From 25c7f53c287e92d3eef5b2e1541e5c4840b59f51 Mon Sep 17 00:00:00 2001 From: domenicsim1 Date: Thu, 21 Nov 2024 09:41:02 +1100 Subject: [PATCH 01/10] feat: resource service account oidc identity --- go.mod | 2 +- go.sum | 1 + octopusdeploy_framework/framework_provider.go | 1 + .../resource_service_account_oidc_identity.go | 124 ++++++++++++++++++ ...urce_service_account_oidc_identity_test.go | 89 +++++++++++++ .../schemas/service_account_oidc_identity.go | 51 +++++++ 6 files changed, 267 insertions(+), 1 deletion(-) create mode 100644 octopusdeploy_framework/resource_service_account_oidc_identity.go create mode 100644 octopusdeploy_framework/resource_service_account_oidc_identity_test.go create mode 100644 octopusdeploy_framework/schemas/service_account_oidc_identity.go diff --git a/go.mod b/go.mod index 8dcc68c2..7e10c51b 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/OctopusDeploy/terraform-provider-octopusdeploy go 1.21 require ( - github.com/OctopusDeploy/go-octopusdeploy/v2 v2.55.0 + github.com/OctopusDeploy/go-octopusdeploy/v2 v2.60.0 github.com/OctopusSolutionsEngineering/OctopusTerraformTestFramework v0.0.0-20240729041805-46db6fb717b4 github.com/google/uuid v1.6.0 github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637 diff --git a/go.sum b/go.sum index 7a39471c..1bd7bc26 100644 --- a/go.sum +++ b/go.sum @@ -22,6 +22,7 @@ github.com/OctopusDeploy/go-octodiff v1.0.0 h1:U+ORg6azniwwYo+O44giOw6TiD5USk8S4 github.com/OctopusDeploy/go-octodiff v1.0.0/go.mod h1:Mze0+EkOWTgTmi8++fyUc6r0aLZT7qD9gX+31t8MmIU= github.com/OctopusDeploy/go-octopusdeploy/v2 v2.55.0 h1:kX6qRRy8AgbqTiYdenqVNe69pGhntwJGEgJx9rtn9/8= github.com/OctopusDeploy/go-octopusdeploy/v2 v2.55.0/go.mod h1:ggvOXzMnq+w0pLg6C9zdjz6YBaHfO3B3tqmmB7JQdaw= +github.com/OctopusDeploy/go-octopusdeploy/v2 v2.60.0/go.mod h1:ggvOXzMnq+w0pLg6C9zdjz6YBaHfO3B3tqmmB7JQdaw= github.com/OctopusSolutionsEngineering/OctopusTerraformTestFramework v0.0.0-20240729041805-46db6fb717b4 h1:QfbVf0bOIRMp/WHAWsuVDB7KHoWnRsGbvDuOf2ua7k4= github.com/OctopusSolutionsEngineering/OctopusTerraformTestFramework v0.0.0-20240729041805-46db6fb717b4/go.mod h1:Oq9KbiRNDBB5jFmrwnrgLX0urIqR/1ptY18TzkqXm7M= github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg= diff --git a/octopusdeploy_framework/framework_provider.go b/octopusdeploy_framework/framework_provider.go index 700e8c62..54751437 100644 --- a/octopusdeploy_framework/framework_provider.go +++ b/octopusdeploy_framework/framework_provider.go @@ -114,6 +114,7 @@ func (p *octopusDeployFrameworkProvider) Resources(ctx context.Context) []func() NewTentacleCertificateResource, NewScriptModuleResource, NewUserResource, + NewServiceAccountOIDCIdentity, } } diff --git a/octopusdeploy_framework/resource_service_account_oidc_identity.go b/octopusdeploy_framework/resource_service_account_oidc_identity.go new file mode 100644 index 00000000..7e927b49 --- /dev/null +++ b/octopusdeploy_framework/resource_service_account_oidc_identity.go @@ -0,0 +1,124 @@ +package octopusdeploy_framework + +import ( + "context" + "github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/serviceaccounts" + "github.com/OctopusDeploy/terraform-provider-octopusdeploy/internal/errors" + "github.com/OctopusDeploy/terraform-provider-octopusdeploy/octopusdeploy_framework/schemas" + "github.com/OctopusDeploy/terraform-provider-octopusdeploy/octopusdeploy_framework/util" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/types" +) + +var _ resource.Resource = &ServiceAccountOIDCIdentity{} + +type ServiceAccountOIDCIdentity struct { + *Config +} + +func NewServiceAccountOIDCIdentity() resource.Resource { + return &ServiceAccountOIDCIdentity{} +} + +func (s *ServiceAccountOIDCIdentity) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = util.GetTypeName(schemas.ServiceAccountOIDCIdentityResourceName) +} + +func (s *ServiceAccountOIDCIdentity) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schemas.ServiceAccountOIDCIdentitySchema{}.GetResourceSchema() +} + +func (s *ServiceAccountOIDCIdentity) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { + s.Config = ResourceConfiguration(req, resp) +} +func (s *ServiceAccountOIDCIdentity) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var plan schemas.OIDCServiceAccountSchemaModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...) + if resp.Diagnostics.HasError() { + return + } + identityRequest := mapServiceAccountOIDCModelToRequest(&plan) + identityCreateResponse, err := serviceaccounts.AddOIDCIdentity(s.Client, identityRequest) + if err != nil { + resp.Diagnostics.AddError("Error creating OIDC identity", err.Error()) + } + identityResponse, err := serviceaccounts.GetOIDCIdentityByID(s.Client, identityRequest.ServiceAccountID, identityCreateResponse.ID) + if err != nil { + resp.Diagnostics.AddError("Error creating OIDC identity", err.Error()) + } + + updateServiceAccountOIDCModel(identityResponse, &plan) + resp.Diagnostics.Append(resp.State.Set(ctx, &plan)...) +} + +func (s *ServiceAccountOIDCIdentity) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state schemas.OIDCServiceAccountSchemaModel + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + + identityResponse, err := serviceaccounts.GetOIDCIdentityByID(s.Client, state.ServiceAccountID.ValueString(), state.ID.ValueString()) + if err != nil { + if err := errors.ProcessApiErrorV2(ctx, resp, state, err, "service account OIDC identity"); err != nil { + resp.Diagnostics.AddError("Error reading service account OIDC identity", err.Error()) + } + return + } + + updateServiceAccountOIDCModel(identityResponse, &state) + resp.Diagnostics.Append(resp.State.Set(ctx, state)...) +} + +func (s *ServiceAccountOIDCIdentity) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var plan schemas.OIDCServiceAccountSchemaModel + resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...) + if resp.Diagnostics.HasError() { + return + } + + identityRequest := mapServiceAccountOIDCModelToRequest(&plan) + + err := serviceaccounts.UpdateOIDCIdentity(s.Client, identityRequest) + if err != nil { + resp.Diagnostics.AddError("Error updating service account OIDC identity", err.Error()) + return + } + identityResponse, err := serviceaccounts.GetOIDCIdentityByID(s.Client, identityRequest.ServiceAccountID, identityRequest.ID) + if err != nil { + resp.Diagnostics.AddError("Error creating OIDC identity", err.Error()) + } + + updateServiceAccountOIDCModel(identityResponse, &plan) + resp.Diagnostics.Append(resp.State.Set(ctx, plan)...) +} + +func (s *ServiceAccountOIDCIdentity) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state schemas.OIDCServiceAccountSchemaModel + resp.Diagnostics.Append(req.State.Get(ctx, &state)...) + if resp.Diagnostics.HasError() { + return + } + + err := serviceaccounts.DeleteOIDCIdentityByID(s.Client, state.ServiceAccountID.ValueString(), state.ID.ValueString()) + if err != nil { + resp.Diagnostics.AddError("Error deleting service account OIDC identity", err.Error()) + return + } +} + +func mapServiceAccountOIDCModelToRequest(model *schemas.OIDCServiceAccountSchemaModel) *serviceaccounts.OIDCIdentity { + identity := serviceaccounts.NewOIDCIdentity(model.ServiceAccountID.ValueString(), model.Name.ValueString(), model.Issuer.ValueString(), model.Subject.ValueString()) + identity.ID = model.ID.ValueString() + identity.Name = model.Name.ValueString() + + return identity +} + +func updateServiceAccountOIDCModel(request *serviceaccounts.OIDCIdentity, model *schemas.OIDCServiceAccountSchemaModel) { + model.Name = types.StringValue(request.Name) + model.Issuer = types.StringValue(request.Issuer) + model.Subject = types.StringValue(request.Subject) + model.ID = types.StringValue(request.ID) + model.ServiceAccountID = types.StringValue(request.ServiceAccountID) +} diff --git a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go new file mode 100644 index 00000000..b246cb54 --- /dev/null +++ b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go @@ -0,0 +1,89 @@ +package octopusdeploy_framework + +import ( + "fmt" + "github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/serviceaccounts" + "github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/users" + "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "testing" +) + +func TestAccOctopusDeployServiceAccountOIDCIdentity(t *testing.T) { + localName := acctest.RandStringFromCharSet(20, acctest.CharSetAlpha) + prefix := "octopusdeploy_service_account_oidc_identity." + localName + + localUserName := acctest.RandStringFromCharSet(20, acctest.CharSetAlpha) + userPrefix := " octopusdeploy_user." + localUserName + + userData := users.User{ + DisplayName: acctest.RandStringFromCharSet(20, acctest.CharSetAlpha), + EmailAddress: acctest.RandStringFromCharSet(10, acctest.CharSetAlpha) + "@test.com", + Username: acctest.RandStringFromCharSet(20, acctest.CharSetAlpha), + } + + data := serviceaccounts.OIDCIdentity{ + Name: acctest.RandStringFromCharSet(20, acctest.CharSetAlpha), + ServiceAccountID: userPrefix + ".id", + Issuer: "https://token.actions.githubusercontent.com", + Subject: "repo:test/test:environment:test", + } + + resource.Test(t, resource.TestCase{ + CheckDestroy: testScriptModuleCheckDestroy, + PreCheck: func() { TestAccPreCheck(t) }, + ProtoV6ProviderFactories: ProtoV6ProviderFactories(), + Steps: []resource.TestStep{ + { + Config: testServiceAccountIdentityConfig(localName, localUserName, data, userData), + Check: resource.ComposeTestCheckFunc( + testScriptModuleExists(prefix), + resource.TestCheckResourceAttr(prefix, "name", data.Name), + resource.TestCheckResourceAttr(prefix, "service_account_id", data.ServiceAccountID), + resource.TestCheckResourceAttr(prefix, "issuer", data.Issuer), + resource.TestCheckResourceAttr(prefix, "subject", data.Subject), + ), + }, + { + Config: testServiceAccountIdentityConfig(localName, localUserName, data, userData), + Check: resource.ComposeTestCheckFunc( + testScriptModuleExists(prefix), + resource.TestCheckResourceAttr(prefix, "name", data.Name+"-updated"), + resource.TestCheckResourceAttr(prefix, "service_account_id", data.ServiceAccountID), + resource.TestCheckResourceAttr(prefix, "issuer", data.Issuer), + resource.TestCheckResourceAttr(prefix, "subject", data.Subject), + ), + }, + }, + }) +} + +func testServiceAccountIdentityConfig(localName string, localUserName string, data serviceaccounts.OIDCIdentity, userData users.User) string { + return fmt.Sprintf(` + resource "octopusdeploy_user" "%s" { + display_name = "%s" + email_address = "%s" + is_active = true + is_service = true + username = "%s" + } + resource "octopusdeploy_service_account_oidc_identity" "%s" { + name = "%s" + service_account_id = "%s" + issuer = "%s" + subject = "%s" + }`, + localUserName, + userData.DisplayName, + userData.EmailAddress, + userData.Username, + localName, + data.Name, + data.Issuer, + data.Subject) +} + +func testServiceAccountIdentityUpdate(localName string, localUserName string, data serviceaccounts.OIDCIdentity, userData users.User) string { + data.Name = data.Name + "-updated" + return testServiceAccountIdentityUpdate(localName, localUserName, data, userData) +} diff --git a/octopusdeploy_framework/schemas/service_account_oidc_identity.go b/octopusdeploy_framework/schemas/service_account_oidc_identity.go new file mode 100644 index 00000000..2b3dd6df --- /dev/null +++ b/octopusdeploy_framework/schemas/service_account_oidc_identity.go @@ -0,0 +1,51 @@ +package schemas + +import ( + "github.com/OctopusDeploy/terraform-provider-octopusdeploy/octopusdeploy_framework/util" + datasourceSchema "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + resourceSchema "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/types" +) + +const ServiceAccountOIDCIdentityResourceName = "service_account_oidc_identity" + +type ServiceAccountOIDCIdentitySchema struct{} + +var _ EntitySchema = ServiceAccountOIDCIdentitySchema{} + +func (d ServiceAccountOIDCIdentitySchema) GetResourceSchema() resourceSchema.Schema { + return resourceSchema.Schema{ + Attributes: map[string]resourceSchema.Attribute{ + "id": GetIdResourceSchema(), + "name": GetNameResourceSchema(true), + "service_account_id": util.ResourceString(). + Description("ID of the user to associate this identity to"). + Required(). + PlanModifiers(stringplanmodifier.RequiresReplace()). + Build(), + "issuer": util.ResourceString(). + Description("OIDC issuer url"). + Required(). + Build(), + "subject": util.ResourceString(). + Description("OIDC subject claims"). + Required(). + Build(), + }, + Description: "This resource manages manages OIDC service account for the associated user", + } +} + +func (d ServiceAccountOIDCIdentitySchema) GetDatasourceSchema() datasourceSchema.Schema { + return datasourceSchema.Schema{} +} + +type OIDCServiceAccountSchemaModel struct { + ServiceAccountID types.String `tfsdk:"service_account_id"` + Name types.String `tfsdk:"name"` + Issuer types.String `tfsdk:"issuer"` + Subject types.String `tfsdk:"subject"` + + ResourceModel +} From 2999ae20f9be2132137e8d88047e308cbfd26967 Mon Sep 17 00:00:00 2001 From: domenicsim1 Date: Thu, 21 Nov 2024 09:46:37 +1100 Subject: [PATCH 02/10] chore: docs --- .../service_account_oidc_identity.md | 29 +++++++++++++++++++ go.sum | 3 +- 2 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 docs/resources/service_account_oidc_identity.md diff --git a/docs/resources/service_account_oidc_identity.md b/docs/resources/service_account_oidc_identity.md new file mode 100644 index 00000000..eedfcda2 --- /dev/null +++ b/docs/resources/service_account_oidc_identity.md @@ -0,0 +1,29 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "octopusdeploy_service_account_oidc_identity Resource - terraform-provider-octopusdeploy" +subcategory: "" +description: |- + This resource manages manages OIDC service account for the associated user +--- + +# octopusdeploy_service_account_oidc_identity (Resource) + +This resource manages manages OIDC service account for the associated user + + + + +## Schema + +### Required + +- `issuer` (String) OIDC issuer url +- `name` (String) The name of this resource. +- `service_account_id` (String) ID of the user to associate this identity to +- `subject` (String) OIDC subject claims + +### Read-Only + +- `id` (String) The unique ID for this resource. + + diff --git a/go.sum b/go.sum index 1bd7bc26..d8eeb086 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,7 @@ github.com/Microsoft/hcsshim v0.12.4 h1:Ev7YUMHAHoWNm+aDSPzc5W9s6E2jyL1szpVDJeZ/ github.com/Microsoft/hcsshim v0.12.4/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ= github.com/OctopusDeploy/go-octodiff v1.0.0 h1:U+ORg6azniwwYo+O44giOw6TiD5USk8S4VDhOQ0Ven0= github.com/OctopusDeploy/go-octodiff v1.0.0/go.mod h1:Mze0+EkOWTgTmi8++fyUc6r0aLZT7qD9gX+31t8MmIU= -github.com/OctopusDeploy/go-octopusdeploy/v2 v2.55.0 h1:kX6qRRy8AgbqTiYdenqVNe69pGhntwJGEgJx9rtn9/8= -github.com/OctopusDeploy/go-octopusdeploy/v2 v2.55.0/go.mod h1:ggvOXzMnq+w0pLg6C9zdjz6YBaHfO3B3tqmmB7JQdaw= +github.com/OctopusDeploy/go-octopusdeploy/v2 v2.60.0 h1:9j4IQ1UcAuaTytlBzQ7Mmoy/dLtofYfSGNiM22+sLXs= github.com/OctopusDeploy/go-octopusdeploy/v2 v2.60.0/go.mod h1:ggvOXzMnq+w0pLg6C9zdjz6YBaHfO3B3tqmmB7JQdaw= github.com/OctopusSolutionsEngineering/OctopusTerraformTestFramework v0.0.0-20240729041805-46db6fb717b4 h1:QfbVf0bOIRMp/WHAWsuVDB7KHoWnRsGbvDuOf2ua7k4= github.com/OctopusSolutionsEngineering/OctopusTerraformTestFramework v0.0.0-20240729041805-46db6fb717b4/go.mod h1:Oq9KbiRNDBB5jFmrwnrgLX0urIqR/1ptY18TzkqXm7M= From ee401d3204c4c792d0e530d0ff0b5809f7a2519b Mon Sep 17 00:00:00 2001 From: domenicsim1 Date: Thu, 21 Nov 2024 09:56:15 +1100 Subject: [PATCH 03/10] chore: fix test --- .../resource_service_account_oidc_identity_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go index b246cb54..66ab8f9b 100644 --- a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go +++ b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go @@ -79,6 +79,7 @@ func testServiceAccountIdentityConfig(localName string, localUserName string, da userData.Username, localName, data.Name, + data.ServiceAccountID, data.Issuer, data.Subject) } From 2cbe38ecbdffd14736ac03bae3e15b8141be7a2c Mon Sep 17 00:00:00 2001 From: domenicsim1 Date: Thu, 21 Nov 2024 10:42:21 +1100 Subject: [PATCH 04/10] feat: data source service account OIDC identity --- ...atasource_service_account_oidc_identity.go | 57 +++++++++++++++++++ octopusdeploy_framework/framework_provider.go | 1 + .../resource_service_account_oidc_identity.go | 3 + .../schemas/service_account_oidc_identity.go | 32 ++++++++++- 4 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 octopusdeploy_framework/datasource_service_account_oidc_identity.go diff --git a/octopusdeploy_framework/datasource_service_account_oidc_identity.go b/octopusdeploy_framework/datasource_service_account_oidc_identity.go new file mode 100644 index 00000000..eac1c4bf --- /dev/null +++ b/octopusdeploy_framework/datasource_service_account_oidc_identity.go @@ -0,0 +1,57 @@ +package octopusdeploy_framework + +import ( + "context" + "github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/serviceaccounts" + "github.com/OctopusDeploy/terraform-provider-octopusdeploy/octopusdeploy_framework/schemas" + "github.com/OctopusDeploy/terraform-provider-octopusdeploy/octopusdeploy_framework/util" + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/types" +) + +type serviceAccountOIDCIdentityDataSource struct { + *Config +} + +func NewServiceAccountOIDCIdentityDataSource() datasource.DataSource { + return &serviceAccountOIDCIdentityDataSource{} +} + +func (*serviceAccountOIDCIdentityDataSource) Metadata(_ context.Context, _ datasource.MetadataRequest, resp *datasource.MetadataResponse) { + resp.TypeName = util.GetTypeName(schemas.ServiceAccountOIDCIdentityDatasourceName) +} + +func (s *serviceAccountOIDCIdentityDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) { + s.Config = DataSourceConfiguration(req, resp) +} + +func (*serviceAccountOIDCIdentityDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) { + resp.Schema = schemas.ServiceAccountOIDCIdentitySchema{}.GetDatasourceSchema() +} + +func (s *serviceAccountOIDCIdentityDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { + var err error + var data schemas.OIDCServiceAccountDatasourceSchemaModel + resp.Diagnostics.Append(req.Config.Get(ctx, &data)...) + if resp.Diagnostics.HasError() { + return + } + + oidcIdentity, err := serviceaccounts.GetOIDCIdentityByID(s.Client, data.ServiceAccountID.ValueString(), data.ID.ValueString()) + if err != nil { + resp.Diagnostics.AddError("unable to load service account OIDC Identity", err.Error()) + return + } + + updateServiceAccountOIDCDataModel(oidcIdentity, &data) + + resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) +} + +func updateServiceAccountOIDCDataModel(request *serviceaccounts.OIDCIdentity, model *schemas.OIDCServiceAccountDatasourceSchemaModel) { + model.Name = types.StringValue(request.Name) + model.Issuer = types.StringValue(request.Issuer) + model.Subject = types.StringValue(request.Subject) + model.ID = types.StringValue(request.ID) + model.ServiceAccountID = types.StringValue(request.ServiceAccountID) +} diff --git a/octopusdeploy_framework/framework_provider.go b/octopusdeploy_framework/framework_provider.go index 54751437..bacca8fc 100644 --- a/octopusdeploy_framework/framework_provider.go +++ b/octopusdeploy_framework/framework_provider.go @@ -77,6 +77,7 @@ func (p *octopusDeployFrameworkProvider) DataSources(ctx context.Context) []func NewScriptModuleDataSource, NewTenantProjectDataSource, NewUsersDataSource, + NewServiceAccountOIDCIdentityDataSource, } } diff --git a/octopusdeploy_framework/resource_service_account_oidc_identity.go b/octopusdeploy_framework/resource_service_account_oidc_identity.go index 7e927b49..4370833f 100644 --- a/octopusdeploy_framework/resource_service_account_oidc_identity.go +++ b/octopusdeploy_framework/resource_service_account_oidc_identity.go @@ -41,10 +41,12 @@ func (s *ServiceAccountOIDCIdentity) Create(ctx context.Context, req resource.Cr identityCreateResponse, err := serviceaccounts.AddOIDCIdentity(s.Client, identityRequest) if err != nil { resp.Diagnostics.AddError("Error creating OIDC identity", err.Error()) + return } identityResponse, err := serviceaccounts.GetOIDCIdentityByID(s.Client, identityRequest.ServiceAccountID, identityCreateResponse.ID) if err != nil { resp.Diagnostics.AddError("Error creating OIDC identity", err.Error()) + return } updateServiceAccountOIDCModel(identityResponse, &plan) @@ -87,6 +89,7 @@ func (s *ServiceAccountOIDCIdentity) Update(ctx context.Context, req resource.Up identityResponse, err := serviceaccounts.GetOIDCIdentityByID(s.Client, identityRequest.ServiceAccountID, identityRequest.ID) if err != nil { resp.Diagnostics.AddError("Error creating OIDC identity", err.Error()) + return } updateServiceAccountOIDCModel(identityResponse, &plan) diff --git a/octopusdeploy_framework/schemas/service_account_oidc_identity.go b/octopusdeploy_framework/schemas/service_account_oidc_identity.go index 2b3dd6df..a68aad52 100644 --- a/octopusdeploy_framework/schemas/service_account_oidc_identity.go +++ b/octopusdeploy_framework/schemas/service_account_oidc_identity.go @@ -9,6 +9,7 @@ import ( ) const ServiceAccountOIDCIdentityResourceName = "service_account_oidc_identity" +const ServiceAccountOIDCIdentityDatasourceName = "service_account_oidc_identity" type ServiceAccountOIDCIdentitySchema struct{} @@ -38,7 +39,28 @@ func (d ServiceAccountOIDCIdentitySchema) GetResourceSchema() resourceSchema.Sch } func (d ServiceAccountOIDCIdentitySchema) GetDatasourceSchema() datasourceSchema.Schema { - return datasourceSchema.Schema{} + return datasourceSchema.Schema{ + Attributes: map[string]datasourceSchema.Attribute{ + "id": GetIdDatasourceSchema(false), + "service_account_id": util.DataSourceString(). + Description("ID of the user associated to this identity"). + Required(). + Build(), + // Response + "name": util.DataSourceString(). + Description("Name of the user associated to this identity"). + Computed(). + Build(), + "issuer": util.DataSourceString(). + Description("OIDC issuer url"). + Computed(). + Build(), + "subject": util.DataSourceString(). + Description("OIDC subject claims"). + Computed(). + Build(), + }, + } } type OIDCServiceAccountSchemaModel struct { @@ -49,3 +71,11 @@ type OIDCServiceAccountSchemaModel struct { ResourceModel } + +type OIDCServiceAccountDatasourceSchemaModel struct { + ID types.String `tfsdk:"id"` + ServiceAccountID types.String `tfsdk:"service_account_id"` + Name types.String `tfsdk:"name"` + Issuer types.String `tfsdk:"issuer"` + Subject types.String `tfsdk:"subject"` +} From c3cef717f0904006230ecd5d59db943bd34c472d Mon Sep 17 00:00:00 2001 From: domenicsim1 Date: Thu, 21 Nov 2024 11:05:46 +1100 Subject: [PATCH 05/10] test fix --- .../resource_service_account_oidc_identity_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go index 66ab8f9b..697bd26e 100644 --- a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go +++ b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go @@ -69,7 +69,7 @@ func testServiceAccountIdentityConfig(localName string, localUserName string, da } resource "octopusdeploy_service_account_oidc_identity" "%s" { name = "%s" - service_account_id = "%s" + service_account_id = %s issuer = "%s" subject = "%s" }`, From 1e6dbe29eb2df2d7c5d2fe654149101f596bbf97 Mon Sep 17 00:00:00 2001 From: domenicsim1 Date: Thu, 21 Nov 2024 11:09:17 +1100 Subject: [PATCH 06/10] chore: docs updated --- .../service_account_oidc_identity.md | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 docs/data-sources/service_account_oidc_identity.md diff --git a/docs/data-sources/service_account_oidc_identity.md b/docs/data-sources/service_account_oidc_identity.md new file mode 100644 index 00000000..13da6999 --- /dev/null +++ b/docs/data-sources/service_account_oidc_identity.md @@ -0,0 +1,32 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "octopusdeploy_service_account_oidc_identity Data Source - terraform-provider-octopusdeploy" +subcategory: "" +description: |- + +--- + +# octopusdeploy_service_account_oidc_identity (Data Source) + + + + + + +## Schema + +### Required + +- `service_account_id` (String) ID of the user associated to this identity + +### Optional + +- `id` (String) The unique ID for this resource. + +### Read-Only + +- `issuer` (String) OIDC issuer url +- `name` (String) Name of the user associated to this identity +- `subject` (String) OIDC subject claims + + From e35eb25c32f1240cb5f9783d3553b738c1c10d77 Mon Sep 17 00:00:00 2001 From: domenicsim1 Date: Thu, 21 Nov 2024 11:27:41 +1100 Subject: [PATCH 07/10] test fix --- .../resource_service_account_oidc_identity_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go index 697bd26e..d69d6ec6 100644 --- a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go +++ b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go @@ -39,7 +39,6 @@ func TestAccOctopusDeployServiceAccountOIDCIdentity(t *testing.T) { Check: resource.ComposeTestCheckFunc( testScriptModuleExists(prefix), resource.TestCheckResourceAttr(prefix, "name", data.Name), - resource.TestCheckResourceAttr(prefix, "service_account_id", data.ServiceAccountID), resource.TestCheckResourceAttr(prefix, "issuer", data.Issuer), resource.TestCheckResourceAttr(prefix, "subject", data.Subject), ), @@ -49,7 +48,6 @@ func TestAccOctopusDeployServiceAccountOIDCIdentity(t *testing.T) { Check: resource.ComposeTestCheckFunc( testScriptModuleExists(prefix), resource.TestCheckResourceAttr(prefix, "name", data.Name+"-updated"), - resource.TestCheckResourceAttr(prefix, "service_account_id", data.ServiceAccountID), resource.TestCheckResourceAttr(prefix, "issuer", data.Issuer), resource.TestCheckResourceAttr(prefix, "subject", data.Subject), ), From d027e2d5e93ba0e1690f44b5a13d20894ca6ea46 Mon Sep 17 00:00:00 2001 From: domenicsim1 Date: Thu, 21 Nov 2024 12:25:30 +1100 Subject: [PATCH 08/10] test fix --- .../resource_service_account_oidc_identity_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go index d69d6ec6..9ec3f99b 100644 --- a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go +++ b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go @@ -44,7 +44,7 @@ func TestAccOctopusDeployServiceAccountOIDCIdentity(t *testing.T) { ), }, { - Config: testServiceAccountIdentityConfig(localName, localUserName, data, userData), + Config: testServiceAccountIdentityUpdate(localName, localUserName, data, userData), Check: resource.ComposeTestCheckFunc( testScriptModuleExists(prefix), resource.TestCheckResourceAttr(prefix, "name", data.Name+"-updated"), From 4d61a85ee7caa00d6cee82193177dfa21b888509 Mon Sep 17 00:00:00 2001 From: domenicsim1 Date: Thu, 21 Nov 2024 13:04:55 +1100 Subject: [PATCH 09/10] fix test hanging --- .../resource_service_account_oidc_identity_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go index 9ec3f99b..4f5f06b1 100644 --- a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go +++ b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go @@ -30,7 +30,6 @@ func TestAccOctopusDeployServiceAccountOIDCIdentity(t *testing.T) { } resource.Test(t, resource.TestCase{ - CheckDestroy: testScriptModuleCheckDestroy, PreCheck: func() { TestAccPreCheck(t) }, ProtoV6ProviderFactories: ProtoV6ProviderFactories(), Steps: []resource.TestStep{ From 5ad3aada73d0f25f7f6ec7108215820e761108e4 Mon Sep 17 00:00:00 2001 From: domenicsim1 Date: Thu, 21 Nov 2024 14:40:27 +1100 Subject: [PATCH 10/10] fix test hanging --- .../resource_service_account_oidc_identity_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go index 4f5f06b1..60639b13 100644 --- a/octopusdeploy_framework/resource_service_account_oidc_identity_test.go +++ b/octopusdeploy_framework/resource_service_account_oidc_identity_test.go @@ -83,5 +83,5 @@ func testServiceAccountIdentityConfig(localName string, localUserName string, da func testServiceAccountIdentityUpdate(localName string, localUserName string, data serviceaccounts.OIDCIdentity, userData users.User) string { data.Name = data.Name + "-updated" - return testServiceAccountIdentityUpdate(localName, localUserName, data, userData) + return testServiceAccountIdentityConfig(localName, localUserName, data, userData) }