buildkite / terraform-provider-buildkite

Terraform provider for Buildkite
https://registry.terraform.io/providers/buildkite/buildkite/latest
MIT License
56 stars 35 forks source link

feature request: Add datasources to get the list of organization members #527

Open christophe-scalepad opened 6 months ago

christophe-scalepad commented 6 months ago

Hey,

Hope you are doing well.

Description

As a company, we would like to manage RBAC in buildkite (and everywhere else) as IaC using terraform. We are currently missing the possibility to fetch the members of an organization. This would allow us to map our's idp's groups to teams we create in buildkite. Currently with what is available to us, our only option would be to hardcode the user ids in our IaC which we would like to avoid.

This feature is already present in another buildkite provider. This would allow us to fetch the user ids dynamically from buildkite using the data source and create a dynamic map with the users that we got from our idp's group.

I haven't looked in the other providers implementation, but I'm guessing it relies on your API's as well.

wishing you well

mcncl commented 6 months ago

Hey there @christophe-scalepad!

Thanks for raising this issue. Sounds like a useful thing we cold add in and shouldn't be too difficult to do; the queries are all available in the API as far as I can tell. We'll plan the work for this, but I can't see it being more that a few days to add in once it's picked up.

Cheers!

ianchesal commented 4 months ago

Here to +1 this -- this is the missing link between teams and organizing them in Terraform at present. Fetching the UUID for users to add them to teams currently O(hard) to do in any way that isn't incredible fragile.

My ideal interface would be something like:

data buildkite_organization_member "me" {
   slug = "my-org-slug"
   email = "ian@withpersona.com"
}

resource "buildkite_team" "some_team" {
   name = "Some Team"
   description = "Some team goes here"
   privacy = "VISIBLE"
   default_team = false
   default_member_role = "MEMBER"
}

resource "buildkite_team_member" "some_team_me" {
   team_id = buildkite_team.some_team.id
   user_id = data.buildkite_organization_member.me.id
}