feat: add coder_workspace_owner datasource

docs/data-sources/user.md

@@ -0,0 +1,27 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "coder_user Data Source - terraform-provider-coder"
+subcategory: ""
+description: |-
+  Use this data source to fetch information about a user.
+---
+
+# coder_user (Data Source)
+
+Use this data source to fetch information about a user.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `email` (String) The email address of the user.
+- `full_name` (String) The full name of the user.
+- `groups` (List of String) The groups of which the user is a member.
+- `id` (String) The UUID of the user.
+- `name` (String) The username of the user.
+- `session_token` (String) Session token for authenticating with a Coder deployment. It is regenerated every time a workspace is started.
+- `ssh_private_key` (String, Sensitive) The user's generated SSH private key.
+- `ssh_public_key` (String) The user's generated SSH public key.

provider/provider.go

@@ -74,6 +74,7 @@ func New() *schema.Provider {
 			"coder_parameter":      parameterDataSource(),
 			"coder_git_auth":       gitAuthDataSource(),
 			"coder_external_auth":  externalAuthDataSource(),
+			"coder_user":           userDataSource(),
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"coder_agent":          agentResource(),

provider/user.go

@@ -0,0 +1,139 @@
+package provider
+
+import (
+	"context"
+	"encoding/json"
+	"os"
+	"strings"
+
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+type Role struct {
+	Name        string `json:"name"`
+	DisplayName string `json:"display-name"`
+}
+
+func userDataSource() *schema.Resource {
+	return &schema.Resource{
+		Description: "Use this data source to fetch information about a user.",
+		ReadContext: func(ctx context.Context, rd *schema.ResourceData, i interface{}) diag.Diagnostics {
+			if idStr, ok := os.LookupEnv("CODER_USER_ID"); !ok {
+				rd.SetId(uuid.NewString())
+			} else {
+				rd.SetId(idStr)
+			}
+
+			if username, ok := os.LookupEnv("CODER_USER_NAME"); ok {
+				_ = rd.Set("name", username)
+			} else if altUsername, ok := os.LookupEnv("CODER_WORKSPACE_OWNER"); ok {
+				_ = rd.Set("name", altUsername)
+			} else {
+				return diag.Errorf("missing user name")
+			}
+
+			if fullname, ok := os.LookupEnv("CODER_USER_FULL_NAME"); ok {
+				_ = rd.Set("full_name", fullname)
+			} else if altFullname, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_NAME"); ok {
+				// Compatibility: read from CODER_WORKSPACE_OWNER_NAME
+				_ = rd.Set("full_name", altFullname)
+			} else { // fallback
+				return diag.Errorf("missing user full_name")
+			}
+
+			if email, ok := os.LookupEnv("CODER_USER_EMAIL"); ok {
+				_ = rd.Set("email", email)
+			} else if altEmail, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_EMAIL"); ok {
+				_ = rd.Set("email", altEmail)
+			} else {
+				return diag.Errorf("missing user email")
+			}
+
+			if sshPubKey, ok := os.LookupEnv("CODER_USER_SSH_PUBLIC_KEY"); ok {
+				_ = rd.Set("ssh_public_key", sshPubKey)
+			} else {
+				// Compat: do not error
+				_ = rd.Set("ssh_public_key", "missing")
+			}
+
+			if sshPrivKey, ok := os.LookupEnv("CODER_USER_SSH_PRIVATE_KEY"); ok {
+				_ = rd.Set("ssh_private_key", sshPrivKey)
+			} else {
+				// Compat: do not error
+				_ = rd.Set("ssh_private_key", "missing")
+			}
+
+			var groups []string
+			if groupsRaw, ok := os.LookupEnv("CODER_USER_GROUPS"); ok {
+				if err := json.NewDecoder(strings.NewReader(groupsRaw)).Decode(&groups); err != nil {
+					return diag.Errorf("invalid user groups: %s", err.Error())
+				}
+			} else if altGroupsRaw, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_GROUPS"); ok {
+				if err := json.NewDecoder(strings.NewReader(altGroupsRaw)).Decode(&groups); err != nil {
+					return diag.Errorf("invalid workspace owner groups: %s", err.Error())
+				}
+			} else {
+				return diag.Errorf("missing user groups")
+			}
+			_ = rd.Set("groups", groups)
+
+			if tok, ok := os.LookupEnv("CODER_USER_SESSION_TOKEN"); ok {
+				_ = rd.Set("session_token", tok)
+			} else if altTok, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_SESSION_TOKEN"); ok {
+				_ = rd.Set("session_token", altTok)
+			} else {
+				return diag.Errorf("missing user session_token")
+			}
+
+			return nil
+		},
+		Schema: map[string]*schema.Schema{
+			"id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The UUID of the user.",
+			},
+			"name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The username of the user.",
+			},
+			"full_name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The full name of the user.",
+			},
+			"email": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The email address of the user.",
+			},
+			"ssh_public_key": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The user's generated SSH public key.",
+			},
+			"ssh_private_key": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The user's generated SSH private key.",
+				Sensitive:   true,
+			},
+			"groups": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Computed:    true,
+				Description: "The groups of which the user is a member.",
+			},
+			"session_token": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Session token for authenticating with a Coder deployment. It is regenerated every time a workspace is started.",
+			},
+		},
+	}
+}

provider/user_test.go

@@ -0,0 +1,106 @@
+package provider_test
+
+import (
+	"testing"
+
+	"github.com/coder/terraform-provider-coder/provider"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const (
+	testSSHEd25519PublicKey = `ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJeNcdBMtd4Jo9f2W8RZef0ld7Ypye5zTQEf0vUXa/Eq owner123@host456`
+	// nolint:gosec  // This key was generated specifically for this purpose.
+	testSSHEd25519PrivateKey = `-----BEGIN OPENSSH PRIVATE KEY-----
+	b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+	QyNTUxOQAAACCXjXHQTLXeCaPX9lvEWXn9JXe2Kcnuc00BH9L1F2vxKgAAAJgp3mfQKd5n
+	0AAAAAtzc2gtZWQyNTUxOQAAACCXjXHQTLXeCaPX9lvEWXn9JXe2Kcnuc00BH9L1F2vxKg
+	AAAEBia7mAQFoLBILlvTJroTkOUomzfcPY9ckpViQOjYFkAZeNcdBMtd4Jo9f2W8RZef0l
+	d7Ypye5zTQEf0vUXa/EqAAAAE3ZzY29kZUAzY2Y4MWY5YmM3MmQBAg==
+	-----END OPENSSH PRIVATE KEY-----`
+)
+
+func TestUserDatasource(t *testing.T) {
+	t.Run("OK", func(t *testing.T) {
+		t.Setenv("CODER_USER_ID", "11111111-1111-1111-1111-111111111111")
+		t.Setenv("CODER_USER_NAME", "owner123")
+		t.Setenv("CODER_USER_FULL_NAME", "Mr Owner")
+		t.Setenv("CODER_USER_EMAIL", "[email protected]")
+		t.Setenv("CODER_USER_SSH_PUBLIC_KEY", testSSHEd25519PublicKey)
+		t.Setenv("CODER_USER_SSH_PRIVATE_KEY", testSSHEd25519PrivateKey)
+		t.Setenv("CODER_USER_GROUPS", `["group1", "group2"]`)
+		t.Setenv("CODER_USER_SESSION_TOKEN", `supersecret`)
+
+		resource.Test(t, resource.TestCase{
+			Providers: map[string]*schema.Provider{
+				"coder": provider.New(),
+			},
+			IsUnitTest: true,
+			Steps: []resource.TestStep{{
+				Config: `
+			provider "coder" {}
+			data "coder_user" "me" {}
+			`,
+				Check: func(s *terraform.State) error {
+					require.Len(t, s.Modules, 1)
+					require.Len(t, s.Modules[0].Resources, 1)
+					resource := s.Modules[0].Resources["data.coder_user.me"]
+					require.NotNil(t, resource)
+
+					attrs := resource.Primary.Attributes
+					assert.Equal(t, "11111111-1111-1111-1111-111111111111", attrs["id"])
+					assert.Equal(t, "owner123", attrs["name"])
+					assert.Equal(t, "Mr Owner", attrs["full_name"])
+					assert.Equal(t, "[email protected]", attrs["email"])
+					assert.Equal(t, testSSHEd25519PublicKey, attrs["ssh_public_key"])
+					assert.Equal(t, testSSHEd25519PrivateKey, attrs["ssh_private_key"])
+					assert.Equal(t, `group1`, attrs["groups.0"])
+					assert.Equal(t, `group2`, attrs["groups.1"])
+					assert.Equal(t, `supersecret`, attrs["session_token"])
+					return nil
+				},
+			}},
+		})
+	})
+
+	t.Run("Compat", func(t *testing.T) {
+		t.Setenv("CODER_WORKSPACE_OWNER", "owner123")
+		t.Setenv("CODER_WORKSPACE_OWNER_NAME", "Mr Owner")
+		t.Setenv("CODER_WORKSPACE_OWNER_EMAIL", "[email protected]")
+		t.Setenv("CODER_WORKSPACE_OWNER_GROUPS", `["group1", "group2"]`)
+		t.Setenv("CODER_WORKSPACE_OWNER_SESSION_TOKEN", `supersecret`)
+
+		resource.Test(t, resource.TestCase{
+			Providers: map[string]*schema.Provider{
+				"coder": provider.New(),
+			},
+			IsUnitTest: true,
+			Steps: []resource.TestStep{{
+				Config: `
+			provider "coder" {}
+			data "coder_user" "me" {}
+			`,
+				Check: func(s *terraform.State) error {
+					require.Len(t, s.Modules, 1)
+					require.Len(t, s.Modules[0].Resources, 1)
+					resource := s.Modules[0].Resources["data.coder_user.me"]
+					require.NotNil(t, resource)
+
+					attrs := resource.Primary.Attributes
+					assert.NotEmpty(t, attrs["id"])
+					assert.Equal(t, "owner123", attrs["name"])
+					assert.Equal(t, "Mr Owner", attrs["full_name"])
+					assert.Equal(t, "[email protected]", attrs["email"])
+					assert.Equal(t, "missing", attrs["ssh_public_key"])
+					assert.Equal(t, "missing", attrs["ssh_private_key"])
+					assert.Equal(t, `group1`, attrs["groups.0"])
+					assert.Equal(t, `group2`, attrs["groups.1"])
+					return nil
+				},
+			}},
+		})
+	})
+}