User datasource (#333)

Author: anekkanti

internal/provider/provider.go

@@ -187,6 +187,8 @@ func (p *TerraformCloudProvider) DataSources(ctx context.Context) []func() datas
 		NewServiceAccountsDataSource,
 		NewNamespaceDataSource,
 		NewServiceAccountDataSource,
+		NewUserDataSource,
+		NewUsersDataSource,
 		NewSCIMGroupDataSource,
 	}
 }

internal/provider/user_datasource.go

@@ -0,0 +1,84 @@
+package provider
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	cloudservicev1 "go.temporal.io/cloud-sdk/api/cloudservice/v1"
+
+	"github.com/temporalio/terraform-provider-temporalcloud/internal/client"
+)
+
+type (
+	userDataSource struct {
+		client *client.Client
+	}
+)
+
+var (
+	_ datasource.DataSource              = (*userDataSource)(nil)
+	_ datasource.DataSourceWithConfigure = (*userDataSource)(nil)
+)
+
+func NewUserDataSource() datasource.DataSource {
+	return &userDataSource{}
+}
+
+func (d *userDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_user"
+}
+
+func (d *userDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*client.Client)
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			"Expected *client.Client, got: %T. Please report this issue to the provider developers.",
+		)
+		return
+	}
+
+	d.client = client
+}
+
+func (d *userDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Description: "Fetches details about a User.",
+		Attributes:  userSchema(true),
+	}
+}
+
+func (d *userDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var input userDataModel
+	resp.Diagnostics.Append(req.Config.Get(ctx, &input)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	if len(input.ID.ValueString()) == 0 {
+		resp.Diagnostics.AddError("invalid user id", "user id is required")
+		return
+	}
+
+	saResp, err := d.client.CloudService().GetUser(ctx, &cloudservicev1.GetUserRequest{
+		UserId: input.ID.ValueString(),
+	})
+	if err != nil {
+		resp.Diagnostics.AddError("Unable to fetch user", err.Error())
+		return
+	}
+
+	saDataModel, diags := userToUserDataModel(ctx, saResp.GetUser())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	diags = resp.State.Set(ctx, &saDataModel)
+	resp.Diagnostics.Append(diags...)
+}

internal/provider/user_datasource_model.go

@@ -0,0 +1,151 @@
+package provider
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	identityv1 "go.temporal.io/cloud-sdk/api/identity/v1"
+
+	"github.com/temporalio/terraform-provider-temporalcloud/internal/provider/enums"
+	internaltypes "github.com/temporalio/terraform-provider-temporalcloud/internal/types"
+)
+
+type (
+	usersDataModel struct {
+		ID    types.String    `tfsdk:"id"`
+		Users []userDataModel `tfsdk:"users"`
+	}
+
+	userDataModel struct {
+		ID                types.String                             `tfsdk:"id"`
+		Email             types.String                             `tfsdk:"email"`
+		State             types.String                             `tfsdk:"state"`
+		AccountAccess     internaltypes.CaseInsensitiveStringValue `tfsdk:"account_access"`
+		NamespaceAccesses types.Set                                `tfsdk:"namespace_accesses"`
+		CreatedAt         types.String                             `tfsdk:"created_at"`
+		UpdatedAt         types.String                             `tfsdk:"updated_at"`
+	}
+
+	userNSAccessModel struct {
+		NamespaceID types.String `tfsdk:"namespace_id"`
+		Permission  types.String `tfsdk:"permission"`
+	}
+)
+
+func userToUserDataModel(ctx context.Context, sa *identityv1.User) (*userDataModel, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	stateStr, err := enums.FromResourceState(sa.State)
+	if err != nil {
+		diags.AddError("Unable to convert user state", err.Error())
+		return nil, diags
+	}
+
+	userModel := &userDataModel{
+		ID:        types.StringValue(sa.Id),
+		Email:     types.StringValue(sa.GetSpec().GetEmail()),
+		State:     types.StringValue(stateStr),
+		CreatedAt: types.StringValue(sa.GetCreatedTime().AsTime().GoString()),
+		UpdatedAt: types.StringValue(sa.GetLastModifiedTime().AsTime().GoString()),
+	}
+
+	role, err := enums.FromAccountAccessRole(sa.GetSpec().GetAccess().GetAccountAccess().GetRole())
+	if err != nil {
+		diags.AddError("Failed to convert account access role", err.Error())
+		return nil, diags
+	}
+
+	userModel.AccountAccess = internaltypes.CaseInsensitiveString(role)
+
+	namespaceAccesses := types.SetNull(types.ObjectType{AttrTypes: userNamespaceAccessAttrs})
+
+	if len(sa.GetSpec().GetAccess().GetNamespaceAccesses()) > 0 {
+		namespaceAccessObjects := make([]types.Object, 0)
+		for ns, namespaceAccess := range sa.GetSpec().GetAccess().GetNamespaceAccesses() {
+			permission, err := enums.FromNamespaceAccessPermission(namespaceAccess.GetPermission())
+			if err != nil {
+				diags.AddError("Failed to convert namespace access permission", err.Error())
+				return nil, diags
+			}
+
+			model := userNSAccessModel{
+				NamespaceID: types.StringValue(ns),
+				Permission:  types.StringValue(permission),
+			}
+			obj, d := types.ObjectValueFrom(ctx, userNamespaceAccessAttrs, model)
+			diags.Append(d...)
+			if diags.HasError() {
+				return nil, diags
+			}
+
+			namespaceAccessObjects = append(namespaceAccessObjects, obj)
+		}
+
+		accesses, d := types.SetValueFrom(ctx, types.ObjectType{AttrTypes: userNamespaceAccessAttrs}, namespaceAccessObjects)
+		diags.Append(d...)
+		if diags.HasError() {
+			return nil, diags
+		}
+		namespaceAccesses = accesses
+	}
+	userModel.NamespaceAccesses = namespaceAccesses
+
+	return userModel, diags
+}
+
+func userSchema(idRequired bool) map[string]schema.Attribute {
+	idAttribute := schema.StringAttribute{
+		Description: "The unique identifier of the User.",
+	}
+
+	switch idRequired {
+	case true:
+		idAttribute.Required = true
+	case false:
+		idAttribute.Computed = true
+	}
+
+	return map[string]schema.Attribute{
+		"id": idAttribute,
+		"email": schema.StringAttribute{
+			Description: "The email of the User.",
+			Computed:    true,
+		},
+		"state": schema.StringAttribute{
+			Description: "The current state of the User.",
+			Computed:    true,
+		},
+		"account_access": schema.StringAttribute{
+			CustomType:  internaltypes.CaseInsensitiveStringType{},
+			Description: "The role on the account. Must be one of admin, developer, or read (case-insensitive).",
+			Computed:    true,
+		},
+		"namespace_accesses": schema.SetNestedAttribute{
+			Description: "The set of namespace permissions for this user, including each namespace and its role.",
+			Optional:    true,
+			Computed:    true,
+			NestedObject: schema.NestedAttributeObject{
+				Attributes: map[string]schema.Attribute{
+					"namespace_id": schema.StringAttribute{
+						Description: "The namespace to assign permissions to.",
+						Computed:    true,
+					},
+					"permission": schema.StringAttribute{
+						CustomType:  types.StringType,
+						Description: "The permission to assign. Must be one of admin, write, or read (case-insensitive)",
+						Computed:    true,
+					},
+				},
+			},
+		},
+		"created_at": schema.StringAttribute{
+			Description: "The creation time of the User.",
+			Computed:    true,
+		},
+		"updated_at": schema.StringAttribute{
+			Description: "The last update time of the User.",
+			Computed:    true,
+		},
+	}
+}

internal/provider/user_datasource_test.go

@@ -0,0 +1,75 @@
+package provider
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccDataSource_User(t *testing.T) {
+	email := createRandomEmail()
+	config := func(email string, role string) string {
+		return fmt.Sprintf(`
+provider "temporalcloud" {
+
+}
+
+resource "temporalcloud_user" "terraform" {
+  email = "%s"
+  account_access = "%s"
+}
+
+data "temporalcloud_user" "terraform" {
+  id = temporalcloud_user.terraform.id
+}
+
+output "user" {
+  value = data.temporalcloud_user.terraform
+}
+`, email, role)
+	}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: config(email, "read"),
+				Check: func(s *terraform.State) error {
+					output, ok := s.RootModule().Outputs["user"]
+					if !ok {
+						return fmt.Errorf("missing expected output")
+					}
+
+					outputValue, ok := output.Value.(map[string]any)
+					if !ok {
+						return fmt.Errorf("expected value to be map")
+					}
+
+					outputName, ok := outputValue["email"].(string)
+					if !ok {
+						return fmt.Errorf("expected value to be a string")
+					}
+					if outputName != email {
+						return fmt.Errorf("expected user email to be %s, got %s", email, outputName)
+					}
+
+					outputState, ok := outputValue["state"].(string)
+					if !ok {
+						return fmt.Errorf("expected value to be a string")
+					}
+					if outputState != "active" {
+						return fmt.Errorf("expected user state to be active, got %s", outputState)
+					}
+
+					return nil
+				},
+			},
+		},
+	})
+}