Improve documentation of okta_inline_hook

richard-collette-precisely commented 5 days ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The inline hook resource has two properties, auth and channel, that are of type map and therefore do not provide strict typing or documentation of the properties to be used when configuring:

HTTP
OAUTH/client_secret_post
OAUTH/private_key_jwt

Further hindering the ability to determine proper configuration, is the fact that the structure of the underlying API that is used:https://developer.okta.com/docs/api/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createInlineHook

does not match the structure used for the inline hook resource definition.

New or Affected Resource(s)

okta_inline_hook

Non-working Terraform Configuration

The following configuration generated from Terraform CDK

    "okta_inline_hook": {
      "idty-test-oauth-hook-inline-hook_InlineHook_00149B4D": {
        "//": {
          "metadata": {
            "path": "normal-preview-dev/idty-test-oauth-hook-inline-hook/InlineHook",
            "uniqueId": "idty-test-oauth-hook-inline-hook_InlineHook_00149B4D"
          }
        },
        "channel": {
          "authType": "client_secret_post",
          "clientId": "test-client-id",
          "clientSecret": "test",
          "method": "POST",
          "scope": "test",
          "tokenUrl": "https://acme.com/token",
          "type": "OAUTH",
          "uri": "https://acme.com",
          "version": "1.0.0"
        },
        "name": "IDTY-test-oauth-hook-dev",
        "status": "ACTIVE",
        "type": "com.okta.oauth2.tokens.transform",
        "version": "1.0.0"
      }
    }

results in the following http request, which is missing channel.config values for many of the OAuth related properties such as clientId, clientSecret, etc.

                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: ---[ REQUEST ]---------------------------------------
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: POST /api/v1/inlineHooks HTTP/1.1
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Host: sso.precisely.services
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: User-Agent: local-v2-sdk/0.0.0 golang/go1.21.13 darwin/arm64 okta-terraform/4.11.1
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Content-Length: 242
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Accept: application/json
normal-preview-dev  2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Authorization: Bearer redacted
normal-preview-dev  2024-10-30T14:23:04.731-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Content-Type: application/json
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Accept-Encoding: gzip
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: {
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "channel": {
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:   "config": {
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:    "authScheme": {
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:     "type": "HEADER"
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:    },
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:    "method": "POST",
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:    "uri": "https://acme.com"
normal-preview-dev  2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:   },
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:   "type": "OAUTH",
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:   "version": "1.0.0"
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  },
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "name": "IDTY-test-oauth-hook-dev",
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "status": "ACTIVE",
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "type": "com.okta.oauth2.tokens.transform",
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "version": "1.0.0"
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: }

richard-collette-precisely commented 4 days ago

This example of an OAuth inline hook seems to be completely inaccurate because it does not include clientId, clientSecret, etc.

https://github.com/okta/terraform-provider- okta/blob/d4a299ce2ca641e9060696132f40561159ec8f86/examples/resources/okta_inline_hook/basic.tf

richard-collette-precisely commented 4 days ago

It appears as there are no OAUTH tests

https://github.com/okta/terraform-provider-okta/blob/d4a299ce2ca641e9060696132f40561159ec8f86/okta/resource_okta_inline_hook_test.go#L104

okta / terraform-provider-okta