expose Coder objects in the terraform provider

[ericpaulsen]

multiple customers have inquired about creating the following objects using our Terraform provider:

• users
• groups
• template/group RBAC mapping

a common theme across these customers: Terraform is used to configure all of their applications, so they'd like Coder to be fully configurable as code.

Edit: This is the feature-set of the new coderd provider.

Tasks:

• write RFC for coder infra terraform provider #13007
• Create coderd provider skeleton
• Create integration test framework for coderd provider
• Add user and group management capability to coderd provider
• Add template and template version management capability to coderd provider
• Add workspace proxy management capability to coderd provider
• Add license management capability to coderd provider terraform-provider-coderd#5
• Add support for organization resources, provisioners and org, group, role sync terraform-provider-coderd#39

[bpmct]

Nice. We don't have any short-term plans to make it so that people can provision Coder users, groups, or permissions with Terraform.

With group and role sync, the identity provider becomes the source of truth for authentication and authorization. I believe this should probably remain the case, versus it being done via Terraform, but Terraform can be used to deploy Coder with group sync enabled with coder server environment variables.

One side-effect is, sadly, that an initial admin user has to be created via some sort of script. It can be immediately deleted though. We should make that story better.

We don't have a good solution for codifying template permissions mapping though. Right now, sadly, a script is probably the best bet

[ericpaulsen]

re-opening - as this is a major point of feedback from customers.

[matifali]

I would suggest developing the new coderd provider with https://developer.hashicorp.com/terraform/plugin/framework so that we do not have to migrate it later