-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add user resource and namespace datasource #83
Add user resource and namespace datasource #83
Conversation
thank you for the PR! I will review this as soon as I can! |
also, not sure why the CI didn't run on this PR... I'll investigate that separately 🙈 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is phenomenal - thank you so much for putting the effort into this!
Description: "The endpoints for the namespace.", | ||
Attributes: map[string]schema.Attribute{ | ||
"web_address": schema.StringAttribute{ | ||
Description: "The web ui address.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Description: "The web ui address.", | |
Description: "The web UI address.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As with aws_private_link_info
I admittedly grabbed the description from the proto model comment 😅
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
whoops - we'll go fix up the proto docs too haha
|
||
namespacesDataModel struct { | ||
ID types.String `tfsdk:"id"` | ||
Namespaces []namespaceDataModel `tfsdk:"namespaces"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm looking at the design of similar data sources, like:
Each one of these has a schema that returns only the IDs of the resources that it finds, with the expectation that you'd pair this with a separate aws_subnet
data source later in the program. What do you think about doing something similar here? Something like temporalcloud_namespaces
returning a list of namespace IDs, and temporalcloud_namespace
(the datasource) turns an ID into the namespaceDataModel
object you have here? I realize as I write this that temporalcloud_regions
does the same thing as the data source you added here, so I'm not sure - as a user, which one of these schemes makes the most sense to you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tend to favor the more verbose option (like how temporalcloud_regions
does) since I often end up filtering by non-id attributes when doing bulk actions on resources. Just having the id means I end up in O(n) time instead of O(1) time (since I have to do n number of additional calls in those cases instead of one call to retrieve all the data I need) (and yeah I know with pagination we're not in O(n) anyway.)
For my specific use case currently I could get away with just having the id (or the ID and name, similar to how the Datadog provider often does it) but that will probably change and having all the attributes would be useful.
So especially since the Temporal Cloud API provides the full namespace spec when calling GetNamespaces
, I heavily lean towards providing all the attrs rather than just id.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
works for me - thank you!
"aws_private_link_info": schema.SingleNestedAttribute{ | ||
Computed: true, | ||
Optional: true, | ||
Description: "The AWS PrivateLink info. This will only be set for an AWS region.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It took me a second to parse this but now I think I understand - what about something like: "This will only be set for namespaces whose cloud provider is AWS"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Admittedly this comment was copy-pasted from the cloud service proto model 😅 Your wording is much clearer, I'll update both the proto and the schema description rn, and open a PR in the cloud service proto repo when I get the chance.
internal/provider/user_resource.go
Outdated
Optional: true, | ||
NestedObject: schema.NestedAttributeObject{ | ||
Attributes: map[string]schema.Attribute{ | ||
"namespace": schema.StringAttribute{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should this be the name
property of the namespace or the id
property? Based on the example it looks like it's id
, so that might be worth calling out explicitly here ("The ID of the namespace to assign permissions to")
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Definitely should be the ID. I'll rename the attribute to namespace_id
so it is obvious.
account_access = "admin" | ||
} | ||
|
||
resource "temporalcloud_user" "namespace_admin" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if you drop a bash script named import.sh
in this directory, the documentation generator will generate a little stanza in the docs about how to import the resource, like this: https://github.com/temporalio/terraform-provider-temporalcloud/blob/main/examples/resources/temporalcloud_namespace/import.sh
also, don't worry about the TF acceptance tests - they won't pass on PR since our API key secret isn't exposed on PRs - I'll just run them locally before merge |
const ( | ||
// TODO change email address. | ||
emailDomain = "temporal.io" | ||
emailBaseAddr = "test" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can this be saas-cicd-prod+terrformprovider-<a random string>
? we've got some automation internally to know not to worry about these :P
e.g. createRandomEmail()
returns saas-cicd-prod+terrformprovider-<a random string>@temporal.io
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed rn!
40738f8
to
c4f35ac
Compare
c4f35ac
to
176064f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thank you! with the one change I posted the acceptance tests all passed. with that change I think this is good to merge. thank you for doing this!
woo!! @swgillespie would you mind cutting a release when you get a chance? we're about to release a Pulumi provider that bridges off this Terraform provider, I'd love to get the new resource and data source into it. |
What was changed
Why?
It's tricky to manage users through the CLI! My company uses IaC for almost everything for compliance reasons, and we're also heavy users of Temporal; so being able to manage users and add namespace permissions in bulk helps us out greatly.
Checklist
Closes [Feature Request] Add user resource and namespaces data source #82
How was this tested:
Added acceptance tests for the new resource and data source; you can run them and verify they pass :)
Any docs updates needed?
Docs included with pull request.