add support for dynamic idp

examples/resources/okta_policy_rule_idp_discovery/dynamic.tf

@@ -0,0 +1,21 @@
+data "okta_policy" "test" {
+  name = "Idp Discovery Policy"
+  type = "IDP_DISCOVERY"
+}
+
+resource "okta_policy_rule_idp_discovery" "test" {
+  policy_id            = data.okta_policy.test.id
+  priority             = 1
+  name                 = "testAcc_replace_with_uuid"
+  user_identifier_type = "ATTRIBUTE"
+  provider_expression  = "login.identifier.substringAfter('@')"
+  selection_type       = "DYNAMIC"
+
+  // Don't have a company schema in this account, just chosing something always there
+  user_identifier_attribute = "firstName"
+
+  user_identifier_patterns {
+    match_type = "EQUALS"
+    value      = "Articulate"
+  }
+}

okta/resource_okta_policy_rule_idp_discovery.go

@@ -24,7 +24,6 @@ func resourcePolicyRuleIdpDiscovery() *schema.Resource {
 			"idp_type": {
 				Type:     schema.TypeString,
 				Optional: true,
-				Default:  "OKTA",
 			},
 			"app_include": {
 				Type:        schema.TypeSet,
@@ -56,6 +55,14 @@ func resourcePolicyRuleIdpDiscovery() *schema.Resource {
 				Optional: true,
 				Elem:     userIDPatternResource,
 			},
+			"selection_type": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"provider_expression": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 		}),
 	}
 }
@@ -180,16 +187,38 @@ func setRuleStatus(ctx context.Context, d *schema.ResourceData, m interface{}, s
 
 // Build Policy Sign On Rule from resource data
 func buildIdpDiscoveryRule(d *schema.ResourceData) *sdk.IdpDiscoveryRule {
+	var provider *sdk.IdpDiscoveryRuleProvider
+	if idpType, ok := d.GetOk("idp_type"); ok {
+		provider = &sdk.IdpDiscoveryRuleProvider{
+			Type: idpType.(string),
+			ID:   d.Get("idp_id").(string),
+		}
+	}
+	providers := []*sdk.IdpDiscoveryRuleProvider{}
+	if provider != nil {
+		providers = append(providers, provider)
+	}
+	var expression *sdk.IdpMatchingCriteria
+	if providerExpression, ok := d.GetOk("provider_expression"); ok {
+		expression = &sdk.IdpMatchingCriteria{
+			ProviderExpression: providerExpression.(string),
+		}
+	}
+	matchingCriteria := []*sdk.IdpMatchingCriteria{}
+	if expression != nil {
+		matchingCriteria = append(matchingCriteria, expression)
+	}
+	idp := sdk.IdpDiscoveryRuleIdp{}
+	if len(providers) > 0 {
+		idp.Providers = providers
+	}
+	if len(matchingCriteria) > 0 {
+		idp.MatchingCriteria = matchingCriteria
+	}
+	idp.IdpSelectionType = d.Get("selection_type").(string)
 	rule := &sdk.IdpDiscoveryRule{
 		Actions: &sdk.IdpDiscoveryRuleActions{
-			IDP: &sdk.IdpDiscoveryRuleIdp{
-				Providers: []*sdk.IdpDiscoveryRuleProvider{
-					{
-						Type: d.Get("idp_type").(string),
-						ID:   d.Get("idp_id").(string),
-					},
-				},
-			},
+			IDP: &idp,
 		},
 		Conditions: &sdk.IdpDiscoveryRuleConditions{
 			App: buildAppConditions(d),

okta/resource_okta_policy_rule_idp_discovery_test.go

@@ -78,3 +78,28 @@ func TestAccResourceOktaPolicyRuleIdpDiscovery_crud(t *testing.T) {
 		},
 	})
 }
+
+func TestAccResourceOktaPolicyRuleIdpDiscoveryDynamic(t *testing.T) {
+	mgr := newFixtureManager("resources", policyRuleIdpDiscovery, t.Name())
+	config := mgr.GetFixtures("dynamic.tf", t)
+	resourceName := fmt.Sprintf("%s.test", policyRuleIdpDiscovery)
+
+	oktaResourceTest(t, resource.TestCase{
+		PreCheck:          testAccPreCheck(t),
+		ErrorCheck:        testAccErrorChecks(t),
+		ProviderFactories: testAccProvidersFactories,
+		CheckDestroy:      checkRuleDestroy(policyRuleIdpDiscovery),
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					ensureRuleExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "name", buildResourceName(mgr.Seed)),
+					resource.TestCheckResourceAttr(resourceName, "status", statusActive),
+					resource.TestCheckResourceAttr(resourceName, "provider_expression", "login.identifier.substringAfter('@')"),
+					resource.TestCheckResourceAttr(resourceName, "selection_type", "DYNAMIC"),
+				),
+			},
+		},
+	})
+}

sdk/idp_discovery_rule.go

@@ -32,7 +32,14 @@ type (
 	}
 
 	IdpDiscoveryRuleIdp struct {
-		Providers []*IdpDiscoveryRuleProvider `json:"providers"`
+		Providers        []*IdpDiscoveryRuleProvider `json:"providers"`
+		MatchingCriteria []*IdpMatchingCriteria      `json:"matchCriteria"`
+		IdpSelectionType string                      `json:"idpSelectionType,omitempty"`
+	}
+
+	IdpMatchingCriteria struct {
+		ProviderExpression string `json:"providerExpression,omitempty"`
+		PropertyName       string `json:"propertyName,omitempty"`
 	}
 
 	IdpDiscoveryRuleNetwork struct {