Merge pull request #154 from articulate/okta_users

Compose Groups and okta_users data source
articulate · May 2, 2019 · 36755a4 · 36755a4
2 parents dfcfed6 + 5450d48
commit 36755a4
Show file tree

Hide file tree

Showing 21 changed files with 590 additions and 198 deletions.
diff --git a/examples/README.md b/examples/README.md
@@ -17,6 +17,7 @@ Anything that lies underneath a resource directory is config we use as fixtures
 * [okta_app_bookmark](./okta_app_bookmark) Supports the management Okta Bookmark Application.
 * [okta_app](./okta_app) Generic Application data source.
 * [okta_user](./okta_user) Supports the management of Okta Users.
+* [okta_users](./okta_users) Data source to retrieve a group of users.
 * [okta_group](./okta_group) Supports the management of Okta Groups.
 * [okta_group_rule](./okta_group_rule) Supports the management of Okta Group Rules.
 * [okta_trusted_origin](./okta_trusted_origin) Supports the management of Okta Trusted Sources and Origins.

diff --git a/examples/okta_group/datasource.tf b/examples/okta_group/datasource.tf
@@ -1,8 +1,17 @@
-resource "okta_group" "test" {
+resource okta_group test {
   name        = "something new"
   description = "testing, testing"
+  users       = ["${okta_user.test.id}"]
 }
 
-data "okta_group" "test" {
-  name = "${okta_group.test.name}"
+resource okta_user test {
+  first_name = "TestAcc"
+  last_name  = "Jones"
+  login      = "john_replace_with_uuid@ledzeppelin.com"
+  email      = "john_replace_with_uuid@ledzeppelin.com"
+}
+
+data okta_group test {
+  include_users = true
+  name          = "${okta_group.test.name}"
 }
diff --git a/examples/okta_group/okta_group.tf b/examples/okta_group/okta_group.tf
@@ -1,4 +1,4 @@
-resource "okta_group" "testAcc_replace_with_uuid" {
+resource "okta_group" "test" {
   name        = "testAcc"
   description = "testing, testing"
 }
diff --git a/examples/okta_group/okta_group_updated.tf b/examples/okta_group/okta_group_updated.tf
@@ -1,4 +1,4 @@
-resource "okta_group" "testAcc_replace_with_uuid" {
+resource "okta_group" "test" {
   name        = "testAccDifferent"
   description = "testing, testing"
 }
diff --git a/examples/okta_group/okta_group_with_users.tf b/examples/okta_group/okta_group_with_users.tf
@@ -0,0 +1,43 @@
+// Notice users are on added to the group and group_membership is left empty.
+// It is generally advisable to pick a single method of tying users to groups.
+// To remove all membership specify an empty list. This is the only way to catch config drift
+// and support multiple ways to outline the same config.
+resource "okta_group" "test" {
+  name        = "testAcc"
+  description = "testing, testing"
+
+  users = [
+    "${okta_user.test.id}",
+    "${okta_user.test1.id}",
+    "${okta_user.test2.id}",
+    "${okta_user.test3.id}",
+  ]
+}
+
+resource okta_user test {
+  first_name = "TestAcc"
+  last_name  = "Jones"
+  login      = "john_replace_with_uuid@ledzeppelin.com"
+  email      = "john_replace_with_uuid@ledzeppelin.com"
+}
+
+resource okta_user test1 {
+  first_name = "TestAcc"
+  last_name  = "Entwhistle"
+  login      = "john_replace_with_uuid@thewho.com"
+  email      = "john_replace_with_uuid@thewho.com"
+}
+
+resource okta_user test2 {
+  first_name = "TestAcc"
+  last_name  = "Doe"
+  login      = "john_replace_with_uuid@unknown.com"
+  email      = "john_replace_with_uuid@unknown.com"
+}
+
+resource okta_user test3 {
+  first_name = "TestAcc"
+  last_name  = "Astley"
+  login      = "rick_astley_replace_with_uuid@rickrollin.com"
+  email      = "rick_astley_replace_with_uuid@rickrollin.com"
+}
diff --git a/examples/okta_users/README.md b/examples/okta_users/README.md
@@ -0,0 +1,5 @@
+# okta_users
+
+Data source to retrieve multiple users. [See Okta documentation for more details](https://developer.okta.com/docs/api/resources/users).
+
+* Example of a simple data source [can be found here](./basic.tf)
diff --git a/examples/okta_users/basic.tf b/examples/okta_users/basic.tf
@@ -0,0 +1,35 @@
+data okta_users test {
+  search {
+    name       = "profile.email"
+    value      = "john_replace_with_uuid"
+    comparison = "sw"
+  }
+}
+
+resource okta_user test {
+  first_name = "TestAcc"
+  last_name  = "Jones"
+  login      = "john_replace_with_uuid@ledzeppelin.com"
+  email      = "john_replace_with_uuid@ledzeppelin.com"
+}
+
+resource okta_user test1 {
+  first_name = "TestAcc"
+  last_name  = "Entwhistle"
+  login      = "john_replace_with_uuid@thewho.com"
+  email      = "john_replace_with_uuid@thewho.com"
+}
+
+resource okta_user test2 {
+  first_name = "TestAcc"
+  last_name  = "Doe"
+  login      = "john_replace_with_uuid@unknown.com"
+  email      = "john_replace_with_uuid@unknown.com"
+}
+
+resource okta_user test3 {
+  first_name = "TestAcc"
+  last_name  = "Astley"
+  login      = "rick_astley_replace_with_uuid@rickrollin.com"
+  email      = "rick_astley_replace_with_uuid@rickrollin.com"
+}
diff --git a/examples/okta_users/users.tf b/examples/okta_users/users.tf
@@ -0,0 +1,27 @@
+resource okta_user test {
+  first_name = "TestAcc"
+  last_name  = "Jones"
+  login      = "john_replace_with_uuid@ledzeppelin.com"
+  email      = "john_replace_with_uuid@ledzeppelin.com"
+}
+
+resource okta_user test1 {
+  first_name = "TestAcc"
+  last_name  = "Entwhistle"
+  login      = "john_replace_with_uuid@thewho.com"
+  email      = "john_replace_with_uuid@thewho.com"
+}
+
+resource okta_user test2 {
+  first_name = "TestAcc"
+  last_name  = "Doe"
+  login      = "john_replace_with_uuid@unknown.com"
+  email      = "john_replace_with_uuid@unknown.com"
+}
+
+resource okta_user test3 {
+  first_name = "TestAcc"
+  last_name  = "Astley"
+  login      = "rick_astley_replace_with_uuid@rickrollin.com"
+  email      = "rick_astley_replace_with_uuid@rickrollin.com"
+}
diff --git a/okta/app.go b/okta/app.go
@@ -30,7 +30,8 @@ type (
 	}
 
 	searchResults struct {
-		Apps []*appID
+		Apps  []*appID
+		Users []*okta.User
 	}
 )
 
@@ -286,7 +287,7 @@ func containsGroup(groupList []*okta.ApplicationGroupAssignment, id string) bool
 	return false
 }
 
-func containsUser(userList []*okta.AppUser, id string) bool {
+func containsAppUser(userList []*okta.AppUser, id string) bool {
 	for _, user := range userList {
 		if user.Id == id && user.Scope == "USER" {
 			return true
@@ -328,7 +329,7 @@ func handleAppUsers(id string, d *schema.ResourceData, client *okta.Client) []fu
 			uID := userProfile["id"].(string)
 			userIDList[i] = uID
 
-			if !containsUser(existingUsers, uID) {
+			if !containsAppUser(existingUsers, uID) {
 				username := userProfile["username"].(string)
 				// Not required
 				password, _ := userProfile["password"].(string)

diff --git a/okta/data_source_everyone_group.go b/okta/data_source_everyone_group.go
@@ -10,7 +10,14 @@ func dataSourceEveryoneGroup() *schema.Resource {
 	return &schema.Resource{
 		Read: dataSourceEveryoneGroupRead,
 
-		Schema: map[string]*schema.Schema{},
+		Schema: map[string]*schema.Schema{
+			"include_users": &schema.Schema{
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "Fetch group users, having default off cuts down on API calls.",
+			},
+		},
 	}
 }
 

diff --git a/okta/data_source_group.go b/okta/data_source_group.go
@@ -22,6 +22,18 @@ func dataSourceGroup() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"include_users": &schema.Schema{
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "Fetch group users, having default off cuts down on API calls.",
+			},
+			"users": &schema.Schema{
+				Type:        schema.TypeSet,
+				Computed:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Description: "Users associated with the group. This can also be done per user.",
+			},
 		},
 	}
 }
@@ -35,13 +47,22 @@ func findGroup(name string, d *schema.ResourceData, m interface{}) error {
 	groups, _, err := client.Group.ListGroups(&query.Params{Q: name})
 	if err != nil {
 		return fmt.Errorf("failed to query for groups: %v", err)
-	}
-	if len(groups) > 0 {
-		d.SetId(groups[0].Id)
-		d.Set("description", groups[0].Profile.Description)
-		return nil
+	} else if len(groups) < 1 {
+		return errors.New("Group not found")
 	}
 
-	return errors.New("Group not found")
+	d.SetId(groups[0].Id)
+	d.Set("description", groups[0].Profile.Description)
+
+	if d.Get("include_users").(bool) {
+		userIdList, err := listGroupUserIds(m, d.Id())
+		if err != nil {
+			return err
+		}
+
+		// just user ids for now
+		return d.Set("users", convertStringSetToInterface(userIdList))
+	}
 
+	return nil
 }
diff --git a/okta/data_source_group_test.go b/okta/data_source_group_test.go
@@ -23,6 +23,7 @@ func TestAccDataSourceGroup(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet("data.okta_group.test", "id"),
 					resource.TestCheckResourceAttrSet("okta_group.test", "id"),
+					resource.TestCheckResourceAttr("okta_group.test", "users.#", "1"),
 				),
 			},
 		},