Merge pull request #1880 from okta/OKTA-688890-import-default-policy

fix import default policy
okta · Jan 29, 2024 · 438bd85 · 438bd85
2 parents f3e04f2 + bc44258
commit 438bd85
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 20 deletions.
diff --git a/okta/app_test.go b/okta/app_test.go
@@ -82,7 +82,7 @@ func TestAppUpdateStatus(t *testing.T) {
 			// NOTE: diff represents new state
 			diff: &terraform.InstanceDiff{
 				Attributes: map[string]*terraform.ResourceAttrDiff{
-					"status": &terraform.ResourceAttrDiff{
+					"status": {
 						Old: "ACTIVE",
 						New: "INACTIVE",
 					},
@@ -102,7 +102,7 @@ func TestAppUpdateStatus(t *testing.T) {
 			name: "activate an app only",
 			diff: &terraform.InstanceDiff{
 				Attributes: map[string]*terraform.ResourceAttrDiff{
-					"status": &terraform.ResourceAttrDiff{
+					"status": {
 						Old: "INACTIVE",
 						New: "ACTIVE",
 					},
@@ -123,11 +123,11 @@ func TestAppUpdateStatus(t *testing.T) {
 			name: "deactivate an app and update app values",
 			diff: &terraform.InstanceDiff{
 				Attributes: map[string]*terraform.ResourceAttrDiff{
-					"status": &terraform.ResourceAttrDiff{
+					"status": {
 						Old: "ACTIVE",
 						New: "INACTIVE",
 					},
-					"test": &terraform.ResourceAttrDiff{
+					"test": {
 						Old: "old",
 						New: "new",
 					},
@@ -147,11 +147,11 @@ func TestAppUpdateStatus(t *testing.T) {
 			name: "activate an app and update app values",
 			diff: &terraform.InstanceDiff{
 				Attributes: map[string]*terraform.ResourceAttrDiff{
-					"status": &terraform.ResourceAttrDiff{
+					"status": {
 						Old: "INACTIVE",
 						New: "ACTIVE",
 					},
-					"test": &terraform.ResourceAttrDiff{
+					"test": {
 						Old: "old",
 						New: "new",
 					},
@@ -171,7 +171,7 @@ func TestAppUpdateStatus(t *testing.T) {
 			name: "update inactive app",
 			diff: &terraform.InstanceDiff{
 				Attributes: map[string]*terraform.ResourceAttrDiff{
-					"test": &terraform.ResourceAttrDiff{
+					"test": {
 						Old: "old",
 						New: "new",
 					},
@@ -190,7 +190,7 @@ func TestAppUpdateStatus(t *testing.T) {
 			name: "update active app",
 			diff: &terraform.InstanceDiff{
 				Attributes: map[string]*terraform.ResourceAttrDiff{
-					"test": &terraform.ResourceAttrDiff{
+					"test": {
 						Old: "old",
 						New: "new",
 					},

diff --git a/okta/data_source_okta_default_policy.go b/okta/data_source_okta_default_policy.go
@@ -3,6 +3,7 @@ package okta
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -26,10 +27,20 @@ func dataSourceDefaultPolicy() *schema.Resource {
 
 func dataSourceDefaultPolicyRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	policyType := d.Get("type").(string)
-	policy, err := findSystemPolicyByType(ctx, m, policyType)
+	policies, err := findSystemPolicyByType(ctx, m, policyType)
 	if err != nil {
 		return diag.FromErr(err)
 	}
+	var policy *sdk.Policy
+	for _, p := range policies {
+		if strings.Contains(p.Name, "Default") || strings.Contains(p.Description, "default") {
+			policy = p
+			break
+		}
+	}
+	if policy == nil {
+		return diag.FromErr(fmt.Errorf("cannot find default %v policy", policyType))
+	}
 	d.SetId(policy.Id)
 	return nil
 }
diff --git a/okta/policy.go b/okta/policy.go
@@ -2,7 +2,9 @@ package okta
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/okta/terraform-provider-okta/sdk"
@@ -88,10 +90,20 @@ var (
 )
 
 func setDefaultPolicy(ctx context.Context, d *schema.ResourceData, m interface{}, policyType string) (*sdk.Policy, error) {
-	policy, err := findSystemPolicyByType(ctx, m, policyType)
+	policies, err := findSystemPolicyByType(ctx, m, policyType)
 	if err != nil {
 		return nil, err
 	}
+	var policy *sdk.Policy
+	for _, p := range policies {
+		if strings.Contains(p.Name, "Default") || strings.Contains(p.Description, "default") {
+			policy = p
+			break
+		}
+	}
+	if policy == nil {
+		return nil, fmt.Errorf("cannot find default %v policy", policyType)
+	}
 	groups, _, err := getOktaClientFromMetadata(m).Group.ListGroups(ctx, &query.Params{Q: "Everyone"})
 	if err != nil {
 		return nil, fmt.Errorf("failed find default group for default password policy: %v", err)
@@ -261,16 +273,19 @@ func findDefaultAccessPolicy(ctx context.Context, m interface{}) (*sdk.Policy, e
 	if isClassicOrg(ctx, m) {
 		return nil, nil
 	}
-
-	policy, err := findSystemPolicyByType(ctx, m, "ACCESS_POLICY")
+	policies, err := findSystemPolicyByType(ctx, m, "ACCESS_POLICY")
 	if err != nil {
 		return nil, fmt.Errorf("error finding default ACCESS_POLICY %+v", err)
 	}
-	return policy, nil
+	if len(policies) != 1 {
+		return nil, errors.New("cannot find default ACCESS_POLICY policy")
+	}
+	return policies[0], nil
 }
 
 // findSystemPolicyByType System policy is the default policy regardless of name
-func findSystemPolicyByType(ctx context.Context, m interface{}, _type string) (*sdk.Policy, error) {
+func findSystemPolicyByType(ctx context.Context, m interface{}, _type string) ([]*sdk.Policy, error) {
+	res := make([]*sdk.Policy, 0)
 	client := getOktaClientFromMetadata(m)
 	qp := query.NewQueryParams(query.WithType(_type))
 	policies, _, err := client.Policy.ListPolicies(ctx, qp)
@@ -281,11 +296,11 @@ func findSystemPolicyByType(ctx context.Context, m interface{}, _type string) (*
 	for _, p := range policies {
 		policy := p.(*sdk.Policy)
 		if *policy.System {
-			return policy, nil
+			res = append(res, policy)
 		}
 	}
 
-	return nil, fmt.Errorf("default system %q policy not found", _type)
+	return res, nil
 }
 
 func findPolicyByNameAndType(ctx context.Context, m interface{}, name, policyType string) (*sdk.Policy, error) {

diff --git a/okta/resource_okta_policy_profile_enrollment_apps.go b/okta/resource_okta_policy_profile_enrollment_apps.go
@@ -3,6 +3,7 @@ package okta
 import (
 	"context"
 	"errors"
+	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -44,7 +45,7 @@ func resourcePolicyProfileEnrollmentAppsCreate(ctx context.Context, d *schema.Re
 		return resourceOIEOnlyFeatureError(policyProfileEnrollmentApps)
 	}
 
-	err := setDefaultPolicyID(ctx, d, m)
+	err := setDefaultProfileEnrollmentPolicyID(ctx, d, m)
 	if err != nil {
 		return diag.FromErr(err)
 	}
@@ -67,7 +68,7 @@ func resourcePolicyProfileEnrollmentAppsRead(ctx context.Context, d *schema.Reso
 		return resourceOIEOnlyFeatureError(policyProfileEnrollmentApps)
 	}
 
-	err := setDefaultPolicyID(ctx, d, m)
+	err := setDefaultProfileEnrollmentPolicyID(ctx, d, m)
 	if err != nil {
 		return diag.FromErr(err)
 	}
@@ -154,11 +155,21 @@ func listPolicyEnrollmentAppIDs(ctx context.Context, client *sdk.APISupplement,
 	return appIDs, nil
 }
 
-func setDefaultPolicyID(ctx context.Context, d *schema.ResourceData, m interface{}) error {
-	policy, err := findSystemPolicyByType(ctx, m, sdk.ProfileEnrollmentPolicyType)
+func setDefaultProfileEnrollmentPolicyID(ctx context.Context, d *schema.ResourceData, m interface{}) error {
+	policies, err := findSystemPolicyByType(ctx, m, sdk.ProfileEnrollmentPolicyType)
 	if err != nil {
 		return err
 	}
+	var policy *sdk.Policy
+	for _, p := range policies {
+		if strings.Contains(p.Name, "Default") {
+			policy = p
+			break
+		}
+	}
+	if policy == nil {
+		return errors.New("cannot find default PROFILE_ENROLLMENT policy")
+	}
 	policyID := d.Get("policy_id").(string)
 	if policyID == policy.Id {
 		return errors.New("default enrollment policy cannot be used here, since it is used as a policy to re-assign apps to when they are unassigned from this one")