Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need to be able to lookup teams based on the list of names considering that not all of them may exists yet #982

Open
dee-kryvenko opened this issue Nov 19, 2024 · 4 comments · May be fixed by #984
Open

Need to be able to lookup teams based on the list of names considering that not all of them may exists yet #982

dee-kryvenko opened this issue Nov 19, 2024 · 4 comments · May be fixed by #984
Assignees
@TomerHeber
Labels
blocked enhancement New feature or request

Comments

@dee-kryvenko
Copy link

Is your feature request related to a problem? Please describe.

Consider SSO enabled Env0 org. Env0 to my knowledge does not use SCIM at the moment, so the Teams are being populated to Env0 only when a first member of corresponding IdP group log in for the first time. Until then the team does not exists.

Consider a TF module that's used to create Env0 projects and assign permissions to corresponding teams. Such a module would accept a list of group names, which may include groups names that doesn't yet exists as Env0 Teams.

Trying to do something like this in that case would fail:

data "env0_team" "compartment_admins" {
  for_each = toset(local.okta_admin_groups)
  name     = each.key
}

The error would be something like

╷
│ Error: Could not find an env0 team with name <redacted>
│ 
│   with data.env0_team.compartment_admins["<redacted>"],
│   on env0_project_policy.tf line 1, in data "env0_team" "compartment_admins":
│    1: data "env0_team" "compartment_admins" {
│ 
╵

Describe the solution you'd like

There needs to be a way to account for a fact that the team might not exist yet, so the code would not fail and process other groups that do. Maybe env0_teams data source needs to be able to provide some kind of filter as an input, but there needs to be corresponding API endpoint otherwise if TF providers would do the filtering client-side - that wouldn't actually solve anything.

Describe alternatives you've considered

As a workaround I considered the following approach

data "env0_teams" "all_teams" {}

data "env0_team" "compartment_admins" {
  for_each = toset([
    for group in data.env0_teams.all_teams.names : group
    if contains(local.okta_admin_groups, group)
  ])
  name = each.value
}

The downside is that env0_teams data source trying to get a list of all teams in the org, which is excessive and unnecessary. Additionally, it fails agains another issue described in #981

Additional context
Add any other context or screenshots about the feature request here.
@dee-kryvenko dee-kryvenko added the enhancement New feature or request label Nov 19, 2024
@TomerHeber
Copy link
Collaborator

Hi @dee-kryvenko

I'm trying to understand the request. And what would be the best solution for your requirements.
Please note that teams pagination is resolved.
We could add a filter to data "env0_teams" - would that help?

Thanks!

@dee-kryvenko
Copy link
Author

Yes, I think that the ability to specify a filter would help, and data source must not fail if the result is empty list. It would just be empty list.

@TomerHeber TomerHeber self-assigned this Nov 21, 2024
@TomerHeber TomerHeber moved this from To do to In progress in Ongoing Issues Nov 21, 2024
@TomerHeber TomerHeber linked a pull request Nov 23, 2024 that will close this issue
Open
TomerHeber added a commit that referenced this issue Dec 11, 2024
@TomerHeber
Merge branch 'main' into feat-add-filter-for-teams-#982
927c8aa
@liranfarage89
Copy link
Contributor

@dee-kryvenko I wonder if now, after resolving #981 you still need the filter expression, because it's basically like the workaround you suggested but behind the scene. It should work, so I don't see a real value of encapsulating it behind a Resource's property.

cc @TomerHeber

@TomerHeber TomerHeber moved this from In progress to Blocked in Ongoing Issues Dec 21, 2024
@dee-kryvenko
Copy link
Author

#981 is the workaround, this one is the actual issue. There's no reason to query backend for more than I need and having to filter on the client side. I have like 10k groups, even with pagination 100 per page - TF would make 100 requests where potentially only one was enough. Do it over and over across multiple environments during a drift detection.. just so inefficient.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TomerHeber TomerHeber

Labels
blocked enhancement New feature or request
Projects
Ongoing Issues
Status: Blocked
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feat: add the option to add a regex filter for list of teams env0/terraform-provider-env0
3 participants
@dee-kryvenko @TomerHeber @liranfarage89