okta · monde · Mar 29, 2023 · Mar 29, 2023
diff --git a/okta/app.go b/okta/app.go
@@ -73,16 +73,15 @@ var (
 			Deprecated:  "The direct configuration of groups in this app resource is deprecated, please ensure you use the resource `okta_app_group_assignments` for this functionality.",
 		},
 		"status": {
-			Type:             schema.TypeString,
-			Optional:         true,
-			Default:          statusActive,
-			ValidateDiagFunc: elemInSlice([]string{statusActive, statusInactive}),
-			Description:      "Status of application.",
+			Type:        schema.TypeString,
+			Optional:    true,
+			Default:     statusActive,
+			Description: "Status of application.",
 		},
 		"logo": {
 			Type:             schema.TypeString,
 			Optional:         true,
-			ValidateDiagFunc: logoValid(),
+			ValidateDiagFunc: logoFileIsValid(),
 			Description:      "Local path to logo of the application.",
 			DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
 				return new == ""
@@ -181,17 +180,15 @@ var (
 			Description: "Username template suffix",
 		},
 		"user_name_template_type": {
-			Type:             schema.TypeString,
-			Optional:         true,
-			Default:          "BUILT_IN",
-			Description:      "Username template type",
-			ValidateDiagFunc: elemInSlice([]string{"NONE", "CUSTOM", "BUILT_IN"}),
+			Type:        schema.TypeString,
+			Optional:    true,
+			Default:     "BUILT_IN",
+			Description: "Username template type",
 		},
 		"user_name_template_push_status": {
-			Type:             schema.TypeString,
-			Optional:         true,
-			Description:      "Push username on update",
-			ValidateDiagFunc: elemInSlice([]string{"DONT_PUSH", "PUSH", ""}),
+			Type:        schema.TypeString,
+			Optional:    true,
+			Description: "Push username on update",
 			DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
 				return new == ""
 			},

diff --git a/okta/data_source_okta_default_policy.go b/okta/data_source_okta_default_policy.go
@@ -15,15 +15,7 @@ func dataSourceDefaultPolicy() *schema.Resource {
 		ReadContext: dataSourceDefaultPolicyRead,
 		Schema: map[string]*schema.Schema{
 			"type": {
-				Type: schema.TypeString,
-				ValidateDiagFunc: elemInSlice([]string{
-					sdk.SignOnPolicyType,
-					sdk.PasswordPolicyType,
-					sdk.MfaPolicyType,
-					sdk.IdpDiscoveryType,
-					sdk.AccessPolicyType,
-					sdk.ProfileEnrollmentPolicyType,
-				}),
+				Type:        schema.TypeString,
 				Description: fmt.Sprintf("Policy type: %s, %s, %s, or %s", sdk.SignOnPolicyType, sdk.PasswordPolicyType, sdk.MfaPolicyType, sdk.IdpDiscoveryType),
 				Required:    true,
 			},

diff --git a/okta/data_source_okta_group.go b/okta/data_source_okta_group.go
@@ -26,10 +26,9 @@ func dataSourceGroup() *schema.Resource {
 				Optional: true,
 			},
 			"type": {
-				Type:             schema.TypeString,
-				Optional:         true,
-				Description:      "Type of the group. When specified in the terraform resource, will act as a filter when searching for the group",
-				ValidateDiagFunc: elemInSlice([]string{"OKTA_GROUP", "APP_GROUP", "BUILT_IN"}),
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Type of the group. When specified in the terraform resource, will act as a filter when searching for the group",
 			},
 			"description": {
 				Type:     schema.TypeString,

diff --git a/okta/data_source_okta_groups.go b/okta/data_source_okta_groups.go
@@ -26,10 +26,9 @@ func dataSourceGroups() *schema.Resource {
 				Description: "Searches for groups with a supported filtering expression for all attributes except for '_embedded', '_links', and 'objectClass'",
 			},
 			"type": {
-				Type:             schema.TypeString,
-				Optional:         true,
-				Description:      "Type of the group. When specified in the terraform resource, will act as a filter when searching for the groups",
-				ValidateDiagFunc: elemInSlice([]string{"OKTA_GROUP", "APP_GROUP", "BUILT_IN"}),
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Type of the group. When specified in the terraform resource, will act as a filter when searching for the groups",
 			},
 			"groups": {
 				Type:     schema.TypeList,

diff --git a/okta/data_source_okta_role_subscription.go b/okta/data_source_okta_role_subscription.go
@@ -13,16 +13,14 @@ func dataSourceRoleSubscription() *schema.Resource {
 		ReadContext: dataSourceRoleSubscriptionRead,
 		Schema: map[string]*schema.Schema{
 			"role_type": {
-				Type:             schema.TypeString,
-				Required:         true,
-				ValidateDiagFunc: elemInSlice(validAdminRoles),
-				Description:      "Type of the role",
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Type of the role",
 			},
 			"notification_type": {
-				Type:             schema.TypeString,
-				Required:         true,
-				ValidateDiagFunc: elemInSlice(validNotificationTypes),
-				Description:      "Type of the notification",
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Type of the notification",
 			},
 			"status": {
 				Type:        schema.TypeString,

diff --git a/okta/data_source_okta_user.go b/okta/data_source_okta_user.go
@@ -73,11 +73,10 @@ func dataSourceUser() *schema.Resource {
 				Description: "Do not populate user roles information (prevents additional API call)",
 			},
 			"compound_search_operator": {
-				Type:             schema.TypeString,
-				Optional:         true,
-				Default:          "and",
-				ValidateDiagFunc: elemInSlice([]string{"and", "or"}),
-				Description:      "Search operator used when joining mulitple search clauses",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "and",
+				Description: "Search operator used when joining mulitple search clauses",
 			},
 			"delay_read_seconds": {
 				Type:        schema.TypeString,

diff --git a/okta/data_source_okta_users.go b/okta/data_source_okta_users.go
@@ -58,11 +58,10 @@ func dataSourceUsers() *schema.Resource {
 				},
 			},
 			"compound_search_operator": {
-				Type:             schema.TypeString,
-				Optional:         true,
-				Default:          "and",
-				ValidateDiagFunc: elemInSlice([]string{"and", "or"}),
-				Description:      "Search operator used when joining mulitple search clauses",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "and",
+				Description: "Search operator used when joining mulitple search clauses",
 			},
 			"delay_read_seconds": {
 				Type:        schema.TypeString,

diff --git a/okta/idp.go b/okta/idp.go
@@ -34,18 +34,16 @@ var (
 			Optional: true,
 		},
 		"provisioning_action": {
-			Type:             schema.TypeString,
-			Optional:         true,
-			ValidateDiagFunc: elemInSlice([]string{"AUTO", "DISABLED", ""}),
-			Default:          "AUTO",
+			Type:     schema.TypeString,
+			Optional: true,
+			Default:  "AUTO",
 		},
 		"deprovisioned_action": actionSchema,
 		"suspended_action":     actionSchema,
 		"groups_action": {
-			Type:             schema.TypeString,
-			Optional:         true,
-			Default:          "NONE",
-			ValidateDiagFunc: elemInSlice([]string{"NONE", "SYNC", "APPEND", "ASSIGN"}),
+			Type:     schema.TypeString,
+			Optional: true,
+			Default:  "NONE",
 		},
 		"groups_attribute": {
 			Type:     schema.TypeString,
@@ -67,10 +65,9 @@ var (
 			Default:  "idpuser.email",
 		},
 		"subject_match_type": {
-			Type:             schema.TypeString,
-			Optional:         true,
-			Default:          "USERNAME",
-			ValidateDiagFunc: elemInSlice([]string{"USERNAME", "EMAIL", "USERNAME_OR_EMAIL", "CUSTOM_ATTRIBUTE"}),
+			Type:     schema.TypeString,
+			Optional: true,
+			Default:  "USERNAME",
 		},
 		"subject_match_attribute": {
 			Type:     schema.TypeString,
@@ -89,49 +86,43 @@ var (
 	}
 
 	samlRequestSignatureAlgorithmSchema = &schema.Schema{
-		Type:             schema.TypeString,
-		Optional:         true,
-		Description:      "The XML digital Signature Algorithm used when signing an <AuthnRequest> message",
-		ValidateDiagFunc: elemInSlice([]string{"SHA-256", "SHA-1"}),
-		Default:          "SHA-256",
+		Type:        schema.TypeString,
+		Optional:    true,
+		Description: "The XML digital Signature Algorithm used when signing an <AuthnRequest> message",
+		Default:     "SHA-256",
 	}
 	samlRequestSignatureScopeSchema = &schema.Schema{
-		Type:             schema.TypeString,
-		Optional:         true,
-		Description:      "Specifies whether to digitally sign <AuthnRequest> messages to the IdP",
-		ValidateDiagFunc: elemInSlice([]string{"REQUEST", "NONE"}),
-		Default:          "REQUEST",
+		Type:        schema.TypeString,
+		Optional:    true,
+		Description: "Specifies whether to digitally sign <AuthnRequest> messages to the IdP",
+		Default:     "REQUEST",
 	}
 
 	samlResponseSignatureAlgorithmSchema = &schema.Schema{
-		Type:             schema.TypeString,
-		Optional:         true,
-		Description:      "The minimum XML digital Signature Algorithm allowed when verifying a <SAMLResponse> message or <Assertion> element",
-		ValidateDiagFunc: elemInSlice([]string{"SHA-256", "SHA-1"}),
-		Default:          "SHA-256",
+		Type:        schema.TypeString,
+		Optional:    true,
+		Description: "The minimum XML digital Signature Algorithm allowed when verifying a <SAMLResponse> message or <Assertion> element",
+		Default:     "SHA-256",
 	}
 	samlResponseSignatureScopeSchema = &schema.Schema{
-		Type:             schema.TypeString,
-		Optional:         true,
-		Description:      "Specifies whether to verify a <SAMLResponse> message or <Assertion> element XML digital signature",
-		ValidateDiagFunc: elemInSlice([]string{"RESPONSE", "ASSERTION", "ANY"}),
-		Default:          "ANY",
+		Type:        schema.TypeString,
+		Optional:    true,
+		Description: "Specifies whether to verify a <SAMLResponse> message or <Assertion> element XML digital signature",
+		Default:     "ANY",
 	}
 
 	oidcRequestSignatureAlgorithmSchema = &schema.Schema{
-		Type:             schema.TypeString,
-		Optional:         true,
-		Description:      "The HMAC Signature Algorithm used when signing an authorization request",
-		ValidateDiagFunc: elemInSlice([]string{"HS256", "HS384", "HS512"}),
-		Default:          "HS256",
+		Type:        schema.TypeString,
+		Optional:    true,
+		Description: "The HMAC Signature Algorithm used when signing an authorization request",
+		Default:     "HS256",
 	}
 
 	oidcRequestSignatureScopeSchema = &schema.Schema{
-		Type:             schema.TypeString,
-		Optional:         true,
-		Description:      "Specifies whether to digitally sign an authorization request to the IdP",
-		ValidateDiagFunc: elemInSlice([]string{"REQUEST", "NONE"}),
-		Default:          "REQUEST",
+		Type:        schema.TypeString,
+		Optional:    true,
+		Description: "Specifies whether to digitally sign an authorization request to the IdP",
+		Default:     "REQUEST",
 	}
 
 	optBindingSchema = &schema.Schema{
@@ -150,29 +141,25 @@ var (
 	}
 
 	bindingSchema = &schema.Schema{
-		Type:             schema.TypeString,
-		Required:         true,
-		ValidateDiagFunc: elemInSlice([]string{"HTTP-POST", "HTTP-REDIRECT"}),
+		Type:     schema.TypeString,
+		Required: true,
 	}
 
 	optionalBindingSchema = &schema.Schema{
-		Type:             schema.TypeString,
-		Optional:         true,
-		ValidateDiagFunc: elemInSlice([]string{"HTTP-POST", "HTTP-REDIRECT"}),
+		Type:     schema.TypeString,
+		Optional: true,
 	}
 
 	issuerMode = &schema.Schema{
-		Type:             schema.TypeString,
-		Description:      "Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL",
-		ValidateDiagFunc: elemInSlice([]string{"ORG_URL", "CUSTOM_URL_DOMAIN"}),
-		Default:          "ORG_URL",
-		Optional:         true,
+		Type:        schema.TypeString,
+		Description: "Indicates whether Okta uses the original Okta org domain URL, or a custom domain URL",
+		Default:     "ORG_URL",
+		Optional:    true,
 	}
 
 	urlSchema = &schema.Schema{
-		Type:             schema.TypeString,
-		Required:         true,
-		ValidateDiagFunc: stringIsURL(validURLSchemes...),
+		Type:     schema.TypeString,
+		Required: true,
 	}
 )
 

diff --git a/okta/policy.go b/okta/policy.go
@@ -30,11 +30,10 @@ var (
 			DiffSuppressFunc: createValueDiffSuppression("0"),
 		},
 		"status": {
-			Type:             schema.TypeString,
-			Optional:         true,
-			Default:          statusActive,
-			ValidateDiagFunc: elemInSlice([]string{statusActive, statusInactive}),
-			Description:      "Policy Status: ACTIVE or INACTIVE.",
+			Type:        schema.TypeString,
+			Optional:    true,
+			Default:     statusActive,
+			Description: "Policy Status: ACTIVE or INACTIVE.",
 		},
 		"groups_included": {
 			Type:        schema.TypeSet,
@@ -75,10 +74,9 @@ var (
 	}
 
 	statusSchema = &schema.Schema{
-		Type:             schema.TypeString,
-		Optional:         true,
-		Default:          statusActive,
-		ValidateDiagFunc: elemInSlice([]string{statusActive, statusInactive}),
+		Type:     schema.TypeString,
+		Optional: true,
+		Default:  statusActive,
 	}
 
 	isOieSchema = &schema.Schema{

diff --git a/okta/policy_rule.go b/okta/policy_rule.go
@@ -51,18 +51,16 @@ var (
 			DiffSuppressFunc: createValueDiffSuppression("0"),
 		},
 		"status": {
-			Type:             schema.TypeString,
-			Optional:         true,
-			Default:          statusActive,
-			ValidateDiagFunc: elemInSlice([]string{statusActive, statusInactive}),
-			Description:      "Policy Rule Status: ACTIVE or INACTIVE.",
+			Type:        schema.TypeString,
+			Optional:    true,
+			Default:     statusActive,
+			Description: "Policy Rule Status: ACTIVE or INACTIVE.",
 		},
 		"network_connection": {
-			Type:             schema.TypeString,
-			Optional:         true,
-			ValidateDiagFunc: elemInSlice([]string{"ANYWHERE", "ZONE", "ON_NETWORK", "OFF_NETWORK"}),
-			Description:      "Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK.",
-			Default:          "ANYWHERE",
+			Type:        schema.TypeString,
+			Optional:    true,
+			Description: "Network selection mode: ANYWHERE, ZONE, ON_NETWORK, or OFF_NETWORK.",
+			Default:     "ANYWHERE",
 		},
 		"network_includes": {
 			Type:          schema.TypeList,
@@ -83,9 +81,8 @@ var (
 	appResource = &schema.Resource{
 		Schema: map[string]*schema.Schema{
 			"type": {
-				Type:             schema.TypeString,
-				Required:         true,
-				ValidateDiagFunc: elemInSlice([]string{"APP", "APP_TYPE"}),
+				Type:     schema.TypeString,
+				Required: true,
 			},
 			"name": {
 				Type:     schema.TypeString,

diff --git a/okta/provider.go b/okta/provider.go
@@ -221,7 +221,7 @@ func Provider() *schema.Provider {
 				Type:             schema.TypeInt,
 				Optional:         true,
 				Default:          5,
-				ValidateDiagFunc: intAtMost(100), // Have to cut it off somewhere right?
+				ValidateDiagFunc: intAtMost(100),
 				Description:      "maximum number of retries to attempt before erroring out.",
 			},
 			"parallelism": {