okta
diff --git a/‎.github/workflows/checks.yml‎
Lines changed: 40 additions & 2 deletions b/‎.github/workflows/checks.yml‎
Lines changed: 40 additions & 2 deletions
diff --git a/‎.github/workflows/tag-checks.yml‎
Lines changed: 0 additions & 63 deletions b/‎.github/workflows/tag-checks.yml‎
Lines changed: 0 additions & 63 deletions
diff --git a/‎Makefile‎
Lines changed: 13 additions & 2 deletions b/‎Makefile‎
Lines changed: 13 additions & 2 deletions
diff --git a/‎Makefile.ci‎
Lines changed: 2 additions & 0 deletions b/‎Makefile.ci‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 12 additions & 1 deletion b/‎README.md‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎docs/data-sources/ad_connections.md‎
Lines changed: 5 additions & 5 deletions b/‎docs/data-sources/ad_connections.md‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎docs/data-sources/ad_user_sync_task_settings.md‎
Lines changed: 11 additions & 11 deletions b/‎docs/data-sources/ad_user_sync_task_settings.md‎
Lines changed: 11 additions & 11 deletions
diff --git a/‎docs/data-sources/ad_user_sync_task_settings_id_list.md‎
Lines changed: 4 additions & 4 deletions b/‎docs/data-sources/ad_user_sync_task_settings_id_list.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎docs/data-sources/gateway_setup_token.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/data-sources/gateway_setup_token.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/data-sources/gateway_setup_tokens.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/data-sources/gateway_setup_tokens.md‎
Lines changed: 1 addition & 1 deletion
@@ -27,7 +27,7 @@ jobs:
           ./scripts/ci-tests.sh
       - run: echo "🍏 This job's status is ${{ job.status }}."
   check3:
-    name: Acceptance Tests
+    name: ASA Acceptance Tests
     # Ensure acceptance tests are only run on okta/terraform-provider-oktapam or if a special label is applied (`run-acceptance-tests`)
     if: github.repository == 'okta/terraform-provider-oktapam' || github.event.label.name == 'run-acceptance-tests'
     runs-on: ubuntu-latest
@@ -42,7 +42,7 @@ jobs:
         with:
           terraform_version: ${{ steps.vars.outputs.tf-version }}
           terraform_wrapper: false
-      - name: Run unit tests
+      - name: Run acceptance tests
         run: |
           ./scripts/ci-acceptance-tests.sh
         env:
@@ -61,6 +61,44 @@ jobs:
           OKTAPAM_API_HOST: ${{ secrets.OKTA_499446_OKTAPAM_API_HOST }}
       - run: echo "🍏 This job's status is ${{ job.status }}."
   check4:
+    name: OktaPA Acceptance Tests
+    # Ensure acceptance tests are only run on okta/terraform-provider-oktapam or if a special label is applied (`run-acceptance-tests`)
+    if: github.repository == 'okta/terraform-provider-oktapam' || github.event.label.name == 'run-acceptance-tests'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Get Terraform CLI Version
+        id: vars
+        run: echo ::set-output name=tf-version::$(cat .terraform-version)
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: ${{ steps.vars.outputs.tf-version }}
+          terraform_wrapper: false
+      - name: Run acceptance tests
+        run: |
+          ./scripts/ci-acceptance-tests.sh
+        env:
+          TF_ACC_PAM: 1
+          OKTAPAM_SECRET: ${{ secrets.OKTA_623529_PAM_TEAM_OKTAPAM_SECRET }}
+          OKTAPAM_KEY: ${{ secrets.OKTA_623529_PAM_TEAM_OKTAPAM_KEY }}
+          OKTAPAM_TEAM: ${{ secrets.OKTA_623529_PAM_TEAM_OKTAPAM_TEAM }}
+          OKTAPAM_TRUSTED_DOMAIN_OVERRIDE: ${{ secrets.OKTA_623529_PAM_TEAM_OKTAPAM_TRUSTED_DOMAIN_OVERRIDE }}
+          OKTAPAM_API_HOST: ${{ secrets.OKTA_623529_PAM_TEAM_OKTAPAM_API_HOST }}
+      - name: If the acceptance tests fail, retry. Intended for failed locks and dependency download timeouts.
+        if: failure()
+        run: |
+          ./scripts/ci-acceptance-tests.sh
+        env:
+          TF_ACC_PAM: 1
+          OKTAPAM_SECRET: ${{ secrets.OKTA_623529_PAM_TEAM_OKTAPAM_SECRET }}
+          OKTAPAM_KEY: ${{ secrets.OKTA_623529_PAM_TEAM_OKTAPAM_KEY }}
+          OKTAPAM_TEAM: ${{ secrets.OKTA_623529_PAM_TEAM_OKTAPAM_TEAM }}
+          OKTAPAM_TRUSTED_DOMAIN_OVERRIDE: ${{ secrets.OKTA_623529_PAM_TEAM_OKTAPAM_TRUSTED_DOMAIN_OVERRIDE }}
+          OKTAPAM_API_HOST: ${{ secrets.OKTA_623529_PAM_TEAM_OKTAPAM_API_HOST }}
+      - run: echo "🍏 This job's status is ${{ job.status }}."
+  check5:
     name: Doc Generation
     runs-on: ubuntu-latest
     steps:
 
@@ -3,17 +3,23 @@ NAMESPACE=pam
 NAME=oktapam
 BINARY=terraform-provider-${NAME}
 # On verion changes, update tag-checks.yml
-VERSION=0.3.3
+VERSION=0.4.0
 OS_ARCH=$(shell go env GOOS)_$(shell go env GOARCH)
 PLUGIN_DIR=~/.terraform.d/plugins
 DOCGEN_RESOURCES_DIR=docgen-resources
 
 SET_VERSION=-ldflags "-X github.com/okta/terraform-provider-oktapam/oktapam/version.Version=${VERSION}"
 
+ifneq ($(DEBUG), )
+  GOFLAGS :=${GOFLAGS} -gcflags=all="-N -l"
+else
+  GOFLAGS :=${GOFLAGS} -trimpath
+endif
+
 .DEFAULT_GOAL := install
 
 build:
-	go build -ldflags "-X github.com/okta/terraform-provider-oktapam/oktapam/version.Version=${VERSION}dev" -o ${BINARY}
+	go build ${GOFLAGS} -ldflags "-X github.com/okta/terraform-provider-oktapam/oktapam/version.Version=${VERSION}dev" -o ${BINARY}
 
 release:
 	GOOS=darwin GOARCH=amd64 go build ${SET_VERSION} -o ./bin/${BINARY}_${VERSION}_darwin_amd64
@@ -46,6 +52,11 @@ testacc:
 # TESTARGS here can be used to pass arbitrary flags to go test, e.g. '-run TestMyTest'
 	TF_ACC=1 go test ./... -v $(TESTARGS) -timeout 120m   
 
+testaccpam:
+# TESTARGS here can be used to pass arbitrary flags to go test, e.g. '-run TestMyTest'
+	TF_ACC=1 TF_ACC_PAM=1 go test ./... -v $(TESTARGS) -timeout 120m   
+
+
 generate:
 	go generate ./...
 
 
@@ -34,6 +34,8 @@ ci-acceptance-test: ci-container
 		-e OKTAPAM_SECRET \
 		-e OKTAPAM_TEAM \
 		-e OKTAPAM_API_HOST \
+		-e OKTAPAM_TRUSTED_DOMAIN_OVERRIDE \
+		-e TF_ACC_PAM \
 		-e TF_ACC_TERRAFORM_PATH=/usr/local/bin/terraform \
 		-e TF_ACC_TERRAFORM_VERSION \
 		-v ${TF_ACC_TERRAFORM_PATH}:/usr/local/bin/terraform \
 
@@ -118,21 +118,32 @@ In order to test the provider, you can simply run `make test`.
 $ make test
 ```
 
-In order to run the full suite of Acceptance tests, run `make testacc`.
+We have two sets of acceptance tests, one for an Advanced Server Access team, and one for an Okta Privileged Access team.  There are some tests that are shared between the two suites. 
 
 *Note:* Acceptance tests create real resources, and often cost money to run.  If you wish to test against a dev/test server, ensure that you have the `OKTAPAM_API_HOST` variable set.
 
+To run the full test suite of Acceptance tests for ASA, run `make testacc`.:
+
 ```sh
 $ make testacc
 ```
 
+To run the full test suite of Acceptance tests for Okta PA, run `make testaccpam`.:
+
+```sh
+$ make testaccpam
+```
+
+
 If you want to run specific acceptance tests then set TESTARGS variable. TestCaseFunctionName(t *testing.T) can be a regular 
 expression too.
 
 ```sh
 $ TESTARGS='-run TestcaseFunctionName' make testacc
 ```
 
+Note that you'll need to sub `testacc` for `testaccpam` if the tests is an Okta PA test.
+
 # Releasing the Provider
 
 1. Bump version in `Makefile`.
 
@@ -3,12 +3,12 @@
 page_title: "oktapam_ad_connections Data Source - terraform-provider-oktapam"
 subcategory: ""
 description: |-
-  A list of ASA AD Connections associated with an ASA Team.
+  A list of AD Connections associated with your Team.
 ---
 
 # oktapam_ad_connections (Data Source)
 
-A list of ASA AD Connections associated with an ASA Team.
+A list of AD Connections associated with your Team.
 
 
 
@@ -17,13 +17,13 @@ A list of ASA AD Connections associated with an ASA Team.
 
 ### Optional
 
-- `certificate_id` (String) If `true`, only connections with a matching certificate ID are returned.
-- `gateway_id` (String) If `true`, only connections with a matching gateway ID are returned.
+- `certificate_id` (String) If `true`, results only include AD Connections associated with the specified certificate ID.
+- `gateway_id` (String) If `true`, results only include AD Connections associated with the specified Gateway ID.
 - `include_cert_details` (Boolean) If `true`, results also include certificate details
 
 ### Read-Only
 
-- `ad_connections` (List of Object) A list of ASA AD Connections associated with an ASA Team. (see [below for nested schema](#nestedatt--ad_connections))
+- `ad_connections` (List of Object) A list of AD Connections associated with your Team. (see [below for nested schema](#nestedatt--ad_connections))
 - `id` (String) The ID of this resource.
 
 <a id="nestedatt--ad_connections"></a>
 
@@ -3,12 +3,12 @@
 page_title: "oktapam_ad_user_sync_task_settings Data Source - terraform-provider-oktapam"
 subcategory: ""
 description: |-
-  Returns a previously created ASA AD User Sync Task Settings. For more information check out the documentation https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/ad-user-sync.htm on AD user discovery.
+  Returns an existing AD user sync job. For more information check out the documentation https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/ad-user-sync.htm on AD user discovery.
 ---
 
 # oktapam_ad_user_sync_task_settings (Data Source)
 
-Returns a previously created ASA AD User Sync Task Settings. For more information check out the [documentation](https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/ad-user-sync.htm) on AD user discovery.
+Returns an existing AD user sync job. For more information check out the [documentation](https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/ad-user-sync.htm) on AD user discovery.
 
 
 
@@ -17,19 +17,19 @@ Returns a previously created ASA AD User Sync Task Settings. For more informatio
 
 ### Required
 
-- `connection_id` (String) UUID of the AD Connection with which this AD Task Settings is associated.
+- `connection_id` (String) The UUID of an associated AD connection.
 
 ### Read-Only
 
-- `base_dn` (String) Specifies where the rule searches for users.
-- `frequency` (Number) Frequency of the AD User Sync Task
+- `base_dn` (String) Specifies the domain to search for user accounts.
+- `frequency` (Number) Indicates how often the user sync job runs. Possible values: `1`, `6`, `12`, `24`.
 - `id` (String) The ID of this resource.
-- `is_active` (Boolean) If `true`, enables AD user sync task
-- `ldap_query_filter` (String) Specifies the criteria used to filter users.
+- `is_active` (Boolean) If `true`, enables the user sync job.
+- `ldap_query_filter` (String) The criteria used to filter user accounts.
 - `name` (String) The human-readable name of the resource. Values are case-sensitive.
-- `run_test` (Boolean) If `true`, test is performed based on specified AD User Sync Task Settings
-- `sid_field` (String) AD attribute mapped to user security identifier
-- `start_hour_utc` (Number) If AD user sync task is scheduled to run daily, then specify start hour in UTC
-- `upn_field` (String) AD attribute mapped to user principal name
+- `run_test` (Boolean) If `true`, performs a test run for the user sync job.
+- `sid_field` (String) The AD attribute that defines the security identifier (SID) for accounts. Most AD tenants use `objectSID`.
+- `start_hour_utc` (Number) A UTC timestamp that indicates the hour range when the user sync job runs. Only used if `frequency`is set to 24.
+- `upn_field` (String) The AD attribute that defines the User Principal Name (UPN) for accounts. Most AD tenants use `userPrincipalName`.
 
 
@@ -3,12 +3,12 @@
 page_title: "oktapam_ad_user_sync_task_settings_id_list Data Source - terraform-provider-oktapam"
 subcategory: ""
 description: |-
-  Returns a list of previously created ASA AD User Sync Task Settings IDs for an AD connection. For more information check out the documentation https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/ad-user-sync.htm on AD user discovery.
+  Returns a list of all AD user sync jobs a specified AD Connection. For more information check out the documentation https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/ad-user-sync.htm on AD user discovery.
 ---
 
 # oktapam_ad_user_sync_task_settings_id_list (Data Source)
 
-Returns a list of previously created ASA AD User Sync Task Settings IDs for an AD connection. For more information check out the [documentation](https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/ad-user-sync.htm) on AD user discovery.
+Returns a list of all AD user sync jobs a specified AD Connection. For more information check out the [documentation](https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/ad-user-sync.htm) on AD user discovery.
 
 
 
@@ -17,11 +17,11 @@ Returns a list of previously created ASA AD User Sync Task Settings IDs for an A
 
 ### Required
 
-- `connection_id` (String) The id of an ASA AD Connection. Results are returned for only this Connection.
+- `connection_id` (String) If defined, results only include resources associated with the specified AD Connection.
 
 ### Optional
 
-- `status` (String) If a value is provided, includes ASA user sync task settings with specified status. Valid statuses are `ACTIVE` and `INACTIVE`.
+- `status` (String) If defined, results only include user sync jobs with the specified status. Possible values: `ACTIVE` and `INACTIVE`.
 
 ### Read-Only
 
 
@@ -20,7 +20,7 @@ Returns a previously created ASA Gateway Setup Token associated with the ASA Tea
 - `created_at` (String) The UTC time when the resource was created. Format is '2022-01-01 00:00:00 +0000 UTC'.
 - `description` (String) The human-readable description of the resource.
 - `id` (String) The ID of this resource.
-- `labels` (Map of String) A map of key-value pairings that define access to the ASA Gateway.
+- `labels` (Map of String) A map of key-value pairings that define access to a Gateway.
 - `token` (String) The secret used for resource enrollment.
 
 
@@ -17,7 +17,7 @@ Returns a list of ASA Gateway Setup Token IDs associated with the ASA Team speci
 
 ### Optional
 
-- `description_contains` (String) If a value is provided, the results are filtered to only contain resources whose name contains that value.
+- `description_contains` (String) If defined, results only contain resources that include the specified value in the `name` field.
 
 ### Read-Only