlocked.ValueBool()) + tsp.Dtc.SetDeviceEnrollmentDomain(model.ThirdPartySignalProviders.DeviceEnrollementDomain.ValueString()) + tsp.Dtc.SetDiskEnrypted(model.ThirdPartySignalProviders.DiskEncrypted.ValueBool()) + tsp.Dtc.SetKeyTrustLevel(okta.KeyTrustLevelOSMode(model.ThirdPartySignalProviders.KeyTrustLevel.ValueString())) + tsp.Dtc.SetOsFirewall(model.ThirdPartySignalProviders.OsFirewall.ValueBool()) + tsp.Dtc.SetOsVersion(okta.OSVersion{Minimum: model.ThirdPartySignalProviders.OsVersion.ValueStringPointer()}) + tsp.Dtc.SetPasswordProtectionWarningTrigger(okta.PasswordProtectionWarningTrigger(model.ThirdPartySignalProviders.PasswordProctectionWarningTrigger.ValueString())) + tsp.Dtc.SetRealtimeUrlCheckMode(model.ThirdPartySignalProviders.RealtimeURLCheckMode.ValueBool()) + tsp.Dtc.SetSafeBrowsingProtectionLevel(okta.SafeBrowsingProtectionLevel(model.ThirdPartySignalProviders.SafeBrowsingProtectionLevel.ValueString())) + tsp.Dtc.SetScreenLockSecured(model.ThirdPartySignalProviders.ScreenLockSecured.ValueBool()) + tsp.Dtc.SetSiteIsolationEnabled(model.ThirdPartySignalProviders.SiteIsolationEnabled.ValueBool()) + chromeOS.SetThirdPartySignalProviders(tsp) + case string(okta.PLATFORM_MACOS): + macOS.SetName(model.Name.String()) + macOS.SetPlatform(okta.Platform(model.Platform.String())) + case string(okta.PLATFORM_WINDOWS): + windows.SetName(model.Name.String()) + windows.SetPlatform(okta.Platform(model.Platform.String())) + default: + return okta.ListDeviceAssurancePolicies200ResponseInner{}, diag.NewErrorDiagnostic("unidentified platform ", model.Platform.ValueString()) + } + return okta.ListDeviceAssurancePolicies200ResponseInner{ + DeviceAssuranceAndroidPlatform: android, + DeviceAssuranceIOSPlatform: iOS, + DeviceAssuranceChromeOSPlatform: chromeOS, + DeviceAssuranceMacOSPlatform: macOS, + DeviceAssuranceWindowsPlatform: windows, + }, nil +} + +// Map response body to schema +func mapDeviceAssuranceMacOSToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state policyDeviceAssuranceMacOSResourceModel) diag.Diagnostics { + var diags diag.Diagnostics + return diags +} diff --git a/okta/resource_okta_policy_device_assurance_window.go b/okta/resource_okta_policy_device_assurance_window.go new file mode 100644 index 000000000..ca19fac82 --- /dev/null +++ b/okta/resource_okta_policy_device_assurance_window.go @@ -0,0 +1,416 @@ +package okta + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-framework-validators/boolvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/attr" + "github.com/hashicorp/terraform-plugin-framework/diag" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/okta/okta-sdk-golang/v3/okta" +) + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ resource.Resource = &policyDeviceAssuranceWindowsResource{} + // _ resource.ResourceWithConfigure = &policyDeviceAssuranceResource{} + // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} +) + +func NewPolicyDeviceAssuranceWindowsResource() resource.Resource { + return &policyDeviceAssuranceWindowsResource{} +} + +type policyDeviceAssuranceWindowsResource struct { + v3Client *okta.APIClient +} + +type policyDeviceAssuranceWindowsResourceModel struct { + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Platform types.String `tfsdk:"platform"` + DiskEncryptionType types.List `tfsdk:"disk_encryption_type"` + JailBreak types.Bool `tfsdk:"jailbreak"` + OsVersion types.String `tfsdk:"os_version"` + SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` + ScreenLockType types.List `tfsdk:"screenlock_type"` + // TODU + ThirdPartySignalProviders thirdPartySignalProviders `tfsdk:"third_party_signal_providers"` + CreateDate types.String `tfsdk:"created_date"` + CreateBy types.String `tfsdk:"created_by"` + LastUpdate types.String `tfsdk:"last_update"` + LastUpdatedBy types.String `tfsdk:"last_updated_by"` +} + +func (r *policyDeviceAssuranceWindowsResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_policy_device_assurance_windows" +} + +// TODU different requirement for request and response? +// TODU validation +func (r *policyDeviceAssuranceWindowsResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + Description: "Manages device assurance on policy", + Attributes: map[string]schema.Attribute{ + // TODU needed? + "id": schema.StringAttribute{ + Description: "Policy assurance id", + Computed: true, + PlanModifiers: []planmodifier.String{ + // TODU + stringplanmodifier.UseStateForUnknown(), + }, + }, + "name": schema.StringAttribute{ + Description: "Policy device assurance name", + Required: true, + }, + "platform": schema.StringAttribute{ + Description: "Policy device assurance platform, can be ANDROID, CHROMEOS, IOS, MACOS or WINDOWS", + Required: true, + }, + "disk_encryption_type": schema.ListAttribute{ + Description: "List of disk encryption type, can be ALL_INTERNAL_VOLUMES, FULL, or USER", + Optional: true, + ElementType: types.StringType, + Validators: []validator.List{ + listvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("jail_break"), + path.MatchRoot("os_version"), + path.MatchRoot("secure_hardware_present"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "jail_break": schema.BoolAttribute{ + Description: "The device jailbreak. Only for android and iOS platform", + Optional: true, + Validators: []validator.Bool{ + boolvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("os_version"), + path.MatchRoot("secure_hardware_present"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "os_version": schema.StringAttribute{ + Description: "The device os version", + Optional: true, + Validators: []validator.String{ + stringvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("jail_break"), + path.MatchRoot("secure_hardware_present"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "secure_hardware_present": schema.BoolAttribute{ + Description: "Indicates if the device constains a secure hardware functionality", + Optional: true, + Validators: []validator.Bool{ + boolvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("jail_break"), + path.MatchRoot("os_version"), + path.MatchRoot("screenlock_type"), + }...), + }, + }, + "screenlock_type": schema.ListAttribute{ + Description: "List of screenlock type", + Optional: true, + ElementType: types.StringType, + Validators: []validator.List{ + listvalidator.AtLeastOneOf(path.Expressions{ + path.MatchRoot("disk_encryption_type"), + path.MatchRoot("jail_break"), + path.MatchRoot("os_version"), + path.MatchRoot("secure_hardware_present"), + }...), + }, + }, + "third_party_signal_providers": schema.ObjectAttribute{ + Description: "Settings for third-party signal providers. Required for ChromeOS platform, optional for others", + Optional: true, + AttributeTypes: map[string]attr.Type{ + // TODU chromeOS only + "allow_screen_lock": types.BoolType, + "browser_version": types.StringType, + "builtin_dns_client_enabled": types.BoolType, + "chrome_remote_desktop_app_blocked": types.BoolType, + // TODU window only + "crowd_strike_agent_id": types.StringType, + // TODU window only + "crowd_strike_customer_id": types.StringType, + "device_enrollement_domain": types.StringType, + "disk_encrypted": types.BoolType, + "key_trust_level": types.StringType, + "os_firewall": types.BoolType, + "os_version": types.StringType, + "password_proctection_warning_trigger": types.StringType, + "realtime_url_check_mode": types.BoolType, + "safe_browsing_protection_level": types.StringType, + "screen_lock_secured": types.BoolType, + // TODU window only + "secure_boot_enabled": types.BoolType, + "site_isolation_enabled": types.BoolType, + // TODU window only + "third_party_blocking_enabled": types.BoolType, + // TODU window only + "window_machine_domain": types.StringType, + // TODU window only + "window_user_domain": types.StringType, + }, + }, + "created_date": schema.StringAttribute{ + Description: "Created date", + Computed: true, + }, + "created_by": schema.StringAttribute{ + Description: "Created by", + Computed: true, + }, + "last_update": schema.StringAttribute{ + Description: "Last update", + Computed: true, + }, + "last_updated_by": schema.StringAttribute{ + Description: "Last updated by", + Computed: true, + }, + }, + } +} + +// TODU +func (r *policyDeviceAssuranceWindowsResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var state policyDeviceAssuranceWindowsResourceModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + // reqBody, err := buildDeviceAssurancePolicyRequest(state) + // if err != nil { + // resp.Diagnostics.AddError( + // "failed to build device assurance request", + // err.Error(), + // ) + // return + // } + reqBody, diag := buildDeviceAssuranceWindowsPolicyRequest(state) + resp.Diagnostics.Append(diag) + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.CreateDeviceAssurancePolicy(ctx).DeviceAssurance(reqBody).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to create device assurance", + err.Error(), + ) + return + } + // TODU need to do additional read? + resp.Diagnostics.Append(mapDeviceAssuranceWindowsToState(deviceAssurance, state)...) + if resp.Diagnostics.HasError() { + return + } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +// TODU +func (r *policyDeviceAssuranceWindowsResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state policyDeviceAssuranceWindowsResourceModel + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + _, err := r.v3Client.DeviceAssuranceApi.DeleteDeviceAssurancePolicy(ctx, state.ID.String()).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to delete device assurance", + err.Error(), + ) + return + } +} + +// TODU +func (r *policyDeviceAssuranceWindowsResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state policyDeviceAssuranceWindowsResourceModel + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.GetDeviceAssurancePolicy(ctx, state.ID.String()).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to read device assurance", + err.Error(), + ) + return + } + resp.Diagnostics.Append(mapDeviceAssuranceWindowsToState(deviceAssurance, state)...) + if resp.Diagnostics.HasError() { + return + } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +// TODU +func (r *policyDeviceAssuranceWindowsResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var state policyDeviceAssuranceWindowsResourceModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + // reqBody, err := buildDeviceAssurancePolicyRequest(state) + // if err != nil { + // resp.Diagnostics.AddError( + // "failed to build device assurance request", + // err.Error(), + // ) + // return + // } + reqBody, diag := buildDeviceAssuranceWindowsPolicyRequest(state) + resp.Diagnostics.Append(diag) + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.ReplaceDeviceAssurancePolicy(ctx, state.ID.String()).DeviceAssurance(reqBody).Execute() + if err != nil { + resp.Diagnostics.AddError( + "failed to create device assurance", + err.Error(), + ) + return + } + // TODU need to do additional read? + resp.Diagnostics.Append(mapDeviceAssuranceWindowsToState(deviceAssurance, state)...) + if resp.Diagnostics.HasError() { + return + } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } +} + +// TODU +// func buildDeviceAssurancePolicyRequest(model policyDeviceAssuranceResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, error) { +// var android = &okta.DeviceAssuranceAndroidPlatform{} +// var iOS = &okta.DeviceAssuranceIOSPlatform{} +// var chromeOS = &okta.DeviceAssuranceChromeOSPlatform{} +// var macOS = &okta.DeviceAssuranceMacOSPlatform{} +// var windows = &okta.DeviceAssuranceWindowsPlatform{} +// switch model.Platform.ValueString() { +// case string(okta.PLATFORM_ANDROID): +// android.SetName(model.Name.ValueString()) +// android.SetPlatform(okta.Platform(model.Platform.ValueString())) +// case string(okta.PLATFORM_IOS): +// iOS.SetName(model.Name.String()) +// iOS.SetPlatform(okta.Platform(model.Platform.String())) +// case string(okta.PLATFORM_CHROMEOS): +// chromeOS.SetName(model.Name.String()) +// chromeOS.SetPlatform(okta.Platform(model.Platform.String())) +// tsp := okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{} +// tsp.Dtc.SetAllowScreenLock(model.ThirdPartySignalProviders.AllowScreenLock.ValueBool()) +// tsp.Dtc.SetBrowserVersion(okta.ChromeBrowserVersion{Minimum: model.ThirdPartySignalProviders.BrowserVersion.ValueStringPointer()}) +// tsp.Dtc.SetBuiltInDnsClientEnabled(model.ThirdPartySignalProviders.BuiltInDNSClientEnabled.ValueBool()) +// tsp.Dtc.SetChromeRemoteDesktopAppBlocked(model.ThirdPartySignalProviders.ChromeRemoteDesktopAppBlocked.ValueBool()) +// tsp.Dtc.SetDeviceEnrollmentDomain(model.ThirdPartySignalProviders.DeviceEnrollementDomain.ValueString()) +// tsp.Dtc.SetDiskEnrypted(model.ThirdPartySignalProviders.DiskEncrypted.ValueBool()) +// tsp.Dtc.SetKeyTrustLevel(okta.KeyTrustLevelOSMode(model.ThirdPartySignalProviders.KeyTrustLevel.ValueString())) +// tsp.Dtc.SetOsFirewall(model.ThirdPartySignalProviders.OsFirewall.ValueBool()) +// tsp.Dtc.SetOsVersion(okta.OSVersion{Minimum: model.ThirdPartySignalProviders.OsVersion.ValueStringPointer()}) +// tsp.Dtc.SetPasswordProtectionWarningTrigger(okta.PasswordProtectionWarningTrigger(model.ThirdPartySignalProviders.PasswordProctectionWarningTrigger.ValueString())) +// tsp.Dtc.SetRealtimeUrlCheckMode(model.ThirdPartySignalProviders.RealtimeURLCheckMode.ValueBool()) +// tsp.Dtc.SetSafeBrowsingProtectionLevel(okta.SafeBrowsingProtectionLevel(model.ThirdPartySignalProviders.SafeBrowsingProtectionLevel.ValueString())) +// tsp.Dtc.SetScreenLockSecured(model.ThirdPartySignalProviders.ScreenLockSecured.ValueBool()) +// tsp.Dtc.SetSiteIsolationEnabled(model.ThirdPartySignalProviders.SiteIsolationEnabled.ValueBool()) +// chromeOS.SetThirdPartySignalProviders(tsp) +// case string(okta.PLATFORM_MACOS): +// macOS.SetName(model.Name.String()) +// macOS.SetPlatform(okta.Platform(model.Platform.String())) +// case string(okta.PLATFORM_WINDOWS): +// windows.SetName(model.Name.String()) +// windows.SetPlatform(okta.Platform(model.Platform.String())) +// default: +// return okta.ListDeviceAssurancePolicies200ResponseInner{}, errors.New("unidentified platform") +// } +// return okta.ListDeviceAssurancePolicies200ResponseInner{ +// DeviceAssuranceAndroidPlatform: android, +// DeviceAssuranceIOSPlatform: iOS, +// DeviceAssuranceChromeOSPlatform: chromeOS, +// DeviceAssuranceMacOSPlatform: macOS, +// DeviceAssuranceWindowsPlatform: windows, +// }, nil +// } + +func buildDeviceAssuranceWindowsPolicyRequest(model policyDeviceAssuranceWindowsResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, diag.Diagnostic) { + var android = &okta.DeviceAssuranceAndroidPlatform{} + var iOS = &okta.DeviceAssuranceIOSPlatform{} + var chromeOS = &okta.DeviceAssuranceChromeOSPlatform{} + var macOS = &okta.DeviceAssuranceMacOSPlatform{} + var windows = &okta.DeviceAssuranceWindowsPlatform{} + switch model.Platform.ValueString() { + case string(okta.PLATFORM_ANDROID): + android.SetName(model.Name.ValueString()) + android.SetPlatform(okta.Platform(model.Platform.ValueString())) + case string(okta.PLATFORM_IOS): + iOS.SetName(model.Name.String()) + iOS.SetPlatform(okta.Platform(model.Platform.String())) + case string(okta.PLATFORM_CHROMEOS): + chromeOS.SetName(model.Name.String()) + chromeOS.SetPlatform(okta.Platform(model.Platform.String())) + tsp := okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{} + tsp.Dtc.SetAllowScreenLock(model.ThirdPartySignalProviders.AllowScreenLock.ValueBool()) + tsp.Dtc.SetBrowserVersion(okta.ChromeBrowserVersion{Minimum: model.ThirdPartySignalProviders.BrowserVersion.ValueStringPointer()}) + tsp.Dtc.SetBuiltInDnsClientEnabled(model.ThirdPartySignalProviders.BuiltInDNSClientEnabled.ValueBool()) + tsp.Dtc.SetChromeRemoteDesktopAppBlocked(model.ThirdPartySignalProviders.ChromeRemoteDesktopAppBlocked.ValueBool()) + tsp.Dtc.SetDeviceEnrollmentDomain(model.ThirdPartySignalProviders.DeviceEnrollementDomain.ValueString()) + tsp.Dtc.SetDiskEnrypted(model.ThirdPartySignalProviders.DiskEncrypted.ValueBool()) + tsp.Dtc.SetKeyTrustLevel(okta.KeyTrustLevelOSMode(model.ThirdPartySignalProviders.KeyTrustLevel.ValueString())) + tsp.Dtc.SetOsFirewall(model.ThirdPartySignalProviders.OsFirewall.ValueBool()) + tsp.Dtc.SetOsVersion(okta.OSVersion{Minimum: model.ThirdPartySignalProviders.OsVersion.ValueStringPointer()}) + tsp.Dtc.SetPasswordProtectionWarningTrigger(okta.PasswordProtectionWarningTrigger(model.ThirdPartySignalProviders.PasswordProctectionWarningTrigger.ValueString())) + tsp.Dtc.SetRealtimeUrlCheckMode(model.ThirdPartySignalProviders.RealtimeURLCheckMode.ValueBool()) + tsp.Dtc.SetSafeBrowsingProtectionLevel(okta.SafeBrowsingProtectionLevel(model.ThirdPartySignalProviders.SafeBrowsingProtectionLevel.ValueString())) + tsp.Dtc.SetScreenLockSecured(model.ThirdPartySignalProviders.ScreenLockSecured.ValueBool()) + tsp.Dtc.SetSiteIsolationEnabled(model.ThirdPartySignalProviders.SiteIsolationEnabled.ValueBool()) + chromeOS.SetThirdPartySignalProviders(tsp) + case string(okta.PLATFORM_MACOS): + macOS.SetName(model.Name.String()) + macOS.SetPlatform(okta.Platform(model.Platform.String())) + case string(okta.PLATFORM_WINDOWS): + windows.SetName(model.Name.String()) + windows.SetPlatform(okta.Platform(model.Platform.String())) + default: + return okta.ListDeviceAssurancePolicies200ResponseInner{}, diag.NewErrorDiagnostic("unidentified platform ", model.Platform.ValueString()) + } + return okta.ListDeviceAssurancePolicies200ResponseInner{ + DeviceAssuranceAndroidPlatform: android, + DeviceAssuranceIOSPlatform: iOS, + DeviceAssuranceChromeOSPlatform: chromeOS, + DeviceAssuranceMacOSPlatform: macOS, + DeviceAssuranceWindowsPlatform: windows, + }, nil +} + +// Map response body to schema +func mapDeviceAssuranceWindowsToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state policyDeviceAssuranceWindowsResourceModel) diag.Diagnostics { + var diags diag.Diagnostics + return diags +} From ecc37b0e293ea2cf296782d165791da044a7b62d Mon Sep 17 00:00:00 2001 From: Tien Nguyen Date: Thu, 3 Aug 2023 12:26:34 -0400 Subject: [PATCH 2/8] add support for macOS and windows --- ...rce_okta_policy_device_assurance_androi.go | 19 +- ...e_okta_policy_device_assurance_chromeOS.go | 416 ++++++------------ ...source_okta_policy_device_assurance_iOS.go | 2 +- ...e_okta_policy_device_assurance_iOS_test.go | 2 +- ...urce_okta_policy_device_assurance_macOS.go | 415 ++++++++--------- ...okta_policy_device_assurance_macOS_test.go | 49 +++ ...rce_okta_policy_device_assurance_window.go | 409 ++++++++--------- ...kta_policy_device_assurance_window_test.go | 49 +++ 8 files changed, 608 insertions(+), 753 deletions(-) create mode 100644 okta/resource_okta_policy_device_assurance_macOS_test.go create mode 100644 okta/resource_okta_policy_device_assurance_window_test.go diff --git a/okta/resource_okta_policy_device_assurance_androi.go b/okta/resource_okta_policy_device_assurance_androi.go index b88ce050e..d2d6da3ed 100644 --- a/okta/resource_okta_policy_device_assurance_androi.go +++ b/okta/resource_okta_policy_device_assurance_androi.go @@ -125,7 +125,7 @@ func (r *policyDeviceAssuranceAndroidResource) Schema(_ context.Context, _ resou }, }, "screenlock_type": schema.SetAttribute{ - Description: "List of screenlock type, can be BIOMETRIC, PASSCODE", + Description: "List of screenlock type, can be BIOMETRIC or BIOMETRIC, PASSCODE", Optional: true, ElementType: types.StringType, Validators: []validator.Set{ @@ -364,20 +364,3 @@ func mapDeviceAssuranceAndroidToState(data *okta.ListDeviceAssurancePolicies200R state.LastUpdatedBy = types.StringValue(string(data.DeviceAssuranceAndroidPlatform.GetLastUpdatedBy())) return diags } - -// // TODU types.List -// res := model.ScreenLockType.Elements() -// z := make([]string, 0) -// for _, r := range res { -// z = append(z, r.String()) -// } -// // TODU []types.String -// z := make([]string, 0) -// for _, r := range model.ScreenLockType { -// z = append(z, r.ValueString()) -// } -// // TODU []string -// z := make([]string, 0) -// for _, r := range model.ScreenLockType { -// z = append(z, r) -// } diff --git a/okta/resource_okta_policy_device_assurance_chromeOS.go b/okta/resource_okta_policy_device_assurance_chromeOS.go index f8993868c..009ad9529 100644 --- a/okta/resource_okta_policy_device_assurance_chromeOS.go +++ b/okta/resource_okta_policy_device_assurance_chromeOS.go @@ -2,26 +2,21 @@ package okta import ( "context" + "fmt" - "github.com/hashicorp/terraform-plugin-framework-validators/boolvalidator" - "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" - "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" - "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/diag" - "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" - "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/okta/okta-sdk-golang/v3/okta" ) // Ensure the implementation satisfies the expected interfaces. var ( - _ resource.Resource = &policyDeviceAssuranceChromeOSResource{} - // _ resource.ResourceWithConfigure = &policyDeviceAssuranceResource{} + _ resource.Resource = &policyDeviceAssuranceChromeOSResource{} + _ resource.ResourceWithConfigure = &policyDeviceAssuranceChromeOSResource{} // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} ) @@ -30,24 +25,19 @@ func NewPolicyDeviceAssuranceChromeOSResource() resource.Resource { } type policyDeviceAssuranceChromeOSResource struct { - v3Client *okta.APIClient + *Config } type policyDeviceAssuranceChromeOSResourceModel struct { - ID types.String `tfsdk:"id"` - Name types.String `tfsdk:"name"` - Platform types.String `tfsdk:"platform"` - DiskEncryptionType types.List `tfsdk:"disk_encryption_type"` - JailBreak types.Bool `tfsdk:"jailbreak"` - OsVersion types.String `tfsdk:"os_version"` - SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` - ScreenLockType types.List `tfsdk:"screenlock_type"` - // TODU + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Platform types.String `tfsdk:"platform"` + CreateDate types.String `tfsdk:"created_date"` + CreateBy types.String `tfsdk:"created_by"` + LastUpdate types.String `tfsdk:"last_update"` + LastUpdatedBy types.String `tfsdk:"last_updated_by"` + // TODU no feature access ThirdPartySignalProviders thirdPartySignalProvidersChromeOS `tfsdk:"third_party_signal_providers"` - CreateDate types.String `tfsdk:"created_date"` - CreateBy types.String `tfsdk:"created_by"` - LastUpdate types.String `tfsdk:"last_update"` - LastUpdatedBy types.String `tfsdk:"last_updated_by"` } type thirdPartySignalProvidersChromeOS struct { @@ -55,9 +45,7 @@ type thirdPartySignalProvidersChromeOS struct { BrowserVersion types.String `tfsdk:"browser_version, omitempty"` BuiltInDNSClientEnabled types.Bool `tfsdk:"builtin_dns_client_enabled"` ChromeRemoteDesktopAppBlocked types.Bool `tfsdk:"chrome_remote_desktop_app_blocked"` - CrowdStrikeAgentID types.String `tfsdk:"crowd_strike_agent_id"` - CrowdStrikeCustomerID types.String `tfsdk:"crowd_strike_customer_id"` - DeviceEnrollementDomain types.String `tfsdk:"device_enrollement_domain"` + DeviceEnrollmentDomain types.String `tfsdk:"device_enrollment_domain"` DiskEncrypted types.Bool `tfsdk:"disk_encrypted"` KeyTrustLevel types.String `tfsdk:"key_trust_level"` OsFirewall types.Bool `tfsdk:"os_firewall"` @@ -66,29 +54,21 @@ type thirdPartySignalProvidersChromeOS struct { RealtimeURLCheckMode types.Bool `tfsdk:"realtime_url_check_mode"` SafeBrowsingProtectionLevel types.String `tfsdk:"safe_browsing_protection_level"` ScreenLockSecured types.Bool `tfsdk:"screen_lock_secured"` - SecureBootEnabled types.Bool `tfsdk:"secure_boot_enabled"` SiteIsolationEnabled types.Bool `tfsdk:"site_isolation_enabled"` - ThirdPartyBlockingEnabled types.Bool `tfsdk:"third_party_blocking_enabled"` - WindowMachineDomain types.String `tfsdk:"window_machine_domain"` - WindowUserDomain types.String `tfsdk:"window_user_domain"` } func (r *policyDeviceAssuranceChromeOSResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_policy_device_assurance_chromeOS" } -// TODU different requirement for request and response? -// TODU validation func (r *policyDeviceAssuranceChromeOSResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { resp.Schema = schema.Schema{ Description: "Manages device assurance on policy", Attributes: map[string]schema.Attribute{ - // TODU needed? "id": schema.StringAttribute{ Description: "Policy assurance id", Computed: true, PlanModifiers: []planmodifier.String{ - // TODU stringplanmodifier.UseStateForUnknown(), }, }, @@ -97,141 +77,86 @@ func (r *policyDeviceAssuranceChromeOSResource) Schema(_ context.Context, _ reso Required: true, }, "platform": schema.StringAttribute{ - Description: "Policy device assurance platform, can be ANDROID, CHROMEOS, IOS, MACOS or WINDOWS", - Required: true, - }, - "disk_encryption_type": schema.ListAttribute{ - Description: "List of disk encryption type, can be ALL_INTERNAL_VOLUMES, FULL, or USER", - Optional: true, - ElementType: types.StringType, - Validators: []validator.List{ - listvalidator.AtLeastOneOf(path.Expressions{ - path.MatchRoot("jail_break"), - path.MatchRoot("os_version"), - path.MatchRoot("secure_hardware_present"), - path.MatchRoot("screenlock_type"), - }...), - }, - }, - "jail_break": schema.BoolAttribute{ - Description: "The device jailbreak. Only for android and iOS platform", - Optional: true, - Validators: []validator.Bool{ - boolvalidator.AtLeastOneOf(path.Expressions{ - path.MatchRoot("disk_encryption_type"), - path.MatchRoot("os_version"), - path.MatchRoot("secure_hardware_present"), - path.MatchRoot("screenlock_type"), - }...), - }, - }, - "os_version": schema.StringAttribute{ - Description: "The device os version", - Optional: true, - Validators: []validator.String{ - stringvalidator.AtLeastOneOf(path.Expressions{ - path.MatchRoot("disk_encryption_type"), - path.MatchRoot("jail_break"), - path.MatchRoot("secure_hardware_present"), - path.MatchRoot("screenlock_type"), - }...), - }, - }, - "secure_hardware_present": schema.BoolAttribute{ - Description: "Indicates if the device constains a secure hardware functionality", - Optional: true, - Validators: []validator.Bool{ - boolvalidator.AtLeastOneOf(path.Expressions{ - path.MatchRoot("disk_encryption_type"), - path.MatchRoot("jail_break"), - path.MatchRoot("os_version"), - path.MatchRoot("screenlock_type"), - }...), - }, - }, - "screenlock_type": schema.ListAttribute{ - Description: "List of screenlock type", - Optional: true, - ElementType: types.StringType, - Validators: []validator.List{ - listvalidator.AtLeastOneOf(path.Expressions{ - path.MatchRoot("disk_encryption_type"), - path.MatchRoot("jail_break"), - path.MatchRoot("os_version"), - path.MatchRoot("secure_hardware_present"), - }...), - }, - }, - "third_party_signal_providers": schema.ObjectAttribute{ - Description: "Settings for third-party signal providers. Required for ChromeOS platform, optional for others", - Optional: true, - AttributeTypes: map[string]attr.Type{ - // TODU chromeOS only - "allow_screen_lock": types.BoolType, - "browser_version": types.StringType, - "builtin_dns_client_enabled": types.BoolType, - "chrome_remote_desktop_app_blocked": types.BoolType, - // TODU window only - "crowd_strike_agent_id": types.StringType, - // TODU window only - "crowd_strike_customer_id": types.StringType, - "device_enrollement_domain": types.StringType, - "disk_encrypted": types.BoolType, - "key_trust_level": types.StringType, - "os_firewall": types.BoolType, - "os_version": types.StringType, - "password_proctection_warning_trigger": types.StringType, - "realtime_url_check_mode": types.BoolType, - "safe_browsing_protection_level": types.StringType, - "screen_lock_secured": types.BoolType, - // TODU window only - "secure_boot_enabled": types.BoolType, - "site_isolation_enabled": types.BoolType, - // TODU window only - "third_party_blocking_enabled": types.BoolType, - // TODU window only - "window_machine_domain": types.StringType, - // TODU window only - "window_user_domain": types.StringType, - }, - }, - "created_date": schema.StringAttribute{ - Description: "Created date", - Computed: true, - }, - "created_by": schema.StringAttribute{ - Description: "Created by", - Computed: true, - }, - "last_update": schema.StringAttribute{ - Description: "Last update", - Computed: true, - }, - "last_updated_by": schema.StringAttribute{ - Description: "Last updated by", + Description: "Policy device assurance platform", Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, }, + // // TODU no access to feature request + // "third_party_signal_providers": schema.ObjectAttribute{ + // Description: "Settings for third-party signal providers. Required for ChromeOS platform, optional for others", + // Required: true, + // AttributeTypes: map[string]attr.Type{ + // "allow_screen_lock": types.BoolType, + // "browser_version": types.StringType, + // "builtin_dns_client_enabled": types.BoolType, + // "chrome_remote_desktop_app_blocked": types.BoolType, + // "device_enrollement_domain": types.StringType, + // "disk_encrypted": types.BoolType, + // "key_trust_level": types.StringType, + // "os_firewall": types.BoolType, + // "os_version": types.StringType, + // "password_proctection_warning_trigger": types.StringType, + // "realtime_url_check_mode": types.BoolType, + // "safe_browsing_protection_level": types.StringType, + // "screen_lock_secured": types.BoolType, + // "site_isolation_enabled": types.BoolType, + // }, + // }, + // "created_date": schema.StringAttribute{ + // Description: "Created date", + // Computed: true, + // }, + // "created_by": schema.StringAttribute{ + // Description: "Created by", + // Computed: true, + // }, + // "last_update": schema.StringAttribute{ + // Description: "Last update", + // Computed: true, + // }, + // "last_updated_by": schema.StringAttribute{ + // Description: "Last updated by", + // Computed: true, + // }, }, } } -// TODU +// Configure adds the provider configured client to the resource. +func (r *policyDeviceAssuranceChromeOSResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + p, ok := req.ProviderData.(*Config) + if !ok { + resp.Diagnostics.AddError( + "Unexpected Resource Configure Type", + fmt.Sprintf("Expected *Config, got: %T. Please report this issue to the provider developers.", req.ProviderData), + ) + return + } + + r.Config = p +} + func (r *policyDeviceAssuranceChromeOSResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var state policyDeviceAssuranceChromeOSResourceModel resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) if resp.Diagnostics.HasError() { return } - // reqBody, err := buildDeviceAssurancePolicyRequest(state) - // if err != nil { - // resp.Diagnostics.AddError( - // "failed to build device assurance request", - // err.Error(), - // ) - // return - // } - reqBody, diag := buildDeviceAssuranceChromeOSPolicyRequest(state) - resp.Diagnostics.Append(diag) + + reqBody, err := buildDeviceAssuranceChromeOSPolicyRequest(state) + if err != nil { + resp.Diagnostics.AddError( + "failed to build device assurance request", + err.Error(), + ) + return + } deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.CreateDeviceAssurancePolicy(ctx).DeviceAssurance(reqBody).Execute() if err != nil { @@ -241,78 +166,80 @@ func (r *policyDeviceAssuranceChromeOSResource) Create(ctx context.Context, req ) return } + // TODU need to do additional read? - resp.Diagnostics.Append(mapDeviceAssuranceChromeOSToState(deviceAssurance, state)...) + resp.Diagnostics.Append(mapDeviceAssuranceChromeOSToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) if resp.Diagnostics.HasError() { return } } -// TODU -func (r *policyDeviceAssuranceChromeOSResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { +func (r *policyDeviceAssuranceChromeOSResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var state policyDeviceAssuranceChromeOSResourceModel resp.Diagnostics.Append(req.State.Get(ctx, &state)...) if resp.Diagnostics.HasError() { return } - _, err := r.v3Client.DeviceAssuranceApi.DeleteDeviceAssurancePolicy(ctx, state.ID.String()).Execute() + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.GetDeviceAssurancePolicy(ctx, state.ID.ValueString()).Execute() if err != nil { resp.Diagnostics.AddError( - "failed to delete device assurance", + "failed to read device assurance", err.Error(), ) return } + + resp.Diagnostics.Append(mapDeviceAssuranceChromeOSToState(deviceAssurance, &state)...) + if resp.Diagnostics.HasError() { + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } } -// TODU -func (r *policyDeviceAssuranceChromeOSResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { +func (r *policyDeviceAssuranceChromeOSResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { var state policyDeviceAssuranceChromeOSResourceModel resp.Diagnostics.Append(req.State.Get(ctx, &state)...) if resp.Diagnostics.HasError() { return } - deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.GetDeviceAssurancePolicy(ctx, state.ID.String()).Execute() + + _, err := r.v3Client.DeviceAssuranceApi.DeleteDeviceAssurancePolicy(ctx, state.ID.ValueString()).Execute() if err != nil { resp.Diagnostics.AddError( - "failed to read device assurance", + "failed to delete device assurance", err.Error(), ) return } - resp.Diagnostics.Append(mapDeviceAssuranceChromeOSToState(deviceAssurance, state)...) - if resp.Diagnostics.HasError() { - return - } - resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) - if resp.Diagnostics.HasError() { - return - } } -// TODU func (r *policyDeviceAssuranceChromeOSResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var state policyDeviceAssuranceChromeOSResourceModel resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) if resp.Diagnostics.HasError() { return } - // reqBody, err := buildDeviceAssurancePolicyRequest(state) - // if err != nil { - // resp.Diagnostics.AddError( - // "failed to build device assurance request", - // err.Error(), - // ) - // return - // } - reqBody, diag := buildDeviceAssuranceChromeOSPolicyRequest(state) - resp.Diagnostics.Append(diag) - - deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.ReplaceDeviceAssurancePolicy(ctx, state.ID.String()).DeviceAssurance(reqBody).Execute() + + reqBody, err := buildDeviceAssuranceChromeOSPolicyRequest(state) + if err != nil { + resp.Diagnostics.AddError( + "failed to build device assurance request", + err.Error(), + ) + return + } + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.ReplaceDeviceAssurancePolicy(ctx, state.ID.ValueString()).DeviceAssurance(reqBody).Execute() if err != nil { resp.Diagnostics.AddError( "failed to create device assurance", @@ -320,120 +247,37 @@ func (r *policyDeviceAssuranceChromeOSResource) Update(ctx context.Context, req ) return } + // TODU need to do additional read? - resp.Diagnostics.Append(mapDeviceAssuranceChromeOSToState(deviceAssurance, state)...) + resp.Diagnostics.Append(mapDeviceAssuranceChromeOSToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) if resp.Diagnostics.HasError() { return } } -// TODU -// func buildDeviceAssurancePolicyRequest(model policyDeviceAssuranceResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, error) { -// var android = &okta.DeviceAssuranceAndroidPlatform{} -// var iOS = &okta.DeviceAssuranceIOSPlatform{} -// var chromeOS = &okta.DeviceAssuranceChromeOSPlatform{} -// var macOS = &okta.DeviceAssuranceMacOSPlatform{} -// var windows = &okta.DeviceAssuranceWindowsPlatform{} -// switch model.Platform.ValueString() { -// case string(okta.PLATFORM_ANDROID): -// android.SetName(model.Name.ValueString()) -// android.SetPlatform(okta.Platform(model.Platform.ValueString())) -// case string(okta.PLATFORM_IOS): -// iOS.SetName(model.Name.String()) -// iOS.SetPlatform(okta.Platform(model.Platform.String())) -// case string(okta.PLATFORM_CHROMEOS): -// chromeOS.SetName(model.Name.String()) -// chromeOS.SetPlatform(okta.Platform(model.Platform.String())) -// tsp := okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{} -// tsp.Dtc.SetAllowScreenLock(model.ThirdPartySignalProviders.AllowScreenLock.ValueBool()) -// tsp.Dtc.SetBrowserVersion(okta.ChromeBrowserVersion{Minimum: model.ThirdPartySignalProviders.BrowserVersion.ValueStringPointer()}) -// tsp.Dtc.SetBuiltInDnsClientEnabled(model.ThirdPartySignalProviders.BuiltInDNSClientEnabled.ValueBool()) -// tsp.Dtc.SetChromeRemoteDesktopAppBlocked(model.ThirdPartySignalProviders.ChromeRemoteDesktopAppBlocked.ValueBool()) -// tsp.Dtc.SetDeviceEnrollmentDomain(model.ThirdPartySignalProviders.DeviceEnrollementDomain.ValueString()) -// tsp.Dtc.SetDiskEnrypted(model.ThirdPartySignalProviders.DiskEncrypted.ValueBool()) -// tsp.Dtc.SetKeyTrustLevel(okta.KeyTrustLevelOSMode(model.ThirdPartySignalProviders.KeyTrustLevel.ValueString())) -// tsp.Dtc.SetOsFirewall(model.ThirdPartySignalProviders.OsFirewall.ValueBool()) -// tsp.Dtc.SetOsVersion(okta.OSVersion{Minimum: model.ThirdPartySignalProviders.OsVersion.ValueStringPointer()}) -// tsp.Dtc.SetPasswordProtectionWarningTrigger(okta.PasswordProtectionWarningTrigger(model.ThirdPartySignalProviders.PasswordProctectionWarningTrigger.ValueString())) -// tsp.Dtc.SetRealtimeUrlCheckMode(model.ThirdPartySignalProviders.RealtimeURLCheckMode.ValueBool()) -// tsp.Dtc.SetSafeBrowsingProtectionLevel(okta.SafeBrowsingProtectionLevel(model.ThirdPartySignalProviders.SafeBrowsingProtectionLevel.ValueString())) -// tsp.Dtc.SetScreenLockSecured(model.ThirdPartySignalProviders.ScreenLockSecured.ValueBool()) -// tsp.Dtc.SetSiteIsolationEnabled(model.ThirdPartySignalProviders.SiteIsolationEnabled.ValueBool()) -// chromeOS.SetThirdPartySignalProviders(tsp) -// case string(okta.PLATFORM_MACOS): -// macOS.SetName(model.Name.String()) -// macOS.SetPlatform(okta.Platform(model.Platform.String())) -// case string(okta.PLATFORM_WINDOWS): -// windows.SetName(model.Name.String()) -// windows.SetPlatform(okta.Platform(model.Platform.String())) -// default: -// return okta.ListDeviceAssurancePolicies200ResponseInner{}, errors.New("unidentified platform") -// } -// return okta.ListDeviceAssurancePolicies200ResponseInner{ -// DeviceAssuranceAndroidPlatform: android, -// DeviceAssuranceIOSPlatform: iOS, -// DeviceAssuranceChromeOSPlatform: chromeOS, -// DeviceAssuranceMacOSPlatform: macOS, -// DeviceAssuranceWindowsPlatform: windows, -// }, nil -// } - -func buildDeviceAssuranceChromeOSPolicyRequest(model policyDeviceAssuranceChromeOSResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, diag.Diagnostic) { - var android = &okta.DeviceAssuranceAndroidPlatform{} - var iOS = &okta.DeviceAssuranceIOSPlatform{} +func buildDeviceAssuranceChromeOSPolicyRequest(model policyDeviceAssuranceChromeOSResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, error) { var chromeOS = &okta.DeviceAssuranceChromeOSPlatform{} - var macOS = &okta.DeviceAssuranceMacOSPlatform{} - var windows = &okta.DeviceAssuranceWindowsPlatform{} - switch model.Platform.ValueString() { - case string(okta.PLATFORM_ANDROID): - android.SetName(model.Name.ValueString()) - android.SetPlatform(okta.Platform(model.Platform.ValueString())) - case string(okta.PLATFORM_IOS): - iOS.SetName(model.Name.String()) - iOS.SetPlatform(okta.Platform(model.Platform.String())) - case string(okta.PLATFORM_CHROMEOS): - chromeOS.SetName(model.Name.String()) - chromeOS.SetPlatform(okta.Platform(model.Platform.String())) - tsp := okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{} - tsp.Dtc.SetAllowScreenLock(model.ThirdPartySignalProviders.AllowScreenLock.ValueBool()) - tsp.Dtc.SetBrowserVersion(okta.ChromeBrowserVersion{Minimum: model.ThirdPartySignalProviders.BrowserVersion.ValueStringPointer()}) - tsp.Dtc.SetBuiltInDnsClientEnabled(model.ThirdPartySignalProviders.BuiltInDNSClientEnabled.ValueBool()) - tsp.Dtc.SetChromeRemoteDesktopAppBlocked(model.ThirdPartySignalProviders.ChromeRemoteDesktopAppBlocked.ValueBool()) - tsp.Dtc.SetDeviceEnrollmentDomain(model.ThirdPartySignalProviders.DeviceEnrollementDomain.ValueString()) - tsp.Dtc.SetDiskEnrypted(model.ThirdPartySignalProviders.DiskEncrypted.ValueBool()) - tsp.Dtc.SetKeyTrustLevel(okta.KeyTrustLevelOSMode(model.ThirdPartySignalProviders.KeyTrustLevel.ValueString())) - tsp.Dtc.SetOsFirewall(model.ThirdPartySignalProviders.OsFirewall.ValueBool()) - tsp.Dtc.SetOsVersion(okta.OSVersion{Minimum: model.ThirdPartySignalProviders.OsVersion.ValueStringPointer()}) - tsp.Dtc.SetPasswordProtectionWarningTrigger(okta.PasswordProtectionWarningTrigger(model.ThirdPartySignalProviders.PasswordProctectionWarningTrigger.ValueString())) - tsp.Dtc.SetRealtimeUrlCheckMode(model.ThirdPartySignalProviders.RealtimeURLCheckMode.ValueBool()) - tsp.Dtc.SetSafeBrowsingProtectionLevel(okta.SafeBrowsingProtectionLevel(model.ThirdPartySignalProviders.SafeBrowsingProtectionLevel.ValueString())) - tsp.Dtc.SetScreenLockSecured(model.ThirdPartySignalProviders.ScreenLockSecured.ValueBool()) - tsp.Dtc.SetSiteIsolationEnabled(model.ThirdPartySignalProviders.SiteIsolationEnabled.ValueBool()) - chromeOS.SetThirdPartySignalProviders(tsp) - case string(okta.PLATFORM_MACOS): - macOS.SetName(model.Name.String()) - macOS.SetPlatform(okta.Platform(model.Platform.String())) - case string(okta.PLATFORM_WINDOWS): - windows.SetName(model.Name.String()) - windows.SetPlatform(okta.Platform(model.Platform.String())) - default: - return okta.ListDeviceAssurancePolicies200ResponseInner{}, diag.NewErrorDiagnostic("unidentified platform ", model.Platform.ValueString()) - } - return okta.ListDeviceAssurancePolicies200ResponseInner{ - DeviceAssuranceAndroidPlatform: android, - DeviceAssuranceIOSPlatform: iOS, - DeviceAssuranceChromeOSPlatform: chromeOS, - DeviceAssuranceMacOSPlatform: macOS, - DeviceAssuranceWindowsPlatform: windows, - }, nil + chromeOS.SetName(model.Name.ValueString()) + chromeOS.SetPlatform(okta.PLATFORM_CHROMEOS) + + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceChromeOSPlatform: chromeOS}, nil } // Map response body to schema -func mapDeviceAssuranceChromeOSToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state policyDeviceAssuranceChromeOSResourceModel) diag.Diagnostics { +func mapDeviceAssuranceChromeOSToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state *policyDeviceAssuranceChromeOSResourceModel) diag.Diagnostics { var diags diag.Diagnostics + state.ID = types.StringValue(data.DeviceAssuranceChromeOSPlatform.GetId()) + state.Name = types.StringValue(data.DeviceAssuranceChromeOSPlatform.GetName()) + state.Platform = types.StringValue(string(data.DeviceAssuranceChromeOSPlatform.GetPlatform())) + + state.CreateDate = types.StringValue(string(data.DeviceAssuranceChromeOSPlatform.GetCreatedDate())) + state.CreateBy = types.StringValue(string(data.DeviceAssuranceChromeOSPlatform.GetCreatedBy())) + state.LastUpdate = types.StringValue(string(data.DeviceAssuranceChromeOSPlatform.GetLastUpdate())) + state.LastUpdatedBy = types.StringValue(string(data.DeviceAssuranceChromeOSPlatform.GetLastUpdatedBy())) return diags } diff --git a/okta/resource_okta_policy_device_assurance_iOS.go b/okta/resource_okta_policy_device_assurance_iOS.go index 9f47470b6..203a0aa82 100644 --- a/okta/resource_okta_policy_device_assurance_iOS.go +++ b/okta/resource_okta_policy_device_assurance_iOS.go @@ -90,7 +90,7 @@ func (r *policyDeviceAssuranceIOSResource) Schema(_ context.Context, _ resource. }, }, "screenlock_type": schema.SetAttribute{ - Description: "List of screenlock type, can be BIOMETRIC and PASSCODE", + Description: "List of screenlock type, can be BIOMETRIC or BIOMETRIC, PASSCODE", Optional: true, ElementType: types.StringType, Validators: []validator.Set{ diff --git a/okta/resource_okta_policy_device_assurance_iOS_test.go b/okta/resource_okta_policy_device_assurance_iOS_test.go index 3356ea56e..132974269 100644 --- a/okta/resource_okta_policy_device_assurance_iOS_test.go +++ b/okta/resource_okta_policy_device_assurance_iOS_test.go @@ -37,7 +37,7 @@ func TestAccPolicyDeviceAssuranceIOS(t *testing.T) { resource.TestCheckResourceAttr("okta_policy_device_assurance_ios.test", "name", "test"), resource.TestCheckResourceAttr("okta_policy_device_assurance_ios.test", "os_version", "12.4.6"), resource.TestCheckResourceAttr("okta_policy_device_assurance_ios.test", "screenlock_type.#", "2"), - resource.TestCheckResourceAttrSet("okta_policy_device_assurance_ios.test", "jailbreak"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_ios.test", "jailbreak", "false"), ), }, }, diff --git a/okta/resource_okta_policy_device_assurance_macOS.go b/okta/resource_okta_policy_device_assurance_macOS.go index abb5bcc61..341dec248 100644 --- a/okta/resource_okta_policy_device_assurance_macOS.go +++ b/okta/resource_okta_policy_device_assurance_macOS.go @@ -2,11 +2,11 @@ package okta import ( "context" + "fmt" "github.com/hashicorp/terraform-plugin-framework-validators/boolvalidator" - "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/setvalidator" "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" - "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" @@ -20,8 +20,8 @@ import ( // Ensure the implementation satisfies the expected interfaces. var ( - _ resource.Resource = &policyDeviceAssuranceMacOSResource{} - // _ resource.ResourceWithConfigure = &policyDeviceAssuranceResource{} + _ resource.Resource = &policyDeviceAssuranceMacOSResource{} + _ resource.ResourceWithConfigure = &policyDeviceAssuranceMacOSResource{} // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} ) @@ -30,24 +30,23 @@ func NewPolicyDeviceAssuranceMacOSResource() resource.Resource { } type policyDeviceAssuranceMacOSResource struct { - v3Client *okta.APIClient + *Config } type policyDeviceAssuranceMacOSResourceModel struct { - ID types.String `tfsdk:"id"` - Name types.String `tfsdk:"name"` - Platform types.String `tfsdk:"platform"` - DiskEncryptionType types.List `tfsdk:"disk_encryption_type"` - JailBreak types.Bool `tfsdk:"jailbreak"` - OsVersion types.String `tfsdk:"os_version"` - SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` - ScreenLockType types.List `tfsdk:"screenlock_type"` - // TODU - ThirdPartySignalProviders thirdPartySignalProviders `tfsdk:"third_party_signal_providers"` - CreateDate types.String `tfsdk:"created_date"` - CreateBy types.String `tfsdk:"created_by"` - LastUpdate types.String `tfsdk:"last_update"` - LastUpdatedBy types.String `tfsdk:"last_updated_by"` + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Platform types.String `tfsdk:"platform"` + DiskEncryptionType []types.String `tfsdk:"disk_encryption_type"` + OsVersion types.String `tfsdk:"os_version"` + SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` + ScreenLockType []types.String `tfsdk:"screenlock_type"` + CreateDate types.String `tfsdk:"created_date"` + CreateBy types.String `tfsdk:"created_by"` + LastUpdate types.String `tfsdk:"last_update"` + LastUpdatedBy types.String `tfsdk:"last_updated_by"` + // // TODU no access to feature request + // ThirdPartySignalProviders thirdPartySignalProviders `tfsdk:"third_party_signal_providers"` } type thirdPartySignalProviders struct { @@ -74,21 +73,17 @@ type thirdPartySignalProviders struct { } func (r *policyDeviceAssuranceMacOSResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { - resp.TypeName = req.ProviderTypeName + "_policy_device_assurance_macOS" + resp.TypeName = req.ProviderTypeName + "_policy_device_assurance_macos" } -// TODU different requirement for request and response? -// TODU validation func (r *policyDeviceAssuranceMacOSResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { resp.Schema = schema.Schema{ Description: "Manages device assurance on policy", Attributes: map[string]schema.Attribute{ - // TODU needed? "id": schema.StringAttribute{ Description: "Policy assurance id", Computed: true, PlanModifiers: []planmodifier.String{ - // TODU stringplanmodifier.UseStateForUnknown(), }, }, @@ -97,28 +92,19 @@ func (r *policyDeviceAssuranceMacOSResource) Schema(_ context.Context, _ resourc Required: true, }, "platform": schema.StringAttribute{ - Description: "Policy device assurance platform, can be ANDROID, CHROMEOS, IOS, MACOS or WINDOWS", - Required: true, - }, - "disk_encryption_type": schema.ListAttribute{ - Description: "List of disk encryption type, can be ALL_INTERNAL_VOLUMES, FULL, or USER", - Optional: true, - ElementType: types.StringType, - Validators: []validator.List{ - listvalidator.AtLeastOneOf(path.Expressions{ - path.MatchRoot("jail_break"), - path.MatchRoot("os_version"), - path.MatchRoot("secure_hardware_present"), - path.MatchRoot("screenlock_type"), - }...), + Description: "Policy device assurance platform", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), }, }, - "jail_break": schema.BoolAttribute{ - Description: "The device jailbreak. Only for android and iOS platform", + // use set to avoid order change as v3 does not have diff suppress func + "disk_encryption_type": schema.SetAttribute{ + Description: "List of disk encryption type, can be ALL_INTERNAL_VOLUMES", Optional: true, - Validators: []validator.Bool{ - boolvalidator.AtLeastOneOf(path.Expressions{ - path.MatchRoot("disk_encryption_type"), + ElementType: types.StringType, + Validators: []validator.Set{ + setvalidator.AtLeastOneOf(path.Expressions{ path.MatchRoot("os_version"), path.MatchRoot("secure_hardware_present"), path.MatchRoot("screenlock_type"), @@ -126,12 +112,11 @@ func (r *policyDeviceAssuranceMacOSResource) Schema(_ context.Context, _ resourc }, }, "os_version": schema.StringAttribute{ - Description: "The device os version", + Description: "The device os minimum version", Optional: true, Validators: []validator.String{ stringvalidator.AtLeastOneOf(path.Expressions{ path.MatchRoot("disk_encryption_type"), - path.MatchRoot("jail_break"), path.MatchRoot("secure_hardware_present"), path.MatchRoot("screenlock_type"), }...), @@ -143,58 +128,57 @@ func (r *policyDeviceAssuranceMacOSResource) Schema(_ context.Context, _ resourc Validators: []validator.Bool{ boolvalidator.AtLeastOneOf(path.Expressions{ path.MatchRoot("disk_encryption_type"), - path.MatchRoot("jail_break"), path.MatchRoot("os_version"), path.MatchRoot("screenlock_type"), }...), }, }, - "screenlock_type": schema.ListAttribute{ - Description: "List of screenlock type", + "screenlock_type": schema.SetAttribute{ + Description: "List of screenlock type, can be BIOMETRIC or BIOMETRIC, PASSCODE", Optional: true, ElementType: types.StringType, - Validators: []validator.List{ - listvalidator.AtLeastOneOf(path.Expressions{ + Validators: []validator.Set{ + setvalidator.AtLeastOneOf(path.Expressions{ path.MatchRoot("disk_encryption_type"), - path.MatchRoot("jail_break"), path.MatchRoot("os_version"), path.MatchRoot("secure_hardware_present"), }...), }, }, - "third_party_signal_providers": schema.ObjectAttribute{ - Description: "Settings for third-party signal providers. Required for ChromeOS platform, optional for others", - Optional: true, - AttributeTypes: map[string]attr.Type{ - // TODU chromeOS only - "allow_screen_lock": types.BoolType, - "browser_version": types.StringType, - "builtin_dns_client_enabled": types.BoolType, - "chrome_remote_desktop_app_blocked": types.BoolType, - // TODU window only - "crowd_strike_agent_id": types.StringType, - // TODU window only - "crowd_strike_customer_id": types.StringType, - "device_enrollement_domain": types.StringType, - "disk_encrypted": types.BoolType, - "key_trust_level": types.StringType, - "os_firewall": types.BoolType, - "os_version": types.StringType, - "password_proctection_warning_trigger": types.StringType, - "realtime_url_check_mode": types.BoolType, - "safe_browsing_protection_level": types.StringType, - "screen_lock_secured": types.BoolType, - // TODU window only - "secure_boot_enabled": types.BoolType, - "site_isolation_enabled": types.BoolType, - // TODU window only - "third_party_blocking_enabled": types.BoolType, - // TODU window only - "window_machine_domain": types.StringType, - // TODU window only - "window_user_domain": types.StringType, - }, - }, + // // TODU no access to feature request + // "third_party_signal_providers": schema.ObjectAttribute{ + // Description: "Settings for third-party signal providers. Required for ChromeOS platform, optional for others", + // Optional: true, + // AttributeTypes: map[string]attr.Type{ + // // TODU chromeOS only + // "allow_screen_lock": types.BoolType, + // "browser_version": types.StringType, + // "builtin_dns_client_enabled": types.BoolType, + // "chrome_remote_desktop_app_blocked": types.BoolType, + // // TODU window only + // "crowd_strike_agent_id": types.StringType, + // // TODU window only + // "crowd_strike_customer_id": types.StringType, + // "device_enrollement_domain": types.StringType, + // "disk_encrypted": types.BoolType, + // "key_trust_level": types.StringType, + // "os_firewall": types.BoolType, + // "os_version": types.StringType, + // "password_proctection_warning_trigger": types.StringType, + // "realtime_url_check_mode": types.BoolType, + // "safe_browsing_protection_level": types.StringType, + // "screen_lock_secured": types.BoolType, + // // TODU window only + // "secure_boot_enabled": types.BoolType, + // "site_isolation_enabled": types.BoolType, + // // TODU window only + // "third_party_blocking_enabled": types.BoolType, + // // TODU window only + // "window_machine_domain": types.StringType, + // // TODU window only + // "window_user_domain": types.StringType, + // }, + // }, "created_date": schema.StringAttribute{ Description: "Created date", Computed: true, @@ -215,23 +199,39 @@ func (r *policyDeviceAssuranceMacOSResource) Schema(_ context.Context, _ resourc } } -// TODU +// Configure adds the provider configured client to the resource. +func (r *policyDeviceAssuranceMacOSResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + p, ok := req.ProviderData.(*Config) + if !ok { + resp.Diagnostics.AddError( + "Unexpected Resource Configure Type", + fmt.Sprintf("Expected *Config, got: %T. Please report this issue to the provider developers.", req.ProviderData), + ) + return + } + + r.Config = p +} + func (r *policyDeviceAssuranceMacOSResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var state policyDeviceAssuranceMacOSResourceModel resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) if resp.Diagnostics.HasError() { return } - // reqBody, err := buildDeviceAssurancePolicyRequest(state) - // if err != nil { - // resp.Diagnostics.AddError( - // "failed to build device assurance request", - // err.Error(), - // ) - // return - // } - reqBody, diag := buildDeviceAssuranceMacOSPolicyRequest(state) - resp.Diagnostics.Append(diag) + + reqBody, err := buildDeviceAssuranceMacOSPolicyRequest(state) + if err != nil { + resp.Diagnostics.AddError( + "failed to build device assurance request", + err.Error(), + ) + return + } deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.CreateDeviceAssurancePolicy(ctx).DeviceAssurance(reqBody).Execute() if err != nil { @@ -241,78 +241,80 @@ func (r *policyDeviceAssuranceMacOSResource) Create(ctx context.Context, req res ) return } + // TODU need to do additional read? - resp.Diagnostics.Append(mapDeviceAssuranceMacOSToState(deviceAssurance, state)...) + resp.Diagnostics.Append(mapDeviceAssuranceMacOSToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) if resp.Diagnostics.HasError() { return } } -// TODU -func (r *policyDeviceAssuranceMacOSResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { +func (r *policyDeviceAssuranceMacOSResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var state policyDeviceAssuranceMacOSResourceModel resp.Diagnostics.Append(req.State.Get(ctx, &state)...) if resp.Diagnostics.HasError() { return } - _, err := r.v3Client.DeviceAssuranceApi.DeleteDeviceAssurancePolicy(ctx, state.ID.String()).Execute() + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.GetDeviceAssurancePolicy(ctx, state.ID.ValueString()).Execute() if err != nil { resp.Diagnostics.AddError( - "failed to delete device assurance", + "failed to read device assurance", err.Error(), ) return } + + resp.Diagnostics.Append(mapDeviceAssuranceMacOSToState(deviceAssurance, &state)...) + if resp.Diagnostics.HasError() { + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } } -// TODU -func (r *policyDeviceAssuranceMacOSResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { +func (r *policyDeviceAssuranceMacOSResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { var state policyDeviceAssuranceMacOSResourceModel resp.Diagnostics.Append(req.State.Get(ctx, &state)...) if resp.Diagnostics.HasError() { return } - deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.GetDeviceAssurancePolicy(ctx, state.ID.String()).Execute() + + _, err := r.v3Client.DeviceAssuranceApi.DeleteDeviceAssurancePolicy(ctx, state.ID.ValueString()).Execute() if err != nil { resp.Diagnostics.AddError( - "failed to read device assurance", + "failed to delete device assurance", err.Error(), ) return } - resp.Diagnostics.Append(mapDeviceAssuranceMacOSToState(deviceAssurance, state)...) - if resp.Diagnostics.HasError() { - return - } - resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) - if resp.Diagnostics.HasError() { - return - } } -// TODU func (r *policyDeviceAssuranceMacOSResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var state policyDeviceAssuranceMacOSResourceModel resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) if resp.Diagnostics.HasError() { return } - // reqBody, err := buildDeviceAssurancePolicyRequest(state) - // if err != nil { - // resp.Diagnostics.AddError( - // "failed to build device assurance request", - // err.Error(), - // ) - // return - // } - reqBody, diag := buildDeviceAssuranceMacOSPolicyRequest(state) - resp.Diagnostics.Append(diag) - - deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.ReplaceDeviceAssurancePolicy(ctx, state.ID.String()).DeviceAssurance(reqBody).Execute() + + reqBody, err := buildDeviceAssuranceMacOSPolicyRequest(state) + if err != nil { + resp.Diagnostics.AddError( + "failed to build device assurance request", + err.Error(), + ) + return + } + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.ReplaceDeviceAssurancePolicy(ctx, state.ID.ValueString()).DeviceAssurance(reqBody).Execute() if err != nil { resp.Diagnostics.AddError( "failed to create device assurance", @@ -320,120 +322,83 @@ func (r *policyDeviceAssuranceMacOSResource) Update(ctx context.Context, req res ) return } + // TODU need to do additional read? - resp.Diagnostics.Append(mapDeviceAssuranceMacOSToState(deviceAssurance, state)...) + resp.Diagnostics.Append(mapDeviceAssuranceMacOSToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) if resp.Diagnostics.HasError() { return } } -// TODU -// func buildDeviceAssurancePolicyRequest(model policyDeviceAssuranceResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, error) { -// var android = &okta.DeviceAssuranceAndroidPlatform{} -// var iOS = &okta.DeviceAssuranceIOSPlatform{} -// var chromeOS = &okta.DeviceAssuranceChromeOSPlatform{} -// var macOS = &okta.DeviceAssuranceMacOSPlatform{} -// var windows = &okta.DeviceAssuranceWindowsPlatform{} -// switch model.Platform.ValueString() { -// case string(okta.PLATFORM_ANDROID): -// android.SetName(model.Name.ValueString()) -// android.SetPlatform(okta.Platform(model.Platform.ValueString())) -// case string(okta.PLATFORM_IOS): -// iOS.SetName(model.Name.String()) -// iOS.SetPlatform(okta.Platform(model.Platform.String())) -// case string(okta.PLATFORM_CHROMEOS): -// chromeOS.SetName(model.Name.String()) -// chromeOS.SetPlatform(okta.Platform(model.Platform.String())) -// tsp := okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{} -// tsp.Dtc.SetAllowScreenLock(model.ThirdPartySignalProviders.AllowScreenLock.ValueBool()) -// tsp.Dtc.SetBrowserVersion(okta.ChromeBrowserVersion{Minimum: model.ThirdPartySignalProviders.BrowserVersion.ValueStringPointer()}) -// tsp.Dtc.SetBuiltInDnsClientEnabled(model.ThirdPartySignalProviders.BuiltInDNSClientEnabled.ValueBool()) -// tsp.Dtc.SetChromeRemoteDesktopAppBlocked(model.ThirdPartySignalProviders.ChromeRemoteDesktopAppBlocked.ValueBool()) -// tsp.Dtc.SetDeviceEnrollmentDomain(model.ThirdPartySignalProviders.DeviceEnrollementDomain.ValueString()) -// tsp.Dtc.SetDiskEnrypted(model.ThirdPartySignalProviders.DiskEncrypted.ValueBool()) -// tsp.Dtc.SetKeyTrustLevel(okta.KeyTrustLevelOSMode(model.ThirdPartySignalProviders.KeyTrustLevel.ValueString())) -// tsp.Dtc.SetOsFirewall(model.ThirdPartySignalProviders.OsFirewall.ValueBool()) -// tsp.Dtc.SetOsVersion(okta.OSVersion{Minimum: model.ThirdPartySignalProviders.OsVersion.ValueStringPointer()}) -// tsp.Dtc.SetPasswordProtectionWarningTrigger(okta.PasswordProtectionWarningTrigger(model.ThirdPartySignalProviders.PasswordProctectionWarningTrigger.ValueString())) -// tsp.Dtc.SetRealtimeUrlCheckMode(model.ThirdPartySignalProviders.RealtimeURLCheckMode.ValueBool()) -// tsp.Dtc.SetSafeBrowsingProtectionLevel(okta.SafeBrowsingProtectionLevel(model.ThirdPartySignalProviders.SafeBrowsingProtectionLevel.ValueString())) -// tsp.Dtc.SetScreenLockSecured(model.ThirdPartySignalProviders.ScreenLockSecured.ValueBool()) -// tsp.Dtc.SetSiteIsolationEnabled(model.ThirdPartySignalProviders.SiteIsolationEnabled.ValueBool()) -// chromeOS.SetThirdPartySignalProviders(tsp) -// case string(okta.PLATFORM_MACOS): -// macOS.SetName(model.Name.String()) -// macOS.SetPlatform(okta.Platform(model.Platform.String())) -// case string(okta.PLATFORM_WINDOWS): -// windows.SetName(model.Name.String()) -// windows.SetPlatform(okta.Platform(model.Platform.String())) -// default: -// return okta.ListDeviceAssurancePolicies200ResponseInner{}, errors.New("unidentified platform") -// } -// return okta.ListDeviceAssurancePolicies200ResponseInner{ -// DeviceAssuranceAndroidPlatform: android, -// DeviceAssuranceIOSPlatform: iOS, -// DeviceAssuranceChromeOSPlatform: chromeOS, -// DeviceAssuranceMacOSPlatform: macOS, -// DeviceAssuranceWindowsPlatform: windows, -// }, nil -// } - -func buildDeviceAssuranceMacOSPolicyRequest(model policyDeviceAssuranceMacOSResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, diag.Diagnostic) { - var android = &okta.DeviceAssuranceAndroidPlatform{} - var iOS = &okta.DeviceAssuranceIOSPlatform{} - var chromeOS = &okta.DeviceAssuranceChromeOSPlatform{} - var macOS = &okta.DeviceAssuranceMacOSPlatform{} - var windows = &okta.DeviceAssuranceWindowsPlatform{} - switch model.Platform.ValueString() { - case string(okta.PLATFORM_ANDROID): - android.SetName(model.Name.ValueString()) - android.SetPlatform(okta.Platform(model.Platform.ValueString())) - case string(okta.PLATFORM_IOS): - iOS.SetName(model.Name.String()) - iOS.SetPlatform(okta.Platform(model.Platform.String())) - case string(okta.PLATFORM_CHROMEOS): - chromeOS.SetName(model.Name.String()) - chromeOS.SetPlatform(okta.Platform(model.Platform.String())) - tsp := okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{} - tsp.Dtc.SetAllowScreenLock(model.ThirdPartySignalProviders.AllowScreenLock.ValueBool()) - tsp.Dtc.SetBrowserVersion(okta.ChromeBrowserVersion{Minimum: model.ThirdPartySignalProviders.BrowserVersion.ValueStringPointer()}) - tsp.Dtc.SetBuiltInDnsClientEnabled(model.ThirdPartySignalProviders.BuiltInDNSClientEnabled.ValueBool()) - tsp.Dtc.SetChromeRemoteDesktopAppBlocked(model.ThirdPartySignalProviders.ChromeRemoteDesktopAppBlocked.ValueBool()) - tsp.Dtc.SetDeviceEnrollmentDomain(model.ThirdPartySignalProviders.DeviceEnrollementDomain.ValueString()) - tsp.Dtc.SetDiskEnrypted(model.ThirdPartySignalProviders.DiskEncrypted.ValueBool()) - tsp.Dtc.SetKeyTrustLevel(okta.KeyTrustLevelOSMode(model.ThirdPartySignalProviders.KeyTrustLevel.ValueString())) - tsp.Dtc.SetOsFirewall(model.ThirdPartySignalProviders.OsFirewall.ValueBool()) - tsp.Dtc.SetOsVersion(okta.OSVersion{Minimum: model.ThirdPartySignalProviders.OsVersion.ValueStringPointer()}) - tsp.Dtc.SetPasswordProtectionWarningTrigger(okta.PasswordProtectionWarningTrigger(model.ThirdPartySignalProviders.PasswordProctectionWarningTrigger.ValueString())) - tsp.Dtc.SetRealtimeUrlCheckMode(model.ThirdPartySignalProviders.RealtimeURLCheckMode.ValueBool()) - tsp.Dtc.SetSafeBrowsingProtectionLevel(okta.SafeBrowsingProtectionLevel(model.ThirdPartySignalProviders.SafeBrowsingProtectionLevel.ValueString())) - tsp.Dtc.SetScreenLockSecured(model.ThirdPartySignalProviders.ScreenLockSecured.ValueBool()) - tsp.Dtc.SetSiteIsolationEnabled(model.ThirdPartySignalProviders.SiteIsolationEnabled.ValueBool()) - chromeOS.SetThirdPartySignalProviders(tsp) - case string(okta.PLATFORM_MACOS): - macOS.SetName(model.Name.String()) - macOS.SetPlatform(okta.Platform(model.Platform.String())) - case string(okta.PLATFORM_WINDOWS): - windows.SetName(model.Name.String()) - windows.SetPlatform(okta.Platform(model.Platform.String())) - default: - return okta.ListDeviceAssurancePolicies200ResponseInner{}, diag.NewErrorDiagnostic("unidentified platform ", model.Platform.ValueString()) +func buildDeviceAssuranceMacOSPolicyRequest(model policyDeviceAssuranceMacOSResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, error) { + var macos = &okta.DeviceAssuranceMacOSPlatform{} + macos.SetName(model.Name.ValueString()) + macos.SetPlatform(okta.PLATFORM_MACOS) + if len(model.DiskEncryptionType) > 0 { + diskEncryptionType := make([]okta.DiskEncryptionType, 0) + for _, det := range model.DiskEncryptionType { + v, err := okta.NewDiskEncryptionTypeFromValue(det.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceMacOSPlatform: macos}, err + } + diskEncryptionType = append(diskEncryptionType, *v) + } + macos.DiskEncryptionType = &okta.DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType{Include: diskEncryptionType} + } + if !model.OsVersion.IsNull() { + macos.OsVersion = &okta.OSVersion{Minimum: model.OsVersion.ValueStringPointer()} } - return okta.ListDeviceAssurancePolicies200ResponseInner{ - DeviceAssuranceAndroidPlatform: android, - DeviceAssuranceIOSPlatform: iOS, - DeviceAssuranceChromeOSPlatform: chromeOS, - DeviceAssuranceMacOSPlatform: macOS, - DeviceAssuranceWindowsPlatform: windows, - }, nil + if len(model.ScreenLockType) > 0 { + screenlockType := make([]okta.ScreenLockType, 0) + for _, det := range model.ScreenLockType { + v, err := okta.NewScreenLockTypeFromValue(det.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceMacOSPlatform: macos}, err + } + screenlockType = append(screenlockType, *v) + } + macos.ScreenLockType = &okta.DeviceAssuranceAndroidPlatformAllOfScreenLockType{Include: screenlockType} + } + macos.SecureHardwarePresent = model.SecureHardwarePresent.ValueBoolPointer() + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceMacOSPlatform: macos}, nil } // Map response body to schema -func mapDeviceAssuranceMacOSToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state policyDeviceAssuranceMacOSResourceModel) diag.Diagnostics { +func mapDeviceAssuranceMacOSToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state *policyDeviceAssuranceMacOSResourceModel) diag.Diagnostics { var diags diag.Diagnostics + state.ID = types.StringValue(data.DeviceAssuranceMacOSPlatform.GetId()) + state.Name = types.StringValue(data.DeviceAssuranceMacOSPlatform.GetName()) + state.Platform = types.StringValue(string(data.DeviceAssuranceMacOSPlatform.GetPlatform())) + + if _, ok := data.DeviceAssuranceMacOSPlatform.GetSecureHardwarePresentOk(); ok { + state.SecureHardwarePresent = types.BoolValue(data.DeviceAssuranceMacOSPlatform.GetSecureHardwarePresent()) + } + if _, ok := data.DeviceAssuranceMacOSPlatform.GetOsVersionOk(); ok { + state.OsVersion = types.StringValue(data.DeviceAssuranceMacOSPlatform.OsVersion.GetMinimum()) + } + if _, ok := data.DeviceAssuranceMacOSPlatform.DiskEncryptionType.GetIncludeOk(); ok { + diskEncryptionType := make([]types.String, 0) + for _, det := range data.DeviceAssuranceMacOSPlatform.DiskEncryptionType.GetInclude() { + diskEncryptionType = append(diskEncryptionType, types.StringValue(string(det))) + } + state.DiskEncryptionType = diskEncryptionType + } + if _, ok := data.DeviceAssuranceMacOSPlatform.ScreenLockType.GetIncludeOk(); ok { + screenLockType := make([]types.String, 0) + for _, slt := range data.DeviceAssuranceMacOSPlatform.ScreenLockType.GetInclude() { + screenLockType = append(screenLockType, types.StringValue(string(slt))) + } + state.ScreenLockType = screenLockType + } + + state.CreateDate = types.StringValue(string(data.DeviceAssuranceMacOSPlatform.GetCreatedDate())) + state.CreateBy = types.StringValue(string(data.DeviceAssuranceMacOSPlatform.GetCreatedBy())) + state.LastUpdate = types.StringValue(string(data.DeviceAssuranceMacOSPlatform.GetLastUpdate())) + state.LastUpdatedBy = types.StringValue(string(data.DeviceAssuranceMacOSPlatform.GetLastUpdatedBy())) return diags } diff --git a/okta/resource_okta_policy_device_assurance_macOS_test.go b/okta/resource_okta_policy_device_assurance_macOS_test.go new file mode 100644 index 000000000..2782cb255 --- /dev/null +++ b/okta/resource_okta_policy_device_assurance_macOS_test.go @@ -0,0 +1,49 @@ +package okta + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccPolicyDeviceAssuranceMacOS(t *testing.T) { + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: providerConfig + ` + resource okta_policy_device_assurance_macos test{ + name = "test" + os_version = "12.4.5" + disk_encryption_type = toset(["ALL_INTERNAL_VOLUMES"]) + secure_hardware_present = true + screenlock_type = toset(["BIOMETRIC"]) + }`, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "name", "test"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "os_version", "12.4.5"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "disk_encryption_type.#", "1"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "secure_hardware_present", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "screenlock_type.#", "1"), + ), + }, + { + Config: providerConfig + ` + resource okta_policy_device_assurance_macos test{ + name = "test" + os_version = "12.4.6" + disk_encryption_type = toset(["ALL_INTERNAL_VOLUMES"]) + secure_hardware_present = true + screenlock_type = toset(["BIOMETRIC", "PASSCODE"]) + }`, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "name", "test"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "os_version", "12.4.6"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "disk_encryption_type.#", "1"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "secure_hardware_present", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "screenlock_type.#", "2"), + ), + }, + }, + }) +} diff --git a/okta/resource_okta_policy_device_assurance_window.go b/okta/resource_okta_policy_device_assurance_window.go index ca19fac82..feab67cce 100644 --- a/okta/resource_okta_policy_device_assurance_window.go +++ b/okta/resource_okta_policy_device_assurance_window.go @@ -2,11 +2,11 @@ package okta import ( "context" + "fmt" "github.com/hashicorp/terraform-plugin-framework-validators/boolvalidator" - "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/setvalidator" "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" - "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" @@ -20,8 +20,8 @@ import ( // Ensure the implementation satisfies the expected interfaces. var ( - _ resource.Resource = &policyDeviceAssuranceWindowsResource{} - // _ resource.ResourceWithConfigure = &policyDeviceAssuranceResource{} + _ resource.Resource = &policyDeviceAssuranceWindowsResource{} + _ resource.ResourceWithConfigure = &policyDeviceAssuranceWindowsResource{} // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} ) @@ -30,42 +30,37 @@ func NewPolicyDeviceAssuranceWindowsResource() resource.Resource { } type policyDeviceAssuranceWindowsResource struct { - v3Client *okta.APIClient + *Config } type policyDeviceAssuranceWindowsResourceModel struct { - ID types.String `tfsdk:"id"` - Name types.String `tfsdk:"name"` - Platform types.String `tfsdk:"platform"` - DiskEncryptionType types.List `tfsdk:"disk_encryption_type"` - JailBreak types.Bool `tfsdk:"jailbreak"` - OsVersion types.String `tfsdk:"os_version"` - SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` - ScreenLockType types.List `tfsdk:"screenlock_type"` - // TODU - ThirdPartySignalProviders thirdPartySignalProviders `tfsdk:"third_party_signal_providers"` - CreateDate types.String `tfsdk:"created_date"` - CreateBy types.String `tfsdk:"created_by"` - LastUpdate types.String `tfsdk:"last_update"` - LastUpdatedBy types.String `tfsdk:"last_updated_by"` + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Platform types.String `tfsdk:"platform"` + DiskEncryptionType []types.String `tfsdk:"disk_encryption_type"` + OsVersion types.String `tfsdk:"os_version"` + SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` + ScreenLockType []types.String `tfsdk:"screenlock_type"` + CreateDate types.String `tfsdk:"created_date"` + CreateBy types.String `tfsdk:"created_by"` + LastUpdate types.String `tfsdk:"last_update"` + LastUpdatedBy types.String `tfsdk:"last_updated_by"` + // // TODU no access to feature request + // ThirdPartySignalProviders thirdPartySignalProviders `tfsdk:"third_party_signal_providers"` } func (r *policyDeviceAssuranceWindowsResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_policy_device_assurance_windows" } -// TODU different requirement for request and response? -// TODU validation func (r *policyDeviceAssuranceWindowsResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { resp.Schema = schema.Schema{ Description: "Manages device assurance on policy", Attributes: map[string]schema.Attribute{ - // TODU needed? "id": schema.StringAttribute{ Description: "Policy assurance id", Computed: true, PlanModifiers: []planmodifier.String{ - // TODU stringplanmodifier.UseStateForUnknown(), }, }, @@ -74,28 +69,19 @@ func (r *policyDeviceAssuranceWindowsResource) Schema(_ context.Context, _ resou Required: true, }, "platform": schema.StringAttribute{ - Description: "Policy device assurance platform, can be ANDROID, CHROMEOS, IOS, MACOS or WINDOWS", - Required: true, - }, - "disk_encryption_type": schema.ListAttribute{ - Description: "List of disk encryption type, can be ALL_INTERNAL_VOLUMES, FULL, or USER", - Optional: true, - ElementType: types.StringType, - Validators: []validator.List{ - listvalidator.AtLeastOneOf(path.Expressions{ - path.MatchRoot("jail_break"), - path.MatchRoot("os_version"), - path.MatchRoot("secure_hardware_present"), - path.MatchRoot("screenlock_type"), - }...), + Description: "Policy device assurance platform", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), }, }, - "jail_break": schema.BoolAttribute{ - Description: "The device jailbreak. Only for android and iOS platform", + // use set to avoid order change as v3 does not have diff suppress func + "disk_encryption_type": schema.SetAttribute{ + Description: "List of disk encryption type, can be ALL_INTERNAL_VOLUMES", Optional: true, - Validators: []validator.Bool{ - boolvalidator.AtLeastOneOf(path.Expressions{ - path.MatchRoot("disk_encryption_type"), + ElementType: types.StringType, + Validators: []validator.Set{ + setvalidator.AtLeastOneOf(path.Expressions{ path.MatchRoot("os_version"), path.MatchRoot("secure_hardware_present"), path.MatchRoot("screenlock_type"), @@ -103,12 +89,11 @@ func (r *policyDeviceAssuranceWindowsResource) Schema(_ context.Context, _ resou }, }, "os_version": schema.StringAttribute{ - Description: "The device os version", + Description: "The device os minimum version", Optional: true, Validators: []validator.String{ stringvalidator.AtLeastOneOf(path.Expressions{ path.MatchRoot("disk_encryption_type"), - path.MatchRoot("jail_break"), path.MatchRoot("secure_hardware_present"), path.MatchRoot("screenlock_type"), }...), @@ -120,58 +105,57 @@ func (r *policyDeviceAssuranceWindowsResource) Schema(_ context.Context, _ resou Validators: []validator.Bool{ boolvalidator.AtLeastOneOf(path.Expressions{ path.MatchRoot("disk_encryption_type"), - path.MatchRoot("jail_break"), path.MatchRoot("os_version"), path.MatchRoot("screenlock_type"), }...), }, }, - "screenlock_type": schema.ListAttribute{ - Description: "List of screenlock type", + "screenlock_type": schema.SetAttribute{ + Description: "List of screenlock type, can be BIOMETRIC or BIOMETRIC, PASSCODE", Optional: true, ElementType: types.StringType, - Validators: []validator.List{ - listvalidator.AtLeastOneOf(path.Expressions{ + Validators: []validator.Set{ + setvalidator.AtLeastOneOf(path.Expressions{ path.MatchRoot("disk_encryption_type"), - path.MatchRoot("jail_break"), path.MatchRoot("os_version"), path.MatchRoot("secure_hardware_present"), }...), }, }, - "third_party_signal_providers": schema.ObjectAttribute{ - Description: "Settings for third-party signal providers. Required for ChromeOS platform, optional for others", - Optional: true, - AttributeTypes: map[string]attr.Type{ - // TODU chromeOS only - "allow_screen_lock": types.BoolType, - "browser_version": types.StringType, - "builtin_dns_client_enabled": types.BoolType, - "chrome_remote_desktop_app_blocked": types.BoolType, - // TODU window only - "crowd_strike_agent_id": types.StringType, - // TODU window only - "crowd_strike_customer_id": types.StringType, - "device_enrollement_domain": types.StringType, - "disk_encrypted": types.BoolType, - "key_trust_level": types.StringType, - "os_firewall": types.BoolType, - "os_version": types.StringType, - "password_proctection_warning_trigger": types.StringType, - "realtime_url_check_mode": types.BoolType, - "safe_browsing_protection_level": types.StringType, - "screen_lock_secured": types.BoolType, - // TODU window only - "secure_boot_enabled": types.BoolType, - "site_isolation_enabled": types.BoolType, - // TODU window only - "third_party_blocking_enabled": types.BoolType, - // TODU window only - "window_machine_domain": types.StringType, - // TODU window only - "window_user_domain": types.StringType, - }, - }, + // // TODU no access to feature request + // "third_party_signal_providers": schema.ObjectAttribute{ + // Description: "Settings for third-party signal providers. Required for ChromeOS platform, optional for others", + // Optional: true, + // AttributeTypes: map[string]attr.Type{ + // // TODU chromeOS only + // "allow_screen_lock": types.BoolType, + // "browser_version": types.StringType, + // "builtin_dns_client_enabled": types.BoolType, + // "chrome_remote_desktop_app_blocked": types.BoolType, + // // TODU window only + // "crowd_strike_agent_id": types.StringType, + // // TODU window only + // "crowd_strike_customer_id": types.StringType, + // "device_enrollement_domain": types.StringType, + // "disk_encrypted": types.BoolType, + // "key_trust_level": types.StringType, + // "os_firewall": types.BoolType, + // "os_version": types.StringType, + // "password_proctection_warning_trigger": types.StringType, + // "realtime_url_check_mode": types.BoolType, + // "safe_browsing_protection_level": types.StringType, + // "screen_lock_secured": types.BoolType, + // // TODU window only + // "secure_boot_enabled": types.BoolType, + // "site_isolation_enabled": types.BoolType, + // // TODU window only + // "third_party_blocking_enabled": types.BoolType, + // // TODU window only + // "window_machine_domain": types.StringType, + // // TODU window only + // "window_user_domain": types.StringType, + // }, + // }, "created_date": schema.StringAttribute{ Description: "Created date", Computed: true, @@ -192,23 +176,39 @@ func (r *policyDeviceAssuranceWindowsResource) Schema(_ context.Context, _ resou } } -// TODU +// Configure adds the provider configured client to the resource. +func (r *policyDeviceAssuranceWindowsResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + p, ok := req.ProviderData.(*Config) + if !ok { + resp.Diagnostics.AddError( + "Unexpected Resource Configure Type", + fmt.Sprintf("Expected *Config, got: %T. Please report this issue to the provider developers.", req.ProviderData), + ) + return + } + + r.Config = p +} + func (r *policyDeviceAssuranceWindowsResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var state policyDeviceAssuranceWindowsResourceModel resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) if resp.Diagnostics.HasError() { return } - // reqBody, err := buildDeviceAssurancePolicyRequest(state) - // if err != nil { - // resp.Diagnostics.AddError( - // "failed to build device assurance request", - // err.Error(), - // ) - // return - // } - reqBody, diag := buildDeviceAssuranceWindowsPolicyRequest(state) - resp.Diagnostics.Append(diag) + + reqBody, err := buildDeviceAssuranceWindowsPolicyRequest(state) + if err != nil { + resp.Diagnostics.AddError( + "failed to build device assurance request", + err.Error(), + ) + return + } deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.CreateDeviceAssurancePolicy(ctx).DeviceAssurance(reqBody).Execute() if err != nil { @@ -218,78 +218,80 @@ func (r *policyDeviceAssuranceWindowsResource) Create(ctx context.Context, req r ) return } + // TODU need to do additional read? - resp.Diagnostics.Append(mapDeviceAssuranceWindowsToState(deviceAssurance, state)...) + resp.Diagnostics.Append(mapDeviceAssuranceWindowsToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) if resp.Diagnostics.HasError() { return } } -// TODU -func (r *policyDeviceAssuranceWindowsResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { +func (r *policyDeviceAssuranceWindowsResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var state policyDeviceAssuranceWindowsResourceModel resp.Diagnostics.Append(req.State.Get(ctx, &state)...) if resp.Diagnostics.HasError() { return } - _, err := r.v3Client.DeviceAssuranceApi.DeleteDeviceAssurancePolicy(ctx, state.ID.String()).Execute() + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.GetDeviceAssurancePolicy(ctx, state.ID.ValueString()).Execute() if err != nil { resp.Diagnostics.AddError( - "failed to delete device assurance", + "failed to read device assurance", err.Error(), ) return } + + resp.Diagnostics.Append(mapDeviceAssuranceWindowsToState(deviceAssurance, &state)...) + if resp.Diagnostics.HasError() { + return + } + + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } } -// TODU -func (r *policyDeviceAssuranceWindowsResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { +func (r *policyDeviceAssuranceWindowsResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { var state policyDeviceAssuranceWindowsResourceModel resp.Diagnostics.Append(req.State.Get(ctx, &state)...) if resp.Diagnostics.HasError() { return } - deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.GetDeviceAssurancePolicy(ctx, state.ID.String()).Execute() + + _, err := r.v3Client.DeviceAssuranceApi.DeleteDeviceAssurancePolicy(ctx, state.ID.ValueString()).Execute() if err != nil { resp.Diagnostics.AddError( - "failed to read device assurance", + "failed to delete device assurance", err.Error(), ) return } - resp.Diagnostics.Append(mapDeviceAssuranceWindowsToState(deviceAssurance, state)...) - if resp.Diagnostics.HasError() { - return - } - resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) - if resp.Diagnostics.HasError() { - return - } } -// TODU func (r *policyDeviceAssuranceWindowsResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var state policyDeviceAssuranceWindowsResourceModel resp.Diagnostics.Append(req.Plan.Get(ctx, &state)...) if resp.Diagnostics.HasError() { return } - // reqBody, err := buildDeviceAssurancePolicyRequest(state) - // if err != nil { - // resp.Diagnostics.AddError( - // "failed to build device assurance request", - // err.Error(), - // ) - // return - // } - reqBody, diag := buildDeviceAssuranceWindowsPolicyRequest(state) - resp.Diagnostics.Append(diag) - deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.ReplaceDeviceAssurancePolicy(ctx, state.ID.String()).DeviceAssurance(reqBody).Execute() + reqBody, err := buildDeviceAssuranceWindowsPolicyRequest(state) + if err != nil { + resp.Diagnostics.AddError( + "failed to build device assurance request", + err.Error(), + ) + return + } + + deviceAssurance, _, err := r.v3Client.DeviceAssuranceApi.ReplaceDeviceAssurancePolicy(ctx, state.ID.ValueString()).DeviceAssurance(reqBody).Execute() if err != nil { resp.Diagnostics.AddError( "failed to create device assurance", @@ -297,120 +299,83 @@ func (r *policyDeviceAssuranceWindowsResource) Update(ctx context.Context, req r ) return } + // TODU need to do additional read? - resp.Diagnostics.Append(mapDeviceAssuranceWindowsToState(deviceAssurance, state)...) + resp.Diagnostics.Append(mapDeviceAssuranceWindowsToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return } + resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) if resp.Diagnostics.HasError() { return } } -// TODU -// func buildDeviceAssurancePolicyRequest(model policyDeviceAssuranceResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, error) { -// var android = &okta.DeviceAssuranceAndroidPlatform{} -// var iOS = &okta.DeviceAssuranceIOSPlatform{} -// var chromeOS = &okta.DeviceAssuranceChromeOSPlatform{} -// var macOS = &okta.DeviceAssuranceMacOSPlatform{} -// var windows = &okta.DeviceAssuranceWindowsPlatform{} -// switch model.Platform.ValueString() { -// case string(okta.PLATFORM_ANDROID): -// android.SetName(model.Name.ValueString()) -// android.SetPlatform(okta.Platform(model.Platform.ValueString())) -// case string(okta.PLATFORM_IOS): -// iOS.SetName(model.Name.String()) -// iOS.SetPlatform(okta.Platform(model.Platform.String())) -// case string(okta.PLATFORM_CHROMEOS): -// chromeOS.SetName(model.Name.String()) -// chromeOS.SetPlatform(okta.Platform(model.Platform.String())) -// tsp := okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{} -// tsp.Dtc.SetAllowScreenLock(model.ThirdPartySignalProviders.AllowScreenLock.ValueBool()) -// tsp.Dtc.SetBrowserVersion(okta.ChromeBrowserVersion{Minimum: model.ThirdPartySignalProviders.BrowserVersion.ValueStringPointer()}) -// tsp.Dtc.SetBuiltInDnsClientEnabled(model.ThirdPartySignalProviders.BuiltInDNSClientEnabled.ValueBool()) -// tsp.Dtc.SetChromeRemoteDesktopAppBlocked(model.ThirdPartySignalProviders.ChromeRemoteDesktopAppBlocked.ValueBool()) -// tsp.Dtc.SetDeviceEnrollmentDomain(model.ThirdPartySignalProviders.DeviceEnrollementDomain.ValueString()) -// tsp.Dtc.SetDiskEnrypted(model.ThirdPartySignalProviders.DiskEncrypted.ValueBool()) -// tsp.Dtc.SetKeyTrustLevel(okta.KeyTrustLevelOSMode(model.ThirdPartySignalProviders.KeyTrustLevel.ValueString())) -// tsp.Dtc.SetOsFirewall(model.ThirdPartySignalProviders.OsFirewall.ValueBool()) -// tsp.Dtc.SetOsVersion(okta.OSVersion{Minimum: model.ThirdPartySignalProviders.OsVersion.ValueStringPointer()}) -// tsp.Dtc.SetPasswordProtectionWarningTrigger(okta.PasswordProtectionWarningTrigger(model.ThirdPartySignalProviders.PasswordProctectionWarningTrigger.ValueString())) -// tsp.Dtc.SetRealtimeUrlCheckMode(model.ThirdPartySignalProviders.RealtimeURLCheckMode.ValueBool()) -// tsp.Dtc.SetSafeBrowsingProtectionLevel(okta.SafeBrowsingProtectionLevel(model.ThirdPartySignalProviders.SafeBrowsingProtectionLevel.ValueString())) -// tsp.Dtc.SetScreenLockSecured(model.ThirdPartySignalProviders.ScreenLockSecured.ValueBool()) -// tsp.Dtc.SetSiteIsolationEnabled(model.ThirdPartySignalProviders.SiteIsolationEnabled.ValueBool()) -// chromeOS.SetThirdPartySignalProviders(tsp) -// case string(okta.PLATFORM_MACOS): -// macOS.SetName(model.Name.String()) -// macOS.SetPlatform(okta.Platform(model.Platform.String())) -// case string(okta.PLATFORM_WINDOWS): -// windows.SetName(model.Name.String()) -// windows.SetPlatform(okta.Platform(model.Platform.String())) -// default: -// return okta.ListDeviceAssurancePolicies200ResponseInner{}, errors.New("unidentified platform") -// } -// return okta.ListDeviceAssurancePolicies200ResponseInner{ -// DeviceAssuranceAndroidPlatform: android, -// DeviceAssuranceIOSPlatform: iOS, -// DeviceAssuranceChromeOSPlatform: chromeOS, -// DeviceAssuranceMacOSPlatform: macOS, -// DeviceAssuranceWindowsPlatform: windows, -// }, nil -// } - -func buildDeviceAssuranceWindowsPolicyRequest(model policyDeviceAssuranceWindowsResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, diag.Diagnostic) { - var android = &okta.DeviceAssuranceAndroidPlatform{} - var iOS = &okta.DeviceAssuranceIOSPlatform{} - var chromeOS = &okta.DeviceAssuranceChromeOSPlatform{} - var macOS = &okta.DeviceAssuranceMacOSPlatform{} +func buildDeviceAssuranceWindowsPolicyRequest(model policyDeviceAssuranceWindowsResourceModel) (okta.ListDeviceAssurancePolicies200ResponseInner, error) { var windows = &okta.DeviceAssuranceWindowsPlatform{} - switch model.Platform.ValueString() { - case string(okta.PLATFORM_ANDROID): - android.SetName(model.Name.ValueString()) - android.SetPlatform(okta.Platform(model.Platform.ValueString())) - case string(okta.PLATFORM_IOS): - iOS.SetName(model.Name.String()) - iOS.SetPlatform(okta.Platform(model.Platform.String())) - case string(okta.PLATFORM_CHROMEOS): - chromeOS.SetName(model.Name.String()) - chromeOS.SetPlatform(okta.Platform(model.Platform.String())) - tsp := okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders{} - tsp.Dtc.SetAllowScreenLock(model.ThirdPartySignalProviders.AllowScreenLock.ValueBool()) - tsp.Dtc.SetBrowserVersion(okta.ChromeBrowserVersion{Minimum: model.ThirdPartySignalProviders.BrowserVersion.ValueStringPointer()}) - tsp.Dtc.SetBuiltInDnsClientEnabled(model.ThirdPartySignalProviders.BuiltInDNSClientEnabled.ValueBool()) - tsp.Dtc.SetChromeRemoteDesktopAppBlocked(model.ThirdPartySignalProviders.ChromeRemoteDesktopAppBlocked.ValueBool()) - tsp.Dtc.SetDeviceEnrollmentDomain(model.ThirdPartySignalProviders.DeviceEnrollementDomain.ValueString()) - tsp.Dtc.SetDiskEnrypted(model.ThirdPartySignalProviders.DiskEncrypted.ValueBool()) - tsp.Dtc.SetKeyTrustLevel(okta.KeyTrustLevelOSMode(model.ThirdPartySignalProviders.KeyTrustLevel.ValueString())) - tsp.Dtc.SetOsFirewall(model.ThirdPartySignalProviders.OsFirewall.ValueBool()) - tsp.Dtc.SetOsVersion(okta.OSVersion{Minimum: model.ThirdPartySignalProviders.OsVersion.ValueStringPointer()}) - tsp.Dtc.SetPasswordProtectionWarningTrigger(okta.PasswordProtectionWarningTrigger(model.ThirdPartySignalProviders.PasswordProctectionWarningTrigger.ValueString())) - tsp.Dtc.SetRealtimeUrlCheckMode(model.ThirdPartySignalProviders.RealtimeURLCheckMode.ValueBool()) - tsp.Dtc.SetSafeBrowsingProtectionLevel(okta.SafeBrowsingProtectionLevel(model.ThirdPartySignalProviders.SafeBrowsingProtectionLevel.ValueString())) - tsp.Dtc.SetScreenLockSecured(model.ThirdPartySignalProviders.ScreenLockSecured.ValueBool()) - tsp.Dtc.SetSiteIsolationEnabled(model.ThirdPartySignalProviders.SiteIsolationEnabled.ValueBool()) - chromeOS.SetThirdPartySignalProviders(tsp) - case string(okta.PLATFORM_MACOS): - macOS.SetName(model.Name.String()) - macOS.SetPlatform(okta.Platform(model.Platform.String())) - case string(okta.PLATFORM_WINDOWS): - windows.SetName(model.Name.String()) - windows.SetPlatform(okta.Platform(model.Platform.String())) - default: - return okta.ListDeviceAssurancePolicies200ResponseInner{}, diag.NewErrorDiagnostic("unidentified platform ", model.Platform.ValueString()) + windows.SetName(model.Name.ValueString()) + windows.SetPlatform(okta.PLATFORM_WINDOWS) + if len(model.DiskEncryptionType) > 0 { + diskEncryptionType := make([]okta.DiskEncryptionType, 0) + for _, det := range model.DiskEncryptionType { + v, err := okta.NewDiskEncryptionTypeFromValue(det.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceWindowsPlatform: windows}, err + } + diskEncryptionType = append(diskEncryptionType, *v) + } + windows.DiskEncryptionType = &okta.DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType{Include: diskEncryptionType} + } + if !model.OsVersion.IsNull() { + windows.OsVersion = &okta.OSVersion{Minimum: model.OsVersion.ValueStringPointer()} } - return okta.ListDeviceAssurancePolicies200ResponseInner{ - DeviceAssuranceAndroidPlatform: android, - DeviceAssuranceIOSPlatform: iOS, - DeviceAssuranceChromeOSPlatform: chromeOS, - DeviceAssuranceMacOSPlatform: macOS, - DeviceAssuranceWindowsPlatform: windows, - }, nil + if len(model.ScreenLockType) > 0 { + screenlockType := make([]okta.ScreenLockType, 0) + for _, det := range model.ScreenLockType { + v, err := okta.NewScreenLockTypeFromValue(det.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceWindowsPlatform: windows}, err + } + screenlockType = append(screenlockType, *v) + } + windows.ScreenLockType = &okta.DeviceAssuranceAndroidPlatformAllOfScreenLockType{Include: screenlockType} + } + windows.SecureHardwarePresent = model.SecureHardwarePresent.ValueBoolPointer() + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceWindowsPlatform: windows}, nil } // Map response body to schema -func mapDeviceAssuranceWindowsToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state policyDeviceAssuranceWindowsResourceModel) diag.Diagnostics { +func mapDeviceAssuranceWindowsToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state *policyDeviceAssuranceWindowsResourceModel) diag.Diagnostics { var diags diag.Diagnostics + state.ID = types.StringValue(data.DeviceAssuranceWindowsPlatform.GetId()) + state.Name = types.StringValue(data.DeviceAssuranceWindowsPlatform.GetName()) + state.Platform = types.StringValue(string(data.DeviceAssuranceWindowsPlatform.GetPlatform())) + + if _, ok := data.DeviceAssuranceWindowsPlatform.GetSecureHardwarePresentOk(); ok { + state.SecureHardwarePresent = types.BoolValue(data.DeviceAssuranceWindowsPlatform.GetSecureHardwarePresent()) + } + if _, ok := data.DeviceAssuranceWindowsPlatform.GetOsVersionOk(); ok { + state.OsVersion = types.StringValue(data.DeviceAssuranceWindowsPlatform.OsVersion.GetMinimum()) + } + if _, ok := data.DeviceAssuranceWindowsPlatform.DiskEncryptionType.GetIncludeOk(); ok { + diskEncryptionType := make([]types.String, 0) + for _, det := range data.DeviceAssuranceWindowsPlatform.DiskEncryptionType.GetInclude() { + diskEncryptionType = append(diskEncryptionType, types.StringValue(string(det))) + } + state.DiskEncryptionType = diskEncryptionType + } + if _, ok := data.DeviceAssuranceWindowsPlatform.ScreenLockType.GetIncludeOk(); ok { + screenLockType := make([]types.String, 0) + for _, slt := range data.DeviceAssuranceWindowsPlatform.ScreenLockType.GetInclude() { + screenLockType = append(screenLockType, types.StringValue(string(slt))) + } + state.ScreenLockType = screenLockType + } + + state.CreateDate = types.StringValue(string(data.DeviceAssuranceWindowsPlatform.GetCreatedDate())) + state.CreateBy = types.StringValue(string(data.DeviceAssuranceWindowsPlatform.GetCreatedBy())) + state.LastUpdate = types.StringValue(string(data.DeviceAssuranceWindowsPlatform.GetLastUpdate())) + state.LastUpdatedBy = types.StringValue(string(data.DeviceAssuranceWindowsPlatform.GetLastUpdatedBy())) return diags } diff --git a/okta/resource_okta_policy_device_assurance_window_test.go b/okta/resource_okta_policy_device_assurance_window_test.go new file mode 100644 index 000000000..d59c06023 --- /dev/null +++ b/okta/resource_okta_policy_device_assurance_window_test.go @@ -0,0 +1,49 @@ +package okta + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccPolicyDeviceAssuranceWindows(t *testing.T) { + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: providerConfig + ` + resource okta_policy_device_assurance_windows test{ + name = "test" + os_version = "12.4.5" + disk_encryption_type = toset(["ALL_INTERNAL_VOLUMES"]) + secure_hardware_present = true + screenlock_type = toset(["BIOMETRIC"]) + }`, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "name", "test"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "os_version", "12.4.5"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "disk_encryption_type.#", "1"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "secure_hardware_present", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "screenlock_type.#", "1"), + ), + }, + { + Config: providerConfig + ` + resource okta_policy_device_assurance_windows test{ + name = "test" + os_version = "12.4.6" + disk_encryption_type = toset(["ALL_INTERNAL_VOLUMES"]) + secure_hardware_present = true + screenlock_type = toset(["BIOMETRIC", "PASSCODE"]) + }`, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "name", "test"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "os_version", "12.4.6"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "disk_encryption_type.#", "1"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "secure_hardware_present", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "screenlock_type.#", "2"), + ), + }, + }, + }) +} From f3fde2ad4383decf80be8ccaa2096b5366c8cd09 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Date: Fri, 4 Aug 2023 16:55:22 -0400 Subject: [PATCH 3/8] add test --- go.mod | 6 +- go.sum | 14 +- okta/config.go | 58 +++- okta/framework_provider.go | 2 +- okta/provider.go | 6 +- ...rce_okta_policy_device_assurance_androi.go | 28 +- ...kta_policy_device_assurance_androi_test.go | 4 - ...e_okta_policy_device_assurance_chromeOS.go | 243 +++++++++++----- ...a_policy_device_assurance_chromeOS_test.go | 61 ++++ ...source_okta_policy_device_assurance_iOS.go | 25 +- ...urce_okta_policy_device_assurance_macOS.go | 241 ++++++++++------ ...okta_policy_device_assurance_macOS_test.go | 28 ++ ...rce_okta_policy_device_assurance_window.go | 261 ++++++++++++++---- ...kta_policy_device_assurance_window_test.go | 41 +++ 14 files changed, 761 insertions(+), 257 deletions(-) create mode 100644 okta/resource_okta_policy_device_assurance_chromeOS_test.go diff --git a/go.mod b/go.mod index 556b60167..12a3bec9c 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/hashicorp/terraform-plugin-mux v0.11.2 github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0 github.com/kelseyhightower/envconfig v1.4.0 - github.com/okta/okta-sdk-golang/v3 v3.0.11 + github.com/okta/okta-sdk-golang/v3 v3.0.12 github.com/patrickmn/go-cache v2.1.0+incompatible github.com/stretchr/testify v1.8.4 gopkg.in/square/go-jose.v2 v2.6.0 @@ -81,12 +81,12 @@ require ( github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/zclconf/go-cty v1.13.2 // indirect - golang.org/x/crypto v0.10.0 // indirect + golang.org/x/crypto v0.11.0 // indirect golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect golang.org/x/mod v0.11.0 // indirect golang.org/x/net v0.11.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect - golang.org/x/sys v0.9.0 // indirect + golang.org/x/sys v0.10.0 // indirect golang.org/x/text v0.11.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect diff --git a/go.sum b/go.sum index caaa4c54a..32f637d12 100644 --- a/go.sum +++ b/go.sum @@ -275,8 +275,8 @@ github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= -github.com/okta/okta-sdk-golang/v3 v3.0.11 h1:bFciYORMGPjC/UqxNt5s3f6PhTHD4SPRBpDzcoNuRYA= -github.com/okta/okta-sdk-golang/v3 v3.0.11/go.mod h1:cYdp2vJAjD803jMGxCJZXiOXBQcTBfOHwBOV6hXqfg0= +github.com/okta/okta-sdk-golang/v3 v3.0.12 h1:YRylSMp/2bLwWJSUuqcL+Yi1gjIEdEUria5LvV2NIks= +github.com/okta/okta-sdk-golang/v3 v3.0.12/go.mod h1:cYdp2vJAjD803jMGxCJZXiOXBQcTBfOHwBOV6hXqfg0= github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= @@ -350,8 +350,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220128200615-198e4374d7ed/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= -golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= +golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -466,10 +466,10 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= +golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= +golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/okta/config.go b/okta/config.go index efb1ecc07..c3bde149a 100644 --- a/okta/config.go +++ b/okta/config.go @@ -129,7 +129,61 @@ func (c *Config) loadAndValidate(ctx context.Context) error { return nil } -func (c *Config) handleDefaults(ctx context.Context, data *FrameworkProviderData) error { +func (c *Config) handlePluginDefaults(ctx context.Context) error { + var err error + if c.orgName == "" && os.Getenv("OKTA_ORG_NAME") != "" { + c.orgName = os.Getenv("OKTA_ORG_NAME") + } + if c.accessToken == "" && os.Getenv("OKTA_ACCESS_TOKEN") != "" { + c.accessToken = os.Getenv("OKTA_ACCESS_TOKEN") + } + if c.apiToken == "" && os.Getenv("OKTA_API_TOKEN") != "" { + c.apiToken = os.Getenv("OKTA_API_TOKEN") + } + if c.clientID == "" && os.Getenv("OKTA_API_CLIENT_ID") != "" { + c.clientID = os.Getenv("OKTA_API_CLIENT_ID") + } + if v := os.Getenv("OKTA_API_SCOPES"); v != "" && len(c.scopes) == 0 { + c.scopes = strings.Split(v, ",") + } + if c.privateKey == "" && os.Getenv("OKTA_API_PRIVATE_KEY") != "" { + c.privateKey = os.Getenv("OKTA_API_PRIVATE_KEY") + } + if c.privateKeyId == "" && os.Getenv("OKTA_API_PRIVATE_KEY_ID") != "" { + c.privateKeyId = os.Getenv("OKTA_API_PRIVATE_KEY_ID") + } + if c.domain == "" { + if os.Getenv("OKTA_BASE_URL") != "" { + c.domain = os.Getenv("OKTA_BASE_URL") + } else { + c.domain = "okta.com" + } + } + if c.httpProxy == "" && os.Getenv("OKTA_HTTP_PROXY") != "" { + c.httpProxy = os.Getenv("OKTA_HTTP_PROXY") + } + if c.maxAPICapacity == 0 { + if os.Getenv("MAX_API_CAPACITY") != "" { + mac, err := strconv.ParseInt(os.Getenv("MAX_API_CAPACITY"), 10, 64) + if err != nil { + return err + } + c.maxAPICapacity = int(mac) + } else { + c.maxAPICapacity = 100 + } + } + c.backoff = true + c.minWait = 30 + c.maxWait = 300 + c.retryCount = 5 + c.parallelism = 1 + c.logLevel = int(hclog.Error) + c.requestTimeout = 0 + return err +} + +func (c *Config) handleFrameworkDefaults(ctx context.Context, data *FrameworkProviderData) error { var err error if data.OrgName.IsNull() && os.Getenv("OKTA_ORG_NAME") != "" { data.OrgName = types.StringValue(os.Getenv("OKTA_ORG_NAME")) @@ -162,7 +216,7 @@ func (c *Config) handleDefaults(ctx context.Context, data *FrameworkProviderData } if data.BaseURL.IsNull() { if os.Getenv("OKTA_BASE_URL") != "" { - data.BaseURL = types.StringValue(os.Getenv("OKTA_API_PRIVATE_KEY_ID")) + data.BaseURL = types.StringValue(os.Getenv("OKTA_BASE_URL")) } else { data.BaseURL = types.StringValue("okta.com") } diff --git a/okta/framework_provider.go b/okta/framework_provider.go index 76a5f1769..4ca0c2d58 100644 --- a/okta/framework_provider.go +++ b/okta/framework_provider.go @@ -198,7 +198,7 @@ func (p *FrameworkProvider) Configure(ctx context.Context, req provider.Configur return } - err := p.handleDefaults(ctx, &data) + err := p.handleFrameworkDefaults(ctx, &data) if err != nil { resp.Diagnostics.AddError("failed to load default value to provider", err.Error()) return diff --git a/okta/provider.go b/okta/provider.go index ca8b7f8b4..a6ecf6f0c 100644 --- a/okta/provider.go +++ b/okta/provider.go @@ -5,8 +5,6 @@ import ( "context" "fmt" "log" - "os" - "strings" "time" "github.com/cenkalti/backoff" @@ -400,8 +398,8 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{} config.httpProxy = httpProxy } - if v := os.Getenv("OKTA_API_SCOPES"); v != "" && len(config.scopes) == 0 { - config.scopes = strings.Split(v, ",") + if err := config.handlePluginDefaults(ctx); err != nil { + return nil, diag.Errorf("[ERROR] handle default configuration: %v", err) } if err := config.loadAndValidate(ctx); err != nil { diff --git a/okta/resource_okta_policy_device_assurance_androi.go b/okta/resource_okta_policy_device_assurance_androi.go index d2d6da3ed..0f3206d38 100644 --- a/okta/resource_okta_policy_device_assurance_androi.go +++ b/okta/resource_okta_policy_device_assurance_androi.go @@ -330,18 +330,18 @@ func buildDeviceAssuranceAndroidPolicyRequest(model policyDeviceAssuranceAndroid // Map response body to schema func mapDeviceAssuranceAndroidToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state *policyDeviceAssuranceAndroidResourceModel) diag.Diagnostics { var diags diag.Diagnostics - state.ID = types.StringValue(data.DeviceAssuranceAndroidPlatform.GetId()) - state.Name = types.StringValue(data.DeviceAssuranceAndroidPlatform.GetName()) - state.Platform = types.StringValue(string(data.DeviceAssuranceAndroidPlatform.GetPlatform())) - - if _, ok := data.DeviceAssuranceAndroidPlatform.GetJailbreakOk(); ok { - state.JailBreak = types.BoolValue(data.DeviceAssuranceAndroidPlatform.GetJailbreak()) - } - if _, ok := data.DeviceAssuranceAndroidPlatform.GetSecureHardwarePresentOk(); ok { - state.SecureHardwarePresent = types.BoolValue(data.DeviceAssuranceAndroidPlatform.GetSecureHardwarePresent()) + if data.DeviceAssuranceAndroidPlatform == nil { + diags.AddError("Empty response", "Android object") + return diags } + state.ID = types.StringPointerValue(data.DeviceAssuranceAndroidPlatform.Id) + state.Name = types.StringPointerValue(data.DeviceAssuranceAndroidPlatform.Name) + state.Platform = types.StringPointerValue((*string)(data.DeviceAssuranceAndroidPlatform.Platform)) + + state.JailBreak = types.BoolPointerValue(data.DeviceAssuranceAndroidPlatform.Jailbreak) + state.SecureHardwarePresent = types.BoolPointerValue(data.DeviceAssuranceAndroidPlatform.SecureHardwarePresent) if _, ok := data.DeviceAssuranceAndroidPlatform.GetOsVersionOk(); ok { - state.OsVersion = types.StringValue(data.DeviceAssuranceAndroidPlatform.OsVersion.GetMinimum()) + state.OsVersion = types.StringPointerValue(data.DeviceAssuranceAndroidPlatform.OsVersion.Minimum) } if _, ok := data.DeviceAssuranceAndroidPlatform.DiskEncryptionType.GetIncludeOk(); ok { diskEncryptionType := make([]types.String, 0) @@ -358,9 +358,9 @@ func mapDeviceAssuranceAndroidToState(data *okta.ListDeviceAssurancePolicies200R state.ScreenLockType = screenLockType } - state.CreateDate = types.StringValue(string(data.DeviceAssuranceAndroidPlatform.GetCreatedDate())) - state.CreateBy = types.StringValue(string(data.DeviceAssuranceAndroidPlatform.GetCreatedBy())) - state.LastUpdate = types.StringValue(string(data.DeviceAssuranceAndroidPlatform.GetLastUpdate())) - state.LastUpdatedBy = types.StringValue(string(data.DeviceAssuranceAndroidPlatform.GetLastUpdatedBy())) + state.CreateDate = types.StringPointerValue(data.DeviceAssuranceAndroidPlatform.CreatedDate) + state.CreateBy = types.StringPointerValue(data.DeviceAssuranceAndroidPlatform.CreatedBy) + state.LastUpdate = types.StringPointerValue(data.DeviceAssuranceAndroidPlatform.LastUpdate) + state.LastUpdatedBy = types.StringPointerValue(data.DeviceAssuranceAndroidPlatform.LastUpdatedBy) return diags } diff --git a/okta/resource_okta_policy_device_assurance_androi_test.go b/okta/resource_okta_policy_device_assurance_androi_test.go index d59cbc533..1e4360292 100644 --- a/okta/resource_okta_policy_device_assurance_androi_test.go +++ b/okta/resource_okta_policy_device_assurance_androi_test.go @@ -18,10 +18,6 @@ const ( ) var ( - // testAccProtoV6ProviderFactories are used to instantiate a provider during - // acceptance testing. The factory function will be invoked for every Terraform - // CLI command executed to create a provider server to which the CLI can - // reattach. testAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){ "okta": providerserver.NewProtocol6WithError(NewFWProvider("test")), } diff --git a/okta/resource_okta_policy_device_assurance_chromeOS.go b/okta/resource_okta_policy_device_assurance_chromeOS.go index 009ad9529..82a0c7cce 100644 --- a/okta/resource_okta_policy_device_assurance_chromeOS.go +++ b/okta/resource_okta_policy_device_assurance_chromeOS.go @@ -29,36 +29,31 @@ type policyDeviceAssuranceChromeOSResource struct { } type policyDeviceAssuranceChromeOSResourceModel struct { - ID types.String `tfsdk:"id"` - Name types.String `tfsdk:"name"` - Platform types.String `tfsdk:"platform"` - CreateDate types.String `tfsdk:"created_date"` - CreateBy types.String `tfsdk:"created_by"` - LastUpdate types.String `tfsdk:"last_update"` - LastUpdatedBy types.String `tfsdk:"last_updated_by"` - // TODU no feature access - ThirdPartySignalProviders thirdPartySignalProvidersChromeOS `tfsdk:"third_party_signal_providers"` -} - -type thirdPartySignalProvidersChromeOS struct { - AllowScreenLock types.Bool `tfsdk:"allow_screen_lock"` - BrowserVersion types.String `tfsdk:"browser_version, omitempty"` - BuiltInDNSClientEnabled types.Bool `tfsdk:"builtin_dns_client_enabled"` - ChromeRemoteDesktopAppBlocked types.Bool `tfsdk:"chrome_remote_desktop_app_blocked"` - DeviceEnrollmentDomain types.String `tfsdk:"device_enrollment_domain"` - DiskEncrypted types.Bool `tfsdk:"disk_encrypted"` - KeyTrustLevel types.String `tfsdk:"key_trust_level"` - OsFirewall types.Bool `tfsdk:"os_firewall"` - OsVersion types.String `tfsdk:"os_version"` - PasswordProctectionWarningTrigger types.String `tfsdk:"password_proctection_warning_trigger"` - RealtimeURLCheckMode types.Bool `tfsdk:"realtime_url_check_mode"` - SafeBrowsingProtectionLevel types.String `tfsdk:"safe_browsing_protection_level"` - ScreenLockSecured types.Bool `tfsdk:"screen_lock_secured"` - SiteIsolationEnabled types.Bool `tfsdk:"site_isolation_enabled"` + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Platform types.String `tfsdk:"platform"` + CreateDate types.String `tfsdk:"created_date"` + CreateBy types.String `tfsdk:"created_by"` + LastUpdate types.String `tfsdk:"last_update"` + LastUpdatedBy types.String `tfsdk:"last_updated_by"` + TpspAllowScreenLock types.Bool `tfsdk:"tpsp_allow_screen_lock"` + TpspBrowserVersion types.String `tfsdk:"tpsp_browser_version"` + TpspBuiltInDNSClientEnabled types.Bool `tfsdk:"tpsp_builtin_dns_client_enabled"` + TpspChromeRemoteDesktopAppBlocked types.Bool `tfsdk:"tpsp_chrome_remote_desktop_app_blocked"` + TpspDeviceEnrollmentDomain types.String `tfsdk:"tpsp_device_enrollment_domain"` + TpspDiskEncrypted types.Bool `tfsdk:"tpsp_disk_encrypted"` + TpspKeyTrustLevel types.String `tfsdk:"tpsp_key_trust_level"` + TpspOsFirewall types.Bool `tfsdk:"tpsp_os_firewall"` + TpspOsVersion types.String `tfsdk:"tpsp_os_version"` + TpspPasswordProtectionWarningTrigger types.String `tfsdk:"tpsp_password_proctection_warning_trigger"` + TpspRealtimeURLCheckMode types.Bool `tfsdk:"tpsp_realtime_url_check_mode"` + TpspSafeBrowsingProtectionLevel types.String `tfsdk:"tpsp_safe_browsing_protection_level"` + TpspScreenLockSecured types.Bool `tfsdk:"tpsp_screen_lock_secured"` + TpspSiteIsolationEnabled types.Bool `tfsdk:"tpsp_site_isolation_enabled"` } func (r *policyDeviceAssuranceChromeOSResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { - resp.TypeName = req.ProviderTypeName + "_policy_device_assurance_chromeOS" + resp.TypeName = req.ProviderTypeName + "_policy_device_assurance_chromeos" } func (r *policyDeviceAssuranceChromeOSResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { @@ -83,43 +78,78 @@ func (r *policyDeviceAssuranceChromeOSResource) Schema(_ context.Context, _ reso stringplanmodifier.UseStateForUnknown(), }, }, - // // TODU no access to feature request - // "third_party_signal_providers": schema.ObjectAttribute{ - // Description: "Settings for third-party signal providers. Required for ChromeOS platform, optional for others", - // Required: true, - // AttributeTypes: map[string]attr.Type{ - // "allow_screen_lock": types.BoolType, - // "browser_version": types.StringType, - // "builtin_dns_client_enabled": types.BoolType, - // "chrome_remote_desktop_app_blocked": types.BoolType, - // "device_enrollement_domain": types.StringType, - // "disk_encrypted": types.BoolType, - // "key_trust_level": types.StringType, - // "os_firewall": types.BoolType, - // "os_version": types.StringType, - // "password_proctection_warning_trigger": types.StringType, - // "realtime_url_check_mode": types.BoolType, - // "safe_browsing_protection_level": types.StringType, - // "screen_lock_secured": types.BoolType, - // "site_isolation_enabled": types.BoolType, - // }, - // }, - // "created_date": schema.StringAttribute{ - // Description: "Created date", - // Computed: true, - // }, - // "created_by": schema.StringAttribute{ - // Description: "Created by", - // Computed: true, - // }, - // "last_update": schema.StringAttribute{ - // Description: "Last update", - // Computed: true, - // }, - // "last_updated_by": schema.StringAttribute{ - // Description: "Last updated by", - // Computed: true, - // }, + "tpsp_allow_screen_lock": schema.BoolAttribute{ + Description: "Third party signal provider allow screen lock", + Optional: true, + }, + "tpsp_browser_version": schema.StringAttribute{ + Description: "Third party signal provider minimum browser version", + Optional: true, + }, + "tpsp_builtin_dns_client_enabled": schema.BoolAttribute{ + Description: "Third party signal provider builtin dns client enable", + Optional: true, + }, + "tpsp_chrome_remote_desktop_app_blocked": schema.BoolAttribute{ + Description: "Third party signal provider chrome remote desktop app blocked", + Optional: true, + }, + "tpsp_device_enrollment_domain": schema.StringAttribute{ + Description: "Third party signal provider device enrollment domain", + Optional: true, + }, + "tpsp_disk_encrypted": schema.BoolAttribute{ + Description: "Third party signal provider disk encrypted", + Optional: true, + }, + "tpsp_key_trust_level": schema.StringAttribute{ + Description: "Third party signal provider key trust level", + Optional: true, + }, + "tpsp_os_firewall": schema.BoolAttribute{ + Description: "Third party signal provider os firewall", + Optional: true, + }, + "tpsp_os_version": schema.StringAttribute{ + Description: "Third party signal provider minimum os version", + Optional: true, + }, + "tpsp_password_proctection_warning_trigger": schema.StringAttribute{ + Description: "Third party signal provider password protection warning trigger", + Optional: true, + }, + "tpsp_realtime_url_check_mode": schema.BoolAttribute{ + Description: "Third party signal provider realtime url check mode", + Optional: true, + }, + "tpsp_safe_browsing_protection_level": schema.StringAttribute{ + Description: "Third party signal provider safe browsing protection level", + Optional: true, + }, + "tpsp_screen_lock_secured": schema.BoolAttribute{ + Description: "Third party signal provider screen lock secure", + Optional: true, + }, + "tpsp_site_isolation_enabled": schema.BoolAttribute{ + Description: "Third party signal provider site isolation enabled", + Optional: true, + }, + "created_date": schema.StringAttribute{ + Description: "Created date", + Computed: true, + }, + "created_by": schema.StringAttribute{ + Description: "Created by", + Computed: true, + }, + "last_update": schema.StringAttribute{ + Description: "Last update", + Computed: true, + }, + "last_updated_by": schema.StringAttribute{ + Description: "Last updated by", + Computed: true, + }, }, } } @@ -265,19 +295,88 @@ func buildDeviceAssuranceChromeOSPolicyRequest(model policyDeviceAssuranceChrome chromeOS.SetName(model.Name.ValueString()) chromeOS.SetPlatform(okta.PLATFORM_CHROMEOS) + var thirdPartySignalProviders okta.DeviceAssuranceChromeOSPlatformAllOfThirdPartySignalProviders + var dtc okta.DTCChromeOS + dtc.AllowScreenLock = model.TpspAllowScreenLock.ValueBoolPointer() + if !model.TpspBrowserVersion.IsNull() { + dtc.BrowserVersion = &okta.ChromeBrowserVersion{Minimum: model.TpspBrowserVersion.ValueStringPointer()} + } + dtc.BuiltInDnsClientEnabled = model.TpspBuiltInDNSClientEnabled.ValueBoolPointer() + dtc.ChromeRemoteDesktopAppBlocked = model.TpspChromeRemoteDesktopAppBlocked.ValueBoolPointer() + dtc.DeviceEnrollmentDomain = model.TpspDeviceEnrollmentDomain.ValueStringPointer() + dtc.DiskEncrypted = model.TpspDiskEncrypted.ValueBoolPointer() + if !model.TpspKeyTrustLevel.IsNull() { + v, err := okta.NewKeyTrustLevelOSModeFromValue(model.TpspKeyTrustLevel.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceChromeOSPlatform: chromeOS}, err + } + dtc.KeyTrustLevel = v + } + dtc.OsFirewall = model.TpspOsFirewall.ValueBoolPointer() + if !model.TpspOsVersion.IsNull() { + dtc.OsVersion = &okta.OSVersion{Minimum: model.TpspOsVersion.ValueStringPointer()} + } + if !model.TpspPasswordProtectionWarningTrigger.IsNull() { + v, err := okta.NewPasswordProtectionWarningTriggerFromValue(model.TpspPasswordProtectionWarningTrigger.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceChromeOSPlatform: chromeOS}, err + } + dtc.PasswordProtectionWarningTrigger = v + } + dtc.RealtimeUrlCheckMode = model.TpspRealtimeURLCheckMode.ValueBoolPointer() + if !model.TpspSafeBrowsingProtectionLevel.IsNull() { + v, err := okta.NewSafeBrowsingProtectionLevelFromValue(model.TpspSafeBrowsingProtectionLevel.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceChromeOSPlatform: chromeOS}, err + } + dtc.SafeBrowsingProtectionLevel = v + } + dtc.ScreenLockSecured = model.TpspScreenLockSecured.ValueBoolPointer() + dtc.SiteIsolationEnabled = model.TpspSiteIsolationEnabled.ValueBoolPointer() + thirdPartySignalProviders.SetDtc(dtc) + chromeOS.SetThirdPartySignalProviders(thirdPartySignalProviders) + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceChromeOSPlatform: chromeOS}, nil } // Map response body to schema func mapDeviceAssuranceChromeOSToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state *policyDeviceAssuranceChromeOSResourceModel) diag.Diagnostics { var diags diag.Diagnostics - state.ID = types.StringValue(data.DeviceAssuranceChromeOSPlatform.GetId()) - state.Name = types.StringValue(data.DeviceAssuranceChromeOSPlatform.GetName()) - state.Platform = types.StringValue(string(data.DeviceAssuranceChromeOSPlatform.GetPlatform())) - - state.CreateDate = types.StringValue(string(data.DeviceAssuranceChromeOSPlatform.GetCreatedDate())) - state.CreateBy = types.StringValue(string(data.DeviceAssuranceChromeOSPlatform.GetCreatedBy())) - state.LastUpdate = types.StringValue(string(data.DeviceAssuranceChromeOSPlatform.GetLastUpdate())) - state.LastUpdatedBy = types.StringValue(string(data.DeviceAssuranceChromeOSPlatform.GetLastUpdatedBy())) + if data.DeviceAssuranceChromeOSPlatform == nil { + diags.AddError("Empty response", "ChromeOS object") + return diags + } + + state.ID = types.StringPointerValue(data.DeviceAssuranceChromeOSPlatform.Id) + state.Name = types.StringPointerValue(data.DeviceAssuranceChromeOSPlatform.Name) + state.Platform = types.StringPointerValue((*string)(data.DeviceAssuranceChromeOSPlatform.Platform)) + + if _, ok := data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.GetDtcOk(); ok { + state.TpspAllowScreenLock = types.BoolPointerValue(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.AllowScreenLock) + if _, ok := data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.GetBrowserVersionOk(); ok { + state.TpspBrowserVersion = types.StringPointerValue(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.BrowserVersion.Minimum) + } + state.TpspBuiltInDNSClientEnabled = types.BoolPointerValue(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.BuiltInDnsClientEnabled) + state.TpspChromeRemoteDesktopAppBlocked = types.BoolPointerValue(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.ChromeRemoteDesktopAppBlocked) + state.TpspDeviceEnrollmentDomain = types.StringPointerValue(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.DeviceEnrollmentDomain) + state.TpspDiskEncrypted = types.BoolPointerValue(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.DiskEncrypted) + if _, ok := data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.GetKeyTrustLevelOk(); ok { + state.TpspKeyTrustLevel = types.StringPointerValue((*string)(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.KeyTrustLevel)) + } + state.TpspOsFirewall = types.BoolPointerValue(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.OsFirewall) + if _, ok := data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.GetOsVersionOk(); ok { + state.TpspOsVersion = types.StringPointerValue(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.OsVersion.Minimum) + } + state.TpspPasswordProtectionWarningTrigger = types.StringPointerValue((*string)(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.PasswordProtectionWarningTrigger)) + state.TpspRealtimeURLCheckMode = types.BoolPointerValue(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.RealtimeUrlCheckMode) + state.TpspSafeBrowsingProtectionLevel = types.StringPointerValue((*string)(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.SafeBrowsingProtectionLevel)) + state.TpspScreenLockSecured = types.BoolPointerValue(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.ScreenLockSecured) + state.TpspSiteIsolationEnabled = types.BoolPointerValue(data.DeviceAssuranceChromeOSPlatform.ThirdPartySignalProviders.Dtc.SiteIsolationEnabled) + } + + state.CreateDate = types.StringPointerValue(data.DeviceAssuranceChromeOSPlatform.CreatedDate) + state.CreateBy = types.StringPointerValue(data.DeviceAssuranceChromeOSPlatform.CreatedBy) + state.LastUpdate = types.StringPointerValue(data.DeviceAssuranceChromeOSPlatform.LastUpdate) + state.LastUpdatedBy = types.StringPointerValue(data.DeviceAssuranceChromeOSPlatform.LastUpdatedBy) return diags } diff --git a/okta/resource_okta_policy_device_assurance_chromeOS_test.go b/okta/resource_okta_policy_device_assurance_chromeOS_test.go new file mode 100644 index 000000000..bf1b67303 --- /dev/null +++ b/okta/resource_okta_policy_device_assurance_chromeOS_test.go @@ -0,0 +1,61 @@ +package okta + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccPolicyDeviceAssuranceChromeOS(t *testing.T) { + resource.Test(t, resource.TestCase{ + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: providerConfig + ` + resource okta_policy_device_assurance_chromeos test{ + name = "z" + }`, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "name", "z"), + ), + }, + { + Config: providerConfig + ` + resource okta_policy_device_assurance_chromeos test{ + name = "test" + tpsp_allow_screen_lock = true + tpsp_browser_version = "15393.27.0" + tpsp_builtin_dns_client_enabled = true + tpsp_chrome_remote_desktop_app_blocked = true + tpsp_device_enrollment_domain = "testDomain" + tpsp_disk_encrypted = true + tpsp_key_trust_level = "CHROME_OS_VERIFIED_MODE" + tpsp_os_firewall = true + tpsp_os_version = "10.0.19041.1110" + tpsp_password_proctection_warning_trigger = "PASSWORD_PROTECTION_OFF" + tpsp_realtime_url_check_mode = true + tpsp_safe_browsing_protection_level = "ENHANCED_PROTECTION" + tpsp_screen_lock_secured = true + tpsp_site_isolation_enabled = true + }`, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "name", "test"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_allow_screen_lock", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_browser_version", "15393.27.0"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_builtin_dns_client_enabled", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_chrome_remote_desktop_app_blocked", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_device_enrollment_domain", "testDomain"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_disk_encrypted", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_key_trust_level", "CHROME_OS_VERIFIED_MODE"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_os_firewall", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_os_version", "10.0.19041.1110"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_password_proctection_warning_trigger", "PASSWORD_PROTECTION_OFF"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_realtime_url_check_mode", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_safe_browsing_protection_level", "ENHANCED_PROTECTION"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_screen_lock_secured", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_chromeos.test", "tpsp_site_isolation_enabled", "true"), + ), + }, + }, + }) +} diff --git a/okta/resource_okta_policy_device_assurance_iOS.go b/okta/resource_okta_policy_device_assurance_iOS.go index 203a0aa82..ac25343cb 100644 --- a/okta/resource_okta_policy_device_assurance_iOS.go +++ b/okta/resource_okta_policy_device_assurance_iOS.go @@ -282,15 +282,18 @@ func buildDeviceAssuranceIOSPolicyRequest(model policyDeviceAssuranceIOSResource // Map response body to schema func mapDeviceAssuranceIOSToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state *policyDeviceAssuranceIOSResourceModel) diag.Diagnostics { var diags diag.Diagnostics - state.ID = types.StringValue(data.DeviceAssuranceIOSPlatform.GetId()) - state.Name = types.StringValue(data.DeviceAssuranceIOSPlatform.GetName()) - state.Platform = types.StringValue(string(data.DeviceAssuranceIOSPlatform.GetPlatform())) - - if _, ok := data.DeviceAssuranceIOSPlatform.GetJailbreakOk(); ok { - state.JailBreak = types.BoolValue(data.DeviceAssuranceIOSPlatform.GetJailbreak()) + if data.DeviceAssuranceIOSPlatform == nil { + diags.AddError("Empty response", "iOS object") + return diags } + + state.ID = types.StringPointerValue(data.DeviceAssuranceIOSPlatform.Id) + state.Name = types.StringPointerValue(data.DeviceAssuranceIOSPlatform.Name) + state.Platform = types.StringPointerValue((*string)(data.DeviceAssuranceIOSPlatform.Platform)) + + state.JailBreak = types.BoolPointerValue(data.DeviceAssuranceIOSPlatform.Jailbreak) if _, ok := data.DeviceAssuranceIOSPlatform.GetOsVersionOk(); ok { - state.OsVersion = types.StringValue(data.DeviceAssuranceIOSPlatform.OsVersion.GetMinimum()) + state.OsVersion = types.StringPointerValue(data.DeviceAssuranceIOSPlatform.OsVersion.Minimum) } if _, ok := data.DeviceAssuranceIOSPlatform.ScreenLockType.GetIncludeOk(); ok { screenLockType := make([]types.String, 0) @@ -300,9 +303,9 @@ func mapDeviceAssuranceIOSToState(data *okta.ListDeviceAssurancePolicies200Respo state.ScreenLockType = screenLockType } - state.CreateDate = types.StringValue(string(data.DeviceAssuranceIOSPlatform.GetCreatedDate())) - state.CreateBy = types.StringValue(string(data.DeviceAssuranceIOSPlatform.GetCreatedBy())) - state.LastUpdate = types.StringValue(string(data.DeviceAssuranceIOSPlatform.GetLastUpdate())) - state.LastUpdatedBy = types.StringValue(string(data.DeviceAssuranceIOSPlatform.GetLastUpdatedBy())) + state.CreateDate = types.StringPointerValue(data.DeviceAssuranceIOSPlatform.CreatedDate) + state.CreateBy = types.StringPointerValue(data.DeviceAssuranceIOSPlatform.CreatedBy) + state.LastUpdate = types.StringPointerValue(data.DeviceAssuranceIOSPlatform.LastUpdate) + state.LastUpdatedBy = types.StringPointerValue(data.DeviceAssuranceIOSPlatform.LastUpdatedBy) return diags } diff --git a/okta/resource_okta_policy_device_assurance_macOS.go b/okta/resource_okta_policy_device_assurance_macOS.go index 341dec248..074e29512 100644 --- a/okta/resource_okta_policy_device_assurance_macOS.go +++ b/okta/resource_okta_policy_device_assurance_macOS.go @@ -34,42 +34,31 @@ type policyDeviceAssuranceMacOSResource struct { } type policyDeviceAssuranceMacOSResourceModel struct { - ID types.String `tfsdk:"id"` - Name types.String `tfsdk:"name"` - Platform types.String `tfsdk:"platform"` - DiskEncryptionType []types.String `tfsdk:"disk_encryption_type"` - OsVersion types.String `tfsdk:"os_version"` - SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` - ScreenLockType []types.String `tfsdk:"screenlock_type"` - CreateDate types.String `tfsdk:"created_date"` - CreateBy types.String `tfsdk:"created_by"` - LastUpdate types.String `tfsdk:"last_update"` - LastUpdatedBy types.String `tfsdk:"last_updated_by"` - // // TODU no access to feature request - // ThirdPartySignalProviders thirdPartySignalProviders `tfsdk:"third_party_signal_providers"` -} - -type thirdPartySignalProviders struct { - AllowScreenLock types.Bool `tfsdk:"allow_screen_lock"` - BrowserVersion types.String `tfsdk:"browser_version, omitempty"` - BuiltInDNSClientEnabled types.Bool `tfsdk:"builtin_dns_client_enabled"` - ChromeRemoteDesktopAppBlocked types.Bool `tfsdk:"chrome_remote_desktop_app_blocked"` - CrowdStrikeAgentID types.String `tfsdk:"crowd_strike_agent_id"` - CrowdStrikeCustomerID types.String `tfsdk:"crowd_strike_customer_id"` - DeviceEnrollementDomain types.String `tfsdk:"device_enrollement_domain"` - DiskEncrypted types.Bool `tfsdk:"disk_encrypted"` - KeyTrustLevel types.String `tfsdk:"key_trust_level"` - OsFirewall types.Bool `tfsdk:"os_firewall"` - OsVersion types.String `tfsdk:"os_version"` - PasswordProctectionWarningTrigger types.String `tfsdk:"password_proctection_warning_trigger"` - RealtimeURLCheckMode types.Bool `tfsdk:"realtime_url_check_mode"` - SafeBrowsingProtectionLevel types.String `tfsdk:"safe_browsing_protection_level"` - ScreenLockSecured types.Bool `tfsdk:"screen_lock_secured"` - SecureBootEnabled types.Bool `tfsdk:"secure_boot_enabled"` - SiteIsolationEnabled types.Bool `tfsdk:"site_isolation_enabled"` - ThirdPartyBlockingEnabled types.Bool `tfsdk:"third_party_blocking_enabled"` - WindowMachineDomain types.String `tfsdk:"window_machine_domain"` - WindowUserDomain types.String `tfsdk:"window_user_domain"` + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Platform types.String `tfsdk:"platform"` + DiskEncryptionType []types.String `tfsdk:"disk_encryption_type"` + OsVersion types.String `tfsdk:"os_version"` + SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` + ScreenLockType []types.String `tfsdk:"screenlock_type"` + CreateDate types.String `tfsdk:"created_date"` + CreateBy types.String `tfsdk:"created_by"` + LastUpdate types.String `tfsdk:"last_update"` + LastUpdatedBy types.String `tfsdk:"last_updated_by"` + ThirdPartySignalProviders types.Bool `tfsdk:"third_party_signal_providers"` + TpspBrowserVersion types.String `tfsdk:"tpsp_browser_version"` + TpspBuiltInDNSClientEnabled types.Bool `tfsdk:"tpsp_builtin_dns_client_enabled"` + TpspChromeRemoteDesktopAppBlocked types.Bool `tfsdk:"tpsp_chrome_remote_desktop_app_blocked"` + TpspDeviceEnrollmentDomain types.String `tfsdk:"tpsp_device_enrollment_domain"` + TpspDiskEncrypted types.Bool `tfsdk:"tpsp_disk_encrypted"` + TpspKeyTrustLevel types.String `tfsdk:"tpsp_key_trust_level"` + TpspOsFirewall types.Bool `tfsdk:"tpsp_os_firewall"` + TpspOsVersion types.String `tfsdk:"tpsp_os_version"` + TpspPasswordProtectionWarningTrigger types.String `tfsdk:"tpsp_password_proctection_warning_trigger"` + TpspRealtimeURLCheckMode types.Bool `tfsdk:"tpsp_realtime_url_check_mode"` + TpspSafeBrowsingProtectionLevel types.String `tfsdk:"tpsp_safe_browsing_protection_level"` + TpspScreenLockSecured types.Bool `tfsdk:"tpsp_screen_lock_secured"` + TpspSiteIsolationEnabled types.Bool `tfsdk:"tpsp_site_isolation_enabled"` } func (r *policyDeviceAssuranceMacOSResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { @@ -145,40 +134,62 @@ func (r *policyDeviceAssuranceMacOSResource) Schema(_ context.Context, _ resourc }...), }, }, - // // TODU no access to feature request - // "third_party_signal_providers": schema.ObjectAttribute{ - // Description: "Settings for third-party signal providers. Required for ChromeOS platform, optional for others", - // Optional: true, - // AttributeTypes: map[string]attr.Type{ - // // TODU chromeOS only - // "allow_screen_lock": types.BoolType, - // "browser_version": types.StringType, - // "builtin_dns_client_enabled": types.BoolType, - // "chrome_remote_desktop_app_blocked": types.BoolType, - // // TODU window only - // "crowd_strike_agent_id": types.StringType, - // // TODU window only - // "crowd_strike_customer_id": types.StringType, - // "device_enrollement_domain": types.StringType, - // "disk_encrypted": types.BoolType, - // "key_trust_level": types.StringType, - // "os_firewall": types.BoolType, - // "os_version": types.StringType, - // "password_proctection_warning_trigger": types.StringType, - // "realtime_url_check_mode": types.BoolType, - // "safe_browsing_protection_level": types.StringType, - // "screen_lock_secured": types.BoolType, - // // TODU window only - // "secure_boot_enabled": types.BoolType, - // "site_isolation_enabled": types.BoolType, - // // TODU window only - // "third_party_blocking_enabled": types.BoolType, - // // TODU window only - // "window_machine_domain": types.StringType, - // // TODU window only - // "window_user_domain": types.StringType, - // }, - // }, + "third_party_signal_providers": schema.BoolAttribute{ + Description: "Check to include third party signal provider", + Optional: true, + }, + "tpsp_browser_version": schema.StringAttribute{ + Description: "Third party signal provider minimum browser version", + Optional: true, + }, + "tpsp_builtin_dns_client_enabled": schema.BoolAttribute{ + Description: "Third party signal provider builtin dns client enable", + Optional: true, + }, + "tpsp_chrome_remote_desktop_app_blocked": schema.BoolAttribute{ + Description: "Third party signal provider chrome remote desktop app blocked", + Optional: true, + }, + "tpsp_device_enrollment_domain": schema.StringAttribute{ + Description: "Third party signal provider device enrollment domain", + Optional: true, + }, + "tpsp_disk_encrypted": schema.BoolAttribute{ + Description: "Third party signal provider disk encrypted", + Optional: true, + }, + "tpsp_key_trust_level": schema.StringAttribute{ + Description: "Third party signal provider key trust level", + Optional: true, + }, + "tpsp_os_firewall": schema.BoolAttribute{ + Description: "Third party signal provider os firewall", + Optional: true, + }, + "tpsp_os_version": schema.StringAttribute{ + Description: "Third party signal provider minimum os version", + Optional: true, + }, + "tpsp_password_proctection_warning_trigger": schema.StringAttribute{ + Description: "Third party signal provider password protection warning trigger", + Optional: true, + }, + "tpsp_realtime_url_check_mode": schema.BoolAttribute{ + Description: "Third party signal provider realtime url check mode", + Optional: true, + }, + "tpsp_safe_browsing_protection_level": schema.StringAttribute{ + Description: "Third party signal provider safe browsing protection level", + Optional: true, + }, + "tpsp_screen_lock_secured": schema.BoolAttribute{ + Description: "Third party signal provider screen lock secure", + Optional: true, + }, + "tpsp_site_isolation_enabled": schema.BoolAttribute{ + Description: "Third party signal provider site isolation enabled", + Optional: true, + }, "created_date": schema.StringAttribute{ Description: "Created date", Computed: true, @@ -365,21 +376,67 @@ func buildDeviceAssuranceMacOSPolicyRequest(model policyDeviceAssuranceMacOSReso macos.ScreenLockType = &okta.DeviceAssuranceAndroidPlatformAllOfScreenLockType{Include: screenlockType} } macos.SecureHardwarePresent = model.SecureHardwarePresent.ValueBoolPointer() + + if model.ThirdPartySignalProviders.ValueBool() { + var thirdPartySignalProviders okta.DeviceAssuranceMacOSPlatformAllOfThirdPartySignalProviders + var dtc okta.DTCMacOS + if !model.TpspBrowserVersion.IsNull() { + dtc.BrowserVersion = &okta.ChromeBrowserVersion{Minimum: model.TpspBrowserVersion.ValueStringPointer()} + } + dtc.BuiltInDnsClientEnabled = model.TpspBuiltInDNSClientEnabled.ValueBoolPointer() + dtc.ChromeRemoteDesktopAppBlocked = model.TpspChromeRemoteDesktopAppBlocked.ValueBoolPointer() + dtc.DeviceEnrollmentDomain = model.TpspDeviceEnrollmentDomain.ValueStringPointer() + dtc.DiskEncrypted = model.TpspDiskEncrypted.ValueBoolPointer() + if !model.TpspKeyTrustLevel.IsNull() { + v, err := okta.NewKeyTrustLevelBrowserKeyFromValue(model.TpspKeyTrustLevel.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceMacOSPlatform: macos}, err + } + dtc.KeyTrustLevel = v + } + dtc.OsFirewall = model.TpspOsFirewall.ValueBoolPointer() + if !model.TpspOsVersion.IsNull() { + dtc.OsVersion = &okta.OSVersion{Minimum: model.TpspOsVersion.ValueStringPointer()} + } + if !model.TpspPasswordProtectionWarningTrigger.IsNull() { + v, err := okta.NewPasswordProtectionWarningTriggerFromValue(model.TpspPasswordProtectionWarningTrigger.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceMacOSPlatform: macos}, err + } + dtc.PasswordProtectionWarningTrigger = v + } + dtc.RealtimeUrlCheckMode = model.TpspRealtimeURLCheckMode.ValueBoolPointer() + if !model.TpspSafeBrowsingProtectionLevel.IsNull() { + v, err := okta.NewSafeBrowsingProtectionLevelFromValue(model.TpspSafeBrowsingProtectionLevel.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceMacOSPlatform: macos}, err + } + dtc.SafeBrowsingProtectionLevel = v + } + dtc.ScreenLockSecured = model.TpspScreenLockSecured.ValueBoolPointer() + dtc.SiteIsolationEnabled = model.TpspSiteIsolationEnabled.ValueBoolPointer() + thirdPartySignalProviders.SetDtc(dtc) + macos.SetThirdPartySignalProviders(thirdPartySignalProviders) + } + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceMacOSPlatform: macos}, nil } // Map response body to schema func mapDeviceAssuranceMacOSToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state *policyDeviceAssuranceMacOSResourceModel) diag.Diagnostics { var diags diag.Diagnostics - state.ID = types.StringValue(data.DeviceAssuranceMacOSPlatform.GetId()) - state.Name = types.StringValue(data.DeviceAssuranceMacOSPlatform.GetName()) - state.Platform = types.StringValue(string(data.DeviceAssuranceMacOSPlatform.GetPlatform())) - - if _, ok := data.DeviceAssuranceMacOSPlatform.GetSecureHardwarePresentOk(); ok { - state.SecureHardwarePresent = types.BoolValue(data.DeviceAssuranceMacOSPlatform.GetSecureHardwarePresent()) + if data.DeviceAssuranceMacOSPlatform == nil { + diags.AddError("Empty response", "MacOS object") + return diags } + + state.ID = types.StringPointerValue(data.DeviceAssuranceMacOSPlatform.Id) + state.Name = types.StringPointerValue(data.DeviceAssuranceMacOSPlatform.Name) + state.Platform = types.StringPointerValue((*string)(data.DeviceAssuranceMacOSPlatform.Platform)) + + state.SecureHardwarePresent = types.BoolPointerValue(data.DeviceAssuranceMacOSPlatform.SecureHardwarePresent) if _, ok := data.DeviceAssuranceMacOSPlatform.GetOsVersionOk(); ok { - state.OsVersion = types.StringValue(data.DeviceAssuranceMacOSPlatform.OsVersion.GetMinimum()) + state.OsVersion = types.StringPointerValue(data.DeviceAssuranceMacOSPlatform.OsVersion.Minimum) } if _, ok := data.DeviceAssuranceMacOSPlatform.DiskEncryptionType.GetIncludeOk(); ok { diskEncryptionType := make([]types.String, 0) @@ -396,9 +453,31 @@ func mapDeviceAssuranceMacOSToState(data *okta.ListDeviceAssurancePolicies200Res state.ScreenLockType = screenLockType } - state.CreateDate = types.StringValue(string(data.DeviceAssuranceMacOSPlatform.GetCreatedDate())) - state.CreateBy = types.StringValue(string(data.DeviceAssuranceMacOSPlatform.GetCreatedBy())) - state.LastUpdate = types.StringValue(string(data.DeviceAssuranceMacOSPlatform.GetLastUpdate())) - state.LastUpdatedBy = types.StringValue(string(data.DeviceAssuranceMacOSPlatform.GetLastUpdatedBy())) + if _, ok := data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.GetDtcOk(); ok { + if _, ok := data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.GetBrowserVersionOk(); ok { + state.TpspBrowserVersion = types.StringPointerValue(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.BrowserVersion.Minimum) + } + state.TpspBuiltInDNSClientEnabled = types.BoolPointerValue(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.BuiltInDnsClientEnabled) + state.TpspChromeRemoteDesktopAppBlocked = types.BoolPointerValue(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.ChromeRemoteDesktopAppBlocked) + state.TpspDeviceEnrollmentDomain = types.StringPointerValue(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.DeviceEnrollmentDomain) + state.TpspDiskEncrypted = types.BoolPointerValue(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.DiskEncrypted) + if _, ok := data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.GetKeyTrustLevelOk(); ok { + state.TpspKeyTrustLevel = types.StringPointerValue((*string)(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.KeyTrustLevel)) + } + state.TpspOsFirewall = types.BoolPointerValue(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.OsFirewall) + if _, ok := data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.GetOsVersionOk(); ok { + state.TpspOsVersion = types.StringPointerValue(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.OsVersion.Minimum) + } + state.TpspPasswordProtectionWarningTrigger = types.StringPointerValue((*string)(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.PasswordProtectionWarningTrigger)) + state.TpspRealtimeURLCheckMode = types.BoolPointerValue(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.RealtimeUrlCheckMode) + state.TpspSafeBrowsingProtectionLevel = types.StringPointerValue((*string)(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.SafeBrowsingProtectionLevel)) + state.TpspScreenLockSecured = types.BoolPointerValue(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.ScreenLockSecured) + state.TpspSiteIsolationEnabled = types.BoolPointerValue(data.DeviceAssuranceMacOSPlatform.ThirdPartySignalProviders.Dtc.SiteIsolationEnabled) + } + + state.CreateDate = types.StringPointerValue(data.DeviceAssuranceMacOSPlatform.CreatedDate) + state.CreateBy = types.StringPointerValue(data.DeviceAssuranceMacOSPlatform.CreatedBy) + state.LastUpdate = types.StringPointerValue(data.DeviceAssuranceMacOSPlatform.LastUpdate) + state.LastUpdatedBy = types.StringPointerValue(data.DeviceAssuranceMacOSPlatform.LastUpdatedBy) return diags } diff --git a/okta/resource_okta_policy_device_assurance_macOS_test.go b/okta/resource_okta_policy_device_assurance_macOS_test.go index 2782cb255..7342d7e03 100644 --- a/okta/resource_okta_policy_device_assurance_macOS_test.go +++ b/okta/resource_okta_policy_device_assurance_macOS_test.go @@ -25,6 +25,7 @@ func TestAccPolicyDeviceAssuranceMacOS(t *testing.T) { resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "disk_encryption_type.#", "1"), resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "secure_hardware_present", "true"), resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "screenlock_type.#", "1"), + resource.TestCheckNoResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_browser_version"), ), }, { @@ -35,6 +36,20 @@ func TestAccPolicyDeviceAssuranceMacOS(t *testing.T) { disk_encryption_type = toset(["ALL_INTERNAL_VOLUMES"]) secure_hardware_present = true screenlock_type = toset(["BIOMETRIC", "PASSCODE"]) + third_party_signal_providers = true + tpsp_browser_version = "15393.27.0" + tpsp_builtin_dns_client_enabled = true + tpsp_chrome_remote_desktop_app_blocked = true + tpsp_device_enrollment_domain = "testDomain" + tpsp_disk_encrypted = true + tpsp_key_trust_level = "CHROME_BROWSER_HW_KEY" + tpsp_os_firewall = true + tpsp_os_version = "10.0.19041" + tpsp_password_proctection_warning_trigger = "PASSWORD_PROTECTION_OFF" + tpsp_realtime_url_check_mode = true + tpsp_safe_browsing_protection_level = "ENHANCED_PROTECTION" + tpsp_screen_lock_secured = true + tpsp_site_isolation_enabled = true }`, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "name", "test"), @@ -42,6 +57,19 @@ func TestAccPolicyDeviceAssuranceMacOS(t *testing.T) { resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "disk_encryption_type.#", "1"), resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "secure_hardware_present", "true"), resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "screenlock_type.#", "2"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_browser_version", "15393.27.0"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_builtin_dns_client_enabled", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_chrome_remote_desktop_app_blocked", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_device_enrollment_domain", "testDomain"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_disk_encrypted", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_key_trust_level", "CHROME_BROWSER_HW_KEY"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_os_firewall", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_os_version", "10.0.19041"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_password_proctection_warning_trigger", "PASSWORD_PROTECTION_OFF"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_realtime_url_check_mode", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_safe_browsing_protection_level", "ENHANCED_PROTECTION"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_screen_lock_secured", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_macos.test", "tpsp_site_isolation_enabled", "true"), ), }, }, diff --git a/okta/resource_okta_policy_device_assurance_window.go b/okta/resource_okta_policy_device_assurance_window.go index feab67cce..d7683277f 100644 --- a/okta/resource_okta_policy_device_assurance_window.go +++ b/okta/resource_okta_policy_device_assurance_window.go @@ -34,19 +34,37 @@ type policyDeviceAssuranceWindowsResource struct { } type policyDeviceAssuranceWindowsResourceModel struct { - ID types.String `tfsdk:"id"` - Name types.String `tfsdk:"name"` - Platform types.String `tfsdk:"platform"` - DiskEncryptionType []types.String `tfsdk:"disk_encryption_type"` - OsVersion types.String `tfsdk:"os_version"` - SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` - ScreenLockType []types.String `tfsdk:"screenlock_type"` - CreateDate types.String `tfsdk:"created_date"` - CreateBy types.String `tfsdk:"created_by"` - LastUpdate types.String `tfsdk:"last_update"` - LastUpdatedBy types.String `tfsdk:"last_updated_by"` - // // TODU no access to feature request - // ThirdPartySignalProviders thirdPartySignalProviders `tfsdk:"third_party_signal_providers"` + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Platform types.String `tfsdk:"platform"` + DiskEncryptionType []types.String `tfsdk:"disk_encryption_type"` + OsVersion types.String `tfsdk:"os_version"` + SecureHardwarePresent types.Bool `tfsdk:"secure_hardware_present"` + ScreenLockType []types.String `tfsdk:"screenlock_type"` + CreateDate types.String `tfsdk:"created_date"` + CreateBy types.String `tfsdk:"created_by"` + LastUpdate types.String `tfsdk:"last_update"` + LastUpdatedBy types.String `tfsdk:"last_updated_by"` + ThirdPartySignalProviders types.Bool `tfsdk:"third_party_signal_providers"` + TpspBrowserVersion types.String `tfsdk:"tpsp_browser_version"` + TpspBuiltInDNSClientEnabled types.Bool `tfsdk:"tpsp_builtin_dns_client_enabled"` + TpspChromeRemoteDesktopAppBlocked types.Bool `tfsdk:"tpsp_chrome_remote_desktop_app_blocked"` + TpspCrowdStrikeAgentID types.String `tfsdk:"tpsp_crowd_strike_agent_id"` + TpspCrowdStrikeCustomerID types.String `tfsdk:"tpsp_crowd_strike_customer_id"` + TpspDeviceEnrollmentDomain types.String `tfsdk:"tpsp_device_enrollment_domain"` + TpspDiskEncrypted types.Bool `tfsdk:"tpsp_disk_encrypted"` + TpspKeyTrustLevel types.String `tfsdk:"tpsp_key_trust_level"` + TpspOsFirewall types.Bool `tfsdk:"tpsp_os_firewall"` + TpspOsVersion types.String `tfsdk:"tpsp_os_version"` + TpspPasswordProtectionWarningTrigger types.String `tfsdk:"tpsp_password_proctection_warning_trigger"` + TpspRealtimeURLCheckMode types.Bool `tfsdk:"tpsp_realtime_url_check_mode"` + TpspSafeBrowsingProtectionLevel types.String `tfsdk:"tpsp_safe_browsing_protection_level"` + TpspScreenLockSecured types.Bool `tfsdk:"tpsp_screen_lock_secured"` + TpspSecureBootEnabled types.Bool `tfsdk:"tpsp_secure_boot_enabled"` + TpspSiteIsolationEnabled types.Bool `tfsdk:"tpsp_site_isolation_enabled"` + TpspThirdPartyBlockingEnabled types.Bool `tfsdk:"tpsp_third_party_blocking_enabled"` + TpspWindowsMachineDomain types.String `tfsdk:"tpsp_windows_machine_domain"` + TpspWindowsUserDomain types.String `tfsdk:"tpsp_windows_user_domain"` } func (r *policyDeviceAssuranceWindowsResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { @@ -122,40 +140,86 @@ func (r *policyDeviceAssuranceWindowsResource) Schema(_ context.Context, _ resou }...), }, }, - // // TODU no access to feature request - // "third_party_signal_providers": schema.ObjectAttribute{ - // Description: "Settings for third-party signal providers. Required for ChromeOS platform, optional for others", - // Optional: true, - // AttributeTypes: map[string]attr.Type{ - // // TODU chromeOS only - // "allow_screen_lock": types.BoolType, - // "browser_version": types.StringType, - // "builtin_dns_client_enabled": types.BoolType, - // "chrome_remote_desktop_app_blocked": types.BoolType, - // // TODU window only - // "crowd_strike_agent_id": types.StringType, - // // TODU window only - // "crowd_strike_customer_id": types.StringType, - // "device_enrollement_domain": types.StringType, - // "disk_encrypted": types.BoolType, - // "key_trust_level": types.StringType, - // "os_firewall": types.BoolType, - // "os_version": types.StringType, - // "password_proctection_warning_trigger": types.StringType, - // "realtime_url_check_mode": types.BoolType, - // "safe_browsing_protection_level": types.StringType, - // "screen_lock_secured": types.BoolType, - // // TODU window only - // "secure_boot_enabled": types.BoolType, - // "site_isolation_enabled": types.BoolType, - // // TODU window only - // "third_party_blocking_enabled": types.BoolType, - // // TODU window only - // "window_machine_domain": types.StringType, - // // TODU window only - // "window_user_domain": types.StringType, - // }, - // }, + "third_party_signal_providers": schema.BoolAttribute{ + Description: "Check to include third party signal provider", + Optional: true, + }, + "tpsp_browser_version": schema.StringAttribute{ + Description: "Third party signal provider minimum browser version", + Optional: true, + }, + "tpsp_builtin_dns_client_enabled": schema.BoolAttribute{ + Description: "Third party signal provider builtin dns client enable", + Optional: true, + }, + "tpsp_chrome_remote_desktop_app_blocked": schema.BoolAttribute{ + Description: "Third party signal provider chrome remote desktop app blocked", + Optional: true, + }, + "tpsp_crowd_strike_agent_id": schema.StringAttribute{ + Description: "Third party signal provider crowdstrike agent id", + Optional: true, + }, + "tpsp_crowd_strike_customer_id": schema.StringAttribute{ + Description: "Third party signal provider crowdstrike user id", + Optional: true, + }, + "tpsp_device_enrollment_domain": schema.StringAttribute{ + Description: "Third party signal provider device enrollment domain", + Optional: true, + }, + "tpsp_disk_encrypted": schema.BoolAttribute{ + Description: "Third party signal provider disk encrypted", + Optional: true, + }, + "tpsp_key_trust_level": schema.StringAttribute{ + Description: "Third party signal provider key trust level", + Optional: true, + }, + "tpsp_os_firewall": schema.BoolAttribute{ + Description: "Third party signal provider os firewall", + Optional: true, + }, + "tpsp_os_version": schema.StringAttribute{ + Description: "Third party signal provider minimum os version", + Optional: true, + }, + "tpsp_password_proctection_warning_trigger": schema.StringAttribute{ + Description: "Third party signal provider password protection warning trigger", + Optional: true, + }, + "tpsp_realtime_url_check_mode": schema.BoolAttribute{ + Description: "Third party signal provider realtime url check mode", + Optional: true, + }, + "tpsp_safe_browsing_protection_level": schema.StringAttribute{ + Description: "Third party signal provider safe browsing protection level", + Optional: true, + }, + "tpsp_screen_lock_secured": schema.BoolAttribute{ + Description: "Third party signal provider screen lock secure", + Optional: true, + }, + "tpsp_secure_boot_enabled": schema.BoolAttribute{ + Description: "Third party signal provider secure boot enabled", + Optional: true, + }, + "tpsp_site_isolation_enabled": schema.BoolAttribute{ + Description: "Third party signal provider site isolation enabled", + Optional: true, + }, + "tpsp_third_party_blocking_enabled": schema.BoolAttribute{ + Description: "Third party signal provider third party blocking enabled", + Optional: true, + }, + "tpsp_windows_machine_domain": schema.StringAttribute{ + Description: "Third party signal provider windows machine domain", + Optional: true, + }, + "tpsp_windows_user_domain": schema.StringAttribute{ + Description: "Third party signal provider windows user domain", + Optional: true, + }, "created_date": schema.StringAttribute{ Description: "Created date", Computed: true, @@ -342,21 +406,74 @@ func buildDeviceAssuranceWindowsPolicyRequest(model policyDeviceAssuranceWindows windows.ScreenLockType = &okta.DeviceAssuranceAndroidPlatformAllOfScreenLockType{Include: screenlockType} } windows.SecureHardwarePresent = model.SecureHardwarePresent.ValueBoolPointer() + + if model.ThirdPartySignalProviders.ValueBool() { + var thirdPartySignalProviders okta.DeviceAssuranceWindowsPlatformAllOfThirdPartySignalProviders + var dtc okta.DTCWindows + if !model.TpspBrowserVersion.IsNull() { + dtc.BrowserVersion = &okta.ChromeBrowserVersion{Minimum: model.TpspBrowserVersion.ValueStringPointer()} + } + dtc.BuiltInDnsClientEnabled = model.TpspBuiltInDNSClientEnabled.ValueBoolPointer() + dtc.ChromeRemoteDesktopAppBlocked = model.TpspChromeRemoteDesktopAppBlocked.ValueBoolPointer() + dtc.CrowdStrikeAgentId = model.TpspCrowdStrikeAgentID.ValueStringPointer() + dtc.CrowdStrikeCustomerId = model.TpspCrowdStrikeCustomerID.ValueStringPointer() + dtc.DeviceEnrollmentDomain = model.TpspDeviceEnrollmentDomain.ValueStringPointer() + dtc.DiskEncrypted = model.TpspDiskEncrypted.ValueBoolPointer() + if !model.TpspKeyTrustLevel.IsNull() { + v, err := okta.NewKeyTrustLevelBrowserKeyFromValue(model.TpspKeyTrustLevel.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceWindowsPlatform: windows}, err + } + dtc.KeyTrustLevel = v + } + dtc.OsFirewall = model.TpspOsFirewall.ValueBoolPointer() + if !model.TpspOsVersion.IsNull() { + dtc.OsVersion = &okta.OSVersion{Minimum: model.TpspOsVersion.ValueStringPointer()} + } + if !model.TpspPasswordProtectionWarningTrigger.IsNull() { + v, err := okta.NewPasswordProtectionWarningTriggerFromValue(model.TpspPasswordProtectionWarningTrigger.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceWindowsPlatform: windows}, err + } + dtc.PasswordProtectionWarningTrigger = v + } + dtc.RealtimeUrlCheckMode = model.TpspRealtimeURLCheckMode.ValueBoolPointer() + + if !model.TpspSafeBrowsingProtectionLevel.IsNull() { + v, err := okta.NewSafeBrowsingProtectionLevelFromValue(model.TpspSafeBrowsingProtectionLevel.ValueString()) + if err != nil { + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceWindowsPlatform: windows}, err + } + dtc.SafeBrowsingProtectionLevel = v + } + dtc.ScreenLockSecured = model.TpspScreenLockSecured.ValueBoolPointer() + dtc.SecureBootEnabled = model.TpspSecureBootEnabled.ValueBoolPointer() + dtc.SiteIsolationEnabled = model.TpspSiteIsolationEnabled.ValueBoolPointer() + dtc.ThirdPartyBlockingEnabled = model.TpspThirdPartyBlockingEnabled.ValueBoolPointer() + dtc.WindowsMachineDomain = model.TpspWindowsMachineDomain.ValueStringPointer() + dtc.WindowsUserDomain = model.TpspWindowsUserDomain.ValueStringPointer() + thirdPartySignalProviders.SetDtc(dtc) + windows.SetThirdPartySignalProviders(thirdPartySignalProviders) + } + return okta.ListDeviceAssurancePolicies200ResponseInner{DeviceAssuranceWindowsPlatform: windows}, nil } // Map response body to schema func mapDeviceAssuranceWindowsToState(data *okta.ListDeviceAssurancePolicies200ResponseInner, state *policyDeviceAssuranceWindowsResourceModel) diag.Diagnostics { var diags diag.Diagnostics - state.ID = types.StringValue(data.DeviceAssuranceWindowsPlatform.GetId()) - state.Name = types.StringValue(data.DeviceAssuranceWindowsPlatform.GetName()) - state.Platform = types.StringValue(string(data.DeviceAssuranceWindowsPlatform.GetPlatform())) - - if _, ok := data.DeviceAssuranceWindowsPlatform.GetSecureHardwarePresentOk(); ok { - state.SecureHardwarePresent = types.BoolValue(data.DeviceAssuranceWindowsPlatform.GetSecureHardwarePresent()) + if data.DeviceAssuranceWindowsPlatform == nil { + diags.AddError("Empty response", "Windows object") + return diags } + + state.ID = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.Id) + state.Name = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.Name) + state.Platform = types.StringPointerValue((*string)(data.DeviceAssuranceWindowsPlatform.Platform)) + + state.SecureHardwarePresent = types.BoolPointerValue(data.DeviceAssuranceWindowsPlatform.SecureHardwarePresent) if _, ok := data.DeviceAssuranceWindowsPlatform.GetOsVersionOk(); ok { - state.OsVersion = types.StringValue(data.DeviceAssuranceWindowsPlatform.OsVersion.GetMinimum()) + state.OsVersion = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.OsVersion.Minimum) } if _, ok := data.DeviceAssuranceWindowsPlatform.DiskEncryptionType.GetIncludeOk(); ok { diskEncryptionType := make([]types.String, 0) @@ -373,9 +490,37 @@ func mapDeviceAssuranceWindowsToState(data *okta.ListDeviceAssurancePolicies200R state.ScreenLockType = screenLockType } - state.CreateDate = types.StringValue(string(data.DeviceAssuranceWindowsPlatform.GetCreatedDate())) - state.CreateBy = types.StringValue(string(data.DeviceAssuranceWindowsPlatform.GetCreatedBy())) - state.LastUpdate = types.StringValue(string(data.DeviceAssuranceWindowsPlatform.GetLastUpdate())) - state.LastUpdatedBy = types.StringValue(string(data.DeviceAssuranceWindowsPlatform.GetLastUpdatedBy())) + if _, ok := data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.GetDtcOk(); ok { + if _, ok := data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.GetBrowserVersionOk(); ok { + state.TpspBrowserVersion = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.BrowserVersion.Minimum) + } + state.TpspBuiltInDNSClientEnabled = types.BoolPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.BuiltInDnsClientEnabled) + state.TpspChromeRemoteDesktopAppBlocked = types.BoolPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.ChromeRemoteDesktopAppBlocked) + state.TpspCrowdStrikeAgentID = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.CrowdStrikeAgentId) + state.TpspCrowdStrikeCustomerID = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.CrowdStrikeCustomerId) + state.TpspDeviceEnrollmentDomain = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.DeviceEnrollmentDomain) + state.TpspDiskEncrypted = types.BoolPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.DiskEncrypted) + if _, ok := data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.GetKeyTrustLevelOk(); ok { + state.TpspKeyTrustLevel = types.StringPointerValue((*string)(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.KeyTrustLevel)) + } + state.TpspOsFirewall = types.BoolPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.OsFirewall) + if _, ok := data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.GetOsVersionOk(); ok { + state.TpspOsVersion = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.OsVersion.Minimum) + } + state.TpspPasswordProtectionWarningTrigger = types.StringPointerValue((*string)(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.PasswordProtectionWarningTrigger)) + state.TpspRealtimeURLCheckMode = types.BoolPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.RealtimeUrlCheckMode) + state.TpspSafeBrowsingProtectionLevel = types.StringPointerValue((*string)(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.SafeBrowsingProtectionLevel)) + state.TpspScreenLockSecured = types.BoolPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.ScreenLockSecured) + state.TpspSecureBootEnabled = types.BoolPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.SecureBootEnabled) + state.TpspSiteIsolationEnabled = types.BoolPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.SiteIsolationEnabled) + state.TpspThirdPartyBlockingEnabled = types.BoolPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.ThirdPartyBlockingEnabled) + state.TpspWindowsMachineDomain = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.WindowsMachineDomain) + state.TpspWindowsUserDomain = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.ThirdPartySignalProviders.Dtc.WindowsUserDomain) + } + + state.CreateDate = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.CreatedDate) + state.CreateBy = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.CreatedBy) + state.LastUpdate = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.LastUpdate) + state.LastUpdatedBy = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.LastUpdatedBy) return diags } diff --git a/okta/resource_okta_policy_device_assurance_window_test.go b/okta/resource_okta_policy_device_assurance_window_test.go index d59c06023..3a4452223 100644 --- a/okta/resource_okta_policy_device_assurance_window_test.go +++ b/okta/resource_okta_policy_device_assurance_window_test.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) +// TODU add test for tpsp func TestAccPolicyDeviceAssuranceWindows(t *testing.T) { resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, @@ -25,6 +26,7 @@ func TestAccPolicyDeviceAssuranceWindows(t *testing.T) { resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "disk_encryption_type.#", "1"), resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "secure_hardware_present", "true"), resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "screenlock_type.#", "1"), + resource.TestCheckNoResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_browser_version"), ), }, { @@ -35,6 +37,26 @@ func TestAccPolicyDeviceAssuranceWindows(t *testing.T) { disk_encryption_type = toset(["ALL_INTERNAL_VOLUMES"]) secure_hardware_present = true screenlock_type = toset(["BIOMETRIC", "PASSCODE"]) + third_party_signal_providers = true + tpsp_browser_version = "15393.27.0" + tpsp_builtin_dns_client_enabled = true + tpsp_chrome_remote_desktop_app_blocked = true + tpsp_crowd_strike_agent_id = "testAgentId" + tpsp_crowd_strike_customer_id = "testCustomerId" + tpsp_device_enrollment_domain = "testDomain" + tpsp_disk_encrypted = true + tpsp_key_trust_level = "CHROME_BROWSER_HW_KEY" + tpsp_os_firewall = true + tpsp_os_version = "10.0.19041" + tpsp_password_proctection_warning_trigger = "PASSWORD_PROTECTION_OFF" + tpsp_realtime_url_check_mode = true + tpsp_safe_browsing_protection_level = "ENHANCED_PROTECTION" + tpsp_screen_lock_secured = true + tpsp_secure_boot_enabled = true + tpsp_site_isolation_enabled = true + tpsp_third_party_blocking_enabled = true + tpsp_windows_machine_domain = "testMachineDomain" + tpsp_windows_user_domain = "testUserDomain" }`, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "name", "test"), @@ -42,6 +64,25 @@ func TestAccPolicyDeviceAssuranceWindows(t *testing.T) { resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "disk_encryption_type.#", "1"), resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "secure_hardware_present", "true"), resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "screenlock_type.#", "2"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_browser_version", "15393.27.0"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_builtin_dns_client_enabled", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_chrome_remote_desktop_app_blocked", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_crowd_strike_agent_id", "testAgentId"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_crowd_strike_customer_id", "testCustomerId"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_device_enrollment_domain", "testDomain"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_disk_encrypted", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_key_trust_level", "CHROME_BROWSER_HW_KEY"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_os_firewall", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_os_version", "10.0.19041"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_password_proctection_warning_trigger", "PASSWORD_PROTECTION_OFF"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_realtime_url_check_mode", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_safe_browsing_protection_level", "ENHANCED_PROTECTION"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_screen_lock_secured", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_secure_boot_enabled", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_site_isolation_enabled", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_third_party_blocking_enabled", "true"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_windows_machine_domain", "testMachineDomain"), + resource.TestCheckResourceAttr("okta_policy_device_assurance_windows.test", "tpsp_windows_user_domain", "testUserDomain"), ), }, }, From af3dbb68c1b3f9e5b59fb77ab96bb768c3a210d2 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Date: Fri, 4 Aug 2023 17:00:32 -0400 Subject: [PATCH 4/8] add import From a56fe4aea89381265815e8142b253073d7a6f4d6 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Date: Mon, 7 Aug 2023 13:37:12 -0400 Subject: [PATCH 5/8] add support for device assurance in okta_app_signon_policy_rule --- .../basic_updated.tf | 10 +++++++++ okta/resource_okta_app_signon_policy_rule.go | 22 +++++++++++++++++++ ...source_okta_app_signon_policy_rule_test.go | 3 +++ ...rce_okta_policy_device_assurance_androi.go | 2 -- ...e_okta_policy_device_assurance_chromeOS.go | 2 -- ...source_okta_policy_device_assurance_iOS.go | 2 -- ...urce_okta_policy_device_assurance_macOS.go | 2 -- ...rce_okta_policy_device_assurance_window.go | 2 -- ...kta_policy_device_assurance_window_test.go | 1 - sdk/v2_deviceAccessPolicyRuleCondition.go | 13 ++++++----- sdk/v2_deviceAssuranceConditions.go | 13 +++++++++++ 11 files changed, 55 insertions(+), 17 deletions(-) create mode 100644 sdk/v2_deviceAssuranceConditions.go diff --git a/examples/okta_app_signon_policy_rule/basic_updated.tf b/examples/okta_app_signon_policy_rule/basic_updated.tf index 4bfa86157..2ba091411 100644 --- a/examples/okta_app_signon_policy_rule/basic_updated.tf +++ b/examples/okta_app_signon_policy_rule/basic_updated.tf @@ -57,6 +57,13 @@ resource "okta_network_zone" "test" { data "okta_user_type" "default" { name = "user" } +# TODO unable to run the test due to conflict providerFactories between plugin and framework +# Works fine with terraform apply +# resource "okta_policy_device_assurance_android" "test" { +# name = "test" +# os_version = "12" +# jailbreak = false +# } resource "okta_app_signon_policy_rule" "test" { name = "testAcc_replace_with_uuid_updated" @@ -75,6 +82,9 @@ resource "okta_app_signon_policy_rule" "test" { okta_group.this[0].id, okta_group.this[1].id ] + device_assurances_included = [ + okta_policy_device_assurance_android.test.id + ] network_connection = "ZONE" network_includes = [ okta_network_zone.test.id diff --git a/okta/resource_okta_app_signon_policy_rule.go b/okta/resource_okta_app_signon_policy_rule.go index e1451f257..64cd2c4a6 100644 --- a/okta/resource_okta_app_signon_policy_rule.go +++ b/okta/resource_okta_app_signon_policy_rule.go @@ -111,6 +111,12 @@ func resourceAppSignOnPolicyRule() *schema.Resource { RequiredWith: []string{"device_is_registered"}, Description: "If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, registered must also be included and must be set to true.", }, + "device_assurances_included": { + Type: schema.TypeSet, + Optional: true, + Description: "List of device assurance IDs to include", + Elem: &schema.Schema{Type: schema.TypeString}, + }, "platform_include": { Type: schema.TypeSet, Elem: platformIncludeResource, @@ -248,6 +254,7 @@ func resourceAppSignOnPolicyRuleRead(ctx context.Context, d *schema.ResourceData if rule.Conditions.Device != nil { _ = d.Set("device_is_managed", rule.Conditions.Device.Managed) _ = d.Set("device_is_registered", rule.Conditions.Device.Registered) + m["device_assurances_included"] = convertStringSliceToSetNullable(rule.Conditions.Device.Assurance.Include) } if rule.Conditions.People != nil { if rule.Conditions.People.Users != nil { @@ -355,6 +362,21 @@ func buildAppSignOnPolicyRule(d *schema.ResourceData) sdk.AccessPolicyRule { Registered: boolPtr(isRegistered.(bool)), } } + deviceAssurancesIncluded, deviceAssurancesIncludedOk := d.GetOk("device_assurances_included") + if deviceAssurancesIncludedOk { + if rule.Conditions.Device != nil { + rule.Conditions.Device.Assurance = &sdk.DeviceAssurancePolicyRuleCondition{ + Include: convertInterfaceToStringSetNullable(deviceAssurancesIncluded), + } + } else { + rule.Conditions.Device = &sdk.DeviceAccessPolicyRuleCondition{ + Assurance: &sdk.DeviceAssurancePolicyRuleCondition{ + Include: convertInterfaceToStringSetNullable(deviceAssurancesIncluded), + }, + } + } + } + usersExcluded, usersExcludedOk := d.GetOk("users_excluded") usersIncluded, usersIncludedOk := d.GetOk("users_included") if usersExcludedOk || usersIncludedOk { diff --git a/okta/resource_okta_app_signon_policy_rule_test.go b/okta/resource_okta_app_signon_policy_rule_test.go index f62ad1c85..e74b23e79 100644 --- a/okta/resource_okta_app_signon_policy_rule_test.go +++ b/okta/resource_okta_app_signon_policy_rule_test.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) +// TODO unable to run the test due to conflict providerFactories between plugin and framework func TestAccOktaAppSignOnPolicyRule(t *testing.T) { resourceName := fmt.Sprintf("%s.test", appSignOnPolicyRule) mgr := newFixtureManager(appSignOnPolicyRule, t.Name()) @@ -32,6 +33,7 @@ func TestAccOktaAppSignOnPolicyRule(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "factor_mode", "2FA"), resource.TestCheckResourceAttr(resourceName, "groups_excluded.#", "0"), resource.TestCheckResourceAttr(resourceName, "groups_included.#", "0"), + // resource.TestCheckResourceAttr(resourceName, "device_assurances_included.#", "0"), resource.TestCheckResourceAttr(resourceName, "user_types_excluded.#", "0"), resource.TestCheckResourceAttr(resourceName, "user_types_included.#", "0"), resource.TestCheckResourceAttr(resourceName, "users_excluded.#", "0"), @@ -54,6 +56,7 @@ func TestAccOktaAppSignOnPolicyRule(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "factor_mode", "2FA"), resource.TestCheckResourceAttr(resourceName, "groups_excluded.#", "3"), resource.TestCheckResourceAttr(resourceName, "groups_included.#", "2"), + // resource.TestCheckResourceAttr(resourceName, "device_assurances_included.#", "1"), resource.TestCheckResourceAttr(resourceName, "user_types_excluded.#", "1"), resource.TestCheckResourceAttr(resourceName, "user_types_included.#", "1"), resource.TestCheckResourceAttr(resourceName, "users_excluded.#", "3"), diff --git a/okta/resource_okta_policy_device_assurance_androi.go b/okta/resource_okta_policy_device_assurance_androi.go index 0f3206d38..39cc6346e 100644 --- a/okta/resource_okta_policy_device_assurance_androi.go +++ b/okta/resource_okta_policy_device_assurance_androi.go @@ -200,7 +200,6 @@ func (r *policyDeviceAssuranceAndroidResource) Create(ctx context.Context, req r return } - // TODU need to do additional read? resp.Diagnostics.Append(mapDeviceAssuranceAndroidToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return @@ -281,7 +280,6 @@ func (r *policyDeviceAssuranceAndroidResource) Update(ctx context.Context, req r return } - // TODU need to do additional read? resp.Diagnostics.Append(mapDeviceAssuranceAndroidToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return diff --git a/okta/resource_okta_policy_device_assurance_chromeOS.go b/okta/resource_okta_policy_device_assurance_chromeOS.go index 82a0c7cce..d3837024f 100644 --- a/okta/resource_okta_policy_device_assurance_chromeOS.go +++ b/okta/resource_okta_policy_device_assurance_chromeOS.go @@ -197,7 +197,6 @@ func (r *policyDeviceAssuranceChromeOSResource) Create(ctx context.Context, req return } - // TODU need to do additional read? resp.Diagnostics.Append(mapDeviceAssuranceChromeOSToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return @@ -278,7 +277,6 @@ func (r *policyDeviceAssuranceChromeOSResource) Update(ctx context.Context, req return } - // TODU need to do additional read? resp.Diagnostics.Append(mapDeviceAssuranceChromeOSToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return diff --git a/okta/resource_okta_policy_device_assurance_iOS.go b/okta/resource_okta_policy_device_assurance_iOS.go index ac25343cb..4e3d4b504 100644 --- a/okta/resource_okta_policy_device_assurance_iOS.go +++ b/okta/resource_okta_policy_device_assurance_iOS.go @@ -163,7 +163,6 @@ func (r *policyDeviceAssuranceIOSResource) Create(ctx context.Context, req resou return } - // TODU need to do additional read? resp.Diagnostics.Append(mapDeviceAssuranceIOSToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return @@ -244,7 +243,6 @@ func (r *policyDeviceAssuranceIOSResource) Update(ctx context.Context, req resou return } - // TODU need to do additional read? resp.Diagnostics.Append(mapDeviceAssuranceIOSToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return diff --git a/okta/resource_okta_policy_device_assurance_macOS.go b/okta/resource_okta_policy_device_assurance_macOS.go index 074e29512..7b0908c8a 100644 --- a/okta/resource_okta_policy_device_assurance_macOS.go +++ b/okta/resource_okta_policy_device_assurance_macOS.go @@ -253,7 +253,6 @@ func (r *policyDeviceAssuranceMacOSResource) Create(ctx context.Context, req res return } - // TODU need to do additional read? resp.Diagnostics.Append(mapDeviceAssuranceMacOSToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return @@ -334,7 +333,6 @@ func (r *policyDeviceAssuranceMacOSResource) Update(ctx context.Context, req res return } - // TODU need to do additional read? resp.Diagnostics.Append(mapDeviceAssuranceMacOSToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return diff --git a/okta/resource_okta_policy_device_assurance_window.go b/okta/resource_okta_policy_device_assurance_window.go index d7683277f..ee4221107 100644 --- a/okta/resource_okta_policy_device_assurance_window.go +++ b/okta/resource_okta_policy_device_assurance_window.go @@ -283,7 +283,6 @@ func (r *policyDeviceAssuranceWindowsResource) Create(ctx context.Context, req r return } - // TODU need to do additional read? resp.Diagnostics.Append(mapDeviceAssuranceWindowsToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return @@ -364,7 +363,6 @@ func (r *policyDeviceAssuranceWindowsResource) Update(ctx context.Context, req r return } - // TODU need to do additional read? resp.Diagnostics.Append(mapDeviceAssuranceWindowsToState(deviceAssurance, &state)...) if resp.Diagnostics.HasError() { return diff --git a/okta/resource_okta_policy_device_assurance_window_test.go b/okta/resource_okta_policy_device_assurance_window_test.go index 3a4452223..8583ff27a 100644 --- a/okta/resource_okta_policy_device_assurance_window_test.go +++ b/okta/resource_okta_policy_device_assurance_window_test.go @@ -6,7 +6,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) -// TODU add test for tpsp func TestAccPolicyDeviceAssuranceWindows(t *testing.T) { resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, diff --git a/sdk/v2_deviceAccessPolicyRuleCondition.go b/sdk/v2_deviceAccessPolicyRuleCondition.go index d94d2f70c..f0612a47d 100644 --- a/sdk/v2_deviceAccessPolicyRuleCondition.go +++ b/sdk/v2_deviceAccessPolicyRuleCondition.go @@ -1,12 +1,13 @@ package sdk type DeviceAccessPolicyRuleCondition struct { - Migrated *bool `json:"migrated,omitempty"` - Platform *DevicePolicyRuleConditionPlatform `json:"platform,omitempty"` - Rooted *bool `json:"rooted,omitempty"` - TrustLevel string `json:"trustLevel,omitempty"` - Managed *bool `json:"managed,omitempty"` - Registered *bool `json:"registered,omitempty"` + Assurance *DeviceAssurancePolicyRuleCondition `json:"assurance,omitempty"` + Migrated *bool `json:"migrated,omitempty"` + Platform *DevicePolicyRuleConditionPlatform `json:"platform,omitempty"` + Rooted *bool `json:"rooted,omitempty"` + TrustLevel string `json:"trustLevel,omitempty"` + Managed *bool `json:"managed,omitempty"` + Registered *bool `json:"registered,omitempty"` } func NewDeviceAccessPolicyRuleCondition() *DeviceAccessPolicyRuleCondition { diff --git a/sdk/v2_deviceAssuranceConditions.go b/sdk/v2_deviceAssuranceConditions.go new file mode 100644 index 000000000..ae345ec8f --- /dev/null +++ b/sdk/v2_deviceAssuranceConditions.go @@ -0,0 +1,13 @@ +package sdk + +type DeviceAssurancePolicyRuleCondition struct { + Include []string `json:"include,omitempty"` +} + +func NewDeviceAssurancePolicyRuleCondition() *DeviceAssurancePolicyRuleCondition { + return &DeviceAssurancePolicyRuleCondition{} +} + +func (a *DeviceAssurancePolicyRuleCondition) IsPolicyInstance() bool { + return true +} From 5a5f7b9cf08aaae0b66925e3b766a112f185b548 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Date: Mon, 7 Aug 2023 13:48:22 -0400 Subject: [PATCH 6/8] update test name --- okta/resource_okta_policy_device_assurance_androi_test.go | 2 +- okta/resource_okta_policy_device_assurance_chromeOS_test.go | 2 +- okta/resource_okta_policy_device_assurance_iOS_test.go | 2 +- okta/resource_okta_policy_device_assurance_macOS_test.go | 2 +- okta/resource_okta_policy_device_assurance_window_test.go | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/okta/resource_okta_policy_device_assurance_androi_test.go b/okta/resource_okta_policy_device_assurance_androi_test.go index 1e4360292..52a1a43ab 100644 --- a/okta/resource_okta_policy_device_assurance_androi_test.go +++ b/okta/resource_okta_policy_device_assurance_androi_test.go @@ -23,7 +23,7 @@ var ( } ) -func TestAccPolicyDeviceAssuranceAndroid(t *testing.T) { +func TestAccResourceOktaPolicyDeviceAssuranceAndroid(t *testing.T) { resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ diff --git a/okta/resource_okta_policy_device_assurance_chromeOS_test.go b/okta/resource_okta_policy_device_assurance_chromeOS_test.go index bf1b67303..a728c75e6 100644 --- a/okta/resource_okta_policy_device_assurance_chromeOS_test.go +++ b/okta/resource_okta_policy_device_assurance_chromeOS_test.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) -func TestAccPolicyDeviceAssuranceChromeOS(t *testing.T) { +func TestAccResourceOktaPolicyDeviceAssuranceChromeOS(t *testing.T) { resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ diff --git a/okta/resource_okta_policy_device_assurance_iOS_test.go b/okta/resource_okta_policy_device_assurance_iOS_test.go index 132974269..c65f7e698 100644 --- a/okta/resource_okta_policy_device_assurance_iOS_test.go +++ b/okta/resource_okta_policy_device_assurance_iOS_test.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) -func TestAccPolicyDeviceAssuranceIOS(t *testing.T) { +func TestAccResourceOktaPolicyDeviceAssuranceIOS(t *testing.T) { resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ diff --git a/okta/resource_okta_policy_device_assurance_macOS_test.go b/okta/resource_okta_policy_device_assurance_macOS_test.go index 7342d7e03..ec7455d39 100644 --- a/okta/resource_okta_policy_device_assurance_macOS_test.go +++ b/okta/resource_okta_policy_device_assurance_macOS_test.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) -func TestAccPolicyDeviceAssuranceMacOS(t *testing.T) { +func TestAccResourceOktaPolicyDeviceAssuranceMacOS(t *testing.T) { resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ diff --git a/okta/resource_okta_policy_device_assurance_window_test.go b/okta/resource_okta_policy_device_assurance_window_test.go index 8583ff27a..0f66bf23c 100644 --- a/okta/resource_okta_policy_device_assurance_window_test.go +++ b/okta/resource_okta_policy_device_assurance_window_test.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) -func TestAccPolicyDeviceAssuranceWindows(t *testing.T) { +func TestAccResourceOktaPolicyDeviceAssuranceWindows(t *testing.T) { resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ From 01952189b49072f836648e39a26f4f1ebbdcf798 Mon Sep 17 00:00:00 2001 From: Mike Mondragon Date: Mon, 7 Aug 2023 12:02:55 -0700 Subject: [PATCH 7/8] * Clip out lefover Hashicups copy and paste * Move testAccProtoV6ProviderFactories to central provider_test.go * Rename files lower case with extra _os in name to avoid golang GOOS and GOARCH filename build constraints https://pkg.go.dev/cmd/go#hdr-Build_constraints --- okta/provider_test.go | 9 +++++++- ...kta_policy_device_assurance_android_os.go} | 0 ...olicy_device_assurance_android_os_test.go} | 23 ++----------------- ...ta_policy_device_assurance_chromeos_os.go} | 0 ...licy_device_assurance_chromeos_os_test.go} | 6 ++--- ...ce_okta_policy_device_assurance_ios_os.go} | 0 ...ta_policy_device_assurance_ios_os_test.go} | 6 ++--- ..._okta_policy_device_assurance_macos_os.go} | 0 ..._policy_device_assurance_macos_os_test.go} | 6 ++--- ...kta_policy_device_assurance_windows_os.go} | 0 ...olicy_device_assurance_windows_os_test.go} | 6 ++--- 11 files changed, 18 insertions(+), 38 deletions(-) rename okta/{resource_okta_policy_device_assurance_androi.go => resource_okta_policy_device_assurance_android_os.go} (100%) rename okta/{resource_okta_policy_device_assurance_androi_test.go => resource_okta_policy_device_assurance_android_os_test.go} (66%) rename okta/{resource_okta_policy_device_assurance_chromeOS.go => resource_okta_policy_device_assurance_chromeos_os.go} (100%) rename okta/{resource_okta_policy_device_assurance_chromeOS_test.go => resource_okta_policy_device_assurance_chromeos_os_test.go} (94%) rename okta/{resource_okta_policy_device_assurance_iOS.go => resource_okta_policy_device_assurance_ios_os.go} (100%) rename okta/{resource_okta_policy_device_assurance_iOS_test.go => resource_okta_policy_device_assurance_ios_os_test.go} (90%) rename okta/{resource_okta_policy_device_assurance_macOS.go => resource_okta_policy_device_assurance_macos_os.go} (100%) rename okta/{resource_okta_policy_device_assurance_macOS_test.go => resource_okta_policy_device_assurance_macos_os_test.go} (96%) rename okta/{resource_okta_policy_device_assurance_window.go => resource_okta_policy_device_assurance_windows_os.go} (100%) rename okta/{resource_okta_policy_device_assurance_window_test.go => resource_okta_policy_device_assurance_windows_os_test.go} (96%) diff --git a/okta/provider_test.go b/okta/provider_test.go index b2c7e021c..3efbe69d0 100644 --- a/okta/provider_test.go +++ b/okta/provider_test.go @@ -19,6 +19,8 @@ import ( "github.com/dnaeon/go-vcr/cassette" "github.com/dnaeon/go-vcr/recorder" + "github.com/hashicorp/terraform-plugin-framework/providerserver" + "github.com/hashicorp/terraform-plugin-go/tfprotov6" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -27,7 +29,12 @@ import ( "github.com/okta/terraform-provider-okta/sdk" ) -var testAccProvidersFactories map[string]func() (*schema.Provider, error) +var ( + testAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){ + "okta": providerserver.NewProtocol6WithError(NewFWProvider("test")), + } + testAccProvidersFactories map[string]func() (*schema.Provider, error) +) func init() { provider := Provider() diff --git a/okta/resource_okta_policy_device_assurance_androi.go b/okta/resource_okta_policy_device_assurance_android_os.go similarity index 100% rename from okta/resource_okta_policy_device_assurance_androi.go rename to okta/resource_okta_policy_device_assurance_android_os.go diff --git a/okta/resource_okta_policy_device_assurance_androi_test.go b/okta/resource_okta_policy_device_assurance_android_os_test.go similarity index 66% rename from okta/resource_okta_policy_device_assurance_androi_test.go rename to okta/resource_okta_policy_device_assurance_android_os_test.go index 52a1a43ab..5e3e656e8 100644 --- a/okta/resource_okta_policy_device_assurance_androi_test.go +++ b/okta/resource_okta_policy_device_assurance_android_os_test.go @@ -3,33 +3,15 @@ package okta import ( "testing" - "github.com/hashicorp/terraform-plugin-framework/providerserver" - "github.com/hashicorp/terraform-plugin-go/tfprotov6" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) -const ( - // providerConfig is a shared configuration to combine with the actual - // test configuration so the HashiCups client is properly configured. - // It is also possible to use the HASHICUPS_ environment variables instead, - // such as updating the Makefile and running the testing through that tool. - providerConfig = ` -` -) - -var ( - testAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){ - "okta": providerserver.NewProtocol6WithError(NewFWProvider("test")), - } -) - func TestAccResourceOktaPolicyDeviceAssuranceAndroid(t *testing.T) { resource.Test(t, resource.TestCase{ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { - Config: providerConfig + ` - resource okta_policy_device_assurance_android test{ + Config: `resource okta_policy_device_assurance_android test{ name = "test" os_version = "12" disk_encryption_type = toset(["FULL", "USER"]) @@ -46,8 +28,7 @@ func TestAccResourceOktaPolicyDeviceAssuranceAndroid(t *testing.T) { ), }, { - Config: providerConfig + ` - resource okta_policy_device_assurance_android test{ + Config: `resource okta_policy_device_assurance_android test{ name = "test" os_version = "13" disk_encryption_type = toset(["FULL", "USER"]) diff --git a/okta/resource_okta_policy_device_assurance_chromeOS.go b/okta/resource_okta_policy_device_assurance_chromeos_os.go similarity index 100% rename from okta/resource_okta_policy_device_assurance_chromeOS.go rename to okta/resource_okta_policy_device_assurance_chromeos_os.go diff --git a/okta/resource_okta_policy_device_assurance_chromeOS_test.go b/okta/resource_okta_policy_device_assurance_chromeos_os_test.go similarity index 94% rename from okta/resource_okta_policy_device_assurance_chromeOS_test.go rename to okta/resource_okta_policy_device_assurance_chromeos_os_test.go index a728c75e6..d242cd8ef 100644 --- a/okta/resource_okta_policy_device_assurance_chromeOS_test.go +++ b/okta/resource_okta_policy_device_assurance_chromeos_os_test.go @@ -11,8 +11,7 @@ func TestAccResourceOktaPolicyDeviceAssuranceChromeOS(t *testing.T) { ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { - Config: providerConfig + ` - resource okta_policy_device_assurance_chromeos test{ + Config: `resource okta_policy_device_assurance_chromeos test{ name = "z" }`, Check: resource.ComposeAggregateTestCheckFunc( @@ -20,8 +19,7 @@ func TestAccResourceOktaPolicyDeviceAssuranceChromeOS(t *testing.T) { ), }, { - Config: providerConfig + ` - resource okta_policy_device_assurance_chromeos test{ + Config: `resource okta_policy_device_assurance_chromeos test{ name = "test" tpsp_allow_screen_lock = true tpsp_browser_version = "15393.27.0" diff --git a/okta/resource_okta_policy_device_assurance_iOS.go b/okta/resource_okta_policy_device_assurance_ios_os.go similarity index 100% rename from okta/resource_okta_policy_device_assurance_iOS.go rename to okta/resource_okta_policy_device_assurance_ios_os.go diff --git a/okta/resource_okta_policy_device_assurance_iOS_test.go b/okta/resource_okta_policy_device_assurance_ios_os_test.go similarity index 90% rename from okta/resource_okta_policy_device_assurance_iOS_test.go rename to okta/resource_okta_policy_device_assurance_ios_os_test.go index c65f7e698..70a6778df 100644 --- a/okta/resource_okta_policy_device_assurance_iOS_test.go +++ b/okta/resource_okta_policy_device_assurance_ios_os_test.go @@ -11,8 +11,7 @@ func TestAccResourceOktaPolicyDeviceAssuranceIOS(t *testing.T) { ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { - Config: providerConfig + ` - resource okta_policy_device_assurance_ios test{ + Config: `resource okta_policy_device_assurance_ios test{ name = "test" os_version = "12.4.5" jailbreak = false @@ -26,8 +25,7 @@ func TestAccResourceOktaPolicyDeviceAssuranceIOS(t *testing.T) { ), }, { - Config: providerConfig + ` - resource okta_policy_device_assurance_ios test{ + Config: `resource okta_policy_device_assurance_ios test{ name = "test" os_version = "12.4.6" jailbreak = false diff --git a/okta/resource_okta_policy_device_assurance_macOS.go b/okta/resource_okta_policy_device_assurance_macos_os.go similarity index 100% rename from okta/resource_okta_policy_device_assurance_macOS.go rename to okta/resource_okta_policy_device_assurance_macos_os.go diff --git a/okta/resource_okta_policy_device_assurance_macOS_test.go b/okta/resource_okta_policy_device_assurance_macos_os_test.go similarity index 96% rename from okta/resource_okta_policy_device_assurance_macOS_test.go rename to okta/resource_okta_policy_device_assurance_macos_os_test.go index ec7455d39..38a2cfb23 100644 --- a/okta/resource_okta_policy_device_assurance_macOS_test.go +++ b/okta/resource_okta_policy_device_assurance_macos_os_test.go @@ -11,8 +11,7 @@ func TestAccResourceOktaPolicyDeviceAssuranceMacOS(t *testing.T) { ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { - Config: providerConfig + ` - resource okta_policy_device_assurance_macos test{ + Config: `resource okta_policy_device_assurance_macos test{ name = "test" os_version = "12.4.5" disk_encryption_type = toset(["ALL_INTERNAL_VOLUMES"]) @@ -29,8 +28,7 @@ func TestAccResourceOktaPolicyDeviceAssuranceMacOS(t *testing.T) { ), }, { - Config: providerConfig + ` - resource okta_policy_device_assurance_macos test{ + Config: `resource okta_policy_device_assurance_macos test{ name = "test" os_version = "12.4.6" disk_encryption_type = toset(["ALL_INTERNAL_VOLUMES"]) diff --git a/okta/resource_okta_policy_device_assurance_window.go b/okta/resource_okta_policy_device_assurance_windows_os.go similarity index 100% rename from okta/resource_okta_policy_device_assurance_window.go rename to okta/resource_okta_policy_device_assurance_windows_os.go diff --git a/okta/resource_okta_policy_device_assurance_window_test.go b/okta/resource_okta_policy_device_assurance_windows_os_test.go similarity index 96% rename from okta/resource_okta_policy_device_assurance_window_test.go rename to okta/resource_okta_policy_device_assurance_windows_os_test.go index 0f66bf23c..ea24ee514 100644 --- a/okta/resource_okta_policy_device_assurance_window_test.go +++ b/okta/resource_okta_policy_device_assurance_windows_os_test.go @@ -11,8 +11,7 @@ func TestAccResourceOktaPolicyDeviceAssuranceWindows(t *testing.T) { ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { - Config: providerConfig + ` - resource okta_policy_device_assurance_windows test{ + Config: `resource okta_policy_device_assurance_windows test{ name = "test" os_version = "12.4.5" disk_encryption_type = toset(["ALL_INTERNAL_VOLUMES"]) @@ -29,8 +28,7 @@ func TestAccResourceOktaPolicyDeviceAssuranceWindows(t *testing.T) { ), }, { - Config: providerConfig + ` - resource okta_policy_device_assurance_windows test{ + Config: `resource okta_policy_device_assurance_windows test{ name = "test" os_version = "12.4.6" disk_encryption_type = toset(["ALL_INTERNAL_VOLUMES"]) From a87bb7ec77b0a521f901a640caf3416858d25b9b Mon Sep 17 00:00:00 2001 From: Tien Nguyen Date: Mon, 7 Aug 2023 18:22:59 -0400 Subject: [PATCH 8/8] add documentation and update test remove log --- .../basic_updated.tf | 13 +- okta/provider_test.go | 33 +++-- ...source_okta_app_signon_policy_rule_test.go | 12 +- ...kta_device_assurance_policy_android_os.go} | 10 +- ...evice_assurance_policy_android_os_test.go} | 2 +- ...ta_device_assurance_policy_chromeos_os.go} | 13 +- ...vice_assurance_policy_chromeos_os_test.go} | 2 +- ...ce_okta_device_assurance_policy_ios_os.go} | 10 +- ...ta_device_assurance_policy_ios_os_test.go} | 2 +- ..._okta_device_assurance_policy_macos_os.go} | 10 +- ..._device_assurance_policy_macos_os_test.go} | 2 +- ...kta_device_assurance_policy_windows_os.go} | 10 +- ...evice_assurance_policy_windows_os_test.go} | 2 +- .../r/app_signon_policy_rule.html.markdown | 11 ++ ...ice_assurance_policy_android.html.markdown | 62 +++++++++ ...ce_assurance_policy_chromeos.html.markdown | 89 +++++++++++++ .../device_assurance_policy_ios.html.markdown | 56 +++++++++ ...evice_assurance_policy_macos.html.markdown | 101 +++++++++++++++ ...ice_assurance_policy_windows.html.markdown | 119 ++++++++++++++++++ 19 files changed, 518 insertions(+), 41 deletions(-) rename okta/{resource_okta_policy_device_assurance_android_os.go => resource_okta_device_assurance_policy_android_os.go} (96%) rename okta/{resource_okta_policy_device_assurance_android_os_test.go => resource_okta_device_assurance_policy_android_os_test.go} (96%) rename okta/{resource_okta_policy_device_assurance_chromeos_os.go => resource_okta_device_assurance_policy_chromeos_os.go} (96%) rename okta/{resource_okta_policy_device_assurance_chromeos_os_test.go => resource_okta_device_assurance_policy_chromeos_os_test.go} (98%) rename okta/{resource_okta_policy_device_assurance_ios_os.go => resource_okta_device_assurance_policy_ios_os.go} (95%) rename okta/{resource_okta_policy_device_assurance_ios_os_test.go => resource_okta_device_assurance_policy_ios_os_test.go} (96%) rename okta/{resource_okta_policy_device_assurance_macos_os.go => resource_okta_device_assurance_policy_macos_os.go} (97%) rename okta/{resource_okta_policy_device_assurance_macos_os_test.go => resource_okta_device_assurance_policy_macos_os_test.go} (98%) rename okta/{resource_okta_policy_device_assurance_windows_os.go => resource_okta_device_assurance_policy_windows_os.go} (98%) rename okta/{resource_okta_policy_device_assurance_windows_os_test.go => resource_okta_device_assurance_policy_windows_os_test.go} (98%) create mode 100644 website/docs/r/device_assurance_policy_android.html.markdown create mode 100644 website/docs/r/device_assurance_policy_chromeos.html.markdown create mode 100644 website/docs/r/device_assurance_policy_ios.html.markdown create mode 100644 website/docs/r/device_assurance_policy_macos.html.markdown create mode 100644 website/docs/r/device_assurance_policy_windows.html.markdown diff --git a/examples/okta_app_signon_policy_rule/basic_updated.tf b/examples/okta_app_signon_policy_rule/basic_updated.tf index 2ba091411..75f2570ef 100644 --- a/examples/okta_app_signon_policy_rule/basic_updated.tf +++ b/examples/okta_app_signon_policy_rule/basic_updated.tf @@ -57,13 +57,12 @@ resource "okta_network_zone" "test" { data "okta_user_type" "default" { name = "user" } -# TODO unable to run the test due to conflict providerFactories between plugin and framework -# Works fine with terraform apply -# resource "okta_policy_device_assurance_android" "test" { -# name = "test" -# os_version = "12" -# jailbreak = false -# } + +resource "okta_policy_device_assurance_android" "test" { + name = "test" + os_version = "12" + jailbreak = false +} resource "okta_app_signon_policy_rule" "test" { name = "testAcc_replace_with_uuid_updated" diff --git a/okta/provider_test.go b/okta/provider_test.go index 3efbe69d0..85a9c2fda 100644 --- a/okta/provider_test.go +++ b/okta/provider_test.go @@ -20,7 +20,8 @@ import ( "github.com/dnaeon/go-vcr/cassette" "github.com/dnaeon/go-vcr/recorder" "github.com/hashicorp/terraform-plugin-framework/providerserver" - "github.com/hashicorp/terraform-plugin-go/tfprotov6" + "github.com/hashicorp/terraform-plugin-go/tfprotov5" + "github.com/hashicorp/terraform-plugin-mux/tf5muxserver" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -30,17 +31,35 @@ import ( ) var ( - testAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){ - "okta": providerserver.NewProtocol6WithError(NewFWProvider("test")), - } - testAccProvidersFactories map[string]func() (*schema.Provider, error) + testAccProvidersFactories map[string]func() (*schema.Provider, error) + testAccProtoV5ProviderFactories map[string]func() (tfprotov5.ProviderServer, error) + testAccMergeProvidersFactories map[string]func() (tfprotov5.ProviderServer, error) ) func init() { - provider := Provider() + pluginProvider := Provider() testAccProvidersFactories = map[string]func() (*schema.Provider, error){ "okta": func() (*schema.Provider, error) { - return provider, nil + return pluginProvider, nil + }, + } + frameworkProvider := NewFWProvider("dev") + testAccProtoV5ProviderFactories = map[string]func() (tfprotov5.ProviderServer, error){ + "okta": providerserver.NewProtocol5WithError(frameworkProvider), + } + providers := []func() tfprotov5.ProviderServer{ + // v2 plugin + pluginProvider.GRPCProvider, + // v3 plugin + providerserver.NewProtocol5(frameworkProvider), + } + muxServer, err := tf5muxserver.NewMuxServer(context.Background(), providers...) + if err != nil { + log.Fatalf(err.Error()) + } + testAccMergeProvidersFactories = map[string]func() (tfprotov5.ProviderServer, error){ + "okta": func() (tfprotov5.ProviderServer, error) { + return muxServer.ProviderServer(), nil }, } diff --git a/okta/resource_okta_app_signon_policy_rule_test.go b/okta/resource_okta_app_signon_policy_rule_test.go index e74b23e79..4d34bc22e 100644 --- a/okta/resource_okta_app_signon_policy_rule_test.go +++ b/okta/resource_okta_app_signon_policy_rule_test.go @@ -18,10 +18,10 @@ func TestAccOktaAppSignOnPolicyRule(t *testing.T) { updatedConfig := mgr.GetFixtures("basic_updated.tf", t) oktaResourceTest(t, resource.TestCase{ - PreCheck: testAccPreCheck(t), - ErrorCheck: testAccErrorChecks(t), - ProviderFactories: testAccProvidersFactories, - CheckDestroy: checkAppSignOnPolicyRuleDestroy, + PreCheck: testAccPreCheck(t), + ErrorCheck: testAccErrorChecks(t), + ProtoV5ProviderFactories: testAccMergeProvidersFactories, + CheckDestroy: checkAppSignOnPolicyRuleDestroy, Steps: []resource.TestStep{ { Config: config, @@ -33,7 +33,7 @@ func TestAccOktaAppSignOnPolicyRule(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "factor_mode", "2FA"), resource.TestCheckResourceAttr(resourceName, "groups_excluded.#", "0"), resource.TestCheckResourceAttr(resourceName, "groups_included.#", "0"), - // resource.TestCheckResourceAttr(resourceName, "device_assurances_included.#", "0"), + resource.TestCheckResourceAttr(resourceName, "device_assurances_included.#", "0"), resource.TestCheckResourceAttr(resourceName, "user_types_excluded.#", "0"), resource.TestCheckResourceAttr(resourceName, "user_types_included.#", "0"), resource.TestCheckResourceAttr(resourceName, "users_excluded.#", "0"), @@ -56,7 +56,7 @@ func TestAccOktaAppSignOnPolicyRule(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "factor_mode", "2FA"), resource.TestCheckResourceAttr(resourceName, "groups_excluded.#", "3"), resource.TestCheckResourceAttr(resourceName, "groups_included.#", "2"), - // resource.TestCheckResourceAttr(resourceName, "device_assurances_included.#", "1"), + resource.TestCheckResourceAttr(resourceName, "device_assurances_included.#", "1"), resource.TestCheckResourceAttr(resourceName, "user_types_excluded.#", "1"), resource.TestCheckResourceAttr(resourceName, "user_types_included.#", "1"), resource.TestCheckResourceAttr(resourceName, "users_excluded.#", "3"), diff --git a/okta/resource_okta_policy_device_assurance_android_os.go b/okta/resource_okta_device_assurance_policy_android_os.go similarity index 96% rename from okta/resource_okta_policy_device_assurance_android_os.go rename to okta/resource_okta_device_assurance_policy_android_os.go index 39cc6346e..e76a2c448 100644 --- a/okta/resource_okta_policy_device_assurance_android_os.go +++ b/okta/resource_okta_device_assurance_policy_android_os.go @@ -20,9 +20,9 @@ import ( // Ensure the implementation satisfies the expected interfaces. var ( - _ resource.Resource = &policyDeviceAssuranceAndroidResource{} - _ resource.ResourceWithConfigure = &policyDeviceAssuranceAndroidResource{} - // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} + _ resource.Resource = &policyDeviceAssuranceAndroidResource{} + _ resource.ResourceWithConfigure = &policyDeviceAssuranceAndroidResource{} + _ resource.ResourceWithImportState = &policyDeviceAssuranceAndroidResource{} ) func NewPolicyDeviceAssuranceAndroidResource() resource.Resource { @@ -362,3 +362,7 @@ func mapDeviceAssuranceAndroidToState(data *okta.ListDeviceAssurancePolicies200R state.LastUpdatedBy = types.StringPointerValue(data.DeviceAssuranceAndroidPlatform.LastUpdatedBy) return diags } + +func (r *policyDeviceAssuranceAndroidResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} diff --git a/okta/resource_okta_policy_device_assurance_android_os_test.go b/okta/resource_okta_device_assurance_policy_android_os_test.go similarity index 96% rename from okta/resource_okta_policy_device_assurance_android_os_test.go rename to okta/resource_okta_device_assurance_policy_android_os_test.go index 5e3e656e8..f9c842b1f 100644 --- a/okta/resource_okta_policy_device_assurance_android_os_test.go +++ b/okta/resource_okta_device_assurance_policy_android_os_test.go @@ -8,7 +8,7 @@ import ( func TestAccResourceOktaPolicyDeviceAssuranceAndroid(t *testing.T) { resource.Test(t, resource.TestCase{ - ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + ProtoV5ProviderFactories: testAccProtoV5ProviderFactories, Steps: []resource.TestStep{ { Config: `resource okta_policy_device_assurance_android test{ diff --git a/okta/resource_okta_policy_device_assurance_chromeos_os.go b/okta/resource_okta_device_assurance_policy_chromeos_os.go similarity index 96% rename from okta/resource_okta_policy_device_assurance_chromeos_os.go rename to okta/resource_okta_device_assurance_policy_chromeos_os.go index d3837024f..4816e1a68 100644 --- a/okta/resource_okta_policy_device_assurance_chromeos_os.go +++ b/okta/resource_okta_device_assurance_policy_chromeos_os.go @@ -5,6 +5,7 @@ import ( "fmt" "github.com/hashicorp/terraform-plugin-framework/diag" + "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" @@ -15,9 +16,9 @@ import ( // Ensure the implementation satisfies the expected interfaces. var ( - _ resource.Resource = &policyDeviceAssuranceChromeOSResource{} - _ resource.ResourceWithConfigure = &policyDeviceAssuranceChromeOSResource{} - // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} + _ resource.Resource = &policyDeviceAssuranceChromeOSResource{} + _ resource.ResourceWithConfigure = &policyDeviceAssuranceChromeOSResource{} + _ resource.ResourceWithImportState = &policyDeviceAssuranceChromeOSResource{} ) func NewPolicyDeviceAssuranceChromeOSResource() resource.Resource { @@ -87,7 +88,7 @@ func (r *policyDeviceAssuranceChromeOSResource) Schema(_ context.Context, _ reso Optional: true, }, "tpsp_builtin_dns_client_enabled": schema.BoolAttribute{ - Description: "Third party signal provider builtin dns client enable", + Description: "Third party signal provider builtin dns client enabled", Optional: true, }, "tpsp_chrome_remote_desktop_app_blocked": schema.BoolAttribute{ @@ -378,3 +379,7 @@ func mapDeviceAssuranceChromeOSToState(data *okta.ListDeviceAssurancePolicies200 state.LastUpdatedBy = types.StringPointerValue(data.DeviceAssuranceChromeOSPlatform.LastUpdatedBy) return diags } + +func (r *policyDeviceAssuranceChromeOSResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} diff --git a/okta/resource_okta_policy_device_assurance_chromeos_os_test.go b/okta/resource_okta_device_assurance_policy_chromeos_os_test.go similarity index 98% rename from okta/resource_okta_policy_device_assurance_chromeos_os_test.go rename to okta/resource_okta_device_assurance_policy_chromeos_os_test.go index d242cd8ef..3b1a2d5b3 100644 --- a/okta/resource_okta_policy_device_assurance_chromeos_os_test.go +++ b/okta/resource_okta_device_assurance_policy_chromeos_os_test.go @@ -8,7 +8,7 @@ import ( func TestAccResourceOktaPolicyDeviceAssuranceChromeOS(t *testing.T) { resource.Test(t, resource.TestCase{ - ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + ProtoV5ProviderFactories: testAccProtoV5ProviderFactories, Steps: []resource.TestStep{ { Config: `resource okta_policy_device_assurance_chromeos test{ diff --git a/okta/resource_okta_policy_device_assurance_ios_os.go b/okta/resource_okta_device_assurance_policy_ios_os.go similarity index 95% rename from okta/resource_okta_policy_device_assurance_ios_os.go rename to okta/resource_okta_device_assurance_policy_ios_os.go index 4e3d4b504..240fb776e 100644 --- a/okta/resource_okta_policy_device_assurance_ios_os.go +++ b/okta/resource_okta_device_assurance_policy_ios_os.go @@ -20,9 +20,9 @@ import ( // Ensure the implementation satisfies the expected interfaces. var ( - _ resource.Resource = &policyDeviceAssuranceIOSResource{} - _ resource.ResourceWithConfigure = &policyDeviceAssuranceIOSResource{} - // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} + _ resource.Resource = &policyDeviceAssuranceIOSResource{} + _ resource.ResourceWithConfigure = &policyDeviceAssuranceIOSResource{} + _ resource.ResourceWithImportState = &policyDeviceAssuranceIOSResource{} ) func NewPolicyDeviceAssuranceIOSResource() resource.Resource { @@ -307,3 +307,7 @@ func mapDeviceAssuranceIOSToState(data *okta.ListDeviceAssurancePolicies200Respo state.LastUpdatedBy = types.StringPointerValue(data.DeviceAssuranceIOSPlatform.LastUpdatedBy) return diags } + +func (r *policyDeviceAssuranceIOSResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} diff --git a/okta/resource_okta_policy_device_assurance_ios_os_test.go b/okta/resource_okta_device_assurance_policy_ios_os_test.go similarity index 96% rename from okta/resource_okta_policy_device_assurance_ios_os_test.go rename to okta/resource_okta_device_assurance_policy_ios_os_test.go index 70a6778df..e795e65c4 100644 --- a/okta/resource_okta_policy_device_assurance_ios_os_test.go +++ b/okta/resource_okta_device_assurance_policy_ios_os_test.go @@ -8,7 +8,7 @@ import ( func TestAccResourceOktaPolicyDeviceAssuranceIOS(t *testing.T) { resource.Test(t, resource.TestCase{ - ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + ProtoV5ProviderFactories: testAccProtoV5ProviderFactories, Steps: []resource.TestStep{ { Config: `resource okta_policy_device_assurance_ios test{ diff --git a/okta/resource_okta_policy_device_assurance_macos_os.go b/okta/resource_okta_device_assurance_policy_macos_os.go similarity index 97% rename from okta/resource_okta_policy_device_assurance_macos_os.go rename to okta/resource_okta_device_assurance_policy_macos_os.go index 7b0908c8a..0de68082e 100644 --- a/okta/resource_okta_policy_device_assurance_macos_os.go +++ b/okta/resource_okta_device_assurance_policy_macos_os.go @@ -20,9 +20,9 @@ import ( // Ensure the implementation satisfies the expected interfaces. var ( - _ resource.Resource = &policyDeviceAssuranceMacOSResource{} - _ resource.ResourceWithConfigure = &policyDeviceAssuranceMacOSResource{} - // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} + _ resource.Resource = &policyDeviceAssuranceMacOSResource{} + _ resource.ResourceWithConfigure = &policyDeviceAssuranceMacOSResource{} + _ resource.ResourceWithImportState = &policyDeviceAssuranceMacOSResource{} ) func NewPolicyDeviceAssuranceMacOSResource() resource.Resource { @@ -479,3 +479,7 @@ func mapDeviceAssuranceMacOSToState(data *okta.ListDeviceAssurancePolicies200Res state.LastUpdatedBy = types.StringPointerValue(data.DeviceAssuranceMacOSPlatform.LastUpdatedBy) return diags } + +func (r *policyDeviceAssuranceMacOSResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} diff --git a/okta/resource_okta_policy_device_assurance_macos_os_test.go b/okta/resource_okta_device_assurance_policy_macos_os_test.go similarity index 98% rename from okta/resource_okta_policy_device_assurance_macos_os_test.go rename to okta/resource_okta_device_assurance_policy_macos_os_test.go index 38a2cfb23..60c84e679 100644 --- a/okta/resource_okta_policy_device_assurance_macos_os_test.go +++ b/okta/resource_okta_device_assurance_policy_macos_os_test.go @@ -8,7 +8,7 @@ import ( func TestAccResourceOktaPolicyDeviceAssuranceMacOS(t *testing.T) { resource.Test(t, resource.TestCase{ - ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + ProtoV5ProviderFactories: testAccProtoV5ProviderFactories, Steps: []resource.TestStep{ { Config: `resource okta_policy_device_assurance_macos test{ diff --git a/okta/resource_okta_policy_device_assurance_windows_os.go b/okta/resource_okta_device_assurance_policy_windows_os.go similarity index 98% rename from okta/resource_okta_policy_device_assurance_windows_os.go rename to okta/resource_okta_device_assurance_policy_windows_os.go index ee4221107..5e8c38809 100644 --- a/okta/resource_okta_policy_device_assurance_windows_os.go +++ b/okta/resource_okta_device_assurance_policy_windows_os.go @@ -20,9 +20,9 @@ import ( // Ensure the implementation satisfies the expected interfaces. var ( - _ resource.Resource = &policyDeviceAssuranceWindowsResource{} - _ resource.ResourceWithConfigure = &policyDeviceAssuranceWindowsResource{} - // _ resource.ResourceWithImportState = &policyDeviceAssuranceResource{} + _ resource.Resource = &policyDeviceAssuranceWindowsResource{} + _ resource.ResourceWithConfigure = &policyDeviceAssuranceWindowsResource{} + _ resource.ResourceWithImportState = &policyDeviceAssuranceWindowsResource{} ) func NewPolicyDeviceAssuranceWindowsResource() resource.Resource { @@ -522,3 +522,7 @@ func mapDeviceAssuranceWindowsToState(data *okta.ListDeviceAssurancePolicies200R state.LastUpdatedBy = types.StringPointerValue(data.DeviceAssuranceWindowsPlatform.LastUpdatedBy) return diags } + +func (r *policyDeviceAssuranceWindowsResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} diff --git a/okta/resource_okta_policy_device_assurance_windows_os_test.go b/okta/resource_okta_device_assurance_policy_windows_os_test.go similarity index 98% rename from okta/resource_okta_policy_device_assurance_windows_os_test.go rename to okta/resource_okta_device_assurance_policy_windows_os_test.go index ea24ee514..a2b528ad6 100644 --- a/okta/resource_okta_policy_device_assurance_windows_os_test.go +++ b/okta/resource_okta_device_assurance_policy_windows_os_test.go @@ -8,7 +8,7 @@ import ( func TestAccResourceOktaPolicyDeviceAssuranceWindows(t *testing.T) { resource.Test(t, resource.TestCase{ - ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + ProtoV5ProviderFactories: testAccProtoV5ProviderFactories, Steps: []resource.TestStep{ { Config: `resource okta_policy_device_assurance_windows test{ diff --git a/website/docs/r/app_signon_policy_rule.html.markdown b/website/docs/r/app_signon_policy_rule.html.markdown index ab8b8b3b2..7a9720b2d 100644 --- a/website/docs/r/app_signon_policy_rule.html.markdown +++ b/website/docs/r/app_signon_policy_rule.html.markdown @@ -184,6 +184,12 @@ data "okta_user_type" "default" { name = "user" } +resource "okta_policy_device_assurance_android" "test" { + name = "test" + os_version = "12" + jailbreak = false +} + resource "okta_app_signon_policy_rule" "test" { name = "testAcc_replace_with_uuid" policy_id = data.okta_app_signon_policy.test.id @@ -201,6 +207,9 @@ resource "okta_app_signon_policy_rule" "test" { okta_group.this[0].id, okta_group.this[1].id ] + device_assurances_included = [ + okta_policy_device_assurance_android.test.id + ] network_connection = "ZONE" network_includes = [ okta_network_zone.test.id @@ -298,6 +307,8 @@ The following arguments are supported: - `device_is_managed` - (Optional) If the device is managed. A device is managed if it's managed by a device management system. When managed is passed, `device_is_registered` must also be included and must be set to `true`. +- `device_assurances_included` - (Optional) List of device assurances IDs to be included. + - `platform_include` - (Optional) List of particular platforms or devices to match on. - `type` - (Optional) One of: `"ANY"`, `"MOBILE"`, `"DESKTOP"` - `os_expression` - (Optional) Only available and required when using `os_type = "OTHER"` diff --git a/website/docs/r/device_assurance_policy_android.html.markdown b/website/docs/r/device_assurance_policy_android.html.markdown new file mode 100644 index 000000000..78435575b --- /dev/null +++ b/website/docs/r/device_assurance_policy_android.html.markdown @@ -0,0 +1,62 @@ +--- +layout: 'okta' +page_title: 'Okta: okta_policy_device_assurance_android' +sidebar_current: 'docs-okta-device-assurance-policy-android' +description: |- + Manages a device assurance policy for android. +--- + +# okta_policy_device_assurance_android + +This resource allows you to create and configure an device assurance policy for android. + +## Example Usage + +```hcl +resource okta_policy_device_assurance_android example{ + name = "example" + os_version = "12" + disk_encryption_type = toset(["FULL", "USER"]) + jailbreak = false + secure_hardware_present = true + screenlock_type = toset(["BIOMETRIC"]) +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) Name of the device assurance policy. + +- `disk_encryption_type` - (Optional) List of disk encryption type of the device assurance policy. + +- `jailbreak` - (Optional) Is the device jailbroken in the device assurance policy. + +- `os_version` - (Optional) Minimum os version of the device in the device assurance policy. + +- `secure_hardware_present` - (Optional) Is the device secure with hardware in the device assurance policy. + +- `screenlock_type` - (Optional) List of screen lock type of the device assurance policy. + +## Attributes Reference + +- `id` - ID of the device assurance policy. + +- `platform` - Platform of the device assurance policy. + +- `created_date` - Created date of the device assurance policy. + +- `created_by` - Created by of the device assurance policy. + +- `last_update` - Last update of the device assurance policy. + +- `last_updated_by` - Last updated by of the device assurance policy. + +## Import + +Okta Device Assurance Android can be imported via the Okta ID. + +``` +$ terraform import okta_policy_device_assurance_android.example <device assurance id> +``` \ No newline at end of file diff --git a/website/docs/r/device_assurance_policy_chromeos.html.markdown b/website/docs/r/device_assurance_policy_chromeos.html.markdown new file mode 100644 index 000000000..359b4c922 --- /dev/null +++ b/website/docs/r/device_assurance_policy_chromeos.html.markdown @@ -0,0 +1,89 @@ +--- +layout: 'okta' +page_title: 'Okta: okta_policy_device_assurance_chromeos' +sidebar_current: 'docs-okta-device-assurance-policy-chromeos' +description: |- + Manages a device assurance policy for chromeos. +--- + +# okta_policy_device_assurance_chromeos + +This resource allows you to create and configure an device assurance policy for chromeos. + +## Example Usage + +```hcl +resource okta_policy_device_assurance_chromeos example{ + name = "example" + tpsp_allow_screen_lock = true + tpsp_browser_version = "15393.27.0" + tpsp_builtin_dns_client_enabled = true + tpsp_chrome_remote_desktop_app_blocked = true + tpsp_device_enrollment_domain = "exampleDomain" + tpsp_disk_encrypted = true + tpsp_key_trust_level = "CHROME_OS_VERIFIED_MODE" + tpsp_os_firewall = true + tpsp_os_version = "10.0.19041.1110" + tpsp_password_proctection_warning_trigger = "PASSWORD_PROTECTION_OFF" + tpsp_realtime_url_check_mode = true + tpsp_safe_browsing_protection_level = "ENHANCED_PROTECTION" + tpsp_screen_lock_secured = true + tpsp_site_isolation_enabled = true +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) Name of the device assurance policy. + +- `tpsp_allow_screen_lock` - (Optional) Third party signal provider allow screen lock. + +- `tpsp_browser_version` - (Optional) Third party signal provider minimum browser version. + +- `tpsp_builtin_dns_client_enabled` - (Optional) Third party signal provider builtin dns client enabled. + +- `tpsp_chrome_remote_desktop_app_blocked` - (Optional) Third party signal provider chrome remote desktop app blocked. + +- `tpsp_device_enrollment_domain` - (Optional) Third party signal provider device enrollment domain. + +- `tpsp_disk_encrypted` - (Optional) Third party signal provider disk encrypted. + +- `tpsp_key_trust_level` - (Optional) Third party signal provider key trust level. + +- `tpsp_os_firewall` - (Optional) Third party signal provider os firewall. + +- `tpsp_os_version` - (Optional) Third party signal provider minimum os version. + +- `tpsp_password_proctection_warning_trigger` - (Optional) Third party signal provider password protection warning trigger. + +- `tpsp_realtime_url_check_mode` - (Optional) Third party signal provider realtime url check mode. + +- `tpsp_safe_browsing_protection_level` - (Optional) Third party signal provider safe browsing protection level. + +- `tpsp_screen_lock_secured` - (Optional) Third party signal provider screen lock secure. + +- `tpsp_site_isolation_enabled` - (Optional) Third party signal provider site isolation enabled. + +## Attributes Reference + +- `id` - ID of the device assurance policy. + +- `platform` - Platform of the device assurance policy. + +- `created_date` - Created date of the device assurance policy. + +- `created_by` - Created by of the device assurance policy. + +- `last_update` - Last update of the device assurance policy. + +- `last_updated_by` - Last updated by of the device assurance policy. + +## Import + +Okta Device Assurance ChromeOS can be imported via the Okta ID. + +``` +$ terraform import okta_policy_device_assurance_chromeos.example <device assurance id> +``` \ No newline at end of file diff --git a/website/docs/r/device_assurance_policy_ios.html.markdown b/website/docs/r/device_assurance_policy_ios.html.markdown new file mode 100644 index 000000000..085b1396d --- /dev/null +++ b/website/docs/r/device_assurance_policy_ios.html.markdown @@ -0,0 +1,56 @@ +--- +layout: 'okta' +page_title: 'Okta: okta_policy_device_assurance_ios' +sidebar_current: 'docs-okta-device-assurance-policy-ios' +description: |- + Manages a device assurance policy for ios. +--- + +# okta_policy_device_assurance_ios + +This resource allows you to create and configure an device assurance policy for ios. + +## Example Usage + +```hcl +resource okta_policy_device_assurance_ios example{ + name = "example" + os_version = "12.4.5" + jailbreak = false + screenlock_type = toset(["BIOMETRIC"]) +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) Name of the device assurance policy. + +- `jailbreak` - (Optional) Is the device jailbroken in the device assurance policy. + +- `os_version` - (Optional) Minimum os version of the device in the device assurance policy. + +- `screenlock_type` - (Optional) List of screen lock type of the device assurance policy. + +## Attributes Reference + +- `id` - ID of the device assurance policy. + +- `platform` - Platform of the device assurance policy. + +- `created_date` - Created date of the device assurance policy. + +- `created_by` - Created by of the device assurance policy. + +- `last_update` - Last update of the device assurance policy. + +- `last_updated_by` - Last updated by of the device assurance policy. + +## Import + +Okta Device Assurance iOS can be imported via the Okta ID. + +``` +$ terraform import okta_policy_device_assurance_ios.example <device assurance id> +``` \ No newline at end of file diff --git a/website/docs/r/device_assurance_policy_macos.html.markdown b/website/docs/r/device_assurance_policy_macos.html.markdown new file mode 100644 index 000000000..e51db0cfe --- /dev/null +++ b/website/docs/r/device_assurance_policy_macos.html.markdown @@ -0,0 +1,101 @@ +--- +layout: 'okta' +page_title: 'Okta: okta_policy_device_assurance_macos' +sidebar_current: 'docs-okta-device-assurance-policy-macos' +description: |- + Manages a device assurance policy for macos. +--- + +# okta_policy_device_assurance_macos + +This resource allows you to create and configure an device assurance policy for macos. + +## Example Usage + +```hcl +resource okta_policy_device_assurance_macos example{ + name = "example" + os_version = "12.4.6" + disk_encryption_type = toset(["ALL_INTERNAL_VOLUMES"]) + secure_hardware_present = true + screenlock_type = toset(["BIOMETRIC", "PASSCODE"]) + third_party_signal_providers = true + tpsp_browser_version = "15393.27.0" + tpsp_builtin_dns_client_enabled = true + tpsp_chrome_remote_desktop_app_blocked = true + tpsp_device_enrollment_domain = "exampleDomain" + tpsp_disk_encrypted = true + tpsp_key_trust_level = "CHROME_BROWSER_HW_KEY" + tpsp_os_firewall = true + tpsp_os_version = "10.0.19041" + tpsp_password_proctection_warning_trigger = "PASSWORD_PROTECTION_OFF" + tpsp_realtime_url_check_mode = true + tpsp_safe_browsing_protection_level = "ENHANCED_PROTECTION" + tpsp_screen_lock_secured = true + tpsp_site_isolation_enabled = true +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) Name of the device assurance policy. + +- `disk_encryption_type` - (Optional) List of disk encryption type of the device assurance policy. + +- `os_version` - (Optional) Minimum os version of the device in the device assurance policy. + +- `secure_hardware_present` - (Optional) Is the device secure with hardware in the device assurance policy. + +- `screenlock_type` - (Optional) List of screen lock type of the device assurance policy. + +- `third_party_signal_providers` - (Optional) Indicate where the device assurance is using third party signal provider. Must be set if you want to use other tpsp value + +- `tpsp_browser_version` - (Optional) Third party signal provider minimum browser version. + +- `tpsp_builtin_dns_client_enabled` - (Optional) Third party signal provider builtin dns client enabled. + +- `tpsp_chrome_remote_desktop_app_blocked` - (Optional) Third party signal provider chrome remote desktop app blocked. + +- `tpsp_device_enrollment_domain` - (Optional) Third party signal provider device enrollment domain. + +- `tpsp_disk_encrypted` - (Optional) Third party signal provider disk encrypted. + +- `tpsp_key_trust_level` - (Optional) Third party signal provider key trust level. + +- `tpsp_os_firewall` - (Optional) Third party signal provider os firewall. + +- `tpsp_os_version` - (Optional) Third party signal provider minimum os version. + +- `tpsp_password_proctection_warning_trigger` - (Optional) Third party signal provider password protection warning trigger. + +- `tpsp_realtime_url_check_mode` - (Optional) Third party signal provider realtime url check mode. + +- `tpsp_safe_browsing_protection_level` - (Optional) Third party signal provider safe browsing protection level. + +- `tpsp_screen_lock_secured` - (Optional) Third party signal provider screen lock secure. + +- `tpsp_site_isolation_enabled` - (Optional) Third party signal provider site isolation enabled. + +## Attributes Reference + +- `id` - ID of the device assurance policy. + +- `platform` - Platform of the device assurance policy. + +- `created_date` - Created date of the device assurance policy. + +- `created_by` - Created by of the device assurance policy. + +- `last_update` - Last update of the device assurance policy. + +- `last_updated_by` - Last updated by of the device assurance policy. + +## Import + +Okta Device Assurance MacOS can be imported via the Okta ID. + +``` +$ terraform import okta_policy_device_assurance_macos.example <device assurance id> +``` \ No newline at end of file diff --git a/website/docs/r/device_assurance_policy_windows.html.markdown b/website/docs/r/device_assurance_policy_windows.html.markdown new file mode 100644 index 000000000..fcdf98490 --- /dev/null +++ b/website/docs/r/device_assurance_policy_windows.html.markdown @@ -0,0 +1,119 @@ +--- +layout: 'okta' +page_title: 'Okta: okta_policy_device_assurance_windows' +sidebar_current: 'docs-okta-device-assurance-policy-windows' +description: |- + Manages a device assurance policy for windows. +--- + +# okta_policy_device_assurance_windows + +This resource allows you to create and configure an device assurance policy for windows. + +## Example Usage + +```hcl +resource okta_policy_device_assurance_windows example{ + name = "example" + os_version = "12.4.6" + disk_encryption_type = toset(["ALL_INTERNAL_VOLUMES"]) + secure_hardware_present = true + screenlock_type = toset(["BIOMETRIC", "PASSCODE"]) + third_party_signal_providers = true + tpsp_browser_version = "15393.27.0" + tpsp_builtin_dns_client_enabled = true + tpsp_chrome_remote_desktop_app_blocked = true + tpsp_crowd_strike_agent_id = "exampleAgentId" + tpsp_crowd_strike_customer_id = "exampleCustomerId" + tpsp_device_enrollment_domain = "exampleDomain" + tpsp_disk_encrypted = true + tpsp_key_trust_level = "CHROME_BROWSER_HW_KEY" + tpsp_os_firewall = true + tpsp_os_version = "10.0.19041" + tpsp_password_proctection_warning_trigger = "PASSWORD_PROTECTION_OFF" + tpsp_realtime_url_check_mode = true + tpsp_safe_browsing_protection_level = "ENHANCED_PROTECTION" + tpsp_screen_lock_secured = true + tpsp_secure_boot_enabled = true + tpsp_site_isolation_enabled = true + tpsp_third_party_blocking_enabled = true + tpsp_windows_machine_domain = "exampleMachineDomain" + tpsp_windows_user_domain = "exampleUserDomain" + } +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) Name of the device assurance policy. + +- `disk_encryption_type` - (Optional) List of disk encryption type of the device assurance policy. + +- `os_version` - (Optional) Minimum os version of the device in the device assurance policy. + +- `secure_hardware_present` - (Optional) Is the device secure with hardware in the device assurance policy. + +- `screenlock_type` - (Optional) List of screen lock type of the device assurance policy. + +- `third_party_signal_providers` - (Optional) Indicate where the device assurance is using third party signal provider. Must be set if you want to use other tpsp value + +- `tpsp_browser_version` - (Optional) Third party signal provider minimum browser version. + +- `tpsp_builtin_dns_client_enabled` - (Optional) Third party signal provider builtin dns client enabled. + +- `tpsp_chrome_remote_desktop_app_blocked` - (Optional) Third party signal provider chrome remote desktop app blocked. + +- `tpsp_crowd_strike_agent_id` - (Optional) Third party signal provider crowdstrike agent id. + +- `tpsp_crowd_strike_customer_id` - (Optional) Third party signal provider crowdstrike customer id. + +- `tpsp_device_enrollment_domain` - (Optional) Third party signal provider device enrollment domain. + +- `tpsp_disk_encrypted` - (Optional) Third party signal provider disk encrypted. + +- `tpsp_key_trust_level` - (Optional) Third party signal provider key trust level. + +- `tpsp_os_firewall` - (Optional) Third party signal provider os firewall. + +- `tpsp_os_version` - (Optional) Third party signal provider minimum os version. + +- `tpsp_password_proctection_warning_trigger` - (Optional) Third party signal provider password protection warning trigger. + +- `tpsp_realtime_url_check_mode` - (Optional) Third party signal provider realtime url check mode. + +- `tpsp_safe_browsing_protection_level` - (Optional) Third party signal provider safe browsing protection level. + +- `tpsp_screen_lock_secured` - (Optional) Third party signal provider screen lock secure. + +- `tpsp_secure_boot_enabled` - (Optional) Third party signal provider secure boot enabled. + +- `tpsp_site_isolation_enabled` - (Optional) Third party signal provider site isolation enabled. + +- `tpsp_third_party_blocking_enabled` - (Optional) Third party signal provider third party blocking enabled. + +- `tpsp_windows_machine_domain` - (Optional) Third party signal provider windows machine domain. + +- `tpsp_windows_user_domain` - (Optional) Third party signal provider windows user domain. + +## Attributes Reference + +- `id` - ID of the device assurance policy. + +- `platform` - Platform of the device assurance policy. + +- `created_date` - Created date of the device assurance policy. + +- `created_by` - Created by of the device assurance policy. + +- `last_update` - Last update of the device assurance policy. + +- `last_updated_by` - Last updated by of the device assurance policy. + +## Import + +Okta Device Assurance Windows can be imported via the Okta ID. + +``` +$ terraform import okta_policy_device_assurance_windows.example <device assurance id> +``` \ No newline at end of file