okta / terraform-provider-okta

A Terraform provider to manage Okta resources, enabling infrastructure-as-code provisioning and management of users, groups, applications, and other Okta objects.
https://registry.terraform.io/providers/okta/okta
Mozilla Public License 2.0
259 stars 209 forks source link

Improve documentation of okta_inline_hook #2120

Open richard-collette-precisely opened 3 weeks ago

richard-collette-precisely commented 3 weeks ago

Community Note

Description

The inline hook resource has two properties, auth and channel, that are of type map and therefore do not provide strict typing or documentation of the properties to be used when configuring:

Further hindering the ability to determine proper configuration, is the fact that the structure of the underlying API that is used:https://developer.okta.com/docs/api/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createInlineHook

does not match the structure used for the inline hook resource definition.

New or Affected Resource(s)

Non-working Terraform Configuration

The following configuration generated from Terraform CDK

    "okta_inline_hook": {
      "idty-test-oauth-hook-inline-hook_InlineHook_00149B4D": {
        "//": {
          "metadata": {
            "path": "normal-preview-dev/idty-test-oauth-hook-inline-hook/InlineHook",
            "uniqueId": "idty-test-oauth-hook-inline-hook_InlineHook_00149B4D"
          }
        },
        "channel": {
          "authType": "client_secret_post",
          "clientId": "test-client-id",
          "clientSecret": "test",
          "method": "POST",
          "scope": "test",
          "tokenUrl": "https://acme.com/token",
          "type": "OAUTH",
          "uri": "https://acme.com",
          "version": "1.0.0"
        },
        "name": "IDTY-test-oauth-hook-dev",
        "status": "ACTIVE",
        "type": "com.okta.oauth2.tokens.transform",
        "version": "1.0.0"
      }
    }

results in the following http request, which is missing channel.config values for many of the OAuth related properties such as clientId, clientSecret, etc.

                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: ---[ REQUEST ]---------------------------------------
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: POST /api/v1/inlineHooks HTTP/1.1
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Host: sso.precisely.services
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: User-Agent: local-v2-sdk/0.0.0 golang/go1.21.13 darwin/arm64 okta-terraform/4.11.1
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Content-Length: 242
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Accept: application/json
normal-preview-dev  2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Authorization: Bearer redacted
normal-preview-dev  2024-10-30T14:23:04.731-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Content-Type: application/json
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Accept-Encoding: gzip
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: {
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "channel": {
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:   "config": {
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:    "authScheme": {
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:     "type": "HEADER"
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:    },
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:    "method": "POST",
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:    "uri": "https://acme.com"
normal-preview-dev  2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:   },
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:   "type": "OAUTH",
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:   "version": "1.0.0"
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  },
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "name": "IDTY-test-oauth-hook-dev",
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "status": "ACTIVE",
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "type": "com.okta.oauth2.tokens.transform",
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "version": "1.0.0"
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: }
richard-collette-precisely commented 3 weeks ago

This example of an OAuth inline hook seems to be completely inaccurate because it does not include clientId, clientSecret, etc.

richard-collette-precisely commented 3 weeks ago

It appears as there are no OAUTH tests

https://github.com/okta/terraform-provider-okta/blob/d4a299ce2ca641e9060696132f40561159ec8f86/okta/resource_okta_inline_hook_test.go#L104

stuxboulot commented 2 weeks ago

I think that before update the documentation the OAUTH2 configuration need to be implemented in the provider. Actually, there are no capability to define secret information with the oAuth2 type.

duytiennguyen-okta commented 2 weeks ago

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-826990