[IAM] Add data source to import org user using token auth (#2051)

volcanonoodle · web-flow · commit d8ec8ab0b7bd · 2025-03-06T10:57:30.000+01:00
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,13 +1,14 @@
 * @grafana/platform-monitoring
 
-/internal/resources/grafana/*_alerting_*    @grafana/platform-monitoring @grafana/alerting-squad
-/internal/resources/cloud/*                 @grafana/platform-monitoring @grafana/grafana-com-maintainers
-/internal/resources/cloud/*_access_policy_* @grafana/platform-monitoring @grafana/identity-squad
-/internal/resources/cloudprovider/*         @grafana/platform-monitoring @grafana/middleware-apps
-/internal/resources/connections/*           @grafana/platform-monitoring @grafana/middleware-apps
-/internal/resources/fleetmanagement/*       @grafana/platform-monitoring @grafana/fleet-management-backend
-/internal/resources/frontendo11y/*          @grafana/platform-monitoring @grafana/frontend-o11y
-/internal/resources/machinelearning/*       @grafana/platform-monitoring @grafana/machine-learning
-/internal/resources/oncall/*                @grafana/platform-monitoring @grafana/grafana-irm-backend
-/internal/resources/slo/*                   @grafana/platform-monitoring @grafana/slo-squad
-/internal/resources/syntheticmonitoring/*   @grafana/platform-monitoring @grafana/synthetic-monitoring
+/internal/resources/grafana/*_alerting_*            @grafana/platform-monitoring @grafana/alerting-squad
+/internal/resources/cloud/*                         @grafana/platform-monitoring @grafana/grafana-com-maintainers
+/internal/resources/cloud/*_access_policy_*         @grafana/platform-monitoring @grafana/identity-squad
+/internal/resources/grafana/*_organization_user*    @grafana/platform-monitoring @grafana/identity-squad
+/internal/resources/cloudprovider/*                 @grafana/platform-monitoring @grafana/middleware-apps
+/internal/resources/connections/*                   @grafana/platform-monitoring @grafana/middleware-apps
+/internal/resources/fleetmanagement/*               @grafana/platform-monitoring @grafana/fleet-management-backend
+/internal/resources/frontendo11y/*                  @grafana/platform-monitoring @grafana/frontend-o11y
+/internal/resources/machinelearning/*               @grafana/platform-monitoring @grafana/machine-learning
+/internal/resources/oncall/*                        @grafana/platform-monitoring @grafana/grafana-irm-backend
+/internal/resources/slo/*                           @grafana/platform-monitoring @grafana/slo-squad
+/internal/resources/syntheticmonitoring/*           @grafana/platform-monitoring @grafana/synthetic-monitoring
diff --git a/docs/data-sources/organization_user.md b/docs/data-sources/organization_user.md
@@ -0,0 +1,45 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "grafana_organization_user Data Source - terraform-provider-grafana"
+subcategory: "Grafana OSS"
+description: |-
+  Official documentation https://grafana.com/docs/grafana/latest/administration/user-management/server-user-management/HTTP API https://grafana.com/docs/grafana/latest/developers/http_api/org/#get-all-users-within-the-current-organization-lookup
+---
+
+# grafana_organization_user (Data Source)
+
+* [Official documentation](https://grafana.com/docs/grafana/latest/administration/user-management/server-user-management/)
+* [HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/org/#get-all-users-within-the-current-organization-lookup)
+
+## Example Usage
+
+```terraform
+resource "grafana_user" "test" {
+  email    = "test.datasource@example.com"
+  name     = "Testing Datasource"
+  login    = "test-datasource"
+  password = "my-password"
+}
+
+data "grafana_organization_user" "from_email" {
+  email = grafana_user.test.email
+}
+
+data "grafana_organization_user" "from_login" {
+  login = grafana_user.test.login
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `email` (String) The email address of the Grafana user. Defaults to ``.
+- `login` (String) The username of the Grafana user. Defaults to ``.
+- `org_id` (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `user_id` (Number) The numerical ID of the Grafana user.
diff --git a/examples/data-sources/grafana_organization_user/data-source.tf b/examples/data-sources/grafana_organization_user/data-source.tf
@@ -0,0 +1,14 @@
+resource "grafana_user" "test" {
+  email    = "test.datasource@example.com"
+  name     = "Testing Datasource"
+  login    = "test-datasource"
+  password = "my-password"
+}
+
+data "grafana_organization_user" "from_email" {
+  email = grafana_user.test.email
+}
+
+data "grafana_organization_user" "from_login" {
+  login = grafana_user.test.login
+}
diff --git a/internal/resources/grafana/data_source_organization_user.go b/internal/resources/grafana/data_source_organization_user.go
@@ -0,0 +1,78 @@
+package grafana
+
+import (
+	"context"
+
+	"github.com/grafana/grafana-openapi-client-go/client/org"
+	"github.com/grafana/grafana-openapi-client-go/models"
+	"github.com/grafana/terraform-provider-grafana/v3/internal/common"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func datasourceOrganizationUser() *common.DataSource {
+	schema := &schema.Resource{
+		Description: `
+* [Official documentation](https://grafana.com/docs/grafana/latest/administration/user-management/server-user-management/)
+* [HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/org/#get-all-users-within-the-current-organization-lookup)
+`,
+		ReadContext: dataSourceOrganizationUserRead,
+		Schema: map[string]*schema.Schema{
+			"org_id": orgIDAttribute(),
+			"email": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "The email address of the Grafana user.",
+			},
+			"login": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "The username of the Grafana user.",
+			},
+			"user_id": {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "The numerical ID of the Grafana user.",
+			},
+		},
+	}
+	return common.NewLegacySDKDataSource(common.CategoryGrafanaOSS, "grafana_organization_user", schema)
+}
+
+func dataSourceOrganizationUserRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client, orgID := OAPIClientFromNewOrgResource(meta, d)
+
+	var resp interface {
+		GetPayload() []*models.UserLookupDTO
+	}
+
+	emailOrLogin := d.Get("email").(string)
+	if emailOrLogin == "" {
+		emailOrLogin = d.Get("login").(string)
+	}
+	if emailOrLogin == "" {
+		return diag.Errorf("must specify one of email or login")
+	}
+
+	params := org.NewGetOrgUsersForCurrentOrgLookupParams().WithQuery(&emailOrLogin)
+	resp, err := client.Org.GetOrgUsersForCurrentOrgLookup(params)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	// Make sure that exactly 1 user was returned
+	if len(resp.GetPayload()) > 1 {
+		return diag.Errorf("ambiguous query when reading organization user, multiple users returned by query: %q", emailOrLogin)
+	} else if len(resp.GetPayload()) == 0 {
+		return diag.Errorf("organization user not found with query: %q", emailOrLogin)
+	}
+
+	user := resp.GetPayload()[0]
+	d.Set("user_id", user.UserID)
+	d.Set("login", user.Login)
+
+	d.SetId(MakeOrgResourceID(orgID, user.UserID))
+	return nil
+}
diff --git a/internal/resources/grafana/data_source_organization_user_test.go b/internal/resources/grafana/data_source_organization_user_test.go
@@ -0,0 +1,40 @@
+package grafana_test
+
+import (
+	"testing"
+
+	"github.com/grafana/grafana-openapi-client-go/models"
+	"github.com/grafana/terraform-provider-grafana/v3/internal/common"
+	"github.com/grafana/terraform-provider-grafana/v3/internal/testutils"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccDatasourceOrganizationUser_basic(t *testing.T) {
+	testutils.CheckOSSTestsEnabled(t)
+
+	var user models.UserProfileDTO
+	checks := []resource.TestCheckFunc{
+		userCheckExists.exists("grafana_user.test", &user),
+	}
+	for _, rName := range []string{"from_email", "from_login"} {
+		checks = append(checks,
+			resource.TestMatchResourceAttr(
+				"data.grafana_organization_user."+rName, "user_id", common.IDRegexp,
+			),
+			resource.TestCheckResourceAttr(
+				"data.grafana_organization_user."+rName, "login", "test-datasource",
+			),
+		)
+	}
+
+	resource.ParallelTest(t, resource.TestCase{
+		ProtoV5ProviderFactories: testutils.ProtoV5ProviderFactories,
+		CheckDestroy:             userCheckExists.destroyed(&user, nil),
+		Steps: []resource.TestStep{
+			{
+				Config: testutils.TestAccExample(t, "data-sources/grafana_organization_user/data-source.tf"),
+				Check:  resource.ComposeTestCheckFunc(checks...),
+			},
+		},
+	})
+}
diff --git a/internal/resources/grafana/resources.go b/internal/resources/grafana/resources.go
@@ -94,6 +94,7 @@ var DataSources = addValidationToDataSources(
 	datasourceLibraryPanels(),
 	datasourceUser(),
 	datasourceUsers(),
+	datasourceOrganizationUser(),
 	datasourceRole(),
 	datasourceServiceAccount(),
 	datasourceTeam(),
