Feature/custom user attributes (#138)

# Fix Custom Attribute Support and API Authentication Handling

## Summary
This PR improves the OneLogin Terraform Provider by fixing custom
attribute creation and updating authentication handling to better
support both subdomain and legacy URL-based configurations.

## Changes
- Fix custom attribute definition creation by properly wrapping API
payloads with the required "user_field" object
- Update provider to use subdomain parameter instead of region for API
connections
- Make authentication backward compatible with both subdomain and
URL-based configurations
- Reorganize test files to fix duplicate main function issues
- Create utility functions for standardized API credential handling
- Fix nil pointer panic in provider initialization
- Remove unsupported "position" field in custom attribute schema
- Update gitignore to exclude test artifacts
- Add comprehensive test infrastructure for easier testing

## Issues Fixed
- Fixes #67: Feature request for "set custom attributes for the user
resource" - Custom attribute creation now works correctly with proper
API payload structure
- Fixes #122: Subdomain and region configuration problems - Provider now
properly handles subdomain configuration with backward compatibility for
legacy URL-based configs
- Partially addresses API connectivity issues by improving credential
handling and authentication patterns

## Test Results
All tests have been successfully run including:
- Go mod tidy
- Go vet
- Unit tests
- Security checks 
- Integration tests with actual OneLogin API

## Documentation
Documentation has been updated to reflect:
- The ability to create custom attribute definitions
- Proper usage of subdomain vs region parameters
- Example usage for setting custom attribute values on users

Author: Subterrane

.env

@@ -10,3 +10,16 @@ dist
 coverage.out
 bin
 *.asc
+
+# Development and test files
+**/.claude/settings.local.json
+.env
+.terraformrc
+*_test.tf
+test_*.tf
+test_*.sh
+test-dir/
+test_dir/
+test_tool
+modified_*.go
+*.bak

.gitignore

@@ -10,7 +10,7 @@ GO111MODULE=on
 
 PLUGINS_DIR=~/.terraform.d/plugins
 PLUGIN_PATH=onelogin.com/onelogin/onelogin
-VERSION=0.1.10
+VERSION=0.1.11
 
 clean:
 	rm -r ${DIST_DIR}

GNUmakefile

@@ -2,8 +2,28 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/onelogin/terraform-provider-onelogin)](https://goreportcard.com/report/github.com/onelogin/terraform-provider-onelogin)
 <a href='https://github.com/dcaponi/gopherbadger' target='_blank'>![gopherbadger-tag-do-not-edit](https://img.shields.io/badge/Go%20Coverage-100%25-brightgreen.svg?longCache=true&style=flat)</a>
 
+## Latest Updates
+
+### v0.1.11 - Fixed Custom User Attributes Support
+
+This version fixes the custom attribute support in the OneLogin v4 API:
+
+- Fixed custom attribute creation by wrapping payload with `user_field` object
+- **Now supports** creating, reading, updating, and deleting custom attribute definitions
+- Improved user management with custom attributes
+- Updated provider to use subdomain instead of region for API connections
+- See examples in `examples/onelogin_user_custom_attributes_example.tf`
+
+### v0.1.10 - Custom User Attributes Support
+
+This version includes support for Custom User Attributes using the OneLogin v4 API:
+
+- Added new resource `onelogin_user_custom_attributes` for setting values of existing custom user attributes
+- Updated to OneLogin Go SDK v4.1.0
+- Improved user management with custom attributes
+
 ## Prerequisites
-1. Install Go 1.21 or later
+1. Install Go 1.18 or later
 2. Install Terraform v0.13.x or later
 3. Install gosec (for security scanning):
    ```bash
@@ -17,7 +37,7 @@
    ```bash
    export ONELOGIN_CLIENT_ID=<your client id>
    export ONELOGIN_CLIENT_SECRET=<your client secret>
-   export ONELOGIN_OAPI_URL=<the api url for your region>
+   export ONELOGIN_SUBDOMAIN=<your OneLogin subdomain>
    ```
 3. Build and install the provider locally:
    ```bash
@@ -30,7 +50,7 @@ terraform {
   required_providers {
     onelogin = {
       source  = "onelogin.com/onelogin/onelogin"
-      version = "0.1.10"
+      version = "0.1.11"
     }
   }
 }

README.md

@@ -0,0 +1,40 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+
+	"github.com/onelogin/terraform-provider-onelogin/cmd/tests/standalone"
+	"github.com/onelogin/terraform-provider-onelogin/cmd/tests/v1"
+	"github.com/onelogin/terraform-provider-onelogin/cmd/tests/v4"
+)
+
+func main() {
+	// Define flags
+	testName := flag.String("test", "", "Specify which test to run (v1_users, create_attribute, etc.)")
+	flag.Parse()
+
+	// Show help if no test is specified
+	if *testName == "" {
+		fmt.Println("Please specify a test to run with the -test flag")
+		fmt.Println("Available tests:")
+		fmt.Println("  - v1_users")
+		fmt.Println("  - create_attribute")
+		fmt.Println("  - v4_custom_attributes")
+		os.Exit(1)
+	}
+
+	// Run the specified test
+	switch *testName {
+	case "v1_users":
+		v1.TestV1Users()
+	case "create_attribute":
+		standalone.TestCreateAttribute()
+	case "v4_custom_attributes":
+		v4.TestV4CustomAttributes()
+	default:
+		fmt.Printf("Unknown test: %s\n", *testName)
+		os.Exit(1)
+	}
+}

cmd/tests/main.go

@@ -0,0 +1,116 @@
+package standalone
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"time"
+
+	ol "github.com/onelogin/onelogin-go-sdk/v4/pkg/onelogin"
+	"github.com/onelogin/onelogin-go-sdk/v4/pkg/onelogin/api"
+	"github.com/onelogin/onelogin-go-sdk/v4/pkg/onelogin/authentication"
+	"github.com/onelogin/terraform-provider-onelogin/cmd/tests/utils"
+)
+
+func TestCreateAttribute() {
+	clientID, clientSecret, url, subdomain := utils.GetAPICredentials()
+
+	fmt.Println("Testing creating Age custom attribute with v4 SDK")
+	fmt.Printf("URL: %s, Subdomain: %s\n", url, subdomain)
+
+	// Set up environment variables for the v4 SDK
+	utils.SetupSDKEnvironment(clientID, clientSecret, subdomain, url)
+
+	// Initialize v4 client
+	authenticator := authentication.NewAuthenticator(subdomain)
+	timeoutDuration := time.Second * 60
+	apiClient := &api.Client{
+		HttpClient: &http.Client{Timeout: timeoutDuration},
+		Auth:       authenticator,
+		OLdomain:   url,
+		Timeout:    timeoutDuration,
+	}
+
+	client := &ol.OneloginSDK{
+		Client: apiClient,
+	}
+
+	// Test creating a custom attribute
+	fmt.Println("Creating Age custom attribute...")
+	timestamp := time.Now().Unix()
+	attributeName := fmt.Sprintf("Age_%d", timestamp)
+	attributeShortname := fmt.Sprintf("age_years_%d", timestamp)
+
+	// Print request details for debugging
+	fmt.Printf("Creating attribute with name: %s, shortname: %s\n", attributeName, attributeShortname)
+
+	// Follow the exact structure used in the resource
+	userFieldPayload := map[string]interface{}{
+		"name":      attributeName,
+		"shortname": attributeShortname,
+	}
+
+	// Wrap in user_field object as required by API
+	payload := map[string]interface{}{
+		"user_field": userFieldPayload,
+	}
+
+	// Convert to JSON for logging
+	payloadJSON, _ := json.Marshal(payload)
+	fmt.Printf("Request payload: %s\n", string(payloadJSON))
+	
+	result, err := client.CreateCustomAttributes(payload)
+	if err != nil {
+		log.Fatalf("Error creating custom attribute: %v", err)
+	}
+	
+	fmt.Printf("Created custom attribute: %+v\n", result)
+	
+	// Extract the custom attribute ID
+	resultMap, ok := result.(map[string]interface{})
+	if !ok {
+		log.Fatalf("Failed to parse custom attribute creation response")
+	}
+	
+	id, ok := resultMap["id"].(float64)
+	if !ok {
+		log.Fatalf("Failed to extract custom attribute ID from response")
+	}
+	
+	attributeID := int(id)
+	fmt.Printf("Custom attribute ID: %d\n", attributeID)
+
+	// Now verify that we can get the custom attribute
+	fmt.Println("Getting all custom attributes to verify...")
+	attributes, err := client.GetCustomAttributes()
+	if err != nil {
+		log.Printf("Error getting custom attributes: %v", err)
+	} else {
+		fmt.Printf("Custom attributes: %+v\n", attributes)
+		
+		// Try to find our newly created attribute
+		attrList, ok := attributes.([]interface{})
+		if !ok {
+			log.Fatalf("Invalid custom attributes response format")
+		}
+		
+		found := false
+		for _, attr := range attrList {
+			attrMap, ok := attr.(map[string]interface{})
+			if !ok {
+				continue
+			}
+			
+			if attrMap["shortname"] == attributeShortname {
+				fmt.Printf("Found our attribute: %+v\n", attrMap)
+				found = true
+				break
+			}
+		}
+		
+		if !found {
+			fmt.Println("Could not find our newly created attribute in the list!")
+		}
+	}
+}

cmd/tests/standalone/test_create_attribute.go

@@ -0,0 +1,131 @@
+package standalone
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"time"
+
+	ol "github.com/onelogin/onelogin-go-sdk/v4/pkg/onelogin"
+	"github.com/onelogin/onelogin-go-sdk/v4/pkg/onelogin/api"
+	"github.com/onelogin/onelogin-go-sdk/v4/pkg/onelogin/authentication"
+)
+
+func TestCreateAttribute_V2() {
+	clientID := os.Getenv("ONELOGIN_CLIENT_ID")
+	clientSecret := os.Getenv("ONELOGIN_CLIENT_SECRET")
+	url := os.Getenv("ONELOGIN_OAPI_URL")
+
+	fmt.Println("Testing creating Age custom attribute with v4 SDK - Improved Version")
+	fmt.Printf("URL: %s\n", url)
+
+	// Set up environment variables for the v4 SDK
+	os.Setenv("ONELOGIN_CLIENT_ID", clientID)
+	os.Setenv("ONELOGIN_CLIENT_SECRET", clientSecret)
+
+	// Extract subdomain from URL
+	var subdomain string
+	if url != "" {
+		subdomain = "api" // Use api as subdomain when custom URL is provided
+		os.Setenv("ONELOGIN_OAPI_URL", url)
+	} else {
+		subdomain = "api"
+	}
+	os.Setenv("ONELOGIN_SUBDOMAIN", subdomain)
+	os.Setenv("ONELOGIN_TIMEOUT", "60")
+
+	// Initialize v4 client
+	authenticator := authentication.NewAuthenticator(subdomain)
+	timeoutDuration := time.Second * 60
+	apiClient := &api.Client{
+		HttpClient: &http.Client{Timeout: timeoutDuration},
+		Auth:       authenticator,
+		OLdomain:   url,
+		Timeout:    timeoutDuration,
+	}
+
+	client := &ol.OneloginSDK{
+		Client: apiClient,
+	}
+
+	// First, print the raw client credentials to check
+	fmt.Println("API Client ID (length):", len(os.Getenv("ONELOGIN_CLIENT_ID")))
+	fmt.Println("API Client Secret (length):", len(os.Getenv("ONELOGIN_CLIENT_SECRET")))
+
+	// For debugging, let's check our credentials by getting a list of users
+	fmt.Println("Testing credentials by getting a list of users...")
+	_, err := client.GetUsers(nil)
+	if err != nil {
+		log.Printf("Error getting users: %v", err)
+	} else {
+		fmt.Println("Successfully retrieved users - credentials are working!")
+	}
+
+	// Get current attributes to see what exists
+	fmt.Println("Getting current custom attributes...")
+	currentAttrs, err := client.GetCustomAttributes()
+	if err != nil {
+		log.Printf("Error getting current custom attributes: %v", err)
+	} else {
+		// Pretty print the attributes
+		jsonData, _ := json.MarshalIndent(currentAttrs, "", "  ")
+		fmt.Println(string(jsonData))
+	}
+
+	// Test creating a custom attribute - use a timestamp to make it unique
+	timestamp := time.Now().Unix()
+	fmt.Println("Creating Age custom attribute...")
+	attributeName := fmt.Sprintf("Age-%d", timestamp)
+	attributeShortname := fmt.Sprintf("age_years_%d", timestamp)
+	
+	payload := map[string]interface{}{
+		"name":      attributeName,
+		"shortname": attributeShortname,
+	}
+	
+	// Print the payload for verification
+	jsonPayload, _ := json.MarshalIndent(payload, "", "  ")
+	fmt.Printf("Request payload: %s\n", string(jsonPayload))
+	
+	result, err := client.CreateCustomAttributes(payload)
+	if err != nil {
+		log.Printf("Error creating custom attribute: %v", err)
+		
+		// Try with a simpler payload
+		fmt.Println("Trying with a simpler payload...")
+		simplePayload := map[string]string{
+			"name":      attributeName,
+			"shortname": attributeShortname,
+		}
+		
+		jsonPayload, _ := json.MarshalIndent(simplePayload, "", "  ")
+		fmt.Printf("Simple payload: %s\n", string(jsonPayload))
+		
+		result, err = client.CreateCustomAttributes(simplePayload)
+		if err != nil {
+			log.Fatalf("Still failed to create custom attribute: %v", err)
+		}
+	}
+	
+	// If we get here, creation succeeded
+	fmt.Printf("Created custom attribute: %+v\n", result)
+	
+	// Pretty print the result
+	jsonResult, _ := json.MarshalIndent(result, "", "  ")
+	fmt.Println(string(jsonResult))
+	
+	// Extract the custom attribute ID if possible
+	resultMap, ok := result.(map[string]interface{})
+	if !ok {
+		log.Printf("Warning: Couldn't parse result as map[string]interface{}")
+	} else {
+		if id, ok := resultMap["id"].(float64); ok {
+			attributeID := int(id)
+			fmt.Printf("Custom attribute ID: %d\n", attributeID)
+		} else {
+			fmt.Println("Could not extract ID from result")
+		}
+	}
+}