From e5477da5626064eb4b0b400e8b99579a786420cf Mon Sep 17 00:00:00 2001 From: Bogdan Prodan Date: Fri, 3 Dec 2021 10:33:24 +0200 Subject: [PATCH] Added missing fields for Apple IdP --- go.mod | 2 +- go.sum | 4 +-- okta/resource_okta_idp_social.go | 36 +++++++++++++++++++++++-- website/docs/r/idp_social.html.markdown | 8 ++++++ 4 files changed, 45 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index f3b4baca5..bb68407d8 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/hashicorp/go-hclog v1.0.0 github.com/hashicorp/go-retryablehttp v0.7.0 github.com/hashicorp/terraform-plugin-sdk/v2 v2.9.0 - github.com/okta/okta-sdk-golang/v2 v2.9.2-0.20211106142544-afb81b42f538 + github.com/okta/okta-sdk-golang/v2 v2.9.2-0.20211203080930-e7b3952536dc ) require ( diff --git a/go.sum b/go.sum index 1f77828a3..e62ca59c0 100644 --- a/go.sum +++ b/go.sum @@ -335,8 +335,8 @@ github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce/go.mod h1:uFMI8w+ref4 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= -github.com/okta/okta-sdk-golang/v2 v2.9.2-0.20211106142544-afb81b42f538 h1:TSfBygYDE8cHkWk1mE5d5T/NC+nYxWU6h1yT1aN9Mpc= -github.com/okta/okta-sdk-golang/v2 v2.9.2-0.20211106142544-afb81b42f538/go.mod h1:UhdEFuTLCIJirz6x4zGjsuwQl1xhCLKizNyj/h14tFA= +github.com/okta/okta-sdk-golang/v2 v2.9.2-0.20211203080930-e7b3952536dc h1:fGaQExYeLoYLPPa502FJQkNmo9F1aFS4O6slSmun+xk= +github.com/okta/okta-sdk-golang/v2 v2.9.2-0.20211203080930-e7b3952536dc/go.mod h1:UhdEFuTLCIJirz6x4zGjsuwQl1xhCLKizNyj/h14tFA= github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627 h1:pSCLCl6joCFRnjpeojzOpEYs4q7Vditq8fySFG5ap3Y= github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= diff --git a/okta/resource_okta_idp_social.go b/okta/resource_okta_idp_social.go index 600a60f9d..1c7aec915 100644 --- a/okta/resource_okta_idp_social.go +++ b/okta/resource_okta_idp_social.go @@ -17,7 +17,6 @@ func resourceIdpSocial() *schema.Resource { Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, }, - // Note the base schema Schema: buildIdpSchema(map[string]*schema.Schema{ "authorization_url": optURLSchema, "authorization_binding": optBindingSchema, @@ -69,6 +68,22 @@ func resourceIdpSocial() *schema.Resource { Default: "ORG_URL", Optional: true, }, + "apple_kid": { + Type: schema.TypeString, + Optional: true, + Description: "The Key ID that you obtained from Apple when you created the private key for the client", + }, + "apple_private_key": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + Description: "The PKCS #8 encoded private key that you created for the client and downloaded from Apple", + }, + "apple_team_id": { + Type: schema.TypeString, + Optional: true, + Description: "The Team ID associated with your Apple developer account", + }, }), } } @@ -96,6 +111,7 @@ func resourceIdpSocialRead(ctx context.Context, d *schema.ResourceData, m interf d.SetId("") return nil } + _ = d.Set("type", idp.Type) _ = d.Set("name", idp.Name) _ = d.Set("max_clock_skew", idp.Policy.MaxClockSkew) _ = d.Set("provisioning_action", idp.Policy.Provisioning.Action) @@ -105,8 +121,13 @@ func resourceIdpSocialRead(ctx context.Context, d *schema.ResourceData, m interf _ = d.Set("subject_match_type", idp.Policy.Subject.MatchType) _ = d.Set("subject_match_attribute", idp.Policy.Subject.MatchAttribute) _ = d.Set("username_template", idp.Policy.Subject.UserNameTemplate.Template) + _ = d.Set("protocol_type", idp.Protocol.Type) _ = d.Set("client_id", idp.Protocol.Credentials.Client.ClientId) _ = d.Set("client_secret", idp.Protocol.Credentials.Client.ClientSecret) + if idp.Type == "APPLE" { + _ = d.Set("apple_kid", idp.Protocol.Credentials.Signing.Kid) + _ = d.Set("apple_team_id", idp.Protocol.Credentials.Signing.TeamId) + } err = syncGroupActions(d, idp.Policy.Provisioning.Groups) if err != nil { @@ -149,7 +170,7 @@ func resourceIdpSocialUpdate(ctx context.Context, d *schema.ResourceData, m inte } func buildIdPSocial(d *schema.ResourceData) okta.IdentityProvider { - return okta.IdentityProvider{ + idp := okta.IdentityProvider{ Name: d.Get("name").(string), Type: d.Get("type").(string), IssuerMode: d.Get("issuer_mode").(string), @@ -176,4 +197,15 @@ func buildIdPSocial(d *schema.ResourceData) okta.IdentityProvider { }, }, } + if idp.Type == "APPLE" { + idp.Protocol.Credentials.Signing = &okta.IdentityProviderCredentialsSigning{ + Kid: nil, + PrivateKey: d.Get("apple_private_key").(string), + TeamId: d.Get("apple_team_id").(string), + } + if kid, ok := d.GetOk("apple_kid"); ok { + idp.Protocol.Credentials.Signing.Kid = stringPtr(kid.(string)) + } + } + return idp } diff --git a/website/docs/r/idp_social.html.markdown b/website/docs/r/idp_social.html.markdown index 1cc75ca2d..8d0c6fd6e 100644 --- a/website/docs/r/idp_social.html.markdown +++ b/website/docs/r/idp_social.html.markdown @@ -97,6 +97,14 @@ The following arguments are supported: - `response_signature_scope` - (Optional) Specifies whether to verify a SAMLResponse message or Assertion element XML digital signature. It can be `"RESPONSE"`, `"ASSERTION"`, or `"ANY"`. +- `apple_private_key` - (Optional, for Apple IdP only) The Key ID that you obtained from Apple when you created the private +key for the client. PrivateKey is required when resource is first created. For all consecutive updates, it can be empty/omitted +and keeps the existing value if it is empty/omitted. PrivateKey isn't returned when importing this resource. + +- `apple_team_id` - (Optional, for Apple IdP only) The Team ID associated with your Apple developer account. + +- `apple_kid` - (Optional, for Apple IdP only) The Key ID that you obtained from Apple when you created the private key for the client. + ## Attributes Reference - `id` - ID of the IdP.