Cloud User Group Resources (#292)

* Add support for cloud user groups

* Add cloud group tests

* Add cloud group members test

* Update tests

* Add docs

* Remove support for SCIM groups for now

* Update to newest sdk release

* Remove group access from resource

* Add a group access test

* Fix test

* Fix test

* Update docs

* Fix linter error

* Fix tests

* Fix tests

---------

Co-authored-by: Brian Kassouf <[email protected]>

Author: briankassouf

docs/resources/group.md

@@ -0,0 +1,88 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "temporalcloud_group Resource - terraform-provider-temporalcloud"
+subcategory: ""
+description: |-
+  Provisions a Temporal Cloud User Group.
+---
+
+# temporalcloud_group (Resource)
+
+Provisions a Temporal Cloud User Group.
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    temporalcloud = {
+      source = "temporalio/temporalcloud"
+    }
+  }
+}
+
+provider "temporalcloud" {
+
+}
+
+resource "temporalcloud_namespace" "namespace" {
+  name               = "terraform"
+  regions            = ["aws-us-east-1"]
+  accepted_client_ca = base64encode(file("${path.module}/ca.pem"))
+  retention_days     = 14
+}
+
+resource "temporalcloud_group" "namespace_admin_group" {
+  name = "developers"
+}
+
+resource "temporalcloud_group_access" "namespace_admin_group_access" {
+  group_id       = temporalcloud_group.namespace_admin_group.id
+  account_access = "developer"
+  namespace_accesses = [
+    {
+      namespace_id = temporalcloud_namespace.namespace.id
+      permission   = "admin"
+    }
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the group
+
+### Optional
+
+- `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
+
+### Read-Only
+
+- `id` (String) The unique identifier of the group.
+- `state` (String) The current state of the group.
+
+<a id="nestedblock--timeouts"></a>
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+
+## Import
+
+Import is supported using the following syntax:
+
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
+```shell
+# Groups can be imported to incorporate existing Groups into your Terraform pipeline.
+# To import a Group, you need
+# - a resource configuration in your Terraform configuration file/module to accept the imported Group. In the example below, the placeholder is "temporalcloud_group" "group"
+# - the Group's ID, which is found using the Temporal Cloud CLI tcld g l. In the example below, this is 72360058153949edb2f1d47019c1e85f
+
+terraform import temporalcloud_group.group 72360058153949edb2f1d47019c1e85f
+```

docs/resources/group_members.md

@@ -0,0 +1,87 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "temporalcloud_group_members Resource - terraform-provider-temporalcloud"
+subcategory: ""
+description: |-
+  Sets Group Membership for the provided Group ID. Only use one per group.
+---
+
+# temporalcloud_group_members (Resource)
+
+Sets Group Membership for the provided Group ID. Only use one per group.
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    temporalcloud = {
+      source = "temporalio/temporalcloud"
+    }
+  }
+}
+
+provider "temporalcloud" {
+
+}
+
+resource "temporalcloud_group" "admin_group" {
+  name = "admins"
+}
+
+resource "temporalcloud_user" "reader" {
+  email          = "[email protected]"
+  account_access = "reader"
+}
+
+resource "temporalcloud_group_access" "admin_group_access" {
+  group_id       = temporalcloud_group.admin_group.id
+  account_access = "admin"
+}
+
+resource "temporalcloud_group_members" "admin_group_members" {
+  group_id = temporalcloud_group.admin_group.id
+  users = [
+    temporalcloud_user.reader.id,
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `group_id` (String) The Group ID to set the members for.
+- `users` (Set of String) The users to add to the group.
+
+### Optional
+
+- `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
+
+### Read-Only
+
+- `id` (String) The unique identifier of the group.
+
+<a id="nestedblock--timeouts"></a>
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+
+## Import
+
+Import is supported using the following syntax:
+
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
+```shell
+# Group Members can be imported to incorporate existing Group Memberships into your Terraform pipeline.
+# To import Group Members, you need
+# - a resource configuration in your Terraform configuration file/module to accept the imported Group Members. In the example below, the placeholder is "temporalcloud_group_members" "group"
+# - the Group's ID, which is found using the Temporal Cloud CLI tcld g l. In the example below, this is 72360058153949edb2f1d47019c1e85f
+
+terraform import temporalcloud_group_members.group 72360058153949edb2f1d47019c1e85f
+```

examples/resources/temporalcloud_group/import.sh

@@ -0,0 +1,6 @@
+# Groups can be imported to incorporate existing Groups into your Terraform pipeline.
+# To import a Group, you need
+# - a resource configuration in your Terraform configuration file/module to accept the imported Group. In the example below, the placeholder is "temporalcloud_group" "group"
+# - the Group's ID, which is found using the Temporal Cloud CLI tcld g l. In the example below, this is 72360058153949edb2f1d47019c1e85f
+
+terraform import temporalcloud_group.group 72360058153949edb2f1d47019c1e85f

examples/resources/temporalcloud_group/resource.tf

@@ -0,0 +1,33 @@
+terraform {
+  required_providers {
+    temporalcloud = {
+      source = "temporalio/temporalcloud"
+    }
+  }
+}
+
+provider "temporalcloud" {
+
+}
+
+resource "temporalcloud_namespace" "namespace" {
+  name               = "terraform"
+  regions            = ["aws-us-east-1"]
+  accepted_client_ca = base64encode(file("${path.module}/ca.pem"))
+  retention_days     = 14
+}
+
+resource "temporalcloud_group" "namespace_admin_group" {
+  name = "developers"
+}
+
+resource "temporalcloud_group_access" "namespace_admin_group_access" {
+  group_id       = temporalcloud_group.namespace_admin_group.id
+  account_access = "developer"
+  namespace_accesses = [
+    {
+      namespace_id = temporalcloud_namespace.namespace.id
+      permission   = "admin"
+    }
+  ]
+}

examples/resources/temporalcloud_group_members/import.sh

@@ -0,0 +1,6 @@
+# Group Members can be imported to incorporate existing Group Memberships into your Terraform pipeline.
+# To import Group Members, you need
+# - a resource configuration in your Terraform configuration file/module to accept the imported Group Members. In the example below, the placeholder is "temporalcloud_group_members" "group"
+# - the Group's ID, which is found using the Temporal Cloud CLI tcld g l. In the example below, this is 72360058153949edb2f1d47019c1e85f
+
+terraform import temporalcloud_group_members.group 72360058153949edb2f1d47019c1e85f

examples/resources/temporalcloud_group_members/resource.tf

@@ -0,0 +1,32 @@
+terraform {
+  required_providers {
+    temporalcloud = {
+      source = "temporalio/temporalcloud"
+    }
+  }
+}
+
+provider "temporalcloud" {
+
+}
+
+resource "temporalcloud_group" "admin_group" {
+  name = "admins"
+}
+
+resource "temporalcloud_user" "reader" {
+  email          = "[email protected]"
+  account_access = "reader"
+}
+
+resource "temporalcloud_group_access" "admin_group_access" {
+  group_id       = temporalcloud_group.admin_group.id
+  account_access = "admin"
+}
+
+resource "temporalcloud_group_members" "admin_group_members" {
+  group_id = temporalcloud_group.admin_group.id
+  users = [
+    temporalcloud_user.reader.id,
+  ]
+}

internal/provider/provider.go

@@ -175,6 +175,8 @@ func (p *TerraformCloudProvider) Resources(ctx context.Context) []func() resourc
 		NewMetricsEndpointResource,
 		NewNexusEndpointResource,
 		NewNamespaceExportSinkResource,
+		NewUserGroupResource,
+		NewUserGroupMembersResource,
 		NewGroupAccessResource,
 		NewConnectivityRuleResource,
 	}