Allow users invite

[aalvarezaph]

Is your feature request related to a problem? Please describe.

When enabling MFA, users created through the provider (belonging to the internal realm) are not able to edit their profile regardless of their "Can update profile" status.

Users invited into Artifactory (api/v1/access/api/ui/users/invite API endpoint) are able to sign up using personal SSO (Github, Google) and will belong to the oauth realm. In that scenario, they are able to edit their profile.

Describe the solution you'd like

I would like the provider to be able to invite users to avoid manual steps.

Describe alternatives you've considered

At the moment I am creating those invites outside of IaC, and then having an import block on Terraform (once invitation is sent, user can be imported).

Additional context

I am new to Artifactory and its provider, so hopefully not missing something obvious here

[alexhung]

@aalvarezaph The API api/v1/access/api/ui/users/invite is for JFrog UI uses only. There's no public REST API for this purpose. Even if there's one, Terraform centers around managing resources, which in this case of invitation, it doesn't fit that model. Unless there's APIs to do CRUD for invitation (create invite, get invite status, delete invite).

[aalvarezaph]

@aalvarezaph The API api/v1/access/api/ui/users/invite is for JFrog UI uses only. There's no public REST API for this purpose.

Sorry to hear!

Even if there's one, Terraform centers around managing resources, which in this case of invitation, it doesn't fit that model. Unless there's APIs to do CRUD for invitation (create invite, get invite status, delete invite).

Thought about that but what I observed is that once the invite is sent, I can import the user in Terraform the same way I would if I had created it through the resource. So from Terraform perspective I was thinking of some create_invite variable that would instruct to use the other API to send the invitation instead of the regular user creation endpoint.

But if it's a private UI endpoint only that's a no go anyway :(

Edit: Thanks for your fast response @alexhung ! Should we then create the issue as until (/if) this is supported by the API there's not much that can be done about it ( I was surprised that edit profile doesn't show up with MFA enabled anyways, so if someone reading this knows why please enlighthen me, I might be doing something wrong :) )

[alexhung]

@aalvarezaph Yes, please work with your JFrog contact to create a feature request for new REST API. Once that's implemented then I can consider how to implement it with the existing user resources.