terraform-provider-okta
terraform-provider-okta copied to clipboard
okta
The feature flag assurance_granular_authenticator_constraints is not covered
The feature flag assurance_granular_authenticator_constraints is not covered by the resource.
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
Terraform v1.6.6 on darwin_arm64
- provider registry.terraform.io/okta/okta v4.6.3
Affected Resource(s)
okta_app_signon_policy_rule
Terraform Configuration Files
"constraints": [
{
"knowledge": {
"required": false,
"authenticationMethods": []
},
"possession": {
"required": false,
"authenticationMethods": [
{
"key": "webauthn",
"method": "webauthn"
},
{
"key": "okta_verify",
"method": "signed_nonce"
},
{
"key": "okta_verify",
"method": "push"
}
]
}
}
]
Expected Behavior
The rule should be updated with the required constraints.
Can this be done in the Admin UI?
No
Can this be done in the actual API call?
Yes
Actual Behavior
Created without constraints.
Steps to Reproduce
- Enable FF ASSURANCE_GRANULAR_AUTHENTICATOR_CONSTRAINTS
- Create a new policy, and add a rule with the desired constraints.
Important Factoids
FF enabled in Preview
@emanor-okta thanks for ensuring this is tracked internally within Okta.
FYI - this feature flag is already enabled by default in Okta preview orgs and can't be opted out, so I believe it's going to be released in GA to Okta production orgs very soon.
Confirming this feature went live in GA as part of Okta's April release.
@florinstratulat : is this ticket solved for you ?
Depending on your answer, I may open a similar issue with my particular case where something created by the GUI can't be reproduced:
constraints = [jsonencode(
{
"knowledge": {
"authenticationMethods": [
{
"key": "okta_password",
"method": "password"
}
],
"required": false
},
"possession": {
"authenticationMethods": [
{
"key": "okta_email",
"method": "email"
},
{
"key": "webauthn",
"method": "webauthn"
}
],
"required": false,
"userPresence": "REQUIRED"
}
})
]
Applying with the 4.9.1 provider on Okta "Version 2024.06.1 E" and terraform 1.6.3 lead me to lose the authenticationMethods for both knowledge and possession.
Tainting the ressource also do not create the authenticationMethods
Edit: I created my own separated issue, #2029 , as I am myself not doing anything with feature flags
@duytiennguyen-okta @arvindkrishnakumar-okta is this also resolved by https://github.com/okta/terraform-provider-okta/pull/2038 being merged as well?
@lucascantor it should be. Thanks for mentioning it
Hi @duytiennguyen-okta is there an update on a new provider update? There hasn't been one created yet and it's impacting us.
