fix tests and remove legacy code

internal/consts/consts.go

@@ -500,6 +500,7 @@ const (
 	MountTypeTerraform    = "terraform"
 	MountTypeNone         = "none"
 	MountTypeSAML         = "saml"
+	MountTypeOkta         = "okta"
 
 	/*
 		Vault version constants

vault/auth_token.go

@@ -75,6 +75,7 @@ func addTokenFields(fields map[string]*schema.Schema, config *addTokenFieldsConf
 		Type:          schema.TypeInt,
 		Description:   "The maximum lifetime of the generated token",
 		Optional:      true,
+		Computed:      true,
 		ConflictsWith: config.TokenMaxTTLConflict,
 	}
 
@@ -112,6 +113,7 @@ func addTokenFields(fields map[string]*schema.Schema, config *addTokenFieldsConf
 		Type:          schema.TypeInt,
 		Description:   "The initial ttl of the token to generate in seconds",
 		Optional:      true,
+		Computed:      true,
 		ConflictsWith: config.TokenTTLConflict,
 	}
 

vault/resource_okta_auth_backend.go

@@ -85,6 +85,7 @@ func oktaAuthBackendResource() *schema.Resource {
 			Description:  "Duration after which authentication will be expired",
 			ValidateFunc: validateOktaTTL,
 			StateFunc:    normalizeOktaTTL,
+			Deprecated:   "Deprecated. Please use `token_ttl` instead.",
 		},
 
 		"max_ttl": {
@@ -95,6 +96,7 @@ func oktaAuthBackendResource() *schema.Resource {
 			Default:      "0",
 			ValidateFunc: validateOktaTTL,
 			StateFunc:    normalizeOktaTTL,
+			Deprecated:   "Deprecated. Please use `token_max_ttl` instead.",
 		},
 
 		"group": {
@@ -305,7 +307,7 @@ func oktaAuthBackendRead(ctx context.Context, d *schema.ResourceData, meta inter
 	path := d.Id()
 	log.Printf("[DEBUG] Reading auth %s from Vault", path)
 
-	mount, err := mountutil.GetAuthMount(context.Background(), client, path)
+	mount, err := mountutil.GetAuthMount(ctx, client, path)
 	if errors.Is(err, mountutil.ErrMountNotFound) {
 		log.Printf("[WARN] Mount %q not found, removing from state.", path)
 		d.SetId("")
@@ -363,24 +365,6 @@ func oktaReadAuthConfig(client *api.Client, path string, d *schema.ResourceData)
 		return err
 	}
 
-	// map schema config TTL strings to okta auth TTL params.
-	// the provider input type of string does not match Vault's API of int64
-	ttlFieldMap := map[string]string{
-		"ttl":     "token_ttl",
-		"max_ttl": "token_max_ttl",
-	}
-	for k, v := range ttlFieldMap {
-		if v, ok := config.Data[v]; ok {
-			s, err := parseutil.ParseString(v)
-			if err != nil {
-				return err
-			}
-			if err := d.Set(k, s); err != nil {
-				return err
-			}
-		}
-	}
-
 	params := []string{
 		"base_url",
 		"bypass_okta_mfa",
@@ -419,14 +403,6 @@ func oktaAuthBackendUpdate(ctx context.Context, d *schema.ResourceData, meta int
 		"token":           d.Get("token"),
 	}
 
-	if ttl, ok := d.GetOk("ttl"); ok {
-		configuration["ttl"] = ttl
-	}
-
-	if maxTtl, ok := d.GetOk("max_ttl"); ok {
-		configuration["max_ttl"] = maxTtl
-	}
-
 	updateTokenFields(d, configuration, false)
 
 	_, err := client.Logical().Write(oktaConfigEndpoint(path), configuration)

vault/resource_okta_auth_backend_group_test.go

@@ -21,6 +21,7 @@ func TestAccOktaAuthBackendGroup_basic(t *testing.T) {
 	t.Parallel()
 	path := "okta-" + strconv.Itoa(acctest.RandInt())
 	organization := "dummy"
+	resourceName := "vault_okta_auth_backend_group.test"
 
 	resource.Test(t, resource.TestCase{
 		ProviderFactories: providerFactories,
@@ -31,7 +32,11 @@ func TestAccOktaAuthBackendGroup_basic(t *testing.T) {
 				Config: testAccOktaAuthGroupConfig_basic(path, organization),
 				Check: resource.ComposeTestCheckFunc(
 					testAccOktaAuthBackendGroup_InitialCheck,
-					testAccOktaAuthBackend_GroupsCheck(path, "foo", []string{"one", "two", "default"}),
+					resource.TestCheckResourceAttr(resourceName, "group_name", "foo"),
+					resource.TestCheckResourceAttr(resourceName, "policies.#", "3"),
+					resource.TestCheckResourceAttr(resourceName, "policies.0", "default"),
+					resource.TestCheckResourceAttr(resourceName, "policies.1", "one"),
+					resource.TestCheckResourceAttr(resourceName, "policies.2", "two"),
 				),
 			},
 			{
@@ -48,6 +53,7 @@ func TestAccOktaAuthBackendGroup_specialChar(t *testing.T) {
 	t.Parallel()
 	path := "okta-" + strconv.Itoa(acctest.RandInt())
 	organization := "dummy"
+	resourceName := "vault_okta_auth_backend_group.test"
 
 	resource.Test(t, resource.TestCase{
 		ProviderFactories: providerFactories,
@@ -58,7 +64,11 @@ func TestAccOktaAuthBackendGroup_specialChar(t *testing.T) {
 				Config: testAccOktaAuthGroupConfig_specialChar(path, organization),
 				Check: resource.ComposeTestCheckFunc(
 					testAccOktaAuthBackendGroup_InitialCheck,
-					testAccOktaAuthBackend_GroupsCheck(path, "foo/bar", []string{"one", "two", "default"}),
+					resource.TestCheckResourceAttr(resourceName, "group_name", "foo/bar"),
+					resource.TestCheckResourceAttr(resourceName, "policies.#", "3"),
+					resource.TestCheckResourceAttr(resourceName, "policies.0", "default"),
+					resource.TestCheckResourceAttr(resourceName, "policies.1", "one"),
+					resource.TestCheckResourceAttr(resourceName, "policies.2", "two"),
 				),
 			},
 			{