okta / terraform-provider-okta

A Terraform provider to manage Okta resources, enabling infrastructure-as-code provisioning and management of users, groups, applications, and other Okta objects.
https://registry.terraform.io/providers/okta/okta
Mozilla Public License 2.0
257 stars 208 forks source link

Improve documentation of okta_inline_hook #2120

Open richard-collette-precisely opened 5 days ago

richard-collette-precisely commented 5 days ago

Community Note

Description

The inline hook resource has two properties, auth and channel, that are of type map and therefore do not provide strict typing or documentation of the properties to be used when configuring:

Further hindering the ability to determine proper configuration, is the fact that the structure of the underlying API that is used:https://developer.okta.com/docs/api/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createInlineHook

does not match the structure used for the inline hook resource definition.

New or Affected Resource(s)

Non-working Terraform Configuration

The following configuration generated from Terraform CDK

    "okta_inline_hook": {
      "idty-test-oauth-hook-inline-hook_InlineHook_00149B4D": {
        "//": {
          "metadata": {
            "path": "normal-preview-dev/idty-test-oauth-hook-inline-hook/InlineHook",
            "uniqueId": "idty-test-oauth-hook-inline-hook_InlineHook_00149B4D"
          }
        },
        "channel": {
          "authType": "client_secret_post",
          "clientId": "test-client-id",
          "clientSecret": "test",
          "method": "POST",
          "scope": "test",
          "tokenUrl": "https://acme.com/token",
          "type": "OAUTH",
          "uri": "https://acme.com",
          "version": "1.0.0"
        },
        "name": "IDTY-test-oauth-hook-dev",
        "status": "ACTIVE",
        "type": "com.okta.oauth2.tokens.transform",
        "version": "1.0.0"
      }
    }

results in the following http request, which is missing channel.config values for many of the OAuth related properties such as clientId, clientSecret, etc.

                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: ---[ REQUEST ]---------------------------------------
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: POST /api/v1/inlineHooks HTTP/1.1
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Host: sso.precisely.services
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: User-Agent: local-v2-sdk/0.0.0 golang/go1.21.13 darwin/arm64 okta-terraform/4.11.1
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Content-Length: 242
                    2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Accept: application/json
normal-preview-dev  2024-10-30T14:23:04.729-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Authorization: Bearer redacted
normal-preview-dev  2024-10-30T14:23:04.731-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Content-Type: application/json
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: Accept-Encoding: gzip
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: {
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "channel": {
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:   "config": {
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:    "authScheme": {
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:     "type": "HEADER"
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:    },
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:    "method": "POST",
                    2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:    "uri": "https://acme.com"
normal-preview-dev  2024-10-30T14:23:04.733-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:   },
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:   "type": "OAUTH",
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:   "version": "1.0.0"
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  },
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "name": "IDTY-test-oauth-hook-dev",
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "status": "ACTIVE",
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "type": "com.okta.oauth2.tokens.transform",
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1:  "version": "1.0.0"
                    2024-10-30T14:23:04.735-0400 [DEBUG] provider.terraform-provider-okta_v4.11.1: }
richard-collette-precisely commented 4 days ago

This example of an OAuth inline hook seems to be completely inaccurate because it does not include clientId, clientSecret, etc.

https://github.com/okta/terraform-provider- okta/blob/d4a299ce2ca641e9060696132f40561159ec8f86/examples/resources/okta_inline_hook/basic.tf

richard-collette-precisely commented 4 days ago

It appears as there are no OAUTH tests

https://github.com/okta/terraform-provider-okta/blob/d4a299ce2ca641e9060696132f40561159ec8f86/okta/resource_okta_inline_hook_test.go#L104