data_source_okta_users omits admin_roles

[exitcode0]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v1.0.11
on darwin_arm64
+ provider registry.terraform.io/okta/okta v3.22.0

Affected Resource(s)

• data_source_okta_users

Terraform Configuration Files

data "okta_users" "BLAH" {
  search {
    name = "profile.login"
    comparison = "eq"
    value = "exact.email.address@domain.com"
  }
}

output "testing" {
  value = data.okta_users.BLAH.users
}

output "testing2" {
  value = [for user in data.okta_users.BLAH.users : user.id if length(user.admin_roles) > 0]
}

Debug Output

Panic Output

Expected Behavior

when the user in question is a super admin, i'd expect testing2 output to contain the users ID and testing1 to contain an entry similar to "admin_roles" = toset(["SUPER_ADMIN"])

Actual Behavior

the output testing2 outputs as empty and testing1 correctly outputs the user object but the admins roles entry shows as "admin_roles" = toset([])

Steps to Reproduce

1. terraform refresh

Important Factoids

References

• #0000

[monde]

Thanks @exitcode0 I'll look into this, thanks!

[exitcode0]

it seems that data_source_okta_users calls /api/v1/users
which does not return admin roles for the users

the documentation for the datasource Here would suggest that this is possible

So I guess either the doco here is missleading and should be updated or the implementation or data_source_okta_users needs to be changed to include this as an option
perhaps with a skip_roles similar to data_source_okta_user with a default value of true

[exitcode0]

My workaround for this for now in case someone else comes across this issue

resource "okta_resource_set" "okta_admins" {
  label       = "okta_admins"
  description = "okta_admins"

  resources = [
    "https://${local.org_name}.${local.base_url}/api/v1/groups/${okta_group.okta_admins.id}/users",
  ]
}
resource "okta_group" "okta_admins" {
  name        = "okta_admins"
  description = "Users with okta admin permissions. Membership to this group is managed by terraform."
  skip_users  = true

}
resource "okta_group_memberships" "okta_admins" {
  group_id = okta_group.okta_admins.id
  users = [
    for user in data.okta_app_user_assignments.okta_admin_console.users :
    user
  ]
}
data "okta_app" "okta_admin_console" {
  label = "Okta Admin Console"
}
data "okta_app_user_assignments" "okta_admin_console" {
  id = data.okta_app.okta_admin_console.id
}

[monde]

being addressed in #1159

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days