feat: Add rbac_roles to coder_workspace_owner data source

nxf5025 · nxf5025 · commit 9bae19724407 · 2025-01-30T18:36:15.000-05:00
diff --git a/docs/data-sources/workspace_owner.md b/docs/data-sources/workspace_owner.md
@@ -53,6 +53,7 @@ resource "coder_env" "git_author_email" {
 - `login_type` (String) The type of login the user has.
 - `name` (String) The username of the user.
 - `oidc_access_token` (String) A valid OpenID Connect access token of the workspace owner. This is only available if the workspace owner authenticated with OpenID Connect. If a valid token cannot be obtained, this value will be an empty string.
+- `rbac_roles` (List of String) The RBAC roles of which the user is assigned.
 - `session_token` (String) Session token for authenticating with a Coder deployment. It is regenerated every time a workspace is started.
 - `ssh_private_key` (String, Sensitive) The user's generated SSH private key.
 - `ssh_public_key` (String) The user's generated SSH public key.
diff --git a/integration/integration_test.go b/integration/integration_test.go
@@ -113,6 +113,7 @@ func TestIntegration(t *testing.T) {
 				"workspace_owner.ssh_private_key":   `(?s)^.+?BEGIN OPENSSH PRIVATE KEY.+?END OPENSSH PRIVATE KEY.+?$`,
 				"workspace_owner.ssh_public_key":    `(?s)^ssh-ed25519.+$`,
 				"workspace_owner.login_type":        ``,
+				"workspace_owner.rbac_roles":        `\[\]`,
 			},
 		},
 		{
@@ -141,6 +142,7 @@ func TestIntegration(t *testing.T) {
 				"workspace_owner.ssh_private_key":   `(?s)^.+?BEGIN OPENSSH PRIVATE KEY.+?END OPENSSH PRIVATE KEY.+?$`,
 				"workspace_owner.ssh_public_key":    `(?s)^ssh-ed25519.+$`,
 				"workspace_owner.login_type":        `password`,
+				"workspace_owner.rbac_roles":        `\[\]`,
 			},
 		},
 		{
diff --git a/integration/workspace-owner-filled/main.tf b/integration/workspace-owner-filled/main.tf
@@ -40,6 +40,7 @@ locals {
     "workspace_owner.ssh_private_key" : data.coder_workspace_owner.me.ssh_private_key,
     "workspace_owner.ssh_public_key" : data.coder_workspace_owner.me.ssh_public_key,
     "workspace_owner.login_type" : data.coder_workspace_owner.me.login_type,
+    "workspace_owner.rbac_roles" : jsonencode(data.coder_workspace_owner.me.rbac_roles),
   }
 }
 
diff --git a/integration/workspace-owner/main.tf b/integration/workspace-owner/main.tf
@@ -40,6 +40,7 @@ locals {
     "workspace_owner.ssh_private_key" : data.coder_workspace_owner.me.ssh_private_key,
     "workspace_owner.ssh_public_key" : data.coder_workspace_owner.me.ssh_public_key,
     "workspace_owner.login_type" : data.coder_workspace_owner.me.login_type,
+    "workspace_owner.rbac_roles" : jsonencode(data.coder_workspace_owner.me.rbac_roles),
   }
 }
 
diff --git a/provider/workspace_owner.go b/provider/workspace_owner.go
@@ -59,6 +59,14 @@ func workspaceOwnerDataSource() *schema.Resource {
 				_ = rd.Set("login_type", loginType)
 			}
 
+			var rbacRoles []string
+			if rolesRaw, ok := os.LookupEnv("CODER_WORKSPACE_OWNER_RBAC_ROLES"); ok {
+				if err := json.NewDecoder(strings.NewReader(rolesRaw)).Decode(&rbacRoles); err != nil {
+					return diag.Errorf("invalid user rbac roles: %s", err.Error())
+				}
+			}
+			_ = rd.Set("rbac_roles", rbacRoles)
+
 			return diags
 		},
 		Schema: map[string]*schema.Schema{
@@ -118,6 +126,14 @@ func workspaceOwnerDataSource() *schema.Resource {
 				Computed:    true,
 				Description: "The type of login the user has.",
 			},
+			"rbac_roles": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Computed:    true,
+				Description: "The RBAC roles of which the user is assigned.",
+			},
 		},
 	}
 }
diff --git a/provider/workspace_owner_test.go b/provider/workspace_owner_test.go
@@ -34,6 +34,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) {
 		t.Setenv("CODER_WORKSPACE_OWNER_SESSION_TOKEN", `supersecret`)
 		t.Setenv("CODER_WORKSPACE_OWNER_OIDC_ACCESS_TOKEN", `alsosupersecret`)
 		t.Setenv("CODER_WORKSPACE_OWNER_LOGIN_TYPE", `github`)
+		t.Setenv("CODER_WORKSPACE_OWNER_RBAC_ROLES", `["member", "auditor"]`)
 
 		resource.Test(t, resource.TestCase{
 			ProviderFactories: coderFactory(),
@@ -61,6 +62,8 @@ func TestWorkspaceOwnerDatasource(t *testing.T) {
 					assert.Equal(t, `supersecret`, attrs["session_token"])
 					assert.Equal(t, `alsosupersecret`, attrs["oidc_access_token"])
 					assert.Equal(t, `github`, attrs["login_type"])
+					assert.Equal(t, `member`, attrs["rbac_roles.0"])
+					assert.Equal(t, `auditor`, attrs["rbac_roles.1"])
 
 					return nil
 				},
@@ -80,6 +83,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) {
 			"CODER_WORKSPACE_OWNER_SSH_PUBLIC_KEY",
 			"CODER_WORKSPACE_OWNER_SSH_PRIVATE_KEY",
 			"CODER_WORKSPACE_OWNER_LOGIN_TYPE",
+			"CODER_WORKSPACE_OWNER_RBAC_ROLES",
 		} { // https://github.com/golang/go/issues/52817
 			t.Setenv(v, "")
 			os.Unsetenv(v)
@@ -110,6 +114,7 @@ func TestWorkspaceOwnerDatasource(t *testing.T) {
 					assert.Empty(t, attrs["session_token"])
 					assert.Empty(t, attrs["oidc_access_token"])
 					assert.Empty(t, attrs["login_type"])
+					assert.Empty(t, attrs["rbac_roles.0"])
 					return nil
 				},
 			}},

Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ locals {`
`40`	`40`	`"workspace_owner.ssh_private_key" : data.coder_workspace_owner.me.ssh_private_key,`
`41`	`41`	`"workspace_owner.ssh_public_key" : data.coder_workspace_owner.me.ssh_public_key,`
`42`	`42`	`"workspace_owner.login_type" : data.coder_workspace_owner.me.login_type,`
	`43`	`+ "workspace_owner.rbac_roles" : jsonencode(data.coder_workspace_owner.me.rbac_roles),`
`43`	`44`	`}`
`44`	`45`	`}`
`45`	`46`