This repository has been archived by the owner on Aug 5, 2020. It is now read-only.
forked from okta/terraform-provider-okta
/
resource_okta_policy_rule_mfa.go
121 lines (98 loc) · 2.91 KB
/
resource_okta_policy_rule_mfa.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package okta
import (
articulateOkta "github.com/articulate/oktasdk-go/okta"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
)
func resourcePolicyMfaRule() *schema.Resource {
return &schema.Resource{
Exists: resourcePolicyRuleExists,
Create: resourcePolicyMfaRuleCreate,
Read: resourcePolicyMfaRuleRead,
Update: resourcePolicyMfaRuleUpdate,
Delete: resourcePolicyMfaRuleDelete,
Importer: createPolicyRuleImporter(),
Schema: buildRuleSchema(map[string]*schema.Schema{
"enroll": &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validation.StringInSlice([]string{"CHALLENGE", "LOGIN", "NEVER"}, false),
Default: "CHALLENGE",
Optional: true,
Description: "Should the user be enrolled the first time they LOGIN, the next time they are CHALLENGEd, or NEVER?",
},
}),
}
}
func resourcePolicyMfaRuleCreate(d *schema.ResourceData, m interface{}) error {
if err := ensureNotDefaultRule(d); err != nil {
return err
}
client := getClientFromMetadata(m)
template := buildMfaPolicyRule(d, client)
rule, err := createRule(d, m, template, policyRulePassword)
if err != nil {
return err
}
d.SetId(rule.ID)
err = validatePriority(template.Priority, rule.Priority)
if err != nil {
return err
}
return resourcePolicyMfaRuleRead(d, m)
}
func resourcePolicyMfaRuleRead(d *schema.ResourceData, m interface{}) error {
rule, err := getPolicyRule(d, m)
if rule == nil {
d.SetId("")
return nil
}
if err != nil {
return err
}
return syncRuleFromUpstream(d, rule)
}
func resourcePolicyMfaRuleUpdate(d *schema.ResourceData, m interface{}) error {
if err := ensureNotDefaultRule(d); err != nil {
return err
}
client := getClientFromMetadata(m)
template := buildMfaPolicyRule(d, client)
rule, err := updateRule(d, m, template)
if err != nil {
return err
}
err = validatePriority(template.Priority, rule.Priority)
if err != nil {
return err
}
return resourcePolicyMfaRuleRead(d, m)
}
func resourcePolicyMfaRuleDelete(d *schema.ResourceData, m interface{}) error {
if err := ensureNotDefaultRule(d); err != nil {
return err
}
client := getClientFromMetadata(m)
_, err := client.Policies.DeletePolicyRule(d.Get("policyid").(string), d.Id())
return err
}
// build password policy rule from schema data
func buildMfaPolicyRule(d *schema.ResourceData, client *articulateOkta.Client) *articulateOkta.MfaRule {
rule := client.Policies.MfaRule()
rule.Name = d.Get("name").(string)
rule.Status = d.Get("status").(string)
if priority, ok := d.GetOk("priority"); ok {
rule.Priority = priority.(int)
}
rule.Conditions = &articulateOkta.PolicyConditions{
Network: getNetwork(d),
People: getUsers(d),
}
if enroll, ok := d.GetOk("enroll"); ok {
rule.Actions = &articulateOkta.MfaRuleActions{
Enroll: &articulateOkta.Enroll{
Self: enroll.(string),
},
}
}
return &rule
}