From 8c9c810dd130dc9fd82c12eda960a1fbb8e6a9b1 Mon Sep 17 00:00:00 2001 From: Matt Provost Date: Wed, 7 Aug 2024 14:19:17 -0500 Subject: [PATCH] fix: handle multiple okta idps in access policies Signed-off-by: Matt Provost --- .changelog/3579.txt | 3 ++ .../resource_cloudflare_access_group.go | 30 ++++++++++++------- 2 files changed, 22 insertions(+), 11 deletions(-) create mode 100644 .changelog/3579.txt diff --git a/.changelog/3579.txt b/.changelog/3579.txt new file mode 100644 index 0000000000..629d1b1b8b --- /dev/null +++ b/.changelog/3579.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/cloudflare_access_policy: handle multiple okta idps in access policies +``` diff --git a/internal/sdkv2provider/resource_cloudflare_access_group.go b/internal/sdkv2provider/resource_cloudflare_access_group.go index 1ed49cd424..ee74eaffb0 100644 --- a/internal/sdkv2provider/resource_cloudflare_access_group.go +++ b/internal/sdkv2provider/resource_cloudflare_access_group.go @@ -411,8 +411,7 @@ func TransformAccessGroupForSchema(ctx context.Context, accessGroup []interface{ authMethod := "" geos := []string{} loginMethod := []string{} - oktaID := "" - oktaGroups := []string{} + oktaGroups := []map[string]interface{}{} gsuiteID := "" gsuiteEmails := []string{} githubName := "" @@ -488,8 +487,22 @@ func TransformAccessGroupForSchema(ctx context.Context, accessGroup []interface{ } case "okta": oktaCfg := groupValue.(map[string]interface{}) - oktaID = oktaCfg["identity_provider_id"].(string) - oktaGroups = append(oktaGroups, oktaCfg["name"].(string)) + oktaIdPID := oktaCfg["identity_provider_id"].(string) + oktaGroupName := oktaCfg["name"].(string) + + var oktaGroup map[string]interface{} + for _, og := range oktaGroups { + if og["identity_provider_id"] == oktaIdPID { + oktaGroup = og + break + } + } + + if len(oktaGroup) == 0 { + oktaGroups = append(oktaGroups, map[string]interface{}{"identity_provider_id": oktaIdPID, "name": []string{oktaGroupName}}) + } else { + oktaGroup["name"] = append(oktaGroup["name"].([]string), oktaGroupName) + } case "gsuite": gsuiteCfg := groupValue.(map[string]interface{}) gsuiteID = gsuiteCfg["identity_provider_id"].(string) @@ -605,13 +618,8 @@ func TransformAccessGroupForSchema(ctx context.Context, accessGroup []interface{ groupMap["login_method"] = loginMethod } - if len(oktaGroups) > 0 && oktaID != "" { - groupMap["okta"] = []interface{}{ - map[string]interface{}{ - "identity_provider_id": oktaID, - "name": oktaGroups, - }, - } + if len(oktaGroups) > 0 { + groupMap["okta"] = oktaGroups } if len(gsuiteEmails) > 0 && gsuiteID != "" {