terraform-provider-okta icon indicating copy to clipboard operation
terraform-provider-okta copied to clipboard

Published 20 hours ago verified publisher icon okta

okta_domain import does not honor certificateSourceType

Open n-oden opened this issue 1 year ago • 2 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v1.5.3

Affected Resource(s)

  • okta_domain

Terraform Configuration Files

resource "okta_domain" "login" {
  name                    = "login.example.com"
  certificate_source_type = "OKTA_MANAGED"
}

Expected Behavior

Having imported a login resource that already has an okta-managed certificate set up, the above resource should be seen as untainted and a plan should see no changes necessary.

Can this be done in the Admin UI?

n/a

Can this be done in the actual API call?

Yes

Actual Behavior

  # okta_domain.login will be updated in-place
  ~ resource "okta_domain" "login" {
      + certificate_source_type = "OKTA_MANAGED"
        id                      = "<elided>"
        name                    = "login.example.com"
      + verify                  = false
        # (2 unchanged attributes hidden)
    }

Manually checking the resource in the okta API shows that certificateSourceType is in fact set to OKTA_MANAGED:

    {
      "id": "elided",
      "domain": "login.example.com",
      "certificateSourceType": "OKTA_MANAGED",
      "validationStatus": "COMPLETED",
      "brandId": "elided",
      "_links": {
        "self": {
          "href": "https://example.okta.com/api/v1/domains/elided",
          "hints": {
            "allow": [
              "GET",
              "DELETE"
            ]
          }
        },
        "brand": {
          "href": "https://example.okta.com/api/v1/brands/elided",
          "hints": {
            "allow": [
              "GET",
              "PUT",
              "DELETE"
            ]
          }
        }
      }
    },

Steps to Reproduce

  1. create a brand and domain in the console
  2. configure an okta-managed domain certificate
  3. create and import the domain resource in terraform
  4. terraform plan

n-oden avatar Jul 24 '23 18:07 n-oden

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-631379

duytiennguyen-okta avatar Jul 25 '23 15:07 duytiennguyen-okta

@duytiennguyen-okta is there any public update on this?

n-oden avatar Nov 10 '23 21:11 n-oden