Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing properties for PolicyRuleProfileEnrollment #346

Open
rodriguesgm opened this issue Jul 5, 2023 · 1 comment
Open

Missing properties for PolicyRuleProfileEnrollment #346

rodriguesgm opened this issue Jul 5, 2023 · 1 comment
Labels
awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). kind/bug Some behavior is incorrect or out of spec

Comments

@rodriguesgm
Copy link

rodriguesgm commented Jul 5, 2023
edited
Loading

What happened?

Currently there is no way to set scopes for the preRegistrationInlineHooks neither the progressiveProfilingAction attributes of the okta.PolicyRuleProfileEnrollment.

When I create a new following policy:

export const rule = new okta.PolicyRuleProfileEnrollment('policy-name', {
  policyId: 'valid-policy-id',
  unknownUserAction: 'DENY',
  access: 'ALLOW',
  emailVerification: true,
  uiSchemaId: 'valid-schema-id',
  inlineHookId: 'my-inline-hook-id', // the type of the hook is com.okta.user.pre-registration
  profileAttributes: [
    {
      name: 'email',
      label: 'Primary Email',
      required: true,
    }
  ],
});

And them I do I call GET /api/v1/policies/:policyId/rules I have the following response

...
     "actions": {
            "profileEnrollment": {
                "access": "ALLOW",
                "preRegistrationInlineHooks": [
                    {
                        "inlineHookId": "valid-hook-id",
                        "scopes": [
                            "SELF_SERVICE_REGISTRATION"
                        ]
                    }
                ],
                "profileAttributes": [
                    {
                        "name": "email",
                        "label": "Primary Email",
                        "required": true
                    }
                ],
                "targetGroupIds": null,
                "unknownUserAction": "DENY",
                "activationRequirements": {
                    "emailVerification": true
                },
                "uiSchemaId": "valid-schema-id",
            }
        },
...

But, if I go to the Okta Admin Console and just edit and save my Profile Enrollement, without changing anything, and then I do the same GET call,

"actions": {
            "profileEnrollment": {
                "access": "ALLOW",
                "preRegistrationInlineHooks": [
                    {
                        "inlineHookId": "valid-hook-id",
                        "scopes": [
                            "PROGRESSIVE_PROFILING"
                        ]
                    }
                ],
                "profileAttributes": [
                    {
                        "name": "email",
                        "label": "Primary Email",
                        "required": true
                    }
                ],
                "targetGroupIds": null,
                "unknownUserAction": "DENY",
                "activationRequirements": {
                    "emailVerification": true
                },
                "uiSchemaId": "valid-schema-id",
                "progressiveProfilingAction": "ENABLED"
            }
        },

So, the scopes changed from SELF_SERVICE_REGISTRATION to PROGRESSIVE_PROFILING
and I can also see a new progressiveProfilingAction property as ENABLED.

So, How can I set those fields in the pulumi object to make sure it won't change?

Expected Behavior

Need a way to send those properties so it won't change

Steps to reproduce

Already detailed above

Output of pulumi about

CLI          
Version      3.51.0
Go Version   go1.19.4
Go Compiler  gc

Plugins
NAME    VERSION
nodejs  unknown
okta    4.0.5
purrl   0.4.0

Host     
OS       darwin
Version  10.15.7
Arch     x86_64

This project is written in nodejs: executable='/.nvm/versions/node/v16.20.0/bin/node' version='v16.20.0'

Dependencies:
NAME                              VERSION
@types/ejs                        3.1.1
@types/eslint                     8.4.10
ejs                               3.1.8
eslint-plugin-import              2.26.0
@typescript-eslint/eslint-plugin  5.45.0
@typescript-eslint/parser         5.45.0
eslint-config-standard            17.0.0
eslint                            8.28.0
@pulumi/okta                      4.0.5
@pulumiverse/purrl                0.4.0
eslint-plugin-node                11.1.0
eslint-plugin-promise             6.1.1
eslint-plugin-standard            4.1.0
typescript                        4.9.3

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@rodriguesgm rodriguesgm added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Jul 5, 2023
@AaronFriel AaronFriel mentioned this issue Jul 7, 2023
Closed
@AaronFriel
Copy link
Contributor

@rodriguesgm Thanks for flagging this. I'm filing an issue on the upstream provider, because this looks like an API issue where the resource and the API and the web console don't agree.

@AaronFriel AaronFriel added awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). and removed needs-triage Needs attention from the triage team labels Jul 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). kind/bug Some behavior is incorrect or out of spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AaronFriel @rodriguesgm