Commited8270c

authored

feat: addorg_sync_idp_groups attribute tocoderd_organization resource (#182)

1 parent5fa9117 commited8270cCopy full SHA for ed8270c

File tree

6 files changed

+207

-23

lines changed

docs/resources
- organization.md
examples/resources/coderd_organization
- resource.tf
internal/provider

6 files changed

+207

-23

lines changed

`‎docs/resources/organization.md‎`

Lines changed: 29 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,35 @@ An organization on the Coder deployment.`
`15`	`15`	`~>Warning`
`16`	`16`	`This resource is only compatible with Coder version[2.16.0](https://github.com/coder/coder/releases/tag/v2.16.0) and later.`
`17`	`17`
	`18`	`+##Example Usage`
`18`	`19`
	`20`	+```terraform
	`21`	`+resource "coderd_organization" "blueberry" {`
	`22`	`+ name = "blueberry"`
	`23`	`+ display_name = "Blueberry"`
	`24`	`+ description = "The organization for blueberries"`
	`25`	`+ icon = "/emojis/1fad0.png"`
	`26`	`+`
	`27`	`+ org_sync_idp_groups = [`
	`28`	`+ "wibble",`
	`29`	`+ "wobble",`
	`30`	`+ ]`
	`31`	`+`
	`32`	`+ group_sync {`
	`33`	`+ field = "coder_groups"`
	`34`	`+ mapping = {`
	`35`	`+ toast = [coderd_group.bread.id]`
	`36`	`+ }`
	`37`	`+ }`
	`38`	`+`
	`39`	`+ role_sync {`
	`40`	`+ field = "coder_roles"`
	`41`	`+ mapping = {`
	`42`	`+ manager = ["organization-user-admin"]`
	`43`	`+ }`
	`44`	`+ }`
	`45`	`+}`
	`46`	+```
`19`	`47`
`20`	`48`	`<!-- schema generated by tfplugindocs-->`
`21`	`49`	`##Schema`
`@@ -30,6 +58,7 @@ This resource is only compatible with Coder version [2.16.0](https://github.com/`
`30`	`58`	-`display_name` (String) Display name of the organization. Defaults to name.
`31`	`59`	-`group_sync` (Block, Optional) Group sync settings to sync groups from an IdP. (see[below for nested schema](#nestedblock--group_sync))
`32`	`60`	-`icon` (String)
	`61`	+-`org_sync_idp_groups` (Set of String) Claims from the IdP provider that will give users access to this organization.
`33`	`62`	-`role_sync` (Block, Optional) Role sync settings to sync organization roles from an IdP. (see[below for nested schema](#nestedblock--role_sync))
`34`	`63`
`35`	`64`	`###Read-Only`

`‎examples/resources/coderd_organization/resource.tf‎`

Lines changed: 25 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,25 @@`
	`1`	`+resource"coderd_organization""blueberry" {`
	`2`	`+name="blueberry"`
	`3`	`+display_name="Blueberry"`
	`4`	`+description="The organization for blueberries"`
	`5`	`+icon="/emojis/1fad0.png"`
	`6`	`+`
	`7`	`+org_sync_idp_groups=[`
	`8`	`+"wibble",`
	`9`	`+"wobble",`
	`10`	`+ ]`
	`11`	`+`
	`12`	`+group_sync {`
	`13`	`+field="coder_groups"`
	`14`	`+mapping={`
	`15`	`+ toast= [coderd_group.bread.id]`
	`16`	`+ }`
	`17`	`+ }`
	`18`	`+`
	`19`	`+role_sync {`
	`20`	`+field="coder_roles"`
	`21`	`+mapping={`
	`22`	`+ manager= ["organization-user-admin"]`
	`23`	`+ }`
	`24`	`+ }`
	`25`	`+}`

`‎internal/provider/organization_resource.go‎`

Lines changed: 112 additions & 15 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ import (`
`5`	`5`	`"fmt"`
`6`	`6`	`"regexp"`
`7`	`7`
	`8`	`+"github.com/coder/coder/v2/coderd/util/slice"`
`8`	`9`	`"github.com/coder/coder/v2/codersdk"`
`9`	`10`	`"github.com/coder/terraform-provider-coderd/internal/codersdkvalidator"`
`10`	`11`	`"github.com/google/uuid"`
`@@ -40,8 +41,9 @@ type OrganizationResourceModel struct {`
`40`	`41`	Description types.String`tfsdk:"description"`
`41`	`42`	Icon types.String`tfsdk:"icon"`
`42`	`43`
`43`		-GroupSync types.Object`tfsdk:"group_sync"`
`44`		-RoleSync types.Object`tfsdk:"role_sync"`
	`44`	+OrgSyncIdpGroups types.Set`tfsdk:"org_sync_idp_groups"`
	`45`	+GroupSync types.Object`tfsdk:"group_sync"`
	`46`	+RoleSync types.Object`tfsdk:"role_sync"`
`45`	`47`	`}`
`46`	`48`
`47`	`49`	`typeGroupSyncModelstruct {`
`@@ -134,6 +136,12 @@ This resource is only compatible with Coder version [2.16.0](https://github.com/`
`134`	`136`	`Computed:true,`
`135`	`137`	`Default:stringdefault.StaticString(""),`
`136`	`138`	`},`
	`139`	`+`
	`140`	`+"org_sync_idp_groups": schema.SetAttribute{`
	`141`	`+ElementType:types.StringType,`
	`142`	`+Optional:true,`
	`143`	`+MarkdownDescription:"Claims from the IdP provider that will give users access to this organization.",`
	`144`	`+},`
`137`	`145`	`},`
`138`	`146`
`139`	`147`	`Blocks:map[string]schema.Block{`
`@@ -361,21 +369,38 @@ func (r *OrganizationResource) Create(ctx context.Context, req resource.CreateRe`
`361`	`369`	`// default it.`
`362`	`370`	`data.DisplayName=types.StringValue(org.DisplayName)`
`363`	`371`
`364`		`-// Now apply group and role sync settings, if specified`
`365`	`372`	`orgID:=data.ID.ValueUUID()`
`366`		`-tflog.Trace(ctx,"updating group sync",map[string]any{`
`367`		`-"orgID":orgID,`
`368`		`-})`
	`373`	`+`
	`374`	`+// Apply org sync patches, if specified`
	`375`	`+if!data.OrgSyncIdpGroups.IsNull() {`
	`376`	`+tflog.Trace(ctx,"updating org sync",map[string]any{`
	`377`	`+"orgID":orgID,`
	`378`	`+})`
	`379`	`+`
	`380`	`+varclaims []string`
	`381`	`+resp.Diagnostics.Append(data.OrgSyncIdpGroups.ElementsAs(ctx,&claims,false)...)`
	`382`	`+ifresp.Diagnostics.HasError() {`
	`383`	`+return`
	`384`	`+}`
	`385`	`+`
	`386`	`+resp.Diagnostics.Append(r.patchOrgSyncMapping(ctx,orgID, []string{},claims)...)`
	`387`	`+}`
	`388`	`+`
	`389`	`+// Apply group and role sync settings, if specified`
`369`	`390`	`if!data.GroupSync.IsNull() {`
	`391`	`+tflog.Trace(ctx,"updating group sync",map[string]any{`
	`392`	`+"orgID":orgID,`
	`393`	`+})`
	`394`	`+`
`370`	`395`	`resp.Diagnostics.Append(r.patchGroupSync(ctx,orgID,data.GroupSync)...)`
`371`	`396`	`ifresp.Diagnostics.HasError() {`
`372`	`397`	`return`
`373`	`398`	`}`
`374`	`399`	`}`
`375`		`-tflog.Trace(ctx,"updating role sync",map[string]any{`
`376`		`-"orgID":orgID,`
`377`		`-})`
`378`	`400`	`if!data.RoleSync.IsNull() {`
	`401`	`+tflog.Trace(ctx,"updating role sync",map[string]any{`
	`402`	`+"orgID":orgID,`
	`403`	`+})`
`379`	`404`	`resp.Diagnostics.Append(r.patchRoleSync(ctx,orgID,data.RoleSync)...)`
`380`	`405`	`ifresp.Diagnostics.HasError() {`
`381`	`406`	`return`
`@@ -423,19 +448,42 @@ func (r *OrganizationResource) Update(ctx context.Context, req resource.UpdateRe`
`423`	`448`	`"icon":org.Icon,`
`424`	`449`	`})`
`425`	`450`
`426`		`-tflog.Trace(ctx,"updating group sync",map[string]any{`
`427`		`-"orgID":orgID,`
`428`		`-})`
	`451`	`+// Apply org sync patches, if specified`
	`452`	`+if!data.OrgSyncIdpGroups.IsNull() {`
	`453`	`+tflog.Trace(ctx,"updating org sync mappings",map[string]any{`
	`454`	`+"orgID":orgID,`
	`455`	`+})`
	`456`	`+`
	`457`	`+varstateOrganizationResourceModel`
	`458`	`+resp.Diagnostics.Append(req.State.Get(ctx,&state)...)`
	`459`	`+varcurrentClaims []string`
	`460`	`+resp.Diagnostics.Append(state.OrgSyncIdpGroups.ElementsAs(ctx,&currentClaims,false)...)`
	`461`	`+`
	`462`	`+varplannedClaims []string`
	`463`	`+resp.Diagnostics.Append(data.OrgSyncIdpGroups.ElementsAs(ctx,&plannedClaims,false)...)`
	`464`	`+ifresp.Diagnostics.HasError() {`
	`465`	`+return`
	`466`	`+}`
	`467`	`+`
	`468`	`+resp.Diagnostics.Append(r.patchOrgSyncMapping(ctx,orgID,currentClaims,plannedClaims)...)`
	`469`	`+ifresp.Diagnostics.HasError() {`
	`470`	`+return`
	`471`	`+}`
	`472`	`+}`
	`473`	`+`
`429`	`474`	`if!data.GroupSync.IsNull() {`
	`475`	`+tflog.Trace(ctx,"updating group sync",map[string]any{`
	`476`	`+"orgID":orgID,`
	`477`	`+})`
`430`	`478`	`resp.Diagnostics.Append(r.patchGroupSync(ctx,orgID,data.GroupSync)...)`
`431`	`479`	`ifresp.Diagnostics.HasError() {`
`432`	`480`	`return`
`433`	`481`	`}`
`434`	`482`	`}`
`435`		`-tflog.Trace(ctx,"updating role sync",map[string]any{`
`436`		`-"orgID":orgID,`
`437`		`-})`
`438`	`483`	`if!data.RoleSync.IsNull() {`
	`484`	`+tflog.Trace(ctx,"updating role sync",map[string]any{`
	`485`	`+"orgID":orgID,`
	`486`	`+})`
`439`	`487`	`resp.Diagnostics.Append(r.patchRoleSync(ctx,orgID,data.RoleSync)...)`
`440`	`488`	`ifresp.Diagnostics.HasError() {`
`441`	`489`	`return`
`@@ -456,6 +504,21 @@ func (r *OrganizationResource) Delete(ctx context.Context, req resource.DeleteRe`
`456`	`504`
`457`	`505`	`orgID:=data.ID.ValueUUID()`
`458`	`506`
	`507`	`+// Remove org sync mappings, if we were managing them`
	`508`	`+if!data.OrgSyncIdpGroups.IsNull() {`
	`509`	`+tflog.Trace(ctx,"deleting org sync mappings",map[string]any{`
	`510`	`+"orgID":orgID,`
	`511`	`+})`
	`512`	`+`
	`513`	`+varclaims []string`
	`514`	`+resp.Diagnostics.Append(data.OrgSyncIdpGroups.ElementsAs(ctx,&claims,false)...)`
	`515`	`+ifresp.Diagnostics.HasError() {`
	`516`	`+return`
	`517`	`+}`
	`518`	`+`
	`519`	`+resp.Diagnostics.Append(r.patchOrgSyncMapping(ctx,orgID,claims, []string{})...)`
	`520`	`+}`
	`521`	`+`
`459`	`522`	`tflog.Trace(ctx,"deleting organization",map[string]any{`
`460`	`523`	`"id":orgID,`
`461`	`524`	`"name":data.Name.ValueString(),`
`@@ -554,3 +617,37 @@ func (r *OrganizationResource) patchRoleSync(`
`554`	`617`
`555`	`618`	`returndiags`
`556`	`619`	`}`
	`620`	`+`
	`621`	`+func (r*OrganizationResource)patchOrgSyncMapping(`
	`622`	`+ctx context.Context,`
	`623`	`+orgID uuid.UUID,`
	`624`	`+currentClaims,plannedClaims []string,`
	`625`	`+) diag.Diagnostics {`
	`626`	`+vardiags diag.Diagnostics`
	`627`	`+`
	`628`	`+add,remove:=slice.SymmetricDifference(currentClaims,plannedClaims)`
	`629`	`+varaddMappings []codersdk.IDPSyncMapping[uuid.UUID]`
	`630`	`+for_,claim:=rangeadd {`
	`631`	`+addMappings=append(addMappings, codersdk.IDPSyncMapping[uuid.UUID]{`
	`632`	`+Given:claim,`
	`633`	`+Gets:orgID,`
	`634`	`+})`
	`635`	`+}`
	`636`	`+varremoveMappings []codersdk.IDPSyncMapping[uuid.UUID]`
	`637`	`+for_,claim:=rangeremove {`
	`638`	`+removeMappings=append(removeMappings, codersdk.IDPSyncMapping[uuid.UUID]{`
	`639`	`+Given:claim,`
	`640`	`+Gets:orgID,`
	`641`	`+})`
	`642`	`+}`
	`643`	`+`
	`644`	`+_,err:=r.Client.PatchOrganizationIDPSyncMapping(ctx, codersdk.PatchOrganizationIDPSyncMappingRequest{`
	`645`	`+Add:addMappings,`
	`646`	`+Remove:removeMappings,`
	`647`	`+})`
	`648`	`+iferr!=nil {`
	`649`	`+diags.AddError("Org Sync Update error",err.Error())`
	`650`	`+}`
	`651`	`+`
	`652`	`+returndiags`
	`653`	`+}`

`‎internal/provider/organization_resource_test.go‎`

Lines changed: 36 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -42,13 +42,19 @@ func TestAccOrganizationResource(t *testing.T) {`
`42`	`42`	`cfg2.DisplayName=ptr.Ref("Example Organization New")`
`43`	`43`
`44`	`44`	`cfg3:=cfg2`
`45`		`-cfg3.GroupSync=ptr.Ref(codersdk.GroupSyncSettings{`
	`45`	`+cfg3.OrgSyncIdpGroups= []string{"wibble","wobble"}`
	`46`	`+`
	`47`	`+cfg4:=cfg3`
	`48`	`+cfg4.OrgSyncIdpGroups= []string{"wibbley","wobbley"}`
	`49`	`+`
	`50`	`+cfg5:=cfg4`
	`51`	`+cfg5.GroupSync=ptr.Ref(codersdk.GroupSyncSettings{`
`46`	`52`	`Field:"wibble",`
`47`	`53`	`Mapping:map[string][]uuid.UUID{`
`48`	`54`	`"wibble": {uuid.MustParse("6e57187f-6543-46ab-a62c-a10065dd4314")},`
`49`	`55`	`},`
`50`	`56`	`})`
`51`		`-cfg3.RoleSync=ptr.Ref(codersdk.RoleSyncSettings{`
	`57`	`+cfg5.RoleSync=ptr.Ref(codersdk.RoleSyncSettings{`
`52`	`58`	`Field:"wobble",`
`53`	`59`	`Mapping:map[string][]string{`
`54`	`60`	`"wobble": {"wobbly"},`
`@@ -86,9 +92,25 @@ func TestAccOrganizationResource(t *testing.T) {`
`86`	`92`	`statecheck.ExpectKnownValue("coderd_organization.test",tfjsonpath.New("display_name"),knownvalue.StringExact("Example Organization New")),`
`87`	`93`	`},`
`88`	`94`	`},`
`89`		`-// Addgroup and role sync`
	`95`	`+// Addorg sync`
`90`	`96`	`{`
`91`	`97`	`Config:cfg3.String(t),`
	`98`	`+ConfigStateChecks: []statecheck.StateCheck{`
	`99`	`+statecheck.ExpectKnownValue("coderd_organization.test",tfjsonpath.New("org_sync_idp_groups").AtSliceIndex(0),knownvalue.StringExact("wibble")),`
	`100`	`+statecheck.ExpectKnownValue("coderd_organization.test",tfjsonpath.New("org_sync_idp_groups").AtSliceIndex(1),knownvalue.StringExact("wobble")),`
	`101`	`+},`
	`102`	`+},`
	`103`	`+// Patch org sync`
	`104`	`+{`
	`105`	`+Config:cfg4.String(t),`
	`106`	`+ConfigStateChecks: []statecheck.StateCheck{`
	`107`	`+statecheck.ExpectKnownValue("coderd_organization.test",tfjsonpath.New("org_sync_idp_groups").AtSliceIndex(0),knownvalue.StringExact("wibbley")),`
	`108`	`+statecheck.ExpectKnownValue("coderd_organization.test",tfjsonpath.New("org_sync_idp_groups").AtSliceIndex(1),knownvalue.StringExact("wobbley")),`
	`109`	`+},`
	`110`	`+},`
	`111`	`+// Add group and role sync`
	`112`	`+{`
	`113`	`+Config:cfg5.String(t),`
`92`	`114`	`ConfigStateChecks: []statecheck.StateCheck{`
`93`	`115`	`statecheck.ExpectKnownValue("coderd_organization.test",tfjsonpath.New("group_sync").AtMapKey("field"),knownvalue.StringExact("wibble")),`
`94`	`116`	`statecheck.ExpectKnownValue("coderd_organization.test",tfjsonpath.New("group_sync").AtMapKey("mapping").AtMapKey("wibble").AtSliceIndex(0),knownvalue.StringExact("6e57187f-6543-46ab-a62c-a10065dd4314")),`
`@@ -110,8 +132,9 @@ type testAccOrganizationResourceConfig struct {`
`110`	`132`	`Description*string`
`111`	`133`	`Icon*string`
`112`	`134`
`113`		`-GroupSync*codersdk.GroupSyncSettings`
`114`		`-RoleSync*codersdk.RoleSyncSettings`
	`135`	`+OrgSyncIdpGroups []string`
	`136`	`+GroupSync*codersdk.GroupSyncSettings`
	`137`	`+RoleSync*codersdk.RoleSyncSettings`
`115`	`138`	`}`
`116`	`139`
`117`	`140`	`func (ctestAccOrganizationResourceConfig)String(t*testing.T)string {`
`@@ -128,6 +151,14 @@ resource "coderd_organization" "test" {`
`128`	`151`	`description = {{orNull .Description}}`
`129`	`152`	`icon = {{orNull .Icon}}`
`130`	`153`
	`154`	`+{{- if .OrgSyncIdpGroups}}`
	`155`	`+org_sync_idp_groups = [`
	`156`	`+{{- range $name := .OrgSyncIdpGroups }}`
	`157`	`+"{{$name}}",`
	`158`	`+{{- end}}`
	`159`	`+]`
	`160`	`+{{- end}}`
	`161`	`+`
`131`	`162`	`{{- if .GroupSync}}`
`132`	`163`	`group_sync {`
`133`	`164`	`field = "{{.GroupSync.Field}}"`

`‎internal/provider/organization_sync_settings_resource.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -244,7 +244,7 @@ func (r *OrganizationSyncSettingsResource) Delete(ctx context.Context, req resou`
`244`	`244`	`tflog.Trace(ctx,"deleting organization sync",map[string]any{})`
`245`	`245`	`_,err:=r.Client.PatchOrganizationIDPSyncConfig(ctx, codersdk.PatchOrganizationIDPSyncConfigRequest{`
`246`	`246`	`// This disables organization sync without causing state conflicts for`
`247`		-// organization resources that might still specify `sync_mapping`.
	`247`	+// organization resources that might still specify `org_sync_idp_groups`.
`248`	`248`	`Field:"",`
`249`	`249`	`})`
`250`	`250`	`iferr!=nil {`

`‎internal/provider/util.go‎`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -83,8 +83,10 @@ func computeDirectoryHash(directory string) (string, error) {`
`83`	`83`	`returnhex.EncodeToString(hash.Sum(nil)),nil`
`84`	`84`	`}`
`85`	`85`
`86`		`-// memberDiff returns the members to add and remove from the group, given the current members and the planned members.`
`87`		-// plannedMembers is deliberately our custom type, as Terraform cannot automatically produce `[]uuid.UUID` from a set.
	`86`	`+// memberDiff returns the members to add and remove from the group, given the`
	`87`	`+// current members and the planned members. plannedMembers is deliberately our`
	`88`	+// custom type, as Terraform cannot automatically produce `[]uuid.UUID` from a
	`89`	`+// set.`
`88`	`90`	`funcmemberDiff(currentMembers []uuid.UUID,plannedMembers []UUID) (add,remove []string) {`
`89`	`91`	`curSet:=make(map[uuid.UUID]struct{},len(currentMembers))`
`90`	`92`	`planSet:=make(map[uuid.UUID]struct{},len(plannedMembers))`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commited8270c

File tree

6 files changed

6 files changed

`‎docs/resources/organization.md‎`

`‎examples/resources/coderd_organization/resource.tf‎`

`‎internal/provider/organization_resource.go‎`

`‎internal/provider/organization_resource_test.go‎`

`‎internal/provider/organization_sync_settings_resource.go‎`

`‎internal/provider/util.go‎`

0 commit comments