service-accounts: move jwt from shared model (#32)

calebdoxsey · web-flow · commit a85a0e51de25 · 2025-01-29T12:02:18.000-07:00
For service account data sources, the `JWT` field only exists for
resources not for the data model, so move it. Also add support for
querying by namespace.
diff --git a/internal/provider/models.go b/internal/provider/models.go
@@ -19,7 +19,6 @@ type ServiceAccountModel struct {
 	Description types.String `tfsdk:"description"`
 	UserID      types.String `tfsdk:"user_id"`
 	ExpiresAt   types.String `tfsdk:"expires_at"`
-	JWT         types.String `tfsdk:"jwt"`
 }
 
 func ConvertServiceAccountToPB(_ context.Context, src *ServiceAccountResourceModel) (*pb.PomeriumServiceAccount, diag.Diagnostics) {
@@ -42,7 +41,7 @@ func ConvertServiceAccountToPB(_ context.Context, src *ServiceAccountResourceMod
 	return pbServiceAccount, diags
 }
 
-func ConvertServiceAccountFromPB(dst *ServiceAccountResourceModel, src *pb.PomeriumServiceAccount) diag.Diagnostics {
+func ConvertServiceAccountFromPB(dst *ServiceAccountModel, src *pb.PomeriumServiceAccount) diag.Diagnostics {
 	var diagnostics diag.Diagnostics
 
 	dst.ID = types.StringValue(src.Id)
diff --git a/internal/provider/service_account.go b/internal/provider/service_account.go
@@ -31,7 +31,10 @@ type ServiceAccountResource struct {
 	client *client.Client
 }
 
-type ServiceAccountResourceModel = ServiceAccountModel
+type ServiceAccountResourceModel struct {
+	ServiceAccountModel
+	JWT types.String `tfsdk:"jwt"`
+}
 
 func (r *ServiceAccountResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
 	resp.TypeName = req.ProviderTypeName + "_service_account"
@@ -127,7 +130,7 @@ func (r *ServiceAccountResource) Create(ctx context.Context, req resource.Create
 		return
 	}
 
-	diags = ConvertServiceAccountFromPB(&plan, respServiceAccount.ServiceAccount)
+	diags = ConvertServiceAccountFromPB(&plan.ServiceAccountModel, respServiceAccount.ServiceAccount)
 	resp.Diagnostics.Append(diags...)
 	if resp.Diagnostics.HasError() {
 		return
@@ -163,7 +166,7 @@ func (r *ServiceAccountResource) Read(ctx context.Context, req resource.ReadRequ
 		return
 	}
 
-	diags := ConvertServiceAccountFromPB(&state, respServiceAccount.ServiceAccount)
+	diags := ConvertServiceAccountFromPB(&state.ServiceAccountModel, respServiceAccount.ServiceAccount)
 	resp.Diagnostics.Append(diags...)
 	if resp.Diagnostics.HasError() {
 		return
diff --git a/internal/provider/service_accounts_data_source.go b/internal/provider/service_accounts_data_source.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
 	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
 
 	client "github.com/pomerium/enterprise-client-go"
 	"github.com/pomerium/enterprise-client-go/pb"
@@ -22,6 +23,7 @@ type ServiceAccountsDataSource struct {
 }
 
 type ServiceAccountsDataSourceModel struct {
+	NamespaceID     types.String          `tfsdk:"namespace_id"`
 	ServiceAccounts []ServiceAccountModel `tfsdk:"service_accounts"`
 }
 
@@ -32,8 +34,11 @@ func (d *ServiceAccountsDataSource) Metadata(_ context.Context, req datasource.M
 func (d *ServiceAccountsDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
 	resp.Schema = schema.Schema{
 		MarkdownDescription: "List all service accounts",
-
 		Attributes: map[string]schema.Attribute{
+			"namespace_id": schema.StringAttribute{
+				Optional:    true,
+				Description: "Namespace of the service accounts.",
+			},
 			"service_accounts": schema.ListNestedAttribute{
 				Computed: true,
 				NestedObject: schema.NestedAttributeObject{
@@ -86,10 +91,18 @@ func (d *ServiceAccountsDataSource) Configure(_ context.Context, req datasource.
 	d.client = client
 }
 
-func (d *ServiceAccountsDataSource) Read(ctx context.Context, _ datasource.ReadRequest, resp *datasource.ReadResponse) {
+func (d *ServiceAccountsDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
 	var data ServiceAccountsDataSourceModel
 
-	serviceAccountsResp, err := d.client.PomeriumServiceAccountService.ListPomeriumServiceAccounts(ctx, &pb.ListPomeriumServiceAccountsRequest{})
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	listReq := &pb.ListPomeriumServiceAccountsRequest{
+		Namespace: data.NamespaceID.ValueString(),
+	}
+	serviceAccountsResp, err := d.client.PomeriumServiceAccountService.ListPomeriumServiceAccounts(ctx, listReq)
 	if err != nil {
 		resp.Diagnostics.AddError("Error reading service accounts", err.Error())
 		return

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,6 @@ type ServiceAccountModel struct {`
`19`	`19`	Description types.String `tfsdk:"description"`
`20`	`20`	UserID types.String `tfsdk:"user_id"`
`21`	`21`	ExpiresAt types.String `tfsdk:"expires_at"`
`22`		- JWT types.String `tfsdk:"jwt"`
`23`	`22`	`}`
`24`	`23`
`25`	`24`	`func ConvertServiceAccountToPB(_ context.Context, src ServiceAccountResourceModel) (pb.PomeriumServiceAccount, diag.Diagnostics) {`
`@@ -42,7 +41,7 @@ func ConvertServiceAccountToPB(_ context.Context, src *ServiceAccountResourceMod`
`42`	`41`	`return pbServiceAccount, diags`
`43`	`42`	`}`
`44`	`43`
`45`		`-func ConvertServiceAccountFromPB(dst ServiceAccountResourceModel, src pb.PomeriumServiceAccount) diag.Diagnostics {`
	`44`	`+func ConvertServiceAccountFromPB(dst ServiceAccountModel, src pb.PomeriumServiceAccount) diag.Diagnostics {`
`46`	`45`	`var diagnostics diag.Diagnostics`
`47`	`46`
`48`	`47`	`dst.ID = types.StringValue(src.Id)`