From 3479977cbff31f7353b6cb115bad47fe9049abc7 Mon Sep 17 00:00:00 2001 From: "Julian V. Modesto" Date: Mon, 26 Aug 2019 12:07:38 -0400 Subject: [PATCH] Add import for okta backend group resource --- vault/resource_okta_auth_backend_group.go | 73 ++++++++++++++++--- .../resource_okta_auth_backend_group_test.go | 10 ++- .../docs/r/okta_auth_backend_group.html.md | 8 ++ 3 files changed, 80 insertions(+), 11 deletions(-) diff --git a/vault/resource_okta_auth_backend_group.go b/vault/resource_okta_auth_backend_group.go index 8ebfa6fbc..a89b29f1b 100644 --- a/vault/resource_okta_auth_backend_group.go +++ b/vault/resource_okta_auth_backend_group.go @@ -17,6 +17,10 @@ func oktaAuthBackendGroupResource() *schema.Resource { Read: oktaAuthBackendGroupRead, Update: oktaAuthBackendGroupWrite, Delete: oktaAuthBackendGroupDelete, + Exists: oktaAuthBackendGroupExists, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, Schema: map[string]*schema.Schema{ "path": { @@ -86,23 +90,30 @@ func oktaAuthBackendGroupWrite(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("unable to write group %s to Vault: %s", groupName, err) } - d.SetId(fmt.Sprintf("%s/%s", path, groupName)) + d.SetId(oktaAuthBackendGroupID(path, groupName)) return oktaAuthBackendGroupRead(d, meta) } func oktaAuthBackendGroupRead(d *schema.ResourceData, meta interface{}) error { client := meta.(*api.Client) + id := d.Id() - path := d.Get("path").(string) - name := d.Get("group_name").(string) + backend, err := oktaAuthBackendGroupPathFromID(id) + if err != nil { + return fmt.Errorf("invalid id %q for Okta auth bekcnd group: %s", id, err) + } + groupName, err := oktaAuthBackendGroupNameFromID(id) + if err != nil { + return fmt.Errorf("invalid id %q for Okta auth bekcnd group: %s", id, err) + } - log.Printf("[DEBUG] Reading group %s from Okta auth backend %s", name, path) + log.Printf("[DEBUG] Reading group %s from Okta auth backend %s", groupName, backend) - present, err := isOktaGroupPresent(client, path, name) + present, err := isOktaGroupPresent(client, backend, groupName) if err != nil { - return fmt.Errorf("unable to read group %s from Vault: %s", name, err) + return fmt.Errorf("unable to read group %s from Vault: %s", groupName, err) } if !present { @@ -111,13 +122,14 @@ func oktaAuthBackendGroupRead(d *schema.ResourceData, meta interface{}) error { return nil } - group, err := readOktaGroup(client, path, name) - + group, err := readOktaGroup(client, backend, groupName) if err != nil { - return fmt.Errorf("unable to update group %s from Vault: %s", name, err) + return fmt.Errorf("unable to update group %s from Vault: %s", groupName, err) } d.Set("policies", group.Policies) + d.Set("group_name", group.Name) + d.Set("path", backend) return nil } @@ -138,3 +150,46 @@ func oktaAuthBackendGroupDelete(d *schema.ResourceData, meta interface{}) error return nil } + +func oktaAuthBackendGroupExists(d *schema.ResourceData, meta interface{}) (bool, error) { + client := meta.(*api.Client) + id := d.Id() + + backend, err := oktaAuthBackendGroupPathFromID(id) + if err != nil { + return false, fmt.Errorf("invalid id %q for Okta auth bekcnd group: %s", id, err) + } + groupName, err := oktaAuthBackendGroupNameFromID(id) + if err != nil { + return false, fmt.Errorf("invalid id %q for Okta auth bekcnd group: %s", id, err) + } + + log.Printf("[DEBUG] Checking if Okta group %q exists", groupName) + present, err := isOktaGroupPresent(client, backend, groupName) + if err != nil { + return false, fmt.Errorf("error checking for existence of Okta group %q: %s", groupName, err) + } + log.Printf("[DEBUG] Checked if Okta group %q exists", groupName) + + return present, nil +} + +func oktaAuthBackendGroupID(path, groupName string) string { + return strings.Join([]string{path, groupName}, "/") +} + +func oktaAuthBackendGroupPathFromID(id string) (string, error) { + var parts = strings.Split(id, "/") + if len(parts) != 2 { + return "", fmt.Errorf("Expecdted 2 parts in ID '%s'", id) + } + return parts[0], nil +} + +func oktaAuthBackendGroupNameFromID(id string) (string, error) { + var parts = strings.Split(id, "/") + if len(parts) != 2 { + return "", fmt.Errorf("Expecdted 2 parts in ID '%s'", id) + } + return parts[1], nil +} diff --git a/vault/resource_okta_auth_backend_group_test.go b/vault/resource_okta_auth_backend_group_test.go index 29244f057..8e8fa4217 100644 --- a/vault/resource_okta_auth_backend_group_test.go +++ b/vault/resource_okta_auth_backend_group_test.go @@ -2,12 +2,13 @@ package vault import ( "fmt" + "strconv" + "testing" + "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" "github.com/hashicorp/vault/api" - "strconv" - "testing" ) // This is light on testing as most of the code is covered by `resource_okta_auth_backend_test.go` @@ -26,6 +27,11 @@ func TestOktaAuthBackendGroup(t *testing.T) { testOktaAuthBackend_GroupsCheck(path, "foo", []string{"one", "two", "default"}), ), }, + { + ResourceName: "vault_okta_auth_backend_group.test", + ImportState: true, + ImportStateVerify: true, + }, }, }) } diff --git a/website/docs/r/okta_auth_backend_group.html.md b/website/docs/r/okta_auth_backend_group.html.md index db1ee233c..71aa0eb3f 100644 --- a/website/docs/r/okta_auth_backend_group.html.md +++ b/website/docs/r/okta_auth_backend_group.html.md @@ -39,3 +39,11 @@ The following arguments are supported: ## Attributes Reference No additional attributes are exposed by this resource. + +## Import + +Okta authentication backend groups can be imported using the format `backend/groupName` e.g. + +``` +$ terraform import vault_okta_auth_backend_group.foo okta/foo +```