feat: Add support for console OIDC provider type (#85)

Author: maciaszczykm

docs/resources/oidc_provider.md

@@ -23,6 +23,7 @@ description: |-
 ### Optional
 
 - `auth_method` (String)
+- `bindings` (Attributes Set) The users and groups able to utilize this provider. (see [below for nested schema](#nestedatt--bindings))
 - `description` (String) Description of this OIDC provider.
 - `redirect_uris` (Set of String)
 
@@ -31,3 +32,12 @@ description: |-
 - `client_id` (String, Sensitive)
 - `client_secret` (String, Sensitive)
 - `id` (String) Internal identifier of this OIDC provider.
+
+<a id="nestedatt--bindings"></a>
+### Nested Schema for `bindings`
+
+Optional:
+
+- `group_id` (String)
+- `id` (String)
+- `user_id` (String)

example/oidcprovider/main.tf

@@ -11,10 +11,17 @@ provider "plural" {
   use_cli = true
 }
 
+data "plural_user" "user" {
+  email = "[email protected]"
+}
+
 resource "plural_oidc_provider" "provider" {
   name = "tf-test-provider"
   auth_method = "BASIC"
-  type = "PLURAL"
+  type = "CONSOLE"
   description = "test provider"
   redirect_uris = ["localhost:8000"]
+  bindings = [
+    { user_id = data.plural_user.user.id }
+  ]
 }

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/hashicorp/terraform-plugin-framework-validators v0.16.0
 	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/pluralsh/console/go/client v1.30.0
+	github.com/pluralsh/console/go/client v1.33.0
 	github.com/pluralsh/plural-cli v0.12.1
 	github.com/pluralsh/polly v0.2.0
 	github.com/samber/lo v1.49.1

go.sum

@@ -618,8 +618,8 @@ github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxu
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pluralsh/console/go/client v1.30.0 h1:HLhIoZrSfxwWkGRs36xdB5d+OAaTCDvjNDNP2Fik30s=
-github.com/pluralsh/console/go/client v1.30.0/go.mod h1:lpoWASYsM9keNePS3dpFiEisUHEfObIVlSL3tzpKn8k=
+github.com/pluralsh/console/go/client v1.33.0 h1:rsp3zopb0wdMEvvQ+dOTM+I3qCoFWOk62JETwIPJrFw=
+github.com/pluralsh/console/go/client v1.33.0/go.mod h1:rPx6hufc/s17Wzy+7C4ZnA1nmn1JR0m4JeoxAQYj8+4=
 github.com/pluralsh/gqlclient v1.12.2 h1:BrEFAASktf4quFw57CIaLAd+NZUTLhG08fe6tnhBQN4=
 github.com/pluralsh/gqlclient v1.12.2/go.mod h1:OEjN9L63x8m3A3eQBv5kVkFgiY9fp2aZ0cgOF0uII58=
 github.com/pluralsh/plural-cli v0.12.1 h1:+bcYoepZ2tT1qRwb5RgXnVPs23RO7X+T0iTgVECBpa4=

internal/common/cluster_node_pool.go

@@ -110,7 +110,7 @@ func (c *NodePoolCloudSettings) Attributes() *console.NodePoolCloudAttributes {
 	}
 
 	if c.AWS != nil {
-		return &console.NodePoolCloudAttributes{Aws: c.AWS.Attributes()}
+		return &console.NodePoolCloudAttributes{AWS: c.AWS.Attributes()}
 	}
 
 	return nil
@@ -124,8 +124,8 @@ var NodePoolCloudSettingsAWSAttrTypes = map[string]attr.Type{
 	"launch_template_id": types.StringType,
 }
 
-func (c *NodePoolCloudSettingsAWS) Attributes() *console.AwsNodeCloudAttributes {
-	return &console.AwsNodeCloudAttributes{
+func (c *NodePoolCloudSettingsAWS) Attributes() *console.AWSNodeCloudAttributes {
+	return &console.AWSNodeCloudAttributes{
 		LaunchTemplateID: c.LaunchTemplateId.ValueStringPointer(),
 	}
 }

internal/model/oidc_provider.go

@@ -21,6 +21,7 @@ type OIDCProvider struct {
 	ClientSecret types.String `tfsdk:"client_secret"`
 	AuthMethod   types.String `tfsdk:"auth_method"`
 	RedirectURIs types.Set    `tfsdk:"redirect_uris"`
+	Bindings     types.Set    `tfsdk:"bindings"`
 }
 
 func (p *OIDCProvider) Attributes(ctx context.Context, d *diag.Diagnostics) gqlclient.OidcProviderAttributes {
@@ -29,6 +30,7 @@ func (p *OIDCProvider) Attributes(ctx context.Context, d *diag.Diagnostics) gqlc
 		Description:  p.descriptionAttribute(),
 		AuthMethod:   p.authMethodAttribute(),
 		RedirectUris: p.redirectURIsAttribute(ctx, d),
+		Bindings:     common.SetToPolicyBindingAttributes(p.Bindings, ctx, d),
 	}
 }
 

internal/model/provider.go

@@ -53,15 +53,15 @@ func (p *ProviderCloudSettings) Attributes() *console.CloudProviderSettingsAttri
 	}
 
 	if p.AWS != nil {
-		return &console.CloudProviderSettingsAttributes{Aws: p.AWS.Attributes()}
+		return &console.CloudProviderSettingsAttributes{AWS: p.AWS.Attributes()}
 	}
 
 	if p.Azure != nil {
 		return &console.CloudProviderSettingsAttributes{Azure: p.Azure.Attributes()}
 	}
 
 	if p.GCP != nil {
-		return &console.CloudProviderSettingsAttributes{Gcp: p.GCP.Attributes()}
+		return &console.CloudProviderSettingsAttributes{GCP: p.GCP.Attributes()}
 	}
 
 	return nil
@@ -72,8 +72,8 @@ type ProviderCloudSettingsAWS struct {
 	SecretAccessKey types.String `tfsdk:"secret_access_key"`
 }
 
-func (p *ProviderCloudSettingsAWS) Attributes() *console.AwsSettingsAttributes {
-	return &console.AwsSettingsAttributes{
+func (p *ProviderCloudSettingsAWS) Attributes() *console.AWSSettingsAttributes {
+	return &console.AWSSettingsAttributes{
 		AccessKeyID:     p.AccessKeyId.ValueString(),
 		SecretAccessKey: p.SecretAccessKey.ValueString(),
 	}
@@ -99,8 +99,8 @@ type ProviderCloudSettingsGCP struct {
 	Credentials types.String `tfsdk:"credentials"`
 }
 
-func (p *ProviderCloudSettingsGCP) Attributes() *console.GcpSettingsAttributes {
-	return &console.GcpSettingsAttributes{
+func (p *ProviderCloudSettingsGCP) Attributes() *console.GCPSettingsAttributes {
+	return &console.GCPSettingsAttributes{
 		ApplicationCredentials: p.Credentials.ValueString(),
 	}
 }

internal/resource/cluster_model.go

@@ -174,15 +174,15 @@ func (c *ClusterCloudSettings) Attributes() *console.CloudSettingsAttributes {
 	}
 
 	if c.AWS != nil {
-		return &console.CloudSettingsAttributes{Aws: c.AWS.Attributes()}
+		return &console.CloudSettingsAttributes{AWS: c.AWS.Attributes()}
 	}
 
 	if c.Azure != nil {
 		return &console.CloudSettingsAttributes{Azure: c.Azure.Attributes()}
 	}
 
 	if c.GCP != nil {
-		return &console.CloudSettingsAttributes{Gcp: c.GCP.Attributes()}
+		return &console.CloudSettingsAttributes{GCP: c.GCP.Attributes()}
 	}
 
 	return nil
@@ -192,8 +192,8 @@ type ClusterCloudSettingsAWS struct {
 	Region types.String `tfsdk:"region"`
 }
 
-func (c *ClusterCloudSettingsAWS) Attributes() *console.AwsCloudAttributes {
-	return &console.AwsCloudAttributes{
+func (c *ClusterCloudSettingsAWS) Attributes() *console.AWSCloudAttributes {
+	return &console.AWSCloudAttributes{
 		Region: c.Region.ValueStringPointer(),
 	}
 }
@@ -220,8 +220,8 @@ type ClusterCloudSettingsGCP struct {
 	Project types.String `tfsdk:"project"`
 }
 
-func (c *ClusterCloudSettingsGCP) Attributes() *console.GcpCloudAttributes {
-	return &console.GcpCloudAttributes{
+func (c *ClusterCloudSettingsGCP) Attributes() *console.GCPCloudAttributes {
+	return &console.GCPCloudAttributes{
 		Project: c.Project.ValueStringPointer(),
 		Network: c.Network.ValueStringPointer(),
 		Region:  c.Region.ValueStringPointer(),

internal/resource/oidc_provider.go

@@ -13,6 +13,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/setplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
@@ -92,6 +93,28 @@ func (r *OIDCProviderResource) Schema(_ context.Context, _ resource.SchemaReques
 				Optional:    true,
 				ElementType: types.StringType,
 			},
+			"bindings": schema.SetNestedAttribute{
+				Description:         "The users and groups able to utilize this provider..",
+				MarkdownDescription: "The users and groups able to utilize this provider.",
+				Optional:            true,
+				NestedObject: schema.NestedAttributeObject{
+					Attributes: map[string]schema.Attribute{
+						"group_id": schema.StringAttribute{
+							Optional:      true,
+							PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},
+						},
+						"id": schema.StringAttribute{
+							Optional:      true,
+							PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},
+						},
+						"user_id": schema.StringAttribute{
+							Optional:      true,
+							PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},
+						},
+					},
+				},
+				PlanModifiers: []planmodifier.Set{setplanmodifier.RequiresReplace()},
+			},
 		},
 	}
 }