-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(org): add user group member support #1367
Conversation
6c8f79e
to
0eb7863
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks like current state of things allows us to implement this via Terraform Plugin Framework, could you please redo it with its usage?
0eb7863
to
ab9438f
Compare
does calling this API endpoint not returns a list of users even with those that hadn't accepted the invitation yet? |
Nope, ID of the user is only know after accepting an invitation |
) | ||
|
||
var aivenOrganizationUserGroupMemberSchema = map[string]*schema.Schema{ | ||
"organization_id": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't the organization_id given by the group?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it is, why?
The decision was made to skip this feature implementation |
Does this mean there will not be a way to administer user/group membership via Terraform? We have created users and groups via Terraform, and were hoping that we might be able to handle group membership that way as well. Is this not going to be possible? If so...is the recommendation to stick with the older "teams" functionality for RBAC instead? |
@ivan-savciuc could you please give your comment? |
@mwoods-familiaris, unfortunately, it will not be possible to administer user/group membership via Terraform. The reason is API implementation. An organization user has no ID until an invitation that was sent via email hasn't been accepted. Therefore, we cannot organize users into groups until all users we manage have accepted invitations, which breaks Terraform flow to multiple stages. So, unlike account teams and projects, similar functionality will not be available for organizations. If this is important for your organization, please contact our customer support with such a request. We need to change an API to unblock this functionality for Terraform and other IaC tools, and an internal decision was made to wait and get feedback if this is something our customers want. Lastly, the account teams, users, projects, etc., will be deprecated and eventually deleted from Terraform in the upcoming major releases. All the customers should migrate to organizations that do not support the same level of functionality in Terraform for the moment of writing. |
About this change—what it does
Adding organization user group member support.
I cannot add acceptance tests for this feature because the
user_id
of the newly invited member will be known only after an invitation is accepted. And we cannot simulate this during the test. Moreover, if we invite already existing Aiven users to a different organization,user_id
is still unavailable, and we have to accept an invitation.This is revived version of this PR: #1282
@ngilles-aiven wrote this feedback:
The difference between
aiven_account_team_member
and newaiven_organization_user_group_member
is following:Ideally we want to keep using email address for the instead of user ID if possible, cc @ngilles-aiven @rsalevsky