Feature Request: Add resouces for teams and members

[Skeen]

Hi,

We would like to manage users and teams using Terraform to automatically assign permissions and accesses to users according to our IAM system.

I imagine a resource alike:

resource "cloudamqp_team" "product_team" {
  name               = "Product Team"
  notification_email = "[email protected]"
  gdpr_email         = "[email protected]"
  enforce_two_factor = true

  # various saml options
}

and:

resource "cloudamqp_team_member" "developer" {
  team  = cloudamqp_team.product_team.id

  email = "[email protected]"
  role  = "member"
  tags  = ["product1"]
}

[dentarg]

Thanks for the issue

Do you want to be able to create teams? Or only edit teams? Do you want to be able to create users? Or only edit users?

various saml options

Which ones? The more specific information on what you need the better.

[Skeen]

@dentarg I do not need the SAML options, so for my sake they can be excluded in the first revision.

[Skeen]

I wanna be able to manage the full lifecycle of teams and users. Create, edit and destroy.

[dentarg]

Okay, got it. The Terraform provider can only do actions that exist in the public API: https://docs.cloudamqp.com/

Right now, there's no API for creating teams, nor creating users (only inviting them to a team).

If there's enough demand, it could be prioritised the build these APIs. Do you want to share your company name so I can log the feedback? If you don't want to share it here you can email support(https://www.cloudamqp.com/support.html) and reference this issue.

[Skeen]

The company is Magenta ApS, even support for inviting and removing team-members would be a big advantage.

[kmezynski]

Hey, what's the status of this issue? It's been over two years already. This feature would greatly improve infrastructure maintenance within our company (dozens of teams and hundreds of users). It would be great if there was an option to determine which team a newly created cloudamqp instance should be associated with.

[dentarg]

@kmezynski Currently you would have to use different API keys as there is no higher level resource managing multiple teams in CloudAMQP.

If you're up for it, we are interested in discussing your use case further, can you email our support and mention this ticket and my name/github handle? Or if you have raised this feedback before, you can post a ticket number here if you have it, and I'll reply there.

[kmezynski]

@dentarg Done, mail sent

[dentarg]

resource "cloudamqp_team_member" "developer" {
  team  = cloudamqp_team.product_team.id

  email = "[email protected]"
  role  = "member"
  tags  = ["product1"]
}

Nothing is finalized from our side, I'm sharing my thoughts in an early stage. I see it as unlikely we will offer an API to create CloudAMQP users account – this is because we need to email to be verified (and in most cases, a password to be set), and such flow isn't really compatible with Terraform automation.

It is possible to provision users using SAML: https://www.cloudamqp.com/docs/saml.html – I think this is a better fit, as most larger organisations already have their users managed by some Identity Provider.

What do you think @Skeen?