Ssaxena/import terraform id fix (#69)

* ProjectGroup resource Terraform Id changes

* Populated ProjectGroup Id as ASA Project Group UUID

* Added comment

* Added ASA resource uuid for group & server enrollment token

* nit

* Fixed test

* Delete darwin_amd64

* Added Documentation for import and fixed import error messages

* Fixed tests and changed pattern for user resource too

* Bring Id pattern changes for project and AD Task Settings from PR #65

Id Pattern changes were spread across 2 PRs. I think it's better to have one PR for these changes as it's related and will help in versioning too. It will also unblock other PRs.

* Docs check fix

* Fixed id pattern divider

* doc update check

Makefile

@@ -3,7 +3,7 @@ NAMESPACE=pam
 NAME=oktapam
 BINARY=terraform-provider-${NAME}
 # On verion changes, update tag-checks.yml
-VERSION=0.2.2
+VERSION=0.3.0
 OS_ARCH=$(shell go env GOOS)_$(shell go env GOARCH)
 PLUGIN_DIR=~/.terraform.d/plugins
 DOCGEN_RESOURCES_DIR=docgen-resources

docs/data-sources/project.md

@@ -28,7 +28,6 @@ Returns a previously created ASA Project. For details, [Projects](https://help.o
 - `id` (String) The ID of this resource.
 - `next_unix_gid` (Number) The GID to use when creating a new ASA Server User. Default value starts at 63001.
 - `next_unix_uid` (Number) The UID to use when creating a new ASA Server User. Default value starts at 60001.
-- `project_id` (String) UUID of ASA Project.
 - `rdp_session_recording` (Boolean) If `true`, enable remote desktop protocol (RDP) recording on all servers in the ASA Project.
 - `require_preauth_for_creds` (Boolean) If `true`, require preauthorization before an ASA User can retrieve credentials to sign in.
 - `ssh_certificate_type` (String) The SSH certificate type used by access requests. Options include: [`CERT_TYPE_ED25519_01`, `CERT_TYPE_ECDSA_521_01`, `CERT_TYPE_ECDSA_384_01`, `CERT_TYPE_ECDSA_256_01`, `CERT_TYPE_RSA_01`]. 'CERT_TYPE_RSA_01' is a deprecated key algorithm type. This option should only be used to connect to legacy systems that cannot use newer SSH versions. If you do need to use 'CERT_TYPE_RSA_01', it is recommended to connect via a gateway with traffic forwarding. Otherwise, please use a more current key algorithm. If left unspecified, 'CERT_TYPE_ED25519_01' is used by default.

docs/resources/ad_connection.md

@@ -34,4 +34,11 @@ An Active Directory (AD) Connection to query AD Domain for available servers. Fo
 - `deleted_at` (String) The UTC time of resource deletion. Format is '2022-01-01 00:00:00 +0000 UTC'.
 - `id` (String) The ID of this resource.
 
+## Import
 
+Import is supported using the following syntax:
+
+```shell
+# Gateway Setup Token can be imported using ID of this resource, e.g.,
+terraform import oktapam_ad_connection.example {{id}}
+```

docs/resources/ad_task_settings.md

@@ -65,4 +65,11 @@ Optional:
 
 - `is_guid` (Boolean) Identifies an AD attribute as a Globally Unique Identifier (GUID)
 
+## Import
 
+Import is supported using the following syntax:
+
+```shell
+# AD Task Settings can be imported using AD Connection ID and ID of this resource separated by a forward slash (/), e.g.,
+terraform import oktapam_ad_task_settings.example {{connection_id}}/{{id}}
+```

docs/resources/gateway_setup_token.md

@@ -26,4 +26,11 @@ A token for ASA Gateway enrollment. For details, see [Configure an Advanced Serv
 - `id` (String) The ID of this resource.
 - `token` (String) The secret used for resource enrollment.
 
+## Import
 
+Import is supported using the following syntax:
+
+```shell
+# Gateway Setup Token can be imported using ID of this resource, e.g.,
+terraform import oktapam_gateway_setup_token.example {{id}}
+```

docs/resources/group.md

@@ -28,4 +28,11 @@ A set of ASA Users. For details, see [Groups](https://help.okta.com/asa/en-us/Co
 - `deleted_at` (String) The UTC time of resource deletion. Format is '2022-01-01 00:00:00 +0000 UTC'.
 - `id` (String) The ID of this resource.
 
+## Import
 
+Import is supported using the following syntax:
+
+```shell
+# Group can be imported using Group Name, e.g.,
+terraform import oktapam_group.example {{name}}
+```

docs/resources/kubernetes_cluster.md

@@ -29,4 +29,11 @@ Beta Feature: Represents a Kubernetes cluster that has been registered with ASA.
 - `id` (String) The ID of this resource.
 - `oidc_issuer_url` (String) The OIDC Issuer URL to use when configuring your Kubernetes cluster.
 
+## Import
 
+Import is supported using the following syntax:
+
+```shell
+# Kubernetes Cluster can be imported using ID of this resource, e.g.,
+terraform import oktapam_kubernetes_cluster.example {{id}}
+```

docs/resources/kubernetes_cluster_connection.md

@@ -28,4 +28,11 @@ Beta Feature: A set of details describing how to connect to an existing Kubernet
 
 - `id` (String) The ID of this resource.
 
+## Import
 
+Import is supported using the following syntax:
+
+```shell
+# Kubernetes Cluster Connection can be imported using ID of this resource, e.g.,
+terraform import oktapam_kubernetes_cluster_connection.example {{id}}
+```

docs/resources/kubernetes_cluster_group.md

@@ -28,4 +28,11 @@ Beta Feature: A mapping of Kubernetes cluster to an ASA Group. Members of the pr
 
 - `id` (String) The ID of this resource.
 
+## Import
 
+Import is supported using the following syntax:
+
+```shell
+# Kubernetes Cluster Group can be imported using ID of this resource, e.g.,
+terraform import oktapam_kubernetes_cluster_group.example {{id}}
+```

docs/resources/project.md

@@ -35,7 +35,13 @@ An ASA construct that contains servers and is used to grant end users access to
 
 - `deleted_at` (String) The UTC time of resource deletion. Format is '2022-01-01 00:00:00 +0000 UTC'.
 - `id` (String) The ID of this resource.
-- `project_id` (String) UUID of ASA Project.
 - `team` (String) The human-readable name of the ASA Team that owns the resource. Values are lower-case.
 
+## Import
 
+Import is supported using the following syntax:
+
+```shell
+# Project can be imported using Project Name, e.g.,
+terraform import oktapam_project.example {{name}}
+```

docs/resources/project_group.md

@@ -33,4 +33,11 @@ Assigns an ASA Group to a Project and configures how that group is created on se
 - `id` (String) The ID of this resource.
 - `removed_at` (String) UTC time of resource removal from parent resource. Format is '2022-01-01 00:00:00 +0000 UTC'.
 
+## Import
 
+Import is supported using the following syntax:
+
+```shell
+# Project Group can be imported using Project Name and Group Name separated by a forward slash (/), e.g.,
+terraform import oktapam_project_group.example {{project_name}}/{{group_name}}
+```

docs/resources/server_enrollment_token.md

@@ -27,4 +27,11 @@ A token used to enroll servers in an ASA Project. For details, see [Enroll a ser
 - `issued_at` (String) The UTC time when the token was issued. Format is '2022-01-01 00:00:00 +0000 UTC'.
 - `token` (String) The secret used for resource enrollment.
 
+## Import
 
+Import is supported using the following syntax:
+
+```shell
+# Server Enrollment Token can be imported using Project Name and ID of the resource separated by a forward slash (/), e.g.,
+terraform import oktapam_server_enrollment_token.example {{project_name}}/{{id}}
+```

docs/resources/user.md

@@ -31,4 +31,11 @@ An ASA User. Valid user types are `human` and `service`. For more information ch
 - `server_user_name` (String) The name of the corresponding ASA Server User.
 - `team_name` (String) The human-readable name of the ASA Team that owns the resource. Values are lower-case.
 
+## Import
 
+Import is supported using the following syntax:
+
+```shell
+# User can be imported using User Name and User Type of the resource separated by a forward slash (/), e.g.,
+terraform import oktapam_user.example {{name}}/{{type}}
+```

examples/oktapam_ad_connection/ad_connection_example.tf

@@ -41,7 +41,7 @@ resource "oktapam_ad_task_settings" "test_ad_task_settings" {
   rule_assignments {
     base_dn           = "ou=real,dc=dev-test,dc=sudo,dc=wtf"
     ldap_query_filter = "(objectclass=computer)"
-    project_id        = oktapam_project.test_project.project_id
+    project_id        = oktapam_project.test_project.id
     priority          = 1
   }
 }

examples/resources/oktapam_ad_connection/import.sh

@@ -0,0 +1,2 @@
+# Gateway Setup Token can be imported using ID of this resource, e.g.,
+terraform import oktapam_ad_connection.example {{id}}

examples/resources/oktapam_ad_task_settings/import.sh

@@ -0,0 +1,2 @@
+# AD Task Settings can be imported using AD Connection ID and ID of this resource separated by a forward slash (/), e.g.,
+terraform import oktapam_ad_task_settings.example {{connection_id}}/{{id}}

examples/resources/oktapam_gateway_setup_token/import.sh

@@ -0,0 +1,2 @@
+# Gateway Setup Token can be imported using ID of this resource, e.g.,
+terraform import oktapam_gateway_setup_token.example {{id}}

examples/resources/oktapam_group/import.sh

@@ -0,0 +1,2 @@
+# Group can be imported using Group Name, e.g.,
+terraform import oktapam_group.example {{name}}

examples/resources/oktapam_kubernetes_cluster/import.sh

@@ -0,0 +1,2 @@
+# Kubernetes Cluster can be imported using ID of this resource, e.g.,
+terraform import oktapam_kubernetes_cluster.example {{id}}

examples/resources/oktapam_kubernetes_cluster_connection/import.sh

@@ -0,0 +1,2 @@
+# Kubernetes Cluster Connection can be imported using ID of this resource, e.g.,
+terraform import oktapam_kubernetes_cluster_connection.example {{id}}

examples/resources/oktapam_kubernetes_cluster_group/import.sh

@@ -0,0 +1,2 @@
+# Kubernetes Cluster Group can be imported using ID of this resource, e.g.,
+terraform import oktapam_kubernetes_cluster_group.example {{id}}

examples/resources/oktapam_project/import.sh

@@ -0,0 +1,2 @@
+# Project can be imported using Project Name, e.g.,
+terraform import oktapam_project.example {{name}}

examples/resources/oktapam_project_group/import.sh

@@ -0,0 +1,2 @@
+# Project Group can be imported using Project Name and Group Name separated by a forward slash (/), e.g.,
+terraform import oktapam_project_group.example {{project_name}}/{{group_name}}

examples/resources/oktapam_server_enrollment_token/import.sh

@@ -0,0 +1,2 @@
+# Server Enrollment Token can be imported using Project Name and ID of the resource separated by a forward slash (/), e.g.,
+terraform import oktapam_server_enrollment_token.example {{project_name}}/{{id}}

examples/resources/oktapam_user/import.sh

@@ -0,0 +1,2 @@
+# User can be imported using User Name and User Type of the resource separated by a forward slash (/), e.g.,
+terraform import oktapam_user.example {{name}}/{{type}}

oktapam/client/project.go

@@ -37,7 +37,7 @@ func (p Project) ToResourceMap() map[string]interface{} {
 		m[attributes.Name] = *p.Name
 	}
 	if p.ID != nil {
-		m[attributes.ProjectID] = *p.ID
+		m[attributes.ID] = *p.ID
 	}
 	if p.Team != nil {
 		m[attributes.Team] = *p.Team
@@ -200,4 +200,4 @@ func (c OktaPAMClient) DeleteProject(ctx context.Context, projectName string) er
 
 	_, err = checkStatusCode(resp, http.StatusNoContent, http.StatusNotFound)
 	return err
-}
+}

oktapam/client/project_group.go

@@ -16,6 +16,7 @@ import (
 )
 
 type ProjectGroup struct {
+	ID                *string `json:"id"`
 	Project           *string `json:"_"`
 	Group             *string `json:"group"`
 	DeletedAt         *string `json:"deleted_at,omitempty"`
@@ -176,6 +177,10 @@ func (p ListProjectGroupsParameters) toQueryParametersMap() map[string]string {
 	return m
 }
 
+func (pg ProjectGroup) Exists() bool {
+	return utils.IsNonEmpty(pg.ID)
+}
+
 type ProjectGroupsListResponse struct {
 	ProjectGroups []ProjectGroup `json:"list"`
 }

oktapam/client/user.go

@@ -17,6 +17,7 @@ import (
 )
 
 type User struct {
+	ID             *string                   `json:"id"`
 	Name           *string                   `json:"name"`
 	TeamName       *string                   `json:"team_name"`
 	ServerUserName *string                   `json:"server_user_name,omitempty"`
@@ -51,6 +52,9 @@ func UserFromMap(m map[string]interface{}) (*User, error) {
 func (su User) ToResourceMap() map[string]interface{} {
 	m := make(map[string]interface{}, 2)
 
+	if su.ID != nil {
+		m[attributes.ID] = *su.ID
+	}
 	if su.Name != nil {
 		m[attributes.Name] = *su.Name
 	}

oktapam/data_source_group.go

@@ -57,9 +57,11 @@ func dataSourceGroupFetch(ctx context.Context, d *schema.ResourceData, m interfa
 	}
 
 	if group != nil {
-		d.SetId(*group.Name)
+		d.SetId(*group.ID)
 		for key, value := range group.ToResourceMap() {
-			d.Set(key, value)
+			if err := d.Set(key, value); err != nil {
+				return diag.FromErr(err)
+			}
 		}
 	} else {
 		logging.Infof("group %s does not exist", name)

oktapam/data_source_project.go

@@ -27,11 +27,6 @@ func dataSourceProject() *schema.Resource {
 				Computed: true,
 				// Description is autogenerated
 			},
-			attributes.ProjectID: {
-				Type:        schema.TypeString,
-				Computed:    true,
-				Description: descriptions.ProjectID,
-			},
 			attributes.Team: {
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -104,12 +99,12 @@ func dataSourceProjectFetch(ctx context.Context, d *schema.ResourceData, m inter
 	}
 
 	if project != nil {
-		d.SetId(*project.Name)
+		d.SetId(*project.ID)
 		for key, value := range project.ToResourceMap() {
 			d.Set(key, value)
 		}
 	} else {
 		logging.Infof("project %s does not exist", name)
 	}
 	return nil
-}
+}

oktapam/data_source_project_group.go

@@ -2,7 +2,6 @@ package oktapam
 
 import (
 	"context"
-
 	"github.com/okta/terraform-provider-oktapam/oktapam/constants/attributes"
 	"github.com/okta/terraform-provider-oktapam/oktapam/constants/descriptions"
 	"github.com/okta/terraform-provider-oktapam/oktapam/logging"
@@ -67,30 +66,25 @@ func dataSourceProjectGroup() *schema.Resource {
 func dataSourceProjectGroupFetch(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	c := m.(client.OktaPAMClient)
 
-	group := d.Get(attributes.GroupName).(string)
-	if group == "" {
-		return diag.Errorf("%s cannot be blank", attributes.GroupName)
-	}
-
-	project := d.Get(attributes.ProjectName).(string)
-	if project == "" {
-		return diag.Errorf("%s cannot be blank", attributes.ProjectName)
-	}
+	projectName := d.Get(attributes.ProjectName).(string)
+	groupName := d.Get(attributes.GroupName).(string)
 
-	projectGroup, err := c.GetProjectGroup(ctx, project, group)
+	projectGroup, err := c.GetProjectGroup(ctx, projectName, groupName)
 	if err != nil {
 		return diag.FromErr(err)
 	}
 
 	if projectGroup != nil {
-		d.SetId(createProjectGroupResourceID(*projectGroup.Project, *projectGroup.Group))
+		d.SetId(*projectGroup.ID)
 		resourceMap, err := projectGroup.ToResourceMap()
 		if err != nil {
 			return diag.FromErr(err)
 		}
 
 		for key, value := range resourceMap {
-			d.Set(key, value)
+			if err := d.Set(key, value); err != nil {
+				return diag.FromErr(err)
+			}
 		}
 	} else {
 		logging.Infof("project group belonging to project %s and group %s does not exist", *projectGroup.Project, *projectGroup.Group)

oktapam/data_source_server_enrollment_token.go

@@ -67,9 +67,11 @@ func dataSourceServerEnrollmentTokenFetch(ctx context.Context, d *schema.Resourc
 	}
 
 	if token != nil {
-		d.SetId(createServerEnrollmentTokenResourceID(*token.Project, *token.ID))
+		d.SetId(*token.ID)
 		for key, value := range token.ToResourceMap() {
-			d.Set(key, value)
+			if err := d.Set(key, value); err != nil {
+				return diag.FromErr(err)
+			}
 		}
 	} else {
 		return diag.Errorf("%s %s does not exist", providerServerEnrollmentTokenKey, id)
@@ -79,10 +81,6 @@ func dataSourceServerEnrollmentTokenFetch(ctx context.Context, d *schema.Resourc
 }
 
 func getRequiredServerEnrollmentTokenAttributes(d *schema.ResourceData) (string, string, error) {
-	if d.Id() != "" {
-		return parseServerEnrollmentTokenResourceID(d.Id())
-	}
-
 	id := getStringPtr(attributes.ID, d, false)
 	if id == nil {
 		return "", "", fmt.Errorf(errors.MissingAttributeError, attributes.ID)