Support for HCP Groups #787

squaresurf · 2024-03-14T20:43:17Z

Draft Status

This PR is in a Draft status until we address a blocking bug with the way the Go client wants to use the Update Group API in IAM. See a more detailed write up here: https://docs.google.com/document/d/1iwKzeaQ9ENUmangKSLInPH0tUdqjs0QFpncuOPG4yXU/edit

🛠️ Description

To support TFC customers using terraform to configure their orgs, HCP requires some identity resources to be exposed in the HCP TF Provider like Groups, Group Memberships, Principal Datasource.

This PR adds the following:

Group Resource
Group Data Source
Group Member Resource
User Principle Data Source

🏗️ Acceptance tests

Are there any feature flags that are required to use this functionality? No
Have you added an acceptance test for the functionality being added?
Have you run the acceptance tests on this branch?

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccGroupDataSource'
==> Checking that code complies with gofmt requirements...
golangci-lint run --config ./golangci-config.yml
TF_ACC=1 go test ./internal/... -v -run=TestAccGroupDataSource -timeout 360m -parallel=10
?       github.com/hashicorp/terraform-provider-hcp/internal/clients/iampolicy  [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/clients/packerv1   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/clients/packerv2   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/acctest   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/customtypes       [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/clients    0.429s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/consul     0.622s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/hcpvalidator       0.499s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/input      0.680s [no tests to run]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/modifiers [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer    [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils  [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/configbuilder    [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/configbuilder/packerconfig       [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/testcheck        [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/testclient       [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/utils      [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/utils/location     [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/utils/base [no test files]
=== RUN   TestAccGroupDataSource
--- PASS: TestAccGroupDataSource (9.31s)
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/iam       9.846s
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/logstreaming      0.808s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/sources/artifact   0.714s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/sources/version    1.106s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/resourcemanager   0.581s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/vaultsecrets      0.787s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/waypoint  1.315s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/webhook   1.054s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/webhook/validator 0.840s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/providersdkv2      1.202s [no tests to run]

$ make testacc TESTARGS='-run=TestAccUserPrincipalDataSource'
==> Checking that code complies with gofmt requirements...
golangci-lint run --config ./golangci-config.yml
TF_ACC=1 go test ./internal/... -v -run=TestAccUserPrincipalDataSource -timeout 360m -parallel=10
?       github.com/hashicorp/terraform-provider-hcp/internal/clients/iampolicy  [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/clients/packerv1   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/clients/packerv2   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/acctest   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/customtypes       [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/clients    0.175s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/consul     0.250s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/hcpvalidator       0.300s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/input      0.365s [no tests to run]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/modifiers [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer    [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils  [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/configbuilder    [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/configbuilder/packerconfig       [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/testcheck        [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/testclient       [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/utils      [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/utils/location     [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/utils/base [no test files]
=== RUN   TestAccUserPrincipalDataSource
--- PASS: TestAccUserPrincipalDataSource (5.32s)
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/iam       5.765s
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/logstreaming      0.572s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/sources/artifact   0.774s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/sources/version    0.961s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/resourcemanager   0.409s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/vaultsecrets      0.662s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/waypoint  0.836s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/webhook   1.136s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/webhook/validator 0.807s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/providersdkv2      1.382s [no tests to run]

$ make testacc TESTARGS='-run=TestAccGroupMembersResource'
==> Checking that code complies with gofmt requirements...
golangci-lint run --config ./golangci-config.yml
TF_ACC=1 go test ./internal/... -v -run=TestAccGroupMembersResource -timeout 360m -parallel=10
?       github.com/hashicorp/terraform-provider-hcp/internal/clients/iampolicy  [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/clients/packerv1   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/clients/packerv2   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/acctest   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/customtypes       [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/clients    0.178s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/consul     0.396s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/hcpvalidator       0.230s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/input      0.297s [no tests to run]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/modifiers [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer    [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils  [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/configbuilder    [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/configbuilder/packerconfig       [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/testcheck        [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/testclient       [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/utils      [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/utils/location     [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/utils/base [no test files]
=== RUN   TestAccGroupMembersResource
--- PASS: TestAccGroupMembersResource (21.00s)
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/iam       21.466s
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/logstreaming      0.561s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/sources/artifact   0.724s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/sources/version    0.936s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/resourcemanager   0.412s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/vaultsecrets      0.677s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/waypoint  0.959s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/webhook   1.209s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/webhook/validator 0.626s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/providersdkv2      1.325s [no tests to run]

This test is failing while we fix the IAM Update Group API

$ make testacc TESTARGS='-run=TestAccGroupResource'
==> Checking that code complies with gofmt requirements...
golangci-lint run --config ./golangci-config.yml
TF_ACC=1 go test ./internal/... -v -run=TestAccGroupResource -timeout 360m -parallel=10
?       github.com/hashicorp/terraform-provider-hcp/internal/clients/iampolicy  [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/clients/packerv2   [no test files]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/clients    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/consul     (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/hcpvalidator       (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/input      (cached) [no tests to run]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/acctest   [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/customtypes       [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/modifiers [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer    [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils  [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/configbuilder    [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/configbuilder/packerconfig       [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/testcheck        [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/testutils/testclient       [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/utils      [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/utils/base [no test files]
?       github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/utils/location     [no test files]
=== RUN   TestAccGroupResource
--- PASS: TestAccGroupResource (11.40s)
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/iam       12.036s
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/logstreaming      1.619s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/sources/artifact   1.020s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/packer/sources/version    1.935s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/resourcemanager   1.173s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/vaultsecrets      1.511s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/waypoint  1.891s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/webhook   2.222s [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/webhook/validator (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/providersdkv2      2.495s [no tests to run]

👀 Review Suggestions

Review of this PR would be easiest to review the changes as a whole rather than commit by commit. This is because there are multiple engineers working on this PR and we don't want to rewrite history out from each other. We will squash when it's time to merge.

Groups Data Source

* add groups data source * run go generate * remove redundant import name * add check for no inputs

* define group resource * group resource implementation * group resource test coverage * syntax, validation tweaks * add docs - group resource * add docs - group data source * revise schema constraints * cleanup docs/comments * add pre-destroy check to test coverage/update docs * create group before fetching in datasource test coverage

Jira: https://hashicorp.atlassian.net/browse/HCPIE-1023

docs/resources/group_members.md

docs/data-sources/group.md

examples/resources/hcp_group/import.sh

examples/resources/hcp_group_members/resource.tf

seriousben

Adding minor doc comments

.changelog/787.txt

itsjaspermilan

Tested with a local version of the provider using the following terraform file:

terraform {
  required_providers {
    hcp = {
      source  = "localhost/providers/hcp"
      version = "0.0.1"
    }
  }
}

provider "hcp" {}

data "hcp_user_principal" "me" {
  user_id = <REDACTED_USER_ID>
}

resource "hcp_group" "cool-group" {
  display_name = "Cool Group"
  description  = "Created with Terraform"
}

data "hcp_group" "another-cool-group" {
  resource_name = <REDACTED_RESOURCE_NAME>
}

resource "hcp_group_members" "group-members-1" {
  group = hcp_group.cool-group.resource_name
  members = [
    data.hcp_user_principal.me.user_id
  ]
}

resource "hcp_group_members" "group-members-2" {
  group = data.hcp_group.another-cool-group.resource_name
  members = [
    data.hcp_user_principal.me.user_id
  ]
}

Before `terraform apply`

After `terraform apply`

manish-hashicorp

Rubber stamping.

JolisaBrownHashiCorp and others added 4 commits March 14, 2024 16:15

Group Data Source (#759)

1e1286d

Groups Data Source

HCPIE-1019: Add Groups Data Source (#779)

f0bf841

* add groups data source * run go generate * remove redundant import name * add check for no inputs

Add hcp_group_members resource (#783)

33fdfb0

Jira: https://hashicorp.atlassian.net/browse/HCPIE-1023

squaresurf force-pushed the iam-groups-resources-hcpie-1016 branch from ca6b547 to 33fdfb0 Compare March 14, 2024 22:16

itsjaspermilan and others added 3 commits March 15, 2024 09:39

add changelog

6160e60

Merge branch 'main' into iam-groups-resources-hcpie-1016

05d462a

Add newline to end of files

bd65305

squaresurf requested a review from seriousben March 15, 2024 16:53

Regenerate docs

5d17a6a

seriousben reviewed Mar 15, 2024

View reviewed changes

docs/resources/group_members.md Outdated Show resolved Hide resolved

seriousben reviewed Mar 15, 2024

View reviewed changes

docs/data-sources/group.md Outdated Show resolved Hide resolved

seriousben reviewed Mar 15, 2024

View reviewed changes

examples/resources/hcp_group/import.sh Outdated Show resolved Hide resolved

seriousben reviewed Mar 15, 2024

View reviewed changes

examples/resources/hcp_group_members/resource.tf Outdated Show resolved Hide resolved

Apply doc suggestions

7ead047

squaresurf requested a review from seriousben March 18, 2024 22:06

seriousben reviewed Mar 19, 2024

View reviewed changes

.changelog/787.txt Outdated Show resolved Hide resolved

.changelog/787.txt Outdated Show resolved Hide resolved

Make more doc changes based on PR comments

9a02b4b

squaresurf requested a review from seriousben March 20, 2024 14:23

squaresurf added 2 commits March 20, 2024 11:40

Merge branch 'main' into iam-groups-resources-hcpie-1016

1744063

Update hcp-sdk-go so that a group can be updated

a0caf3b

squaresurf marked this pull request as ready for review March 20, 2024 18:08

squaresurf requested review from a team as code owners March 20, 2024 18:08

itsjaspermilan approved these changes Mar 20, 2024

View reviewed changes

manish-hashicorp approved these changes Mar 21, 2024

View reviewed changes

squaresurf merged commit d937b3f into main Mar 21, 2024
6 checks passed

squaresurf deleted the iam-groups-resources-hcpie-1016 branch March 21, 2024 19:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support for HCP Groups #787

Support for HCP Groups #787

squaresurf commented Mar 14, 2024 •

edited

Loading

seriousben left a comment

itsjaspermilan left a comment

manish-hashicorp left a comment

Support for HCP Groups #787

Support for HCP Groups #787

Conversation

squaresurf commented Mar 14, 2024 • edited Loading

Draft Status

🛠️ Description

🏗️ Acceptance tests

👀 Review Suggestions

seriousben left a comment

Choose a reason for hiding this comment

itsjaspermilan left a comment

Choose a reason for hiding this comment

Before terraform apply

After terraform apply

manish-hashicorp left a comment

Choose a reason for hiding this comment

squaresurf commented Mar 14, 2024 •

edited

Loading

Before `terraform apply`

After `terraform apply`