feat: data source service account OIDC identity

OctopusDeployLabs · Nov 20, 2024 · 2cbe38e · 2cbe38e
1 parent ee401d3
commit 2cbe38e
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 1 deletion.
diff --git a/octopusdeploy_framework/datasource_service_account_oidc_identity.go b/octopusdeploy_framework/datasource_service_account_oidc_identity.go
@@ -0,0 +1,57 @@
+package octopusdeploy_framework
+
+import (
+	"context"
+	"github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/serviceaccounts"
+	"github.com/OctopusDeploy/terraform-provider-octopusdeploy/octopusdeploy_framework/schemas"
+	"github.com/OctopusDeploy/terraform-provider-octopusdeploy/octopusdeploy_framework/util"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+type serviceAccountOIDCIdentityDataSource struct {
+	*Config
+}
+
+func NewServiceAccountOIDCIdentityDataSource() datasource.DataSource {
+	return &serviceAccountOIDCIdentityDataSource{}
+}
+
+func (*serviceAccountOIDCIdentityDataSource) Metadata(_ context.Context, _ datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = util.GetTypeName(schemas.ServiceAccountOIDCIdentityDatasourceName)
+}
+
+func (s *serviceAccountOIDCIdentityDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	s.Config = DataSourceConfiguration(req, resp)
+}
+
+func (*serviceAccountOIDCIdentityDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schemas.ServiceAccountOIDCIdentitySchema{}.GetDatasourceSchema()
+}
+
+func (s *serviceAccountOIDCIdentityDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var err error
+	var data schemas.OIDCServiceAccountDatasourceSchemaModel
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	oidcIdentity, err := serviceaccounts.GetOIDCIdentityByID(s.Client, data.ServiceAccountID.ValueString(), data.ID.ValueString())
+	if err != nil {
+		resp.Diagnostics.AddError("unable to load service account OIDC Identity", err.Error())
+		return
+	}
+
+	updateServiceAccountOIDCDataModel(oidcIdentity, &data)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func updateServiceAccountOIDCDataModel(request *serviceaccounts.OIDCIdentity, model *schemas.OIDCServiceAccountDatasourceSchemaModel) {
+	model.Name = types.StringValue(request.Name)
+	model.Issuer = types.StringValue(request.Issuer)
+	model.Subject = types.StringValue(request.Subject)
+	model.ID = types.StringValue(request.ID)
+	model.ServiceAccountID = types.StringValue(request.ServiceAccountID)
+}
diff --git a/octopusdeploy_framework/framework_provider.go b/octopusdeploy_framework/framework_provider.go
@@ -77,6 +77,7 @@ func (p *octopusDeployFrameworkProvider) DataSources(ctx context.Context) []func
 		NewScriptModuleDataSource,
 		NewTenantProjectDataSource,
 		NewUsersDataSource,
+		NewServiceAccountOIDCIdentityDataSource,
 	}
 }
 

diff --git a/octopusdeploy_framework/resource_service_account_oidc_identity.go b/octopusdeploy_framework/resource_service_account_oidc_identity.go
@@ -41,10 +41,12 @@ func (s *ServiceAccountOIDCIdentity) Create(ctx context.Context, req resource.Cr
 	identityCreateResponse, err := serviceaccounts.AddOIDCIdentity(s.Client, identityRequest)
 	if err != nil {
 		resp.Diagnostics.AddError("Error creating OIDC identity", err.Error())
+		return
 	}
 	identityResponse, err := serviceaccounts.GetOIDCIdentityByID(s.Client, identityRequest.ServiceAccountID, identityCreateResponse.ID)
 	if err != nil {
 		resp.Diagnostics.AddError("Error creating OIDC identity", err.Error())
+		return
 	}
 
 	updateServiceAccountOIDCModel(identityResponse, &plan)
@@ -87,6 +89,7 @@ func (s *ServiceAccountOIDCIdentity) Update(ctx context.Context, req resource.Up
 	identityResponse, err := serviceaccounts.GetOIDCIdentityByID(s.Client, identityRequest.ServiceAccountID, identityRequest.ID)
 	if err != nil {
 		resp.Diagnostics.AddError("Error creating OIDC identity", err.Error())
+		return
 	}
 
 	updateServiceAccountOIDCModel(identityResponse, &plan)

diff --git a/octopusdeploy_framework/schemas/service_account_oidc_identity.go b/octopusdeploy_framework/schemas/service_account_oidc_identity.go
@@ -9,6 +9,7 @@ import (
 )
 
 const ServiceAccountOIDCIdentityResourceName = "service_account_oidc_identity"
+const ServiceAccountOIDCIdentityDatasourceName = "service_account_oidc_identity"
 
 type ServiceAccountOIDCIdentitySchema struct{}
 
@@ -38,7 +39,28 @@ func (d ServiceAccountOIDCIdentitySchema) GetResourceSchema() resourceSchema.Sch
 }
 
 func (d ServiceAccountOIDCIdentitySchema) GetDatasourceSchema() datasourceSchema.Schema {
-	return datasourceSchema.Schema{}
+	return datasourceSchema.Schema{
+		Attributes: map[string]datasourceSchema.Attribute{
+			"id": GetIdDatasourceSchema(false),
+			"service_account_id": util.DataSourceString().
+				Description("ID of the user associated to this identity").
+				Required().
+				Build(),
+			// Response
+			"name": util.DataSourceString().
+				Description("Name of the user associated to this identity").
+				Computed().
+				Build(),
+			"issuer": util.DataSourceString().
+				Description("OIDC issuer url").
+				Computed().
+				Build(),
+			"subject": util.DataSourceString().
+				Description("OIDC subject claims").
+				Computed().
+				Build(),
+		},
+	}
 }
 
 type OIDCServiceAccountSchemaModel struct {
@@ -49,3 +71,11 @@ type OIDCServiceAccountSchemaModel struct {
 
 	ResourceModel
 }
+
+type OIDCServiceAccountDatasourceSchemaModel struct {
+	ID               types.String `tfsdk:"id"`
+	ServiceAccountID types.String `tfsdk:"service_account_id"`
+	Name             types.String `tfsdk:"name"`
+	Issuer           types.String `tfsdk:"issuer"`
+	Subject          types.String `tfsdk:"subject"`
+}