Merge branch 'master' into patch-2

.circleci/config.yml

@@ -0,0 +1,15 @@
+version: 2.1
+
+orbs:
+  general-platform-helpers: okta/[email protected]
+
+workflows:
+  # See OKTA-634442
+  semgrep:
+    jobs:
+      - general-platform-helpers/job-semgrep-prepare:
+          name: semgrep-prepare
+      - general-platform-helpers/job-semgrep-scan:
+          name: "Scan with Semgrep"
+          requires:
+            - semgrep-prepare

.github/workflows/ci.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Go
         uses: actions/setup-go@v4
@@ -34,3 +34,6 @@ jobs:
 
       - name: Test
         run: make test
+
+      - name: Run VCR smoke tests
+        run: make smoke-test-play-vcr-acc

.github/workflows/release.yml

@@ -21,7 +21,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       -
         name: Unshallow
         run: git fetch --prune --unshallow
@@ -30,6 +30,9 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: "1.20"
+      - 
+        name: Run VCR smoke tests
+        run: make smoke-test-play-vcr-acc
       -
         name: Import GPG key
         id: import_gpg
@@ -40,7 +43,7 @@ jobs:
           passphrase: ${{ secrets.PASSPHRASE }}
       -
         name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4.3.0
+        uses: goreleaser/goreleaser-action@v4.4.0
         with:
           version: latest
           args: release --rm-dist

.github/workflows/stale.yml

@@ -12,9 +12,14 @@ jobs:
       - uses: actions/stale@v8
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days'
-          days-before-stale: 60
-          days-before-close: 5
+          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Comment or this will be closed in 5 days'
+          days-before-stale: 30
+          days-before-close: 35
           remove-stale-when-updated: true
           exempt-issue-labels: 'no-stalebot'
           exempt-pr-labels: 'no-stalebot'
+          stale-issue-label: 'Stale'
+          stale-pr-label: 'Stale'
+          any-of-labels: 'waiting-response'
+          labels-to-remove-when-unstale: 'waiting-response'
+          close-pr-label: 'stalebot-closed'

.github/workflows/vcr.yml

@@ -0,0 +1,19 @@
+# play VCR tests in a GH action
+name: VCR
+
+on: workflow_dispatch
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.20"
+
+      - name: Run VCR tests
+        run: make test-play-vcr-acc

.github/workflows/vcr_smoketest.yml

@@ -0,0 +1,26 @@
+# play specific VCR smoke tests in a GH action
+name: VCR Smoketest
+
+on:
+  workflow_dispatch:
+    inputs:
+      smokeTests:
+        description: 'List of ACC Test name(s) separated by whitespace'
+        required: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.20"
+
+      - name: Run VCR smoke tests
+        run: make smoke-test-play-vcr-acc
+        env:
+          SMOKE_TESTS: ${{ inputs.smokeTests }}

CHANGELOG.md

@@ -1,5 +1,50 @@
 # Changelog
 
+## 4.3.0 (August 18, 2023)
+
+### IMPROVEMENTS
+
+* Add Import to resource `okta_app_signon_policy` [#1670](https://github.com/okta/terraform-provider-okta/pull/1670). Thanks, [@duytiennguyen-okta](https://github.com/duytiennguyen-okta)!
+* Enhanced VCR ACC testing allowing quick datasource and resource smoketest during release [#1650](https://github.com/okta/terraform-provider-okta/pull/1650). Thanks, [@monde](https://github.com/monde)!
+
+## 4.2.0 (August 11, 2023)
+
+### NEW - RESOURCES, DATA SOURCES, PROPERTIES, ATTRIBUTES, ENV VARS:
+
+* New device assurance resources [#1659](https://github.com/okta/terraform-provider-okta/pull/1659). Thanks, [@duytiennguyen-okta](https://github.com/duytiennguyen-okta)!
+  - `okta_device_assurance_policy_android`
+  - `okta_device_assurance_policy_chromeos`
+  - `okta_device_assurance_policy_ios`
+  - `okta_device_assurance_policy_macos`
+  - `okta_device_assurance_policy_windows`
+
+* Add constraints argument for webauthn to resource `okta_policy_mfa` [#1663](https://github.com/okta/terraform-provider-okta/pull/1663). Thanks, [@duytiennguyen-okta](https://github.com/duytiennguyen-okta)!
+* `jwks_uri` argument for resource `okta_app_oauth` [#1648](https://github.com/okta/terraform-provider-okta/pull/1648). Thanks, [@virgofx](https://github.com/virgofx)!
+
+### IMPROVEMENTS
+
+* Data Source `okta_group`'s `name` and `id` arguments are optional and computed [#1665](https://github.com/okta/terraform-provider-okta/pull/1665). Thanks, [@MatthewJohn](https://github.com/MatthewJohn)!
+* Improve backoff with proper context [#1658](https://github.com/okta/terraform-provider-okta/pull/1658). Thanks, [@monde](https://github.com/monde)!
+* Correct obsolete documentation; document PKCS#1 and PKCS#8 private key usage in provider config and oauth apps [#1666](https://github.com/okta/terraform-provider-okta/pull/1666). Thanks, [@monde](https://github.com/monde)!
+
+### BUG FIXES
+
+* Fix `okta_app_oauth`'s `groups_claim` can be ignored on imports [#1638](https://github.com/okta/terraform-provider-okta/pull/1638). Thanks, [@monde](https://github.com/monde)!
+
+## 4.1.0 (June 30, 2023)
+
+### NEW - RESOURCES, DATA SOURCES, PROPERTIES, ATTRIBUTES, ENV VARS:
+* New Data Source `okta_group_rule` [#1606](https://github.com/okta/terraform-provider-okta/pull/1606), [#1617](https://github.com/okta/terraform-provider-okta/pull/1617). Thanks, [@steveAG](https://github.com/steveAG)!
+
+### IMPROVEMENTS
+
+* Improve `okta_email_customization`, correct delete bug, document and test `depends_on` best practice [#1616](https://github.com/okta/terraform-provider-okta/pull/1616). Thanks, [@monde](https://github.com/monde)!
+* Flexible `okta_brand` data source and resource with `default` ID; Improve `okta_auth_server_default` [#1570](https://github.com/okta/terraform-provider-okta/pull/1570). Thanks, [@monde](https://github.com/monde)!
+* Show appropriate terraform logo for light and dark themes in README [#1574](https://github.com/okta/terraform-provider-okta/pull/1574). Thanks, [@thekbb](https://github.com/thekbb)!
+* Update the description for the `platform_include` block of `app_signon_policy_rule` to outline requirement for the `os_expression` argument to be set when `os_type` is set to `OTHER` [#1600](https://github.com/okta/terraform-provider-okta/pull/1600). Thanks, [@achuchulev](https://github.com/achuchulev)!
+* Update okta documentation [#1614](https://github.com/okta/terraform-provider-okta/pull/1614). Thanks, [@duytiennguyen-okta](https://github.com/duytiennguyen-okta)!
+* Fix doc typo [#1611](https://github.com/okta/terraform-provider-okta/pull/1611). Thanks, [@monde](https://github.com/monde)!
+
 ## 4.0.3 (June 26, 2023)
 
 ### NEW - RESOURCES, DATA SOURCES, PROPERTIES, ATTRIBUTES, ENV VARS:

GNUmakefile

@@ -13,6 +13,40 @@ ifdef TEST_FILTER
 	TEST_FILTER := -run $(TEST_FILTER)
 endif
 
+TESTARGS?=-test.v
+
+DEFAULT_SMOKE_TESTS?=\
+  TestAccDataSourceOktaAppSaml_read \
+  TestAccDataSourceOktaApp_read \
+  TestAccDataSourceOktaGroup_read \
+  TestAccDataSourceOktaGroups_read \
+  TestAccDataSourceOktaPolicy_read \
+  TestAccDataSourceOktaUser_read \
+  TestAccResourceOktaAppAutoLoginApplication_crud \
+  TestAccResourceOktaAppBasicAuthApplication_crud \
+  TestAccResourceOktaAppBookmarkApplication_crud \
+  TestAccResourceOktaAppSaml_crud \
+  TestAccResourceOktaAppSignOnPolicy_crud \
+  TestAccResourceOktaAppSignOnPolicy_crud \
+  TestAccResourceOktaAppSwaApplication_crud \
+  TestAccResourceOktaAppThreeFieldApplication_crud \
+  TestAccResourceOktaAppUser_crud \
+  TestAccResourceOktaDefaultMFAPolicy \
+  TestAccResourceOktaGroup_crud \
+  TestAccResourceOktaMfaPolicyRule_crud \
+  TestAccResourceOktaMfaPolicy_crud \
+  TestAccResourceOktaOrgConfiguration \
+  TestAccResourceOktaPolicyRulePassword_crud \
+  TestAccResourceOktaPolicySignOn_crud \
+  TestAccResourceOktaUser_updateAllAttributes
+
+ifeq ($(strip $(SMOKE_TESTS)),)
+	SMOKE_TESTS = $(DEFAULT_SMOKE_TESTS)
+endif
+
+space := $(subst ,, )
+smoke_tests := $(subst $(space),\|,$(SMOKE_TESTS))
+
 default: build
 
 dep: # Download required dependencies
@@ -32,20 +66,23 @@ clean-all:
 
 sweep:
 	@echo "WARNING: This will destroy infrastructure. Use only in development accounts."
-	go test $(TEST) -v -sweep=$(SWEEP) $(SWEEPARGS)
+	go test $(TEST) -sweep=$(SWEEP) $(SWEEPARGS)
 
 test:
 	echo $(TEST) | \
 		xargs -t -n4 go test $(TESTARGS) $(TEST_FILTER) -timeout=30s -parallel=4
 
 testacc:
-	TF_ACC=1 go test $(TEST) -v $(TESTARGS) $(TEST_FILTER) -timeout 120m
+	TF_ACC=1 go test $(TEST) $(TESTARGS) $(TEST_FILTER) -timeout 120m
 
 test-play-vcr-acc:
-	OKTA_VCR_TF_ACC=play TF_ACC=1 go test $(TEST) -v $(TESTARGS) $(TEST_FILTER) -timeout 120m
+	OKTA_VCR_TF_ACC=play TF_ACC=1 go test -tags unit -mod=readonly -test.v -timeout 120m ./okta
+
+smoke-test-play-vcr-acc:
+	OKTA_VCR_TF_ACC=play TF_ACC=1 go test -tags unit -mod=readonly -test.v -timeout 120m -run ^$(smoke_tests)$$ ./okta
 
 test-record-vcr-acc:
-	OKTA_VCR_TF_ACC=record TF_ACC=1 go test $(TEST) -v $(TESTARGS) $(TEST_FILTER) -timeout 120m
+	OKTA_VCR_TF_ACC=record TF_ACC=1 go test -tags unit -mod=readonly -test.v -timeout 120m ./okta
 
 vet:
 	@echo "==> Checking source code against go vet and staticcheck"

README.md

@@ -27,11 +27,20 @@ in form of raw markdown files.
 
 # Development Environment Setup
 
+The sections below will guide you through the requirements, upgrading, getting started, building with and contributing to
+the Okta Terraform Provider.
+
 ## Requirements
 
 - [Terraform](https://www.terraform.io/downloads.html) 0.14.0 or newer (to run acceptance tests)
 - [Go](https://golang.org/doc/install) (to build the provider plugin)
 
+## Upgrade
+
+If you have been using version 3.x of the Okta Terraform Provider, please upgrade to the latest version to take advantage of
+all the new features, fixes, and functionality. Please refer to this [Upgrade Guide](https://github.com/okta/terraform-provider-okta/issues/1338)
+for guidance on how to upgrade to version 4.x. Also, please check our [Releases](https://github.com/okta/terraform-provider-okta/releases) page for more details on major, minor, and patch updates. 
+
 ## Quick Start
 
 If you wish to work on the provider, you'll first need [Go](http://www.golang.org) installed on your machine (please

examples/okta_admin_role_targets/basic.tf

@@ -1,11 +1,18 @@
 resource "okta_user" "test" {
-  admin_roles = ["APP_ADMIN", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN"]
   first_name  = "TestAcc"
   last_name   = "blah"
   login       = "[email protected]"
   email       = "[email protected]"
 }
 
+resource "okta_user_admin_roles" "test" {
+  user_id     = okta_user.test.id
+  admin_roles = [
+    "APP_ADMIN",
+    "GROUP_MEMBERSHIP_ADMIN"
+  ]
+}
+
 resource "okta_app_swa" "test" {
   label          = "testAcc_replace_with_uuid"
   button_field   = "btn-login"
@@ -21,12 +28,13 @@ resource "okta_group" "test" {
 
 resource "okta_admin_role_targets" "test_app" {
   user_id   = okta_user.test.id
-  role_type = tolist(okta_user.test.admin_roles)[0]
+  role_type = "APP_ADMIN"
   apps      = [format("%s.%s", okta_app_swa.test.name, okta_app_swa.test.id)]
 }
 
 resource "okta_admin_role_targets" "test_group" {
   user_id   = okta_user.test.id
-  role_type = tolist(okta_user.test.admin_roles)[1]
+  role_type = "GROUP_MEMBERSHIP_ADMIN"
   groups    = [okta_group.test.id]
+  depends_on = [ okta_user_admin_roles.test ]
 }

examples/okta_admin_role_targets/updated.tf

@@ -1,11 +1,18 @@
 resource "okta_user" "test" {
-  admin_roles = ["APP_ADMIN", "GROUP_MEMBERSHIP_ADMIN", "HELP_DESK_ADMIN"]
   first_name  = "TestAcc"
   last_name   = "blah"
   login       = "[email protected]"
   email       = "[email protected]"
 }
 
+resource "okta_user_admin_roles" "test" {
+  user_id     = okta_user.test.id
+  admin_roles = [
+    "APP_ADMIN",
+    "GROUP_MEMBERSHIP_ADMIN"
+  ]
+}
+
 resource "okta_app_swa" "test" {
   label          = "testAcc_replace_with_uuid"
   button_field   = "btn-login"
@@ -26,12 +33,12 @@ resource "okta_group" "test_2" {
 
 resource "okta_admin_role_targets" "test_app" {
   user_id   = okta_user.test.id
-  role_type = tolist(okta_user.test.admin_roles)[0]
+  role_type = "APP_ADMIN"
   apps      = ["oidc_client", "facebook"]
 }
 
 resource "okta_admin_role_targets" "test_group" {
   user_id   = okta_user.test.id
-  role_type = tolist(okta_user.test.admin_roles)[1]
+  role_type = "GROUP_MEMBERSHIP_ADMIN"
   groups    = [okta_group.test.id, okta_group.test_2.id]
 }

examples/okta_app_access_policy_assignment/README.md

@@ -0,0 +1,8 @@
+# okta_app_access_policy_assignment
+
+Resource to manage the access policy for an Application. [See Okta
+documentation for more
+details](https://developer.okta.com/docs/api/resources/apps).
+
+- Simple example [can be found here](./basic.tf)
+- Update to the simple example [can be found here](./update.tf)

examples/okta_app_access_policy_assignment/basic.tf

@@ -0,0 +1,26 @@
+resource "okta_app_oauth" "test" {
+  label                      = "testAcc_App_replace_with_uuid"
+  type                       = "web"
+  grant_types                = ["authorization_code"]
+  redirect_uris              = ["http://d.com/"]
+  response_types             = ["code"]
+  client_basic_secret        = "something_from_somewhere"
+  client_id                  = "cid_replace_with_uuid"
+  token_endpoint_auth_method = "client_secret_basic"
+  consent_method             = "TRUSTED"
+  wildcard_redirect          = "DISABLED"
+}
+resource "okta_app_signon_policy" "policy_1" {
+  name        = "testAcc_Access_Policy_1_replace_with_uuid"
+  description = "Policy 1"
+}
+
+resource "okta_app_signon_policy" "policy_2" {
+  name        = "testAcc_Access_Policy_2_replace_with_uuid"
+  description = "Policy 2"
+}
+
+resource "okta_app_access_policy_assignment" "test" {
+  app_id    = okta_app_oauth.test.id
+  policy_id = okta_app_signon_policy.policy_1.id
+}