Merge pull request #226 from articulate/feature/unlock-user

Add the ability to unlock users that are locked out
articulate · Jul 29, 2019 · 7c74b56 · 7c74b56
2 parents b8f9ea0 + 7db3d66
commit 7c74b56
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -53,3 +53,4 @@ For Release v3.0.10
 For Release v3.0.11
 
 * Fix ocassional panic when creating a user schema see https://github.com/articulate/terraform-provider-okta/issues/144
+* Users in LOCKED_OUT state are unlocked when config is ACTIVE https://github.com/articulate/terraform-provider-okta/issues/225
diff --git a/okta/user.go b/okta/user.go
@@ -498,35 +498,39 @@ func updateGroupsOnUser(u string, g []string, c *okta.Client) error {
 // handle setting of user status based on what the current status is because okta
 // only allows transitions to certain statuses from other statuses - consult okta User API docs for more info
 // https://developer.okta.com/docs/api/resources/users#lifecycle-operations
-func updateUserStatus(u string, d string, c *okta.Client) error {
-	user, _, err := c.User.GetUser(u)
+func updateUserStatus(uid string, desiredStatus string, c *okta.Client) error {
+	user, _, err := c.User.GetUser(uid)
 
 	if err != nil {
 		return err
 	}
 
 	var statusErr error
-	switch d {
+	switch desiredStatus {
 	case "SUSPENDED":
-		_, statusErr = c.User.SuspendUser(u)
+		_, statusErr = c.User.SuspendUser(uid)
 	case "DEPROVISIONED":
-		_, statusErr = c.User.DeactivateUser(u)
+		_, statusErr = c.User.DeactivateUser(uid)
 	case "ACTIVE":
-		if user.Status == "SUSPENDED" {
-			_, statusErr = c.User.UnsuspendUser(u)
-		} else if user.Status == "PASSWORD_EXPIRED" {
+		switch user.Status {
+		case "SUSPENDED":
+			_, statusErr = c.User.UnsuspendUser(uid)
+			break
+		case "PASSWORD_EXPIRED":
 			// Ignore password expired status. This status is already activated.
 			return nil
-		} else {
-			_, _, statusErr = c.User.ActivateUser(u, nil)
+		case "LOCKED_OUT":
+			_, statusErr = c.User.UnlockUser(uid)
+		default:
+			_, _, statusErr = c.User.ActivateUser(uid, nil)
 		}
 	}
 
 	if statusErr != nil {
 		return statusErr
 	}
 
-	err = waitForStatusTransition(u, c)
+	err = waitForStatusTransition(uid, c)
 
 	if err != nil {
 		return err