-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add group target support for okta_group_role #256
Conversation
Docs on the API have me in a bit of a bind here: https://developer.okta.com/docs/reference/api/roles/#remove-a-group-target-from-a-group-administrator-role-given-to-a-group
Because of that, this may probably be better off being an embedded object inside of the |
Acceptance test results (would like some additional confirmations here):
|
Hi, @ymylei! Thanks for the PR! Everything looks good, I just have to double-check everything and I think this might be included in the upcoming 3.8.0 release. |
@ymylei I admire your perseverance with this project, and I hope Okta reward you accordingly 😊 If I could make one suggestion/request, have you considered separating each target to be it's own resource, instead of a list? (i.e., like I did in #154)? While I appreciate that this PR faithfully implements the Okta API structure, it isn't consistent with the Terraform principle that resources should be a declarative representation of single component. The primary driver for this is that it makes it easier to implement modular config structure; we have cases were some group targets are not instantiated in a single Terraform repo, which will mean Terraform will remove those. |
Hey @jlaundry, Appreciate the kind comment! Per the comment I made here: #256 (comment) and the pertinent line from the Okta API docs:
The standalone resource would be unable to fully support delete operations since a full delete would require also require affecting the parent role resource itself, therefore I do not consider it a good candidate to exist by itself. |
To add to the above, if you take this branch, go to the commit d6de84c and run the acceptance tests, you'll get the |
Hi, @ymylei! I've merged your previous PR, so please fix the conflicts in this one! Thanks! |
Adds okta_group_role to provider config. Also adds deprecation message for okta_group_roles.
This adds the schema and CRUD operations for the resource. Additional helper functions for reused behavior are located at the bottom.
Adds to the provider configuration
Adds readme and basic example for group_membership_admin use.
Adds a basic test for the new resource
Adds website content for the group_targets resource
This moves in the code from the role_targets resource into the role resource for managing group targets.
This is a custom diff to rebuild the role resource upon clearing the group_target_list. This is required by the Okta API.
Updates import function to support importing of group targets.
copied in from other use but does not apply here anymore.
Called it target_group_list in web docs, seems most appropriate name.
Old tests dont' seem to work the way I inteded. Moving to these for now.
16e3e25
to
23776cc
Compare
@bogdanprodan-okta Just completed the rebase, updated acceptance test result below:
|
This adds additional schema to the
okta_group_role
resource and exposes the ability to assign a list of target groups to group admin role assignments which specifically support it.Important: This relies upon / assumes #255 has been merged (it is appending schema to that resource created in the PR). You will find these commits in here temporarily until that is merged (or another similar resource is finished) in which case I will then rebase this and fix the test configurations based upon that outcome.
Combined with the PR mentioned above, this would replace #154.