Allow the assigment of users to Groups

[anaghshineh]

We can use Terraform to create User Groups, but we cannot yet assign users to these groups via Terraform.

It looks like there is already an endpoint for this, so it seems doable!

[b-per]

Hi @anaghshineh , thanks for raising this.

There is indeed an endpoint and we could add it to the provider but my feeling is that while we can do it, I don't know if we should 😄 . In my mind, this is something that should be managed by setting SSO group mappings in dbt Cloud and managing users and their groups centrally (in Azure AD, or any IdP).

Would you be able to elaborate on why you'd like to add users from Terraform?

[anaghshineh]

Hey, @b-per - thanks for the quick reply!

Sure. We are automating the setup of dbt Cloud infra using a centralized repo with Terraform code. We are onboarding a lot of new teams (into their own distinct dbt Cloud projects). We do use SSO group mappings for basic access to dbt Cloud, but this becomes difficult to maintain as we increase the number of dbt Cloud projects. And leaves a lot of manual work for us - it wouldn't be feasible to automate the creation of new SSO group mappings as well for various reasons.

So, I'd love to be able to continue using the basic SSO groups, but then use the Terraform provider to assign users into project-specific groups with permissions at the individual project level.

Open to your thoughts!

[b-per]

Thanks for the update. In that case, do you generally know the internal dbt Cloud ID of a user? If not, do you identify the users who need access via their email?

[b-per]

This should be out in a few minutes!

I have added some caveats to how to use the new dbtcloud_user_groups but feel free to raise new issues if you use the feature and have some questions/requests for more features.

[anaghshineh]

Wow - thanks so much!