Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return user's groups as a Terraform data source for templates #8560

Closed
bpmct opened this issue Jul 17, 2023 · 5 comments · Fixed by #12841
Closed

Return user's groups as a Terraform data source for templates #8560

bpmct opened this issue Jul 17, 2023 · 5 comments · Fixed by #12841
Assignees
@f0ssel

Comments

@bpmct
Copy link
Member

bpmct commented Jul 17, 2023
edited
Loading

There may be cases where a template wants to be aware of the user's groups for infrastructure to provision/tags to add, etc.

The easiest way to do it seems like sending them as an array of strings in https://registry.terraform.io/providers/coder/coder/latest/docs/data-sources/workspace

data.coder_workspace.me.owner_groups
# ["devops", "platform-engineering", "backstage"]

Use cases

User must be in devops group for this to be provisioned as a part of their workspace:

resource "special_resource" "for_devops" {
  count = contains(data.coder_workspace.me.owner_groups, "devops") ? 1 : 0
}

Add groups as a tag to an resource:

resource "aws_instance" "example" {
  tags = {
    Name        = data.coder_workspace.me.name
    OwnerGroups = join(",", data.coder_workspace.me.owner_groups)
  }
}

Look up IAM policy based on groups:

data "aws_iam_policy" "dynamic" {
  count = length(data.coder_workspace.me.owner_groups)
  arn   = "arn:aws:iam::aws:policy/${element(data.coder_workspace.me.owner_groups, count.index)}"
}
@cdr-bot cdr-bot bot added the feature label Jul 17, 2023
@github-actions github-actions bot added the stale This issue is like stale bread. label Jan 15, 2024
@bpmct bpmct removed the stale This issue is like stale bread. label Jan 18, 2024
@bpmct bpmct mentioned this issue Jan 18, 2024
Closed
@matifali matifali mentioned this issue Jan 26, 2024
Closed
@bpmct bpmct mentioned this issue Mar 28, 2024
Closed
@bpmct
Copy link
Member Author

bpmct commented Mar 28, 2024

From #7191

this is blocking org-wide adoption at a major prospect. current state is limiting them to a single team. use-case:

they want to isolate groups to specific namespaces. multiple groups are assigned to a single template, but they want the template to deploy the pod into the user's group namespace (doing this via parameters, but can't validate group)

@bpmct bpmct added must-do Issues that must be completed by the end of the Sprint. Or else. Only humans may set this. and removed must-do Issues that must be completed by the end of the Sprint. Or else. Only humans may set this. labels Mar 28, 2024
@f0ssel
Copy link
Contributor

f0ssel commented Mar 28, 2024

I can take a look at this if that's cool, it's unfamiliar territory but I'd like to learn more in this area.

@f0ssel f0ssel self-assigned this Mar 28, 2024
This was referenced Apr 1, 2024
Merged
Merged
@matifali
Copy link
Member

matifali commented Apr 2, 2024
edited
Loading

Who ever is going to take this. We should probably do coder/terraform-provider-coder#180 first before adding any major features to the provider. This will save us from any accumulated tech debt and probably will allow a more streamline process to add new features to the provider.

@f0ssel
Copy link
Contributor

f0ssel commented Apr 3, 2024

@matifali My change was just a few lines of code, so I wouldn't want that refactor to block this.

@matifali
Copy link
Member

matifali commented Apr 8, 2024

It would be nice to publish docs for a use case or a guide on how groups can be used within templates.
The original issue body of this issue, #7191 and #11807 are some possible examples.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@f0ssel f0ssel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add owner groups to workspace data coder/coder
3 participants
@matifali @f0ssel @bpmct