diff --git a/examples/okta_user/all_attributes.tf b/examples/okta_user/all_attributes.tf index 48381ab4..32f0bd61 100644 --- a/examples/okta_user/all_attributes.tf +++ b/examples/okta_user/all_attributes.tf @@ -31,5 +31,4 @@ resource "okta_user" "test" { title = "Director" user_type = "Employee" zip_code = "11111" - password = "Abcd1234" } diff --git a/examples/okta_user/basic.tf b/examples/okta_user/basic.tf index a6dd5fb2..6c7de2a9 100644 --- a/examples/okta_user/basic.tf +++ b/examples/okta_user/basic.tf @@ -3,5 +3,4 @@ resource "okta_user" "test" { last_name = "Smith" login = "test-acc-replace_with_uuid@example.com" email = "test-acc-replace_with_uuid@example.com" - password = "Abcd1234" } diff --git a/examples/okta_user/basic_with_credentials.tf b/examples/okta_user/basic_with_credentials.tf index 40dd0115..5f56d727 100644 --- a/examples/okta_user/basic_with_credentials.tf +++ b/examples/okta_user/basic_with_credentials.tf @@ -3,7 +3,7 @@ resource "okta_user" "test" { last_name = "Smith" login = "test-acc-replace_with_uuid@example.com" email = "test-acc-replace_with_uuid@example.com" - password = "SuperSecret007" + password = "Abcd1234" recovery_question = "What is the answer to life, the universe, and everything?" recovery_answer = "Forty Two" } diff --git a/examples/okta_user/basic_with_credentials_updated.tf b/examples/okta_user/basic_with_credentials_updated.tf new file mode 100644 index 00000000..65ebfebf --- /dev/null +++ b/examples/okta_user/basic_with_credentials_updated.tf @@ -0,0 +1,9 @@ +resource "okta_user" "test" { + first_name = "TestAcc" + last_name = "Smith" + login = "test-acc-replace_with_uuid@example.com" + email = "test-acc-replace_with_uuid@example.com" + password = "SuperSecret007" + recovery_question = "Which symbol has the ASCII code of Forty Two?" + recovery_answer = "Asterisk" +} diff --git a/examples/okta_user/staged.tf b/examples/okta_user/staged.tf index 766f9a56..564b7095 100644 --- a/examples/okta_user/staged.tf +++ b/examples/okta_user/staged.tf @@ -4,6 +4,5 @@ resource "okta_user" "test" { last_name = "Smith" login = "test-acc-replace_with_uuid@example.com" email = "test-acc-replace_with_uuid@example.com" - password = "Abcd1234" status = "STAGED" } diff --git a/okta/resource_okta_user.go b/okta/resource_okta_user.go index f6f763be..1f29b91e 100644 --- a/okta/resource_okta_user.go +++ b/okta/resource_okta_user.go @@ -316,10 +316,6 @@ func resourceUserCreate(d *schema.ResourceData, m interface{}) error { recoveryQuestion := d.Get("recovery_question").(string) recoveryAnswer := d.Get("recovery_answer").(string) - if recoveryQuestion != "" { - return fmt.Errorf("[ERROR] Okta does not allow security answers with less than 4 characters") - } - uc := &okta.UserCredentials{ Password: &okta.PasswordCredential{ Value: password, diff --git a/okta/resource_okta_user_test.go b/okta/resource_okta_user_test.go index 1850c4c6..b38182c8 100644 --- a/okta/resource_okta_user_test.go +++ b/okta/resource_okta_user_test.go @@ -169,7 +169,6 @@ func TestAccOktaUser_updateAllAttributes(t *testing.T) { config := mgr.GetFixtures("staged.tf", ri, t) updatedConfig := mgr.GetFixtures("all_attributes.tf", ri, t) minimalConfig := mgr.GetFixtures("basic.tf", ri, t) - minimalConfigWithCredentials := mgr.GetFixtures("basic_with_credentials.tf", ri, t) resourceName := fmt.Sprintf("%s.test", oktaUser) email := fmt.Sprintf("test-acc-%d@example.com", ri) @@ -234,6 +233,34 @@ func TestAccOktaUser_updateAllAttributes(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "email", email), ), }, + }, + }) +} + +func TestAccOktaUser_updateCredentials(t *testing.T) { + ri := acctest.RandInt() + mgr := newFixtureManager(oktaUser) + config := mgr.GetFixtures("basic_with_credentials.tf", ri, t) + minimalConfigWithCredentials := mgr.GetFixtures("basic_with_credentials_updated.tf", ri, t) + resourceName := fmt.Sprintf("%s.test", oktaUser) + email := fmt.Sprintf("test-acc-%d@example.com", ri) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckUserDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, "first_name", "TestAcc"), + resource.TestCheckResourceAttr(resourceName, "last_name", "Smith"), + resource.TestCheckResourceAttr(resourceName, "login", email), + resource.TestCheckResourceAttr(resourceName, "email", email), + resource.TestCheckResourceAttr(resourceName, "password", "Abcd1234"), + resource.TestCheckResourceAttr(resourceName, "recovery_answer", "Forty Two"), + ), + }, { Config: minimalConfigWithCredentials, Check: resource.ComposeTestCheckFunc( @@ -242,7 +269,7 @@ func TestAccOktaUser_updateAllAttributes(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "login", email), resource.TestCheckResourceAttr(resourceName, "email", email), resource.TestCheckResourceAttr(resourceName, "password", "SuperSecret007"), - resource.TestCheckResourceAttr(resourceName, "recovery_answer", "Forty Two"), + resource.TestCheckResourceAttr(resourceName, "recovery_answer", "Asterisk"), ), }, },