Add user resource and namespace datasource #83
Conversation
|
|
|
thank you for the PR! I will review this as soon as I can! |
|
also, not sure why the CI didn't run on this PR... I'll investigate that separately 🙈 |
| Description: "The endpoints for the namespace.", | ||
| Attributes: map[string]schema.Attribute{ | ||
| "web_address": schema.StringAttribute{ | ||
| Description: "The web ui address.", |
There was a problem hiding this comment.
| Description: "The web ui address.", | |
| Description: "The web UI address.", |
There was a problem hiding this comment.
As with aws_private_link_info I admittedly grabbed the description from the proto model comment 😅
There was a problem hiding this comment.
whoops - we'll go fix up the proto docs too haha
|
|
||
| namespacesDataModel struct { | ||
| ID types.String `tfsdk:"id"` | ||
| Namespaces []namespaceDataModel `tfsdk:"namespaces"` |
There was a problem hiding this comment.
I'm looking at the design of similar data sources, like:
Each one of these has a schema that returns only the IDs of the resources that it finds, with the expectation that you'd pair this with a separate aws_subnet data source later in the program. What do you think about doing something similar here? Something like temporalcloud_namespaces returning a list of namespace IDs, and temporalcloud_namespace (the datasource) turns an ID into the namespaceDataModel object you have here? I realize as I write this that temporalcloud_regions does the same thing as the data source you added here, so I'm not sure - as a user, which one of these schemes makes the most sense to you?
There was a problem hiding this comment.
I tend to favor the more verbose option (like how temporalcloud_regions does) since I often end up filtering by non-id attributes when doing bulk actions on resources. Just having the id means I end up in O(n) time instead of O(1) time (since I have to do n number of additional calls in those cases instead of one call to retrieve all the data I need) (and yeah I know with pagination we're not in O(n) anyway.)
For my specific use case currently I could get away with just having the id (or the ID and name, similar to how the Datadog provider often does it) but that will probably change and having all the attributes would be useful.
So especially since the Temporal Cloud API provides the full namespace spec when calling GetNamespaces, I heavily lean towards providing all the attrs rather than just id.
There was a problem hiding this comment.
works for me - thank you!
| "aws_private_link_info": schema.SingleNestedAttribute{ | ||
| Computed: true, | ||
| Optional: true, | ||
| Description: "The AWS PrivateLink info. This will only be set for an AWS region.", |
There was a problem hiding this comment.
It took me a second to parse this but now I think I understand - what about something like: "This will only be set for namespaces whose cloud provider is AWS"?
There was a problem hiding this comment.
Admittedly this comment was copy-pasted from the cloud service proto model 😅 Your wording is much clearer, I'll update both the proto and the schema description rn, and open a PR in the cloud service proto repo when I get the chance.
internal/provider/user_resource.go
Outdated
| Optional: true, | ||
| NestedObject: schema.NestedAttributeObject{ | ||
| Attributes: map[string]schema.Attribute{ | ||
| "namespace": schema.StringAttribute{ |
There was a problem hiding this comment.
should this be the name property of the namespace or the id property? Based on the example it looks like it's id, so that might be worth calling out explicitly here ("The ID of the namespace to assign permissions to")
There was a problem hiding this comment.
Definitely should be the ID. I'll rename the attribute to namespace_id so it is obvious.
| account_access = "admin" | ||
| } | ||
|
|
||
| resource "temporalcloud_user" "namespace_admin" { |
There was a problem hiding this comment.
if you drop a bash script named import.sh in this directory, the documentation generator will generate a little stanza in the docs about how to import the resource, like this: https://github.com/temporalio/terraform-provider-temporalcloud/blob/main/examples/resources/temporalcloud_namespace/import.sh
|
also, don't worry about the TF acceptance tests - they won't pass on PR since our API key secret isn't exposed on PRs - I'll just run them locally before merge |
| const ( | ||
| // TODO change email address. | ||
| emailDomain = "temporal.io" | ||
| emailBaseAddr = "test" |
There was a problem hiding this comment.
can this be saas-cicd-prod+terrformprovider-<a random string>? we've got some automation internally to know not to worry about these :P
e.g. createRandomEmail() returns saas-cicd-prod+terrformprovider-<a random string>@temporal.io
ennyjfrick
force-pushed
the
add-user-resource-and-namespace-datasource
branch
2 times, most recently
from
40738f8
to
c4f35ac
Compare
ennyjfrick
force-pushed
the
add-user-resource-and-namespace-datasource
branch
from
c4f35ac
to
176064f
Compare
|
woo!! @swgillespie would you mind cutting a release when you get a chance? we're about to release a Pulumi provider that bridges off this Terraform provider, I'd love to get the new resource and data source into it. |
What was changed
Why?
It's tricky to manage users through the CLI! My company uses IaC for almost everything for compliance reasons, and we're also heavy users of Temporal; so being able to manage users and add namespace permissions in bulk helps us out greatly.
Checklist
Closes [Feature Request] Add user resource and namespaces data source #82
How was this tested:
Added acceptance tests for the new resource and data source; you can run them and verify they pass :)
Any docs updates needed?
Docs included with pull request.