feat: Add write bindings to OIDC provider resource (#86)

maciaszczykm · web-flow · commit f06ccf31071d · 2025-04-17T15:54:56.000+02:00
diff --git a/docs/resources/oidc_provider.md b/docs/resources/oidc_provider.md
@@ -26,6 +26,7 @@ description: |-
 - `bindings` (Attributes Set) The users and groups able to utilize this provider. (see [below for nested schema](#nestedatt--bindings))
 - `description` (String) Description of this OIDC provider.
 - `redirect_uris` (Set of String)
+- `write_bindings` (Attributes Set) (see [below for nested schema](#nestedatt--write_bindings))
 
 ### Read-Only
 
@@ -41,3 +42,13 @@ Optional:
 - `group_id` (String)
 - `id` (String)
 - `user_id` (String)
+
+
+<a id="nestedatt--write_bindings"></a>
+### Nested Schema for `write_bindings`
+
+Optional:
+
+- `group_id` (String)
+- `id` (String)
+- `user_id` (String)
diff --git a/go.mod b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/hashicorp/terraform-plugin-framework-validators v0.16.0
 	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/pluralsh/console/go/client v1.33.0
+	github.com/pluralsh/console/go/client v1.35.0
 	github.com/pluralsh/plural-cli v0.12.1
 	github.com/pluralsh/polly v0.2.0
 	github.com/samber/lo v1.49.1
diff --git a/go.sum b/go.sum
@@ -618,8 +618,8 @@ github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxu
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pluralsh/console/go/client v1.33.0 h1:rsp3zopb0wdMEvvQ+dOTM+I3qCoFWOk62JETwIPJrFw=
-github.com/pluralsh/console/go/client v1.33.0/go.mod h1:rPx6hufc/s17Wzy+7C4ZnA1nmn1JR0m4JeoxAQYj8+4=
+github.com/pluralsh/console/go/client v1.35.0 h1:SJ72OQOKaWpjtLDQhX4h+Wvaror0DlriMOjli28LlW8=
+github.com/pluralsh/console/go/client v1.35.0/go.mod h1:rPx6hufc/s17Wzy+7C4ZnA1nmn1JR0m4JeoxAQYj8+4=
 github.com/pluralsh/gqlclient v1.12.2 h1:BrEFAASktf4quFw57CIaLAd+NZUTLhG08fe6tnhBQN4=
 github.com/pluralsh/gqlclient v1.12.2/go.mod h1:OEjN9L63x8m3A3eQBv5kVkFgiY9fp2aZ0cgOF0uII58=
 github.com/pluralsh/plural-cli v0.12.1 h1:+bcYoepZ2tT1qRwb5RgXnVPs23RO7X+T0iTgVECBpa4=
diff --git a/internal/model/oidc_provider.go b/internal/model/oidc_provider.go
@@ -13,24 +13,26 @@ import (
 )
 
 type OIDCProvider struct {
-	ID           types.String `tfsdk:"id"`
-	Name         types.String `tfsdk:"name"`
-	Type         types.String `tfsdk:"type"`
-	Description  types.String `tfsdk:"description"`
-	ClientID     types.String `tfsdk:"client_id"`
-	ClientSecret types.String `tfsdk:"client_secret"`
-	AuthMethod   types.String `tfsdk:"auth_method"`
-	RedirectURIs types.Set    `tfsdk:"redirect_uris"`
-	Bindings     types.Set    `tfsdk:"bindings"`
+	ID            types.String `tfsdk:"id"`
+	Name          types.String `tfsdk:"name"`
+	Type          types.String `tfsdk:"type"`
+	Description   types.String `tfsdk:"description"`
+	ClientID      types.String `tfsdk:"client_id"`
+	ClientSecret  types.String `tfsdk:"client_secret"`
+	AuthMethod    types.String `tfsdk:"auth_method"`
+	RedirectURIs  types.Set    `tfsdk:"redirect_uris"`
+	Bindings      types.Set    `tfsdk:"bindings"`
+	WriteBindings types.Set    `tfsdk:"write_bindings"`
 }
 
 func (p *OIDCProvider) Attributes(ctx context.Context, d *diag.Diagnostics) gqlclient.OidcProviderAttributes {
 	return gqlclient.OidcProviderAttributes{
-		Name:         p.Name.ValueString(),
-		Description:  p.descriptionAttribute(),
-		AuthMethod:   p.authMethodAttribute(),
-		RedirectUris: p.redirectURIsAttribute(ctx, d),
-		Bindings:     common.SetToPolicyBindingAttributes(p.Bindings, ctx, d),
+		Name:          p.Name.ValueString(),
+		Description:   p.descriptionAttribute(),
+		AuthMethod:    p.authMethodAttribute(),
+		RedirectUris:  p.redirectURIsAttribute(ctx, d),
+		Bindings:      common.SetToPolicyBindingAttributes(p.Bindings, ctx, d),
+		WriteBindings: common.SetToPolicyBindingAttributes(p.WriteBindings, ctx, d),
 	}
 }
 
diff --git a/internal/resource/oidc_provider.go b/internal/resource/oidc_provider.go
@@ -94,7 +94,7 @@ func (r *OIDCProviderResource) Schema(_ context.Context, _ resource.SchemaReques
 				ElementType: types.StringType,
 			},
 			"bindings": schema.SetNestedAttribute{
-				Description:         "The users and groups able to utilize this provider..",
+				Description:         "The users and groups able to utilize this provider.",
 				MarkdownDescription: "The users and groups able to utilize this provider.",
 				Optional:            true,
 				NestedObject: schema.NestedAttributeObject{
@@ -115,6 +115,26 @@ func (r *OIDCProviderResource) Schema(_ context.Context, _ resource.SchemaReques
 				},
 				PlanModifiers: []planmodifier.Set{setplanmodifier.RequiresReplace()},
 			},
+			"write_bindings": schema.SetNestedAttribute{
+				Optional: true,
+				NestedObject: schema.NestedAttributeObject{
+					Attributes: map[string]schema.Attribute{
+						"group_id": schema.StringAttribute{
+							Optional:      true,
+							PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},
+						},
+						"id": schema.StringAttribute{
+							Optional:      true,
+							PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},
+						},
+						"user_id": schema.StringAttribute{
+							Optional:      true,
+							PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},
+						},
+					},
+				},
+				PlanModifiers: []planmodifier.Set{setplanmodifier.RequiresReplace()},
+			},
 		},
 	}
 }
