Add bookmark-app module

tedilabs · Apr 19, 2024 · 4c6ee2f · 4c6ee2f
1 parent 3540e79
commit 4c6ee2f
Show file tree

Hide file tree

Showing 8 changed files with 316 additions and 0 deletions.
diff --git a/.github/labeler.yaml b/.github/labeler.yaml
@@ -1,4 +1,7 @@
 # Modules
+":floppy_disk: bookmark-app":
+- modules/bookmark-app/**/*
+
 ":floppy_disk: brand":
 - modules/brand/**/*
 

diff --git a/.github/labels.yaml b/.github/labels.yaml
@@ -40,6 +40,9 @@
   name: "size/XL"
 
 # Modules
+- color: "fbca04"
+  description: "This issue or pull request is related to bookmark-app module."
+  name: ":floppy_disk: bookmark-app"
 - color: "fbca04"
   description: "This issue or pull request is related to brand module."
   name: ":floppy_disk: brand"

diff --git a/README.md b/README.md
@@ -6,8 +6,10 @@
 
 Terraform module to manage all of things on Okta organization.
 
+- [bookmark-app](./modules/bookmark-app/)
 - [brand](./modules/brand/)
 - [group](./modules/group/)
+- [group-rule](./modules/group-rule/)
 - [user](./modules/user/)
 
 

diff --git a/modules/bookmark-app/README.md b/modules/bookmark-app/README.md
@@ -0,0 +1,63 @@
+# bookmark-app
+
+This module creates following resources.
+
+- `okta_app_bookmark`
+- `okta_app_group_assignments`
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
+| <a name="requirement_okta"></a> [okta](#requirement\_okta) | >= 4.8 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_okta"></a> [okta](#provider\_okta) | 4.8.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [okta_app_bookmark.this](https://registry.terraform.io/providers/okta/okta/latest/docs/resources/app_bookmark) | resource |
+| [okta_app_group_assignments.this](https://registry.terraform.io/providers/okta/okta/latest/docs/resources/app_group_assignments) | resource |
+| [okta_group.this](https://registry.terraform.io/providers/okta/okta/latest/docs/data-sources/group) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_name"></a> [name](#input\_name) | (Required) The label of the Okta bookmark application. The application's display name. | `string` | n/a | yes |
+| <a name="input_url"></a> [url](#input\_url) | (Required) The URL of the Okta bookmark application. | `string` | n/a | yes |
+| <a name="input_custom_error_page"></a> [custom\_error\_page](#input\_custom\_error\_page) | (Optional) The URL for custom error page. | `string` | `null` | no |
+| <a name="input_enabled"></a> [enabled](#input\_enabled) | (Optional) Whether to enable the Okta bookmark application. Defaults to `true`. | `bool` | `true` | no |
+| <a name="input_group_assignments"></a> [group\_assignments](#input\_group\_assignments) | (Optional) A configurations to assign groups for the Okta bookmark application. Each item of `group_assignments` block as defined below.<br>    (Required) `group` - The ID of the group to assign.<br>    (Optional) `priority` - A priority of group assignment<br>    (Optional) `profile` - JSON document containing application profile. | <pre>list(object({<br>    group    = string<br>    priority = optional(number)<br>    profile  = optional(map(string), {})<br>  }))</pre> | `[]` | no |
+| <a name="input_hide_app_on_ios"></a> [hide\_app\_on\_ios](#input\_hide\_app\_on\_ios) | (Optional) Whether to hide application icon on mobile app. Defaults to `false`. | `bool` | `false` | no |
+| <a name="input_hide_app_on_web"></a> [hide\_app\_on\_web](#input\_hide\_app\_on\_web) | (Optional) Whether to hide application icon on web. Defaults to `false`. | `bool` | `false` | no |
+| <a name="input_logo_path"></a> [logo\_path](#input\_logo\_path) | (Optional) A local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. | `string` | `null` | no |
+| <a name="input_notes"></a> [notes](#input\_notes) | (Optional) A configurations for application notes. `notes` block as defined below.<br>    (Optional) `admin` - Application notes for admins.<br>    (Optional) `user` - Application notes for end users. | <pre>object({<br>    admin = optional(string, "")<br>    user  = optional(string, "")<br>  })</pre> | `{}` | no |
+| <a name="input_sign_on"></a> [sign\_on](#input\_sign\_on) | (Optional) A configurations for application sign-on. `sign_on` block as defined below.<br>    (Optional) `authentication_policy` - The ID of the authentication policy to associate to the applicatioauthentication policy to associate to the application. If this is removed from the application the default sign-on-policy will be associated with this application. | <pre>object({<br>    authentication_policy = optional(string)<br>  })</pre> | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_catalog_id"></a> [catalog\_id](#output\_catalog\_id) | The ID of the application template in Okta application catalog. |
+| <a name="output_custom_error_page"></a> [custom\_error\_page](#output\_custom\_error\_page) | The URL for custom error page. |
+| <a name="output_enabled"></a> [enabled](#output\_enabled) | Whether to enable the bookmark application. |
+| <a name="output_group_assignments"></a> [group\_assignments](#output\_group\_assignments) | The information for the assigned groups by the Okta group rule. |
+| <a name="output_id"></a> [id](#output\_id) | The ID of the bookmark application. |
+| <a name="output_logo_url"></a> [logo\_url](#output\_logo\_url) | The URL of the application logo. |
+| <a name="output_name"></a> [name](#output\_name) | The label of the bookmark application. |
+| <a name="output_notes"></a> [notes](#output\_notes) | The configurations for application notes. |
+| <a name="output_sign_on"></a> [sign\_on](#output\_sign\_on) | The configurations for application sign-on. |
+| <a name="output_url"></a> [url](#output\_url) | The URL of the bookmark application. |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/bookmark-app/main.tf b/modules/bookmark-app/main.tf
@@ -0,0 +1,69 @@
+###################################################
+# Okta Application (Bookmark)
+###################################################
+
+# INFO: TODO
+# - `app_links_json`
+# INFO: Not supported attributes
+# - `accessibility_login_redirect_url`
+# - `accessibility_self_service`
+# - `auto_submit_toolbar`
+resource "okta_app_bookmark" "this" {
+  label  = var.name
+  url    = var.url
+  logo   = var.logo_path
+  status = var.enabled ? "ACTIVE" : "INACTIVE"
+
+
+  ## Sign-on
+  authentication_policy = var.sign_on.authentication_policy
+
+
+  ## Notes
+  admin_note   = var.notes.admin
+  enduser_note = var.notes.user
+
+
+  ## Accessibility
+  # accessibility_self_service = var.self_service_enabled
+  accessibility_error_redirect_url = var.custom_error_page
+
+  hide_ios = var.hide_app_on_ios
+  hide_web = var.hide_app_on_web
+
+
+  ## Misc
+  request_integration = false
+}
+
+
+###################################################
+# Group Assignments for Okta Application
+###################################################
+
+# INFO: There is alternative resource `okta_app_group_assignment`
+resource "okta_app_group_assignments" "this" {
+  app_id = okta_app_bookmark.this.id
+
+  dynamic "group" {
+    for_each = {
+      for assignment in var.group_assignments :
+      assignment.group => assignment
+    }
+
+    content {
+      id       = group.key
+      priority = group.value.priority
+      profile  = jsonencode(group.value.profile)
+    }
+  }
+}
+
+data "okta_group" "this" {
+  for_each = toset([
+    for assignment in var.group_assignments :
+    assignment.group
+  ])
+
+  id = each.value
+}
diff --git a/modules/bookmark-app/outputs.tf b/modules/bookmark-app/outputs.tf
@@ -0,0 +1,71 @@
+output "id" {
+  description = "The ID of the bookmark application."
+  value       = okta_app_bookmark.this.id
+}
+
+output "catalog_id" {
+  description = "The ID of the application template in Okta application catalog."
+  value       = okta_app_bookmark.this.name
+}
+
+output "name" {
+  description = "The label of the bookmark application."
+  value       = okta_app_bookmark.this.label
+}
+
+output "url" {
+  description = "The URL of the bookmark application."
+  value       = okta_app_bookmark.this.url
+}
+
+output "logo_url" {
+  description = "The URL of the application logo."
+  value       = okta_app_bookmark.this.logo_url
+}
+
+output "enabled" {
+  description = "Whether to enable the bookmark application."
+  value       = okta_app_bookmark.this.status == "ACTIVE"
+}
+
+output "sign_on" {
+  description = "The configurations for application sign-on."
+  value = {
+    method                = okta_app_bookmark.this.sign_on_mode
+    authentication_policy = okta_app_bookmark.this.authentication_policy
+  }
+}
+
+# output "self_service_enabled" {
+#   description = "Whether to enable self-service."
+#   value       = okta_app_bookmark.this.accessibility_self_service
+# }
+
+output "notes" {
+  description = "The configurations for application notes."
+  value = {
+    "admin" = okta_app_bookmark.this.admin_note
+    "user"  = okta_app_bookmark.this.enduser_note
+  }
+}
+
+output "custom_error_page" {
+  description = "The URL for custom error page."
+  value       = okta_app_bookmark.this.accessibility_error_redirect_url
+}
+
+output "group_assignments" {
+  description = "The information for the assigned groups by the Okta group rule."
+  value = [
+    for group in data.okta_group.this :
+    group.name
+  ]
+}
+
+# output "debug" {
+#   value = {
+#     for k, v in okta_app_bookmark.this :
+#     k => v
+#     if !contains(["id", "label", "url", "status", "authentication_policy", "accessibility_error_redirect_url", "timeouts", "request_integration", "accessibility_login_redirect_url", "accessibility_self_service", "hide_ios", "hide_web", "enduser_note", "admin_note", "auto_submit_toolbar", "logo", "logo_url", "name", "sign_on_mode"], k)
+#   }
+# }
diff --git a/modules/bookmark-app/variables.tf b/modules/bookmark-app/variables.tf
@@ -0,0 +1,95 @@
+variable "name" {
+  description = "(Required) The label of the Okta bookmark application. The application's display name."
+  type        = string
+  nullable    = false
+}
+
+variable "url" {
+  description = "(Required) The URL of the Okta bookmark application."
+  type        = string
+  nullable    = false
+}
+
+variable "logo_path" {
+  description = "(Optional) A local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size."
+  type        = string
+  default     = null
+  nullable    = true
+}
+
+variable "enabled" {
+  description = "(Optional) Whether to enable the Okta bookmark application. Defaults to `true`."
+  type        = bool
+  default     = true
+  nullable    = false
+}
+
+variable "sign_on" {
+  description = <<EOF
+  (Optional) A configurations for application sign-on. `sign_on` block as defined below.
+    (Optional) `authentication_policy` - The ID of the authentication policy to associate to the applicatioauthentication policy to associate to the application. If this is removed from the application the default sign-on-policy will be associated with this application.
+  EOF
+  type = object({
+    authentication_policy = optional(string)
+  })
+  default  = {}
+  nullable = false
+}
+
+variable "notes" {
+  description = <<EOF
+  (Optional) A configurations for application notes. `notes` block as defined below.
+    (Optional) `admin` - Application notes for admins.
+    (Optional) `user` - Application notes for end users.
+  EOF
+  type = object({
+    admin = optional(string, "")
+    user  = optional(string, "")
+  })
+  default  = {}
+  nullable = false
+}
+
+# variable "self_service_enabled" {
+#   description = "(Optional) Whether to enable self-service. Defaults to `false`."
+#   default     = false
+#   type        = bool
+#   nullable    = false
+# }
+
+variable "custom_error_page" {
+  description = "(Optional) The URL for custom error page."
+  type        = string
+  default     = null
+  nullable    = true
+}
+
+variable "hide_app_on_ios" {
+  description = "(Optional) Whether to hide application icon on mobile app. Defaults to `false`."
+  type        = bool
+  default     = false
+  nullable    = false
+}
+
+variable "hide_app_on_web" {
+  description = "(Optional) Whether to hide application icon on web. Defaults to `false`."
+  type        = bool
+  default     = false
+  nullable    = false
+}
+
+variable "group_assignments" {
+  description = <<EOF
+  (Optional) A configurations to assign groups for the Okta bookmark application. Each item of `group_assignments` block as defined below.
+    (Required) `group` - The ID of the group to assign.
+    (Optional) `priority` - A priority of group assignment
+    (Optional) `profile` - JSON document containing application profile.
+  EOF
+  type = list(object({
+    group    = string
+    priority = optional(number)
+    profile  = optional(map(string), {})
+  }))
+  default  = []
+  nullable = false
+}
diff --git a/modules/bookmark-app/versions.tf b/modules/bookmark-app/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.6"
+
+  required_providers {
+    okta = {
+      source  = "okta/okta"
+      version = ">= 4.8"
+    }
+  }
+}