app_user_schema_property: cannot use country code & language code data types

[erelado]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.1.7

Affected Resource(s)

• okta_app_user_schema_property

Terraform Configuration Files

resource "okta_app_user_schema_property" "example" {
  app_id      = "<app id>"
  index       = "customPropertyName"
  title       = "customPropertyName"
  type        = "string"
  description = "My custom property name"
  master      = "OKTA"
  scope       = "SELF"
}

Expected Behavior

Should be able to use country code and language code (data) types.

Actual Behavior

Cannot.

References

• #0000

[monde]

Hi @E-RELevant . I'm not following your use case. Resource okta_app_user_schema_property is done with the Okta API endpoint POST /api/v1/meta/schemas/apps/${instanceId}/default https://developer.okta.com/docs/reference/api/schemas/#add-property-to-app-user-profile-schema .

[erelado]

Thank you, @monde, for your response. I might get confused since I am new to Terraform in general and the Okta documentation is lacking, but what I am trying to achieve is adding custom-defined profile attributes for a specific OIDC application. There might be another resource for this, but I was unable to find a way to add an attribute from the country code or language code types.

[monde]

Thanks for the explanation @E-RELevant . Take a look at this example https://github.com/okta/terraform-provider-okta/blob/master/examples/okta_app_user_schema_property/basic.tf . It is making size attributes, let me know if you can bend it to your purpose. I'll follow up upon hearing back, thanks!

[erelado]

I looked at the example you attached @monde, yet my issue is with the data type (type in terraform), rather than whether or not the attribute is an enum. The type in your example is string, which does not answer my question: how can I make it a country code or language code.

[monde]

@E-RELevant per the docs for okta_app_user_schema_property "This resource allows you to create and configure a custom user schema property and associate it with an application. Make sure that the app instance is active before creating the schema property, because in some cases API might return 404 error." https://registry.terraform.io/providers/okta/okta/latest/docs/resources/app_user_schema_property

Are you trying to do something like this?

data "okta_app" "dashboard" {
  label = "Okta Dashboard"
}

resource "okta_app_user_schema_property" "example" {
  app_id      = data.okta_app.dashboard
  index       = "countryCode"
  title       = "County Code"
  type        = "string"
  description = "ISO 3166-1 alpha-2 standard country code"

  # I think you would use the enum here if you wanted to list all of the country codes.
  # Not sure if you could use TF's file operation, or something like that, to load all the
  # codes from a file and not hard code them.
}

Let me know what you find. Please post your solution and close the issue if you are able to derive the functionality you are seeking.

[erelado]

I honestly don't know how else to explain it. I want to achieve something like this (which I don't know the right value for):

resource "okta_app_user_schema_property" "example" {
  app_id      = data.okta_app.dashboard
  index       = "default_language"
  title       = "Default Language"
  type        = "country_code" # NOT SURE WHAT IS THE RIGHT VALUE/TERM
  description = "ISO 3166-1 alpha-2 standard country code"
}

All along, I have been talking about the type. There is even a screenshot of the Okta Admin Console UI showing both of those types (so-called data types).

[monde]

@E-RELevant I will ask around internally and see if I can get an exact answer for you.

[monde]

@E-RELevant I have some better information from my colleague @noinarisak. Thanks for being patient with me while trying to run this down. What you are trying to do is create a custom property of type string, with format country-code or language-code (per your examples). Side note: all of the Okta formats are uri, date-time, email, ref-id, encrypted, hashed, country-code, language-code, locale, timezone.

Here is a curl example:

curl --location --request POST 'https://xxx.okta.com/api/v1/meta/schemas/apps/0oa4cthzyqgFj8ISJ5d7/default' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: SSWS _SCRUBED_' \
--header 'Cookie: JSESSIONID=xxx' \
--data-raw '{
    "definitions": {
        "custom": {
            "id": "#custom",
            "type": "object",
            "properties": {
                "xCustomCountryCode": {
                    "title": "xCustom Country Code",
                    "description": "XCustom Country Code Dude",
                    "type": "string",
                    "required": false,
                    "format": "country-code"
                }
            },
            "required": []
        }
    }
}'

If the Terraform provider supported this, a config might look like:

resource "okta_app_oauth" "example" {
  label                      = "example"
  type                       = "web"
  grant_types                = ["authorization_code"]
  redirect_uris              = ["https://example.com/"]
  response_types             = ["code"]
}

resource "okta_app_user_schema_property" "example" {
  app_id      = okta_app_oauth.example.id
  index       = "xcustomCountryCode"
  title       = "X Custom Country Code"
  type        = "string"
  master      = "PROFILE_MASTER"

  # this is an example, okta_app_user_schema_property does not support format
  format = "country-code"
}

However, if you look at the public API documentation for POST /api/v1/meta/schemas/apps/${appId}/default https://developer.okta.com/docs/reference/api/schemas/#app-user-profile-schema-property-object you'll notice format is not documented in the schemas, but there are some examples where format is set to email.

Unfortunately, as a rule, we don't call internal API endpoints from the terraform provider, and we don't call public API endpoints with undocumented attributes. That said, this seems like it is in the gray zone for not supporting undocumented attributes when the examples do reference a format. Also, this code path goes through okta-sdk-golang so we'd need to get that updated first.

I don't have a timeline on when we might fix this. But as @noinarisak pointed out to me, we can at least show you how to call the public API with an undocumented parameter. Perhaps you could add a curl provider to perform this action in your tf config.

[erelado]

Thank you, @monde, I appreciate the detailed answer. It is unfortunate that this is the case since it is possible to select a field of this type through the UI itself. I would love to hear as long as there are updates to adding an official API, and in the meantime - I would definitely consider adding a cURL provider.

[monde]

Closing this issue as we've identified a gap in the public API and documented an alternative solution in the short term.

[erelado]

@monde A short-term solution has indeed been found, but that does not mean a solution to the problem. Also, I have not yet tested the possibility of using cURL to get the result. I think that this addition is essential and that an appropriate solution must be found, even in the long run.

[monde]

Hi @E-RELevant you can contact your Okta support representative and point to this Github issue. Note in your message that the format property is public, but not documented in the public API https://developer.okta.com/docs/reference/api/schemas/#app-user-profile-schema-property-object . This will escalate the issue more precisely.

[erelado]

Thank you, @monde, I created Case 01358753 @ https://support.okta.com. I will try to update as I receive new information regarding the issue.

[erelado]

A quick update from Okta:

Hi Erel, I'm Dawoud, with the Developer Support team at Okta, and I'll be assisting you with this. Thank you for passing this information across, I will try to have the docs updated to elaborate on how 'format' would be utilized. Thank You, Dawoud Tabboush Senior Developer Support Engineer (APAC) Okta Global Customer Care

[dawoudt-okta]

I have created an internal ticket to address this issue (OKTA-486203)

[dawoudt-okta]

@monde @E-RELevant check out the updated documentation at https://developer.okta.com/docs/reference/api/schemas/#description-details

[monde]

I'll have to add this in to okta_app_user_schema_property now, re-opening

[monde]

need to get okta-sdk-golang updated for this also. Okta API -> okta-sdk-golang -> terraform-provider-okta

[erelado]

@monde, @dawoudt-okta I appreciate your help. Do you have a timeframe for implementing the Terraform solution?

[erelado]

@monde, @dawoudt-okta any update?

[monde]

I'll follow up on this when I get back from vacation.

[monde]

I don't have any new status on this issue.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[erelado]

Still waiting for update…

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[erelado]

not planned? crucial feature to automate using TF. Please reconsider.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[erelado]

🔔

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days