Add AuthN Policy assignment to Bookmark and SWA app resources

[sgal-dm]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

All application types can be associated with an Authentication Policy, but only the _okta_appsaml and _okta_appoauth resources have the necessary _authenticationpolicy attribute to build that association with Terraform.

Looking at API documentation, it seems like this could be implemented across the board. Can the authentication_policy attribute be added to Bookmark and SWA application resources?

New or Affected Resource(s)

• okta_app_bookmark
• okta_app_swa

Potential Terraform Configuration

# Retrieve the authentication policy
data "okta_policy" "auth" {
  type  = "ACCESS_POLICY"
  name  = "non-default"
}

resource "okta_app_bookmark" "bookmark" {
  ...
  authentication_policy = data.okta_policy.auth.id
  ...
}

resource "okta_app_swa" "swa" {
  ...
  authentication_policy = data.okta_policy.auth.id
  ...
}

References

• okta_app_saml resource documentation. This is already implemented for this resource type.
• okta_app_bookmark and okta_app_swa resource documentation, not implemented for these resources.
• Apps API documentation.

[tgoodsell-tempus]

I'm against adding these directly to the resource due to https://github.com/okta/terraform-provider-okta/issues/1202 and the terraform best practices (https://www.terraform.io/plugin/hashicorp-provider-design-principles#resources-should-represent-a-single-api-object).

However, I think creating a standalone "link" resource that works generically for all apps is do able and the better route. I can plan on spending some time making this within the next couple weeks, if I can get my hands on a OIE dev environment.

[monde]

We'll have to prioritize working on this.

[monde]

Okta internal reference: https://oktainc.atlassian.net/browse/OKTA-524634

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[sgal-dm]

Not Stale

[gleeblezoid]

Agreed, not stale, and it'd actually be great to include okta_app_auto_login apps in this too (or I'm happy to raise a separate issue for that - whichever folks prefer).