[Enhancement]: vault_okta_auth_backend lacks support for configuration tune

[trodemaster]

Description

We use the vault terraform provider and OKTA extensively. Currently, there is no way to set the OKTA auth method as the default one that users see when they access vault via the web interface via the terraform provider.

Affected Resource(s) and/or Data Source(s)

• vault_okta_auth_backend

Potential Terraform Configuration

resource "vault_okta_auth_backend" "bigcustomer" {
  depends_on      = [vault_policy.namespace-management]
  description     = "OKTA + LoginMFA"
  organization    = var.okta_org
  base_url        = var.okta_base_url
  token           = var.okta_token
  max_ttl         = var.okta_ttl
  ttl             = var.okta_ttl
  bypass_okta_mfa = true # we use the LoginMFA instead
  tune = {
    listing_visibility = "unauth"
  }
}

References

See this document for the description of what we need to do. https://support.hashicorp.com/hc/en-us/articles/360001922527-Configuring-a-Default-UI-Auth-Method

Other auth backend providers already have support for tune. https://registry.terraform.io/providers/hashicorp/vault/2.9.0/docs/resources/auth_backend

Somewhat related issue https://github.com/hashicorp/terraform-provider-vault/issues/1353

Would you like to implement a fix?

No