assorted fixes

Author: ethanndickson

internal/provider/user_resource.go

@@ -6,17 +6,18 @@ package provider
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"github.com/google/uuid"
-	"github.com/hashicorp/terraform-plugin-framework-validators/listvalidator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/setvalidator"
 	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault"
-	"github.com/hashicorp/terraform-plugin-framework/resource/schema/listdefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/setdefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
@@ -46,7 +47,7 @@ type UserResourceModel struct {
 	Username  types.String `tfsdk:"username"`
 	Name      types.String `tfsdk:"name"`
 	Email     types.String `tfsdk:"email"`
-	Roles     types.List   `tfsdk:"roles"`      // owner, template-admin, user-admin, auditor (member is implicit)
+	Roles     types.Set    `tfsdk:"roles"`      // owner, template-admin, user-admin, auditor (member is implicit)
 	LoginType types.String `tfsdk:"login_type"` // none, password, github, oidc
 	Password  types.String `tfsdk:"password"`   // only when login_type is password
 	Suspended types.Bool   `tfsdk:"suspended"`
@@ -83,19 +84,18 @@ func (r *UserResource) Schema(ctx context.Context, req resource.SchemaRequest, r
 				MarkdownDescription: "Email address of the user.",
 				Required:            true,
 			},
-			"roles": schema.ListAttribute{
+			"roles": schema.SetAttribute{
 				MarkdownDescription: "Roles assigned to the user. Valid roles are 'owner', 'template-admin', 'user-admin', and 'auditor'.",
 				Required:            false,
 				Optional:            true,
 				Computed:            true,
 				ElementType:         types.StringType,
-				Validators: []validator.List{
-					listvalidator.UniqueValues(),
-					listvalidator.ValueStringsAre(
+				Validators: []validator.Set{
+					setvalidator.ValueStringsAre(
 						stringvalidator.OneOf("owner", "template-admin", "user-admin", "auditor"),
 					),
 				},
-				Default: listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
+				Default: setdefault.StaticValue(types.SetValueMust(types.StringType, []attr.Value{})),
 			},
 			"login_type": schema.StringAttribute{
 				MarkdownDescription: "Type of login for the user. Valid types are 'none', 'password', 'github', and 'oidc'.",
@@ -215,6 +215,13 @@ func (r *UserResource) Create(ctx context.Context, req resource.CreateRequest, r
 	}
 	tflog.Trace(ctx, "successfully updated user roles")
 
+	if data.Suspended.ValueBool() {
+		_, err = r.client.UpdateUserStatus(ctx, data.ID.ValueString(), codersdk.UserStatus("suspended"))
+	}
+	if err != nil {
+		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to update user status, got error: %s", err))
+		return
+	}
 	// Save data into Terraform state
 	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
 }
@@ -241,11 +248,12 @@ func (r *UserResource) Read(ctx context.Context, req resource.ReadRequest, resp
 
 	data.Email = types.StringValue(user.Email)
 	data.Name = types.StringValue(user.Name)
+	data.Username = types.StringValue(user.Username)
 	roles := make([]attr.Value, 0, len(user.Roles))
 	for _, role := range user.Roles {
 		roles = append(roles, types.StringValue(role.Name))
 	}
-	data.Roles = types.ListValueMust(types.StringType, roles)
+	data.Roles = types.SetValueMust(types.StringType, roles)
 	data.LoginType = types.StringValue(string(user.LoginType))
 	data.Suspended = types.BoolValue(user.Status == codersdk.UserStatusSuspended)
 
@@ -307,12 +315,24 @@ func (r *UserResource) Update(ctx context.Context, req resource.UpdateRequest, r
 	err = r.client.UpdateUserPassword(ctx, user.ID.String(), codersdk.UpdateUserPasswordRequest{
 		Password: data.Password.ValueString(),
 	})
-	if err != nil {
+	if err != nil && !strings.Contains(err.Error(), "New password cannot match old password.") {
 		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to update password, got error: %s", err))
 		return
 	}
 	tflog.Trace(ctx, "successfully updated password")
 
+	var statusErr error
+	if data.Suspended.ValueBool() {
+		_, statusErr = r.client.UpdateUserStatus(ctx, data.ID.ValueString(), codersdk.UserStatus("suspended"))
+	}
+	if !data.Suspended.ValueBool() && user.Status == codersdk.UserStatusSuspended {
+		_, statusErr = r.client.UpdateUserStatus(ctx, data.ID.ValueString(), codersdk.UserStatus("active"))
+	}
+	if statusErr != nil {
+		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to update user status, got error: %s", err))
+		return
+	}
+
 	// Save updated data into Terraform state
 	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
 }

internal/provider/user_resource_test.go

@@ -20,24 +20,23 @@ func TestAccUserResource(t *testing.T) {
 			// Create and Read testing
 			{
 				Config: testAccUserResourceConfig{
-					Username: "example",
-					Name:     "Example User",
-					Email:    "[email protected]",
-					Roles:    []string{"owner", "auditor"},
+					Username:  "example",
+					Name:      "Example User",
+					Email:     "[email protected]",
+					Roles:     []string{"owner", "auditor"},
 					LoginType: "password",
-					Password: "example-password",
-					Suspended: true,
+					Password:  "SomeSecurePassword!",
 				}.String(),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("coderd_user.test", "username", "example"),
 					resource.TestCheckResourceAttr("coderd_user.test", "name", "Example User"),
 					resource.TestCheckResourceAttr("coderd_user.test", "email", "[email protected]"),
 					resource.TestCheckResourceAttr("coderd_user.test", "roles.#", "2"),
-					resource.TestCheckResourceAttr("coderd_user.test", "roles.0", "owner"),
-					resource.TestCheckResourceAttr("coderd_user.test", "roles.1", "auditor"),
+					resource.TestCheckResourceAttr("coderd_user.test", "roles.0", "auditor"),
+					resource.TestCheckResourceAttr("coderd_user.test", "roles.1", "owner"),
 					resource.TestCheckResourceAttr("coderd_user.test", "login_type", "password"),
-					resource.TestCheckResourceAttr("coderd_user.test", "password", "example-password"),
-					resource.TestCheckResourceAttr("coderd_user.test", "suspended", "true"),
+					resource.TestCheckResourceAttr("coderd_user.test", "password", "SomeSecurePassword!"),
+					resource.TestCheckResourceAttr("coderd_user.test", "suspended", "false"),
 				),
 			},
 			// ImportState testing
@@ -49,13 +48,21 @@ func TestAccUserResource(t *testing.T) {
 				// example code does not have an actual upstream service.
 				// Once the Read method is able to refresh information from
 				// the upstream service, this can be removed.
-				ImportStateVerifyIgnore: []string{"configurable_attribute", "defaulted"},
+				ImportStateVerifyIgnore: []string{"configurable_attribute", "defaulted", "password"},
 			},
 			// Update and Read testing
 			{
-				Config: testAccUserResourceConfig{}
+				Config: testAccUserResourceConfig{
+					Username:  "exampleNew",
+					Name:      "Example User New",
+					Email:     "[email protected]",
+					Roles:     []string{"owner", "auditor"},
+					LoginType: "password",
+					Password:  "SomeSecurePassword!",
+				}.String(),
 				Check: resource.ComposeAggregateTestCheckFunc(
-					resource.TestCheckResourceAttr("coderd_example.test", "configurable_attribute", "two"),
+					resource.TestCheckResourceAttr("coderd_user.test", "username", "exampleNew"),
+					resource.TestCheckResourceAttr("coderd_user.test", "name", "Example User New"),
 				),
 			},
 			// Delete testing automatically occurs in TestCase
@@ -89,15 +96,15 @@ func (c testAccUserResourceConfig) String() string {
 		sb.WriteString(fmt.Sprintf("  roles = [%s]\n", strings.Join(rolesQuoted, ", ")))
 	}
 	if c.LoginType != "" {
-		sb.WriteString(fmt.Sprintf("  login_type = %q", c.LoginType))
+		sb.WriteString(fmt.Sprintf("  login_type = %q\n", c.LoginType))
 	}
 	if c.Password != "" {
-		sb.WriteString(fmt.Sprintf("  password = %q", c.Password))
+		sb.WriteString(fmt.Sprintf("  password = %q\n", c.Password))
 	}
 	if c.Suspended {
 		sb.WriteString("  suspended = true\n")
 	}
 	sb.WriteString(`}`)
 	return sb.String()
 }
-*/
+*/