feat(iam): add iam user resource (#2152)

* feat(iam): add iam user resource

* fix(iam): type on last_login_at

* docs(iam): fix lint

* chore: fix provider.go and rename invalid file

---------

Co-authored-by: Gregory Bloquel <[email protected]>
Co-authored-by: Rémy Léone <[email protected]>
Co-authored-by: Jules Casteran <[email protected]>

Author: 3 people

docs/resources/iam_user.md

@@ -0,0 +1,52 @@
+---
+subcategory: "IAM"
+page_title: "Scaleway: scaleway_iam_user"
+---
+
+# scaleway_iam_user
+
+Creates and manages Scaleway IAM Users.
+For more information, see [the documentation](https://www.scaleway.com/en/developers/api/iam/#path-users-list-users-of-an-organization).
+
+## Examples
+
+### Basic
+
+```hcl
+resource "scaleway_iam_user" "basic" {
+  email            = "[email protected]"
+}
+```
+
+## Argument Reference
+
+- `email` - (Required) The email of the IAM user.
+
+- `organization_id` - (Defaults to [provider](../index.md#organization_d) `organization_id`) The ID of the organization the user is associated with.
+
+## Attributes Reference
+
+In addition to all above arguments, the following attributes are exported:
+
+- `id` - The ID of the user (UUID format).
+- `email` - The email of the user
+- `created_at` - The date and time of the creation of the iam user.
+- `updated_at` - The date and time of the last update of the iam user.
+- `deletable` - Whether the iam user is deletable.
+- `organization_id` - The ID of the organization the user.
+- `last_login_at` - The date of the last login.
+- `type` - The type of user. Check the possible values on
+  our [sdk](https://github.com/scaleway/scaleway-sdk-go/blob/master/api/iam/v1alpha1/iam_sdk.go#L508-L515C2).
+- `two_factor_enabled` - Deprecated, use "mfa" instead.
+- `status` - The status of user invitation. Check the possible values on
+  our [sdk](https://github.com/scaleway/scaleway-sdk-go/blob/master/api/iam/v1alpha1/iam_sdk.go#L475-L480).
+- `mfa` - Whether the MFA is enabled.
+- `account_root_user_id` - The ID of the account root user associated with the user.
+
+## Import
+
+IAM users can be imported using the `{id}`, e.g.
+
+```bash
+$ terraform import scaleway_iam_user.basic 11111111-1111-1111-1111-111111111111
+```

scaleway/provider.go

@@ -116,6 +116,7 @@ func Provider(config *ProviderConfig) plugin.ProviderFunc {
 				"scaleway_iam_group":                           resourceScalewayIamGroup(),
 				"scaleway_iam_group_membership":                resourceScalewayIamGroupMembership(),
 				"scaleway_iam_policy":                          resourceScalewayIamPolicy(),
+				"scaleway_iam_user":                            resourceScalewayIamUser(),
 				"scaleway_instance_user_data":                  resourceScalewayInstanceUserData(),
 				"scaleway_instance_image":                      resourceScalewayInstanceImage(),
 				"scaleway_instance_ip":                         resourceScalewayInstanceIP(),

scaleway/resource_iam_user.go

@@ -0,0 +1,133 @@
+package scaleway
+
+//#TODO see update empty
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	iam "github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1"
+	"github.com/scaleway/scaleway-sdk-go/scw"
+)
+
+func resourceScalewayIamUser() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceScalewayIamUserCreate,
+		ReadContext:   resourceScalewayIamUserRead,
+		DeleteContext: resourceScalewayIamUserDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		SchemaVersion: 0,
+		Schema: map[string]*schema.Schema{
+			"email": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The description of the iam user",
+			},
+			"created_at": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The date and time of the creation of the iam user",
+			},
+			"updated_at": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The date and time of the last update of the iam user",
+			},
+			"deletable": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Whether or not the iam user is editable",
+			},
+			"last_login_at": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The date and time of last login of the iam user",
+			},
+			"type": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The type of the iam user",
+			},
+			"two_factor_enabled": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Deprecated, use 'mfa' instead.",
+			},
+			"status": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The status of user invitation.",
+			},
+			"mfa": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Whether or not the MFA is enabled",
+			},
+			"account_root_user_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The ID of the account root user associated with the iam user.",
+			},
+			"organization_id": organizationIDOptionalSchema(),
+		},
+	}
+}
+
+func resourceScalewayIamUserCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	iamAPI := iamAPI(meta)
+	user, err := iamAPI.CreateUser(&iam.CreateUserRequest{
+		OrganizationID: d.Get("organization_id").(string),
+		Email:          d.Get("email").(string),
+	}, scw.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(user.ID)
+
+	return resourceScalewayIamUserRead(ctx, d, meta)
+}
+
+func resourceScalewayIamUserRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	api := iamAPI(meta)
+	user, err := api.GetUser(&iam.GetUserRequest{
+		UserID: d.Id(),
+	}, scw.WithContext(ctx))
+	if err != nil {
+		if is404Error(err) {
+			d.SetId("")
+			return nil
+		}
+		return diag.FromErr(err)
+	}
+
+	_ = d.Set("email", user.Email)
+	_ = d.Set("created_at", flattenTime(user.CreatedAt))
+	_ = d.Set("updated_at", flattenTime(user.UpdatedAt))
+	_ = d.Set("organization_id", user.OrganizationID)
+	_ = d.Set("deletable", user.Deletable)
+	_ = d.Set("last_login_at", flattenTime(user.LastLoginAt))
+	_ = d.Set("type", user.Type)
+	_ = d.Set("two_factor_enabled", user.TwoFactorEnabled)
+	_ = d.Set("status", user.Status)
+	_ = d.Set("mfa", user.Mfa)
+
+	return nil
+}
+
+func resourceScalewayIamUserDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	api := iamAPI(meta)
+
+	err := api.DeleteUser(&iam.DeleteUserRequest{
+		UserID: d.Id(),
+	}, scw.WithContext(ctx))
+	if err != nil && !is404Error(err) {
+		return diag.FromErr(err)
+	}
+
+	return nil
+}

scaleway/resource_iam_user_test.go

@@ -0,0 +1,99 @@
+package scaleway
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	iam "github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1"
+	"github.com/scaleway/scaleway-sdk-go/scw"
+)
+
+func init() {
+	resource.AddTestSweepers("scaleway_iam_user", &resource.Sweeper{
+		Name: "scaleway_iam_user",
+		F:    testSweepIamUser,
+	})
+}
+
+func testSweepIamUser(_ string) error {
+	return sweep(func(scwClient *scw.Client) error {
+		api := iam.NewAPI(scwClient)
+
+		orgID, exists := scwClient.GetDefaultOrganizationID()
+		if !exists {
+			return fmt.Errorf("missing organizationID")
+		}
+
+		listUsers, err := api.ListUsers(&iam.ListUsersRequest{
+			OrganizationID: &orgID,
+		})
+		if err != nil {
+			return fmt.Errorf("failed to list users: %w", err)
+		}
+		for _, user := range listUsers.Users {
+			if !isTestResource(user.Email) {
+				continue
+			}
+			err = api.DeleteUser(&iam.DeleteUserRequest{
+				UserID: user.ID,
+			})
+			if err != nil {
+				return fmt.Errorf("failed to delete user: %w", err)
+			}
+		}
+		return nil
+	})
+}
+
+func TestAccScalewayIamUser_Basic(t *testing.T) {
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+	resource.ParallelTest(t, resource.TestCase{
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      testAccCheckScalewayIamUserDestroy(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+						resource "scaleway_iam_user" "user_basic" {
+							email = "[email protected]"
+						}
+					`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewayIamUserExists(tt, "scaleway_iam_user.user_basic"),
+					testCheckResourceAttrUUID("scaleway_iam_user.user_basic", "id"),
+					resource.TestCheckResourceAttr("scaleway_iam_user.user_basic", "email", "[email protected]"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckScalewayIamUserDestroy(tt *TestTools) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		for _, rs := range s.RootModule().Resources {
+			if rs.Type != "scaleway_iam_user" {
+				continue
+			}
+
+			iamAPI := iamAPI(tt.Meta)
+
+			_, err := iamAPI.GetUser(&iam.GetUserRequest{
+				UserID: rs.Primary.ID,
+			})
+
+			// If no error resource still exist
+			if err == nil {
+				return fmt.Errorf("resource %s(%s) still exist", rs.Type, rs.Primary.ID)
+			}
+
+			// Unexpected api error we return it
+			if !is404Error(err) {
+				return err
+			}
+		}
+
+		return nil
+	}
+}