Validate credentials in provider configure func (#579)

* Revert "Merge pull request #571 from okta/panic_when_unauth" This reverts commit 9997705, reversing changes made to 3d825ad. * provider: validate credentials during initial config * return all errors * Keep some changes Co-authored-by: Bogdan Prodan <bogdan.prodan@okta.com>
okta · Aug 13, 2021 · 8ccea2e · 8ccea2e
1 parent ec76ba9
commit 8ccea2e
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 49 deletions.
diff --git a/okta/config.go b/okta/config.go
@@ -51,7 +51,7 @@ type (
 	}
 )
 
-func (c *Config) loadAndValidate() error {
+func (c *Config) loadAndValidate(ctx context.Context) error {
 	logLevel := hclog.Level(c.logLevel)
 	if os.Getenv("TF_LOG") != "" {
 		logLevel = hclog.LevelFromString(os.Getenv("TF_LOG"))
@@ -68,14 +68,14 @@ func (c *Config) loadAndValidate() error {
 		retryableClient.RetryWaitMax = time.Second * time.Duration(c.maxWait)
 		retryableClient.RetryMax = c.retryCount
 		retryableClient.Logger = c.logger
-		retryableClient.HTTPClient.Transport = transport.NewAuthTransport(logging.NewTransport("Okta", retryableClient.HTTPClient.Transport))
+		retryableClient.HTTPClient.Transport = logging.NewTransport("Okta", retryableClient.HTTPClient.Transport)
 		retryableClient.ErrorHandler = errHandler
 		retryableClient.CheckRetry = checkRetry
 		httpClient = retryableClient.StandardClient()
 		c.logger.Info(fmt.Sprintf("running with backoff http client, wait min %d, wait max %d, retry max %d", retryableClient.RetryWaitMin, retryableClient.RetryWaitMax, retryableClient.RetryMax))
 	} else {
 		httpClient = cleanhttp.DefaultClient()
-		httpClient.Transport = transport.NewAuthTransport(logging.NewTransport("Okta", httpClient.Transport))
+		httpClient.Transport = logging.NewTransport("Okta", httpClient.Transport)
 		c.logger.Info("running with default http client")
 	}
 
@@ -112,6 +112,11 @@ func (c *Config) loadAndValidate() error {
 	if err != nil {
 		return err
 	}
+
+	if _, _, err := client.User.GetUser(ctx, "me"); err != nil {
+		return fmt.Errorf("invalid credentials: %w", err)
+	}
+
 	c.oktaClient = client
 	c.supplementClient = &sdk.APISupplement{
 		RequestExecutor: client.GetRequestExecutor(),

diff --git a/okta/internal/transport/auth.go b/okta/internal/transport/auth.go
diff --git a/okta/provider.go b/okta/provider.go
@@ -313,7 +313,7 @@ func deprecateIncorrectNaming(d *schema.Resource, newResource string) *schema.Re
 	return d
 }
 
-func providerConfigure(_ context.Context, d *schema.ResourceData) (interface{}, diag.Diagnostics) {
+func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}, diag.Diagnostics) {
 	log.Printf("[INFO] Initializing Okta client")
 	config := Config{
 		orgName:        d.Get("org_name").(string),
@@ -334,8 +334,8 @@ func providerConfigure(_ context.Context, d *schema.ResourceData) (interface{},
 	if v := os.Getenv("OKTA_API_SCOPES"); v != "" && len(config.scopes) == 0 {
 		config.scopes = strings.Split(v, ",")
 	}
-	if err := config.loadAndValidate(); err != nil {
-		return nil, diag.Errorf("[ERROR] Error initializing the Okta SDK clients: %v", err)
+	if err := config.loadAndValidate(ctx); err != nil {
+		return nil, diag.Errorf("[ERROR] invalid configuration: %v", err)
 	}
 	return &config, nil
 }