diff --git a/packages/okta-adapter/src/definitions/deploy/deploy.ts b/packages/okta-adapter/src/definitions/deploy/deploy.ts index 45f527ec58e..ae8aea87712 100644 --- a/packages/okta-adapter/src/definitions/deploy/deploy.ts +++ b/packages/okta-adapter/src/definitions/deploy/deploy.ts @@ -483,7 +483,16 @@ const createCustomizations = (): Record => return { value: { name, - ..._.omit(transformed, [ID_FIELD, LINKS_FIELD, CUSTOM_NAME_FIELD, ...APP_POLICIES]), + ..._.omit(transformed, [ + ID_FIELD, + LINKS_FIELD, + CUSTOM_NAME_FIELD, + ...APP_POLICIES, + 'applicationUserProvisioning', + 'applicationInboundProvisioning', + 'applicationProvisioningUsers', + 'applicationProvisioningGeneral', + ]), }, } }, @@ -491,6 +500,120 @@ const createCustomizations = (): Record => }, }, ...createDeployAppPolicyRequests(), + { + condition: { + skipIfIdentical: true, + transformForCheck: { + root: 'applicationUserProvisioning.capabilities', + }, + }, + request: { + endpoint: { + path: '/api/v1/apps/{id}/features/USER_PROVISIONING', + method: 'put', + }, + transformation: { + root: 'applicationUserProvisioning.capabilities', + }, + }, + }, + { + condition: { + skipIfIdentical: true, + transformForCheck: { + root: 'applicationInboundProvisioning.capabilities', + }, + }, + request: { + endpoint: { + path: '/api/v1/apps/{id}/features/INBOUND_PROVISIONING', + method: 'put', + }, + transformation: { + root: 'applicationInboundProvisioning.capabilities', + }, + }, + }, + { + condition: { + custom: + () => + ({ change }) => + getChangeData(change).value.applicationInboundProvisioning?.status === 'ENABLED', + transformForCheck: { + pick: ['applicationInboundProvisioning.status'], + }, + }, + request: { + endpoint: { + path: '/api/v1/apps/{id}/connections/default/lifecycle/activate', + method: 'post', + }, + transformation: { + root: 'applicationInboundProvisioning.status', + }, + }, + }, + { + condition: { + custom: + () => + ({ change }) => + getChangeData(change).value.applicationInboundProvisioning?.status === 'DISABLED', + transformForCheck: { + pick: ['applicationInboundProvisioning.status'], + }, + }, + request: { + endpoint: { + path: '/api/v1/apps/{id}/connections/default/lifecycle/deactivate', + method: 'post', + }, + transformation: { + pick: ['applicationInboundProvisioning.status'], + }, + }, + }, + { + condition: { + skipIfIdentical: true, + transformForCheck: { + root: 'applicationProvisioningUsers', + }, + }, + request: { + endpoint: { + path: '/api/v1/internal/apps/{id}/settings/importMatchRules', + client: 'private', + method: 'post', + }, + transformation: { + root: 'applicationProvisioningUsers', + single: false, + }, + }, + copyFromResponse: { + updateServiceIDs: false, + }, + }, + { + condition: { + skipIfIdentical: true, + transformForCheck: { + root: 'applicationProvisioningGeneral', + }, + }, + request: { + endpoint: { + path: '/api/v1/internal/apps/instance/{id}/settings/user-mgmt-general', + client: 'private', + method: 'post', + }, + transformation: { + root: 'applicationProvisioningGeneral', + }, + }, + }, ], remove: [ { diff --git a/packages/okta-adapter/src/definitions/fetch/fetch.ts b/packages/okta-adapter/src/definitions/fetch/fetch.ts index dd984c47ea1..0aa5bde19e8 100644 --- a/packages/okta-adapter/src/definitions/fetch/fetch.ts +++ b/packages/okta-adapter/src/definitions/fetch/fetch.ts @@ -371,6 +371,44 @@ const createCustomizations = ({ }, }, }, + applicationUserProvisioning: { + typeName: 'ApplicationUserProvisioning', + conditions: [ + { + fromField: 'name', + match: ['^google$', '^office365$', '^okta_org2org$', '^slack$', '^zoomus$', '^zscalerbyz$'], + }, + // Provisioning is only available for apps with features, but it's possible for an app to have features without provisioning. + { fromField: 'features', match: ['.+'] }, + ], + context: { + args: { + appId: { + root: 'id', + }, + }, + }, + single: true, + }, + applicationInboundProvisioning: { + typeName: 'ApplicationInboundProvisioning', + conditions: [ + { + fromField: 'name', + match: ['^google$', '^office365$', '^okta_org2org$', '^zoomus$', '^slack$'], + }, + // Provisioning is only available for apps with features, but it's possible for an app to have features without provisioning. + { fromField: 'features', match: ['.+'] }, + ], + context: { + args: { + appId: { + root: 'id', + }, + }, + }, + single: true, + }, ...(usePrivateAPI ? { GroupPush: { @@ -412,6 +450,43 @@ const createCustomizations = ({ }, ], }, + applicationProvisioningGeneral: { + typeName: 'ApplicationProvisioningGeneral', + conditions: [ + { + fromField: 'name', + match: ['^(?!google$|office365$|okta_org2org$|slack$|zoomus$).*$'], + }, + // Provisioning is only available for apps with features, but it's possible for an app to have features without provisioning. + { fromField: 'features', match: ['.+'] }, + ], + context: { + args: { + appId: { + root: 'id', + }, + }, + }, + single: true, + }, + applicationProvisioningUsers: { + typeName: 'ApplicationProvisioningUsers', + conditions: [ + { + fromField: 'name', + match: ['^(?!google$|office365$|okta_org2org$|slack$|zoomus$).*$'], + }, + // Provisioning is only available for apps with features, but it's possible for an app to have features without provisioning. + { fromField: 'features', match: ['.+'] }, + ], + context: { + args: { + appId: { + root: 'id', + }, + }, + }, + }, } : {}), }, @@ -597,6 +672,69 @@ const createCustomizations = ({ fieldCustomizations: { mappingRuleId: { hide: true } }, }, }, + ApplicationUserProvisioning: { + requests: [ + { + endpoint: { + path: '/api/v1/apps/{appId}/features/USER_PROVISIONING', + }, + transformation: { + omit: ['_links', 'name', 'description', 'status'], + }, + }, + ], + resource: { + directFetch: false, + }, + }, + ApplicationInboundProvisioning: { + requests: [ + { + endpoint: { + path: '/api/v1/apps/{appId}/features/INBOUND_PROVISIONING', + }, + transformation: { + omit: ['_links', 'name', 'description'], + }, + }, + ], + resource: { + directFetch: false, + }, + }, + ApplicationProvisioningGeneral: { + requests: [ + { + endpoint: { + path: '/api/v1/internal/apps/instance/{appId}/settings/user-mgmt-general', + client: 'private', + }, + transformation: { + pick: ['enabled', 'importSettings.userNameTemplate', 'importSettings.importInterval'], + }, + }, + ], + resource: { + directFetch: false, + }, + }, + ApplicationProvisioningUsers: { + requests: [ + { + endpoint: { + path: '/api/v1/internal/apps/{appId}/settings/importMatchRules', + client: 'private', + }, + transformation: { + omit: ['id'], + }, + }, + ], + resource: { + directFetch: false, + serviceIDFields: [], // The default serviceId is 'id' which causes to returned values to be merged since we remove it. + }, + }, } : {}), ProfileMapping: {