Add group target support for okta_group_role #256
Conversation
ymylei
changed the title
|
Docs on the API have me in a bit of a bind here: https://developer.okta.com/docs/reference/api/roles/#remove-a-group-target-from-a-group-administrator-role-given-to-a-group Because of that, this may probably be better off being an embedded object inside of the |
ymylei
changed the title
ymylei
changed the title
|
Acceptance test results (would like some additional confirmations here): |
ymylei
changed the title
|
Hi, @ymylei! Thanks for the PR! Everything looks good, I just have to double-check everything and I think this might be included in the upcoming 3.8.0 release. |
|
@ymylei I admire your perseverance with this project, and I hope Okta reward you accordingly 😊 If I could make one suggestion/request, have you considered separating each target to be it's own resource, instead of a list? (i.e., like I did in #154)? While I appreciate that this PR faithfully implements the Okta API structure, it isn't consistent with the Terraform principle that resources should be a declarative representation of single component. The primary driver for this is that it makes it easier to implement modular config structure; we have cases were some group targets are not instantiated in a single Terraform repo, which will mean Terraform will remove those. |
Hey @jlaundry, Appreciate the kind comment! Per the comment I made here: #256 (comment) and the pertinent line from the Okta API docs: The standalone resource would be unable to fully support delete operations since a full delete would require also require affecting the parent role resource itself, therefore I do not consider it a good candidate to exist by itself. |
|
To add to the above, if you take this branch, go to the commit d6de84c and run the acceptance tests, you'll get the |
|
Hi, @ymylei! I've merged your previous PR, so please fix the conflicts in this one! Thanks! |
Adds okta_group_role to provider config. Also adds deprecation message for okta_group_roles.
This adds the schema and CRUD operations for the resource. Additional helper functions for reused behavior are located at the bottom.
Adds to the provider configuration
Adds readme and basic example for group_membership_admin use.
Adds a basic test for the new resource
Adds website content for the group_targets resource
This moves in the code from the role_targets resource into the role resource for managing group targets.
This is a custom diff to rebuild the role resource upon clearing the group_target_list. This is required by the Okta API.
Updates import function to support importing of group targets.
copied in from other use but does not apply here anymore.
Called it target_group_list in web docs, seems most appropriate name.
Old tests dont' seem to work the way I inteded. Moving to these for now.
ymylei
force-pushed
the
group_role_pt2
branch
from
16e3e25
to
23776cc
Compare
|
@bogdanprodan-okta Just completed the rebase, updated acceptance test result below: |
This adds additional schema to the
okta_group_roleresource and exposes the ability to assign a list of target groups to group admin role assignments which specifically support it.Important: This relies upon / assumes #255 has been merged (it is appending schema to that resource created in the PR). You will find these commits in here temporarily until that is merged (or another similar resource is finished) in which case I will then rebase this and fix the test configurations based upon that outcome.
Combined with the PR mentioned above, this would replace #154.