rename to coder_workspace_owner

Author: johnstcn

docs/data-sources/user.md

@@ -3,12 +3,12 @@
 page_title: "coder_user Data Source - terraform-provider-coder"
 subcategory: ""
 description: |-
-  Use this data source to fetch information about a user.
+  Use this data source to fetch information about the workspace owner.
 ---
 
 # coder_user (Data Source)
 
-Use this data source to fetch information about a user.
+Use this data source to fetch information about the workspace owner.
 
 
 
@@ -20,8 +20,9 @@ Use this data source to fetch information about a user.
 - `email` (String) The email address of the user.
 - `full_name` (String) The full name of the user.
 - `groups` (List of String) The groups of which the user is a member.
-- `id` (String) The UUID of the user.
+- `id` (String) The UUID of the workspace owner.
 - `name` (String) The username of the user.
+- `oidc_access_token` (String) A valid OpenID Connect access token of the workspace owner. This is only available if the workspace owner authenticated with OpenID Connect. If a valid token cannot be obtained, this value will be an empty string.
 - `session_token` (String) Session token for authenticating with a Coder deployment. It is regenerated every time a workspace is started.
 - `ssh_private_key` (String, Sensitive) The user's generated SSH private key.
 - `ssh_public_key` (String) The user's generated SSH public key.

docs/data-sources/workspace.md

@@ -30,13 +30,13 @@ resource "kubernetes_pod" "dev" {
 - `access_url` (String) The access URL of the Coder deployment provisioning this workspace.
 - `id` (String) UUID of the workspace.
 - `name` (String) Name of the workspace.
-- `owner` (String) Username of the workspace owner.
-- `owner_email` (String) Email address of the workspace owner.
-- `owner_groups` (List of String) List of groups the workspace owner belongs to.
-- `owner_id` (String) UUID of the workspace owner.
-- `owner_name` (String) Name of the workspace owner.
-- `owner_oidc_access_token` (String) A valid OpenID Connect access token of the workspace owner. This is only available if the workspace owner authenticated with OpenID Connect. If a valid token cannot be obtained, this value will be an empty string.
-- `owner_session_token` (String) Session token for authenticating with a Coder deployment. It is regenerated everytime a workspace is started.
+- `owner` (String, Deprecated) Username of the workspace owner.
+- `owner_email` (String, Deprecated) Email address of the workspace owner.
+- `owner_groups` (List of String, Deprecated) List of groups the workspace owner belongs to.
+- `owner_id` (String, Deprecated) UUID of the workspace owner.
+- `owner_name` (String, Deprecated) Name of the workspace owner.
+- `owner_oidc_access_token` (String, Deprecated) A valid OpenID Connect access token of the workspace owner. This is only available if the workspace owner authenticated with OpenID Connect. If a valid token cannot be obtained, this value will be an empty string.
+- `owner_session_token` (String, Deprecated) Session token for authenticating with a Coder deployment. It is regenerated everytime a workspace is started.
 - `start_count` (Number) A computed count based on "transition" state. If "start", count will equal 1.
 - `template_id` (String) ID of the workspace's template.
 - `template_name` (String) Name of the workspace's template.

provider/provider.go

@@ -74,7 +74,7 @@ func New() *schema.Provider {
 			"coder_parameter":      parameterDataSource(),
 			"coder_git_auth":       gitAuthDataSource(),
 			"coder_external_auth":  externalAuthDataSource(),
-			"coder_user":           userDataSource(),
+			"coder_user":           workspaceOwnerDataSource(),
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"coder_agent":          agentResource(),

provider/workspace.go

@@ -135,28 +135,33 @@ func workspaceDataSource() *schema.Resource {
 				Type:        schema.TypeString,
 				Computed:    true,
 				Description: "Username of the workspace owner.",
+				Deprecated:  "Use `coder_workspace_owner.name` instead.",
 			},
 			"owner_email": {
 				Type:        schema.TypeString,
 				Computed:    true,
 				Description: "Email address of the workspace owner.",
+				Deprecated:  "Use `coder_workspace_owner.email` instead.",
 			},
 			"owner_id": {
 				Type:        schema.TypeString,
 				Computed:    true,
 				Description: "UUID of the workspace owner.",
+				Deprecated:  "Use `coder_workspace_owner.id` instead.",
 			},
 			"owner_name": {
 				Type:        schema.TypeString,
 				Computed:    true,
 				Description: "Name of the workspace owner.",
+				Deprecated:  "Use `coder_workspace_owner.full_name` instead.",
 			},
 			"owner_oidc_access_token": {
 				Type:     schema.TypeString,
 				Computed: true,
 				Description: "A valid OpenID Connect access token of the workspace owner. " +
 					"This is only available if the workspace owner authenticated with OpenID Connect. " +
 					"If a valid token cannot be obtained, this value will be an empty string.",
+				Deprecated: "Use `coder_workspace_owner.oidc_access_token` instead.",
 			},
 			"owner_groups": {
 				Type: schema.TypeList,
@@ -165,6 +170,7 @@ func workspaceDataSource() *schema.Resource {
 				},
 				Computed:    true,
 				Description: "List of groups the workspace owner belongs to.",
+				Deprecated:  "Use `coder_workspace_owner.groups` instead.",
 			},
 			"id": {
 				Type:        schema.TypeString,
@@ -180,6 +186,7 @@ func workspaceDataSource() *schema.Resource {
 				Type:        schema.TypeString,
 				Computed:    true,
 				Description: "Session token for authenticating with a Coder deployment. It is regenerated everytime a workspace is started.",
+				Deprecated:  "Use `coder_workspace_owner.session_token` instead.",
 			},
 			"template_id": {
 				Type:        schema.TypeString,

provider/user.go renamed to provider/workspace_owner.go

@@ -16,75 +16,56 @@ type Role struct {
 	DisplayName string `json:"display-name"`
 }
 
-func userDataSource() *schema.Resource {
+func workspaceOwnerDataSource() *schema.Resource {
 	return &schema.Resource{
-		Description: "Use this data source to fetch information about a user.",
+		Description: "Use this data source to fetch information about the workspace owner.",
 		ReadContext: func(ctx context.Context, rd *schema.ResourceData, i interface{}) diag.Diagnostics {
-			if idStr, ok := os.LookupEnv("CODER_USER_ID"); !ok {
-				rd.SetId(uuid.NewString())
-			} else {
+			if idStr, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_ID"); ok {
 				rd.SetId(idStr)
+			} else {
+				rd.SetId(uuid.NewString())
 			}
 
-			if username, ok := os.LookupEnv("CODER_USER_NAME"); ok {
+			if username, ok := os.LookupEnv("CODER_WORKSPACE_OWNER"); ok {
 				_ = rd.Set("name", username)
-			} else if altUsername, ok := os.LookupEnv("CODER_WORKSPACE_OWNER"); ok {
-				_ = rd.Set("name", altUsername)
 			} else {
-				return diag.Errorf("missing user name")
+				_ = rd.Set("name", "default")
 			}
 
-			if fullname, ok := os.LookupEnv("CODER_USER_FULL_NAME"); ok {
+			if fullname, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_NAME"); ok {
 				_ = rd.Set("full_name", fullname)
-			} else if altFullname, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_NAME"); ok {
-				// Compatibility: read from CODER_WORKSPACE_OWNER_NAME
-				_ = rd.Set("full_name", altFullname)
-			} else { // fallback
-				return diag.Errorf("missing user full_name")
+			} else { // compat: field can be blank, fill in default
+				_ = rd.Set("full_name", "default")
 			}
 
-			if email, ok := os.LookupEnv("CODER_USER_EMAIL"); ok {
+			if email, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_EMAIL"); ok {
 				_ = rd.Set("email", email)
-			} else if altEmail, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_EMAIL"); ok {
-				_ = rd.Set("email", altEmail)
 			} else {
-				return diag.Errorf("missing user email")
+				_ = rd.Set("email", "default@example.com")
 			}
 
-			if sshPubKey, ok := os.LookupEnv("CODER_USER_SSH_PUBLIC_KEY"); ok {
+			if sshPubKey, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_SSH_PUBLIC_KEY"); ok {
 				_ = rd.Set("ssh_public_key", sshPubKey)
-			} else {
-				// Compat: do not error
-				_ = rd.Set("ssh_public_key", "missing")
 			}
 
-			if sshPrivKey, ok := os.LookupEnv("CODER_USER_SSH_PRIVATE_KEY"); ok {
+			if sshPrivKey, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_SSH_PRIVATE_KEY"); ok {
 				_ = rd.Set("ssh_private_key", sshPrivKey)
-			} else {
-				// Compat: do not error
-				_ = rd.Set("ssh_private_key", "missing")
 			}
 
 			var groups []string
-			if groupsRaw, ok := os.LookupEnv("CODER_USER_GROUPS"); ok {
+			if groupsRaw, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_GROUPS"); ok {
 				if err := json.NewDecoder(strings.NewReader(groupsRaw)).Decode(&groups); err != nil {
 					return diag.Errorf("invalid user groups: %s", err.Error())
 				}
-			} else if altGroupsRaw, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_GROUPS"); ok {
-				if err := json.NewDecoder(strings.NewReader(altGroupsRaw)).Decode(&groups); err != nil {
-					return diag.Errorf("invalid workspace owner groups: %s", err.Error())
-				}
-			} else {
-				return diag.Errorf("missing user groups")
+				_ = rd.Set("groups", groups)
 			}
-			_ = rd.Set("groups", groups)
 
-			if tok, ok := os.LookupEnv("CODER_USER_SESSION_TOKEN"); ok {
+			if tok, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_SESSION_TOKEN"); ok {
 				_ = rd.Set("session_token", tok)
-			} else if altTok, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_SESSION_TOKEN"); ok {
-				_ = rd.Set("session_token", altTok)
-			} else {
-				return diag.Errorf("missing user session_token")
+			}
+
+			if tok, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN"); ok {
+				_ = rd.Set("oidc_access_token", tok)
 			}
 
 			return nil
@@ -93,7 +74,7 @@ func userDataSource() *schema.Resource {
 			"id": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: "The UUID of the user.",
+				Description: "The UUID of the workspace owner.",
 			},
 			"name": {
 				Type:        schema.TypeString,
@@ -134,6 +115,13 @@ func userDataSource() *schema.Resource {
 				Computed:    true,
 				Description: "Session token for authenticating with a Coder deployment. It is regenerated every time a workspace is started.",
 			},
+			"oidc_access_token": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Description: "A valid OpenID Connect access token of the workspace owner. " +
+					"This is only available if the workspace owner authenticated with OpenID Connect. " +
+					"If a valid token cannot be obtained, this value will be an empty string.",
+			},
 		},
 	}
 }

provider/user_test.go renamed to provider/workspace_owner_test.go

@@ -1,6 +1,7 @@
 package provider_test
 
 import (
+	"os"
 	"testing"
 
 	"github.com/coder/terraform-provider-coder/provider"
@@ -23,16 +24,17 @@ const (
 	-----END OPENSSH PRIVATE KEY-----`
 )
 
-func TestUserDatasource(t *testing.T) {
+func TestWorkspaceOwnerDatasource(t *testing.T) {
 	t.Run("OK", func(t *testing.T) {
-		t.Setenv("CODER_USER_ID", "11111111-1111-1111-1111-111111111111")
-		t.Setenv("CODER_USER_NAME", "owner123")
-		t.Setenv("CODER_USER_FULL_NAME", "Mr Owner")
-		t.Setenv("CODER_USER_EMAIL", "owner123@example.com")
-		t.Setenv("CODER_USER_SSH_PUBLIC_KEY", testSSHEd25519PublicKey)
-		t.Setenv("CODER_USER_SSH_PRIVATE_KEY", testSSHEd25519PrivateKey)
-		t.Setenv("CODER_USER_GROUPS", `["group1", "group2"]`)
-		t.Setenv("CODER_USER_SESSION_TOKEN", `supersecret`)
+		t.Setenv("CODER_WORKSPACE_OWNER_ID", "11111111-1111-1111-1111-111111111111")
+		t.Setenv("CODER_WORKSPACE_OWNER", "owner123")
+		t.Setenv("CODER_WORKSPACE_OWNER_NAME", "Mr Owner")
+		t.Setenv("CODER_WORKSPACE_OWNER_EMAIL", "owner123@example.com")
+		t.Setenv("CODER_WORKSPACE_OWNER_SSH_PUBLIC_KEY", testSSHEd25519PublicKey)
+		t.Setenv("CODER_WORKSPACE_OWNER_SSH_PRIVATE_KEY", testSSHEd25519PrivateKey)
+		t.Setenv("CODER_WORKSPACE_OWNER_GROUPS", `["group1", "group2"]`)
+		t.Setenv("CODER_WORKSPACE_OWNER_SESSION_TOKEN", `supersecret`)
+		t.Setenv("CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN", `alsosupersecret`)
 
 		resource.Test(t, resource.TestCase{
 			Providers: map[string]*schema.Provider{
@@ -60,18 +62,28 @@ func TestUserDatasource(t *testing.T) {
 					assert.Equal(t, `group1`, attrs["groups.0"])
 					assert.Equal(t, `group2`, attrs["groups.1"])
 					assert.Equal(t, `supersecret`, attrs["session_token"])
+					assert.Equal(t, `alsosupersecret`, attrs["oidc_access_token"])
 					return nil
 				},
 			}},
 		})
 	})
 
-	t.Run("Compat", func(t *testing.T) {
-		t.Setenv("CODER_WORKSPACE_OWNER", "owner123")
-		t.Setenv("CODER_WORKSPACE_OWNER_NAME", "Mr Owner")
-		t.Setenv("CODER_WORKSPACE_OWNER_EMAIL", "owner123@example.com")
-		t.Setenv("CODER_WORKSPACE_OWNER_GROUPS", `["group1", "group2"]`)
-		t.Setenv("CODER_WORKSPACE_OWNER_SESSION_TOKEN", `supersecret`)
+	t.Run("Defaults", func(t *testing.T) {
+		for _, v := range []string{
+			"CODER_WORKSPACE_OWNER",
+			"CODER_WORKSPACE_OWNER_ID",
+			"CODER_WORKSPACE_OWNER_EMAIL",
+			"CODER_WORKSPACE_OWNER_NAME",
+			"CODER_WORKSPACE_OWNER_SESSION_TOKEN",
+			"CODER_WORKSPACE_OWNER_GROUPS",
+			"CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN",
+			"CODER_WORKSPACE_OWNER_SSH_PUBLIC_KEY",
+			"CODER_WORKSPACE_OWNER_SSH_PRIVATE_KEY",
+		} { // https://github.com/golang/go/issues/52817
+			t.Setenv(v, "")
+			os.Unsetenv(v)
+		}
 
 		resource.Test(t, resource.TestCase{
 			Providers: map[string]*schema.Provider{
@@ -91,13 +103,14 @@ func TestUserDatasource(t *testing.T) {
 
 					attrs := resource.Primary.Attributes
 					assert.NotEmpty(t, attrs["id"])
-					assert.Equal(t, "owner123", attrs["name"])
-					assert.Equal(t, "Mr Owner", attrs["full_name"])
-					assert.Equal(t, "owner123@example.com", attrs["email"])
-					assert.Equal(t, "missing", attrs["ssh_public_key"])
-					assert.Equal(t, "missing", attrs["ssh_private_key"])
-					assert.Equal(t, `group1`, attrs["groups.0"])
-					assert.Equal(t, `group2`, attrs["groups.1"])
+					assert.Equal(t, "default", attrs["name"])
+					assert.Equal(t, "default", attrs["full_name"])
+					assert.Equal(t, "default@example.com", attrs["email"])
+					assert.Empty(t, attrs["ssh_public_key"])
+					assert.Empty(t, attrs["ssh_private_key"])
+					assert.Empty(t, attrs["groups.0"])
+					assert.Empty(t, attrs["session_token"])
+					assert.Empty(t, attrs["oidc_access_token"])
 					return nil
 				},
 			}},

provider/workspace_test.go

@@ -14,10 +14,12 @@ import (
 
 func TestWorkspace(t *testing.T) {
 	t.Setenv("CODER_WORKSPACE_OWNER", "owner123")
+	t.Setenv("CODER_WORKSPACE_OWNER_ID", "11111111-1111-1111-1111-111111111111")
 	t.Setenv("CODER_WORKSPACE_OWNER_NAME", "Mr Owner")
 	t.Setenv("CODER_WORKSPACE_OWNER_EMAIL", "owner123@example.com")
 	t.Setenv("CODER_WORKSPACE_OWNER_SESSION_TOKEN", "abc123")
 	t.Setenv("CODER_WORKSPACE_OWNER_GROUPS", `["group1", "group2"]`)
+	t.Setenv("CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN", "supersecret")
 	t.Setenv("CODER_WORKSPACE_TEMPLATE_ID", "templateID")
 	t.Setenv("CODER_WORKSPACE_TEMPLATE_NAME", "template123")
 	t.Setenv("CODER_WORKSPACE_TEMPLATE_VERSION", "v1.2.3")
@@ -47,13 +49,15 @@ func TestWorkspace(t *testing.T) {
 				assert.Equal(t, "https://example.com:8080", attribs["access_url"])
 				assert.Equal(t, "8080", attribs["access_port"])
 				assert.Equal(t, "owner123", attribs["owner"])
+				assert.Equal(t, "11111111-1111-1111-1111-111111111111", attribs["owner_id"])
 				assert.Equal(t, "Mr Owner", attribs["owner_name"])
 				assert.Equal(t, "owner123@example.com", attribs["owner_email"])
 				assert.Equal(t, "group1", attribs["owner_groups.0"])
 				assert.Equal(t, "group2", attribs["owner_groups.1"])
 				assert.Equal(t, "templateID", attribs["template_id"])
 				assert.Equal(t, "template123", attribs["template_name"])
 				assert.Equal(t, "v1.2.3", attribs["template_version"])
+				assert.Equal(t, "supersecret", attribs["owner_oidc_access_token"])
 				return nil
 			},
 		}},