`okta_app_oauth` Schema Missing Computed Values

[tgoodsell-tempus]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.5.3

Affected Resource(s)

• okta_app_oauth

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Debug Output

2023-11-13T11:53:38.949-0600 [WARN]  Provider "registry.terraform.io/okta/okta" produced an invalid plan for okta_app_oauth.machine_user_client, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .tos_uri: planned value cty.StringVal("") for a non-computed attribute
      - .admin_note: planned value cty.StringVal("") for a non-computed attribute
      - .jwks_uri: planned value cty.StringVal("") for a non-computed attribute
      - .login_scopes: planned value cty.SetValEmpty(cty.String) for a non-computed attribute
      - .user_name_template_push_status: planned value cty.StringVal("") for a non-computed attribute
      - .user_name_template_suffix: planned value cty.StringVal("") for a non-computed attribute
      - .user_name_template_type: planned value cty.StringVal("BUILT_IN") for a non-computed attribute
      - .accessibility_self_service: planned value cty.False for a non-computed attribute
      - .app_settings_json: planned value cty.StringVal("{}") for a non-computed attribute
      - .status: planned value cty.StringVal("ACTIVE") for a non-computed attribute
      - .app_links_json: planned value cty.StringVal("{\"oidc_client_link\":true}") for a non-computed attribute
      - .refresh_token_rotation: planned value cty.StringVal("STATIC") for a non-computed attribute
      - .accessibility_error_redirect_url: planned value cty.StringVal("") for a non-computed attribute
      - .issuer_mode: planned value cty.StringVal("ORG_URL") for a non-computed attribute
      - .login_uri: planned value cty.StringVal("") for a non-computed attribute
      - .logo_uri: planned value cty.StringVal("") for a non-computed attribute
      - .profile: planned value cty.StringVal("") for a non-computed attribute
      - .auto_submit_toolbar: planned value cty.False for a non-computed attribute
      - .enduser_note: planned value cty.StringVal("") for a non-computed attribute
      - .login_mode: planned value cty.StringVal("DISABLED") for a non-computed attribute
      - .user_name_template: planned value cty.StringVal("${source.login}") for a non-computed attribute
      - .accessibility_login_redirect_url: planned value cty.StringVal("") for a non-computed attribute
      - .auto_key_rotation: planned value cty.True for a non-computed attribute
      - .client_uri: planned value cty.StringVal("") for a non-computed attribute
      - .implicit_assignment: planned value cty.False for a non-computed attribute
      - .refresh_token_leeway: planned value cty.NumberIntVal(0) for a non-computed attribute
      - .policy_uri: planned value cty.StringVal("") for a non-computed attribute

Panic Output

Expected Behavior

Computed should be set on values which are auto set by Okta.

Can this be done in the Admin UI?

N/A

Can this be done in the actual API call?

N/A

Actual Behavior

Values are being set during READ but the schema is not ready.

Steps to Reproduce

Important Factoids

References

• 0000

[duytiennguyen-okta]

@tgoodsell-tempus can you elaborate on this? We are not really sure what the issue is and how to reproduced that. None of the field in the debug log is computed.

[tgoodsell-tempus]

@duytiennguyen-okta @monde The proper explanation of these messages, and the issue I'm raising, is best explained by this Terraform document on the topic: https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/data-consistency-errors

The TLDR is, having the schema configurations not properly set basically leads to potentially unexpected or confusing behavior by users of this resource, particularly when referencing these arguments/attributes, in other resources/data sources/modules.

[duytiennguyen-okta]

@tgoodsell-tempus I see. Okta internal reference https://oktainc.atlassian.net/browse/OKTA-668896

[tgoodsell-tempus]

@duytiennguyen-okta I'm going to make a pass at one of these, however, it looks like there's a few callouts in the doc basically stating we can't fix this in SDKv2, only going to terraform-provider-framework. So we may just want to mark the "unfixable" in SDKv2 as a "be careful of strange errors when using this".

[duytiennguyen-okta]

@tgoodsell-tempus Not necessarily, basically I take a look at the code and a lot of the value you mention could just be fixed by adding Computed: true. https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/data-consistency-errors#resolving-data-consistency-errors. There might be more to it than meet the eye but we can decide if it worth our time to do it or just move to v3. Where is the callout you're talking about?

[tgoodsell-tempus]

@duytiennguyen-okta The callout mentioned would be the third larger paragraph under this section specifically: https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/data-consistency-errors#planned-value-for-a-non-computed-attribute