diff --git a/internal/sdkv2provider/resource_cloudflare_access_group.go b/internal/sdkv2provider/resource_cloudflare_access_group.go index 1ed49cd424b..ee74eaffb09 100644 --- a/internal/sdkv2provider/resource_cloudflare_access_group.go +++ b/internal/sdkv2provider/resource_cloudflare_access_group.go @@ -411,8 +411,7 @@ func TransformAccessGroupForSchema(ctx context.Context, accessGroup []interface{ authMethod := "" geos := []string{} loginMethod := []string{} - oktaID := "" - oktaGroups := []string{} + oktaGroups := []map[string]interface{}{} gsuiteID := "" gsuiteEmails := []string{} githubName := "" @@ -488,8 +487,22 @@ func TransformAccessGroupForSchema(ctx context.Context, accessGroup []interface{ } case "okta": oktaCfg := groupValue.(map[string]interface{}) - oktaID = oktaCfg["identity_provider_id"].(string) - oktaGroups = append(oktaGroups, oktaCfg["name"].(string)) + oktaIdPID := oktaCfg["identity_provider_id"].(string) + oktaGroupName := oktaCfg["name"].(string) + + var oktaGroup map[string]interface{} + for _, og := range oktaGroups { + if og["identity_provider_id"] == oktaIdPID { + oktaGroup = og + break + } + } + + if len(oktaGroup) == 0 { + oktaGroups = append(oktaGroups, map[string]interface{}{"identity_provider_id": oktaIdPID, "name": []string{oktaGroupName}}) + } else { + oktaGroup["name"] = append(oktaGroup["name"].([]string), oktaGroupName) + } case "gsuite": gsuiteCfg := groupValue.(map[string]interface{}) gsuiteID = gsuiteCfg["identity_provider_id"].(string) @@ -605,13 +618,8 @@ func TransformAccessGroupForSchema(ctx context.Context, accessGroup []interface{ groupMap["login_method"] = loginMethod } - if len(oktaGroups) > 0 && oktaID != "" { - groupMap["okta"] = []interface{}{ - map[string]interface{}{ - "identity_provider_id": oktaID, - "name": oktaGroups, - }, - } + if len(oktaGroups) > 0 { + groupMap["okta"] = oktaGroups } if len(gsuiteEmails) > 0 && gsuiteID != "" {