Managing GroupSync and Organizations

[calebwashburn]

If trying to terraform out both an organization, groups and idp sync of users to groups for a given organization, there is a cyclical problem where I cannot map the group under the group_sync of an organization as this requires a groups unique id

resource "coderd_organization" "this" {
  name         = "blueberry"
  display_name = "Blueberry"
  description  = "The organization for blueberries"
  icon         = "/emojis/1fad0.png"

 group_sync {
    field = "groups"
    mapping = {
      org_x_users = [coderd_group.this.id] # cannot reference this as doesn't exist yet
    }
  }

because in order to create the group I need the organization_id.

resource "coderd_group" "this" {
  name            = "org_x_users"
  # needs organization to be created first above before group can be created in the org
  organization_id = coderd_organization.this.id 
  quota_allowance = 5
  members = []
  lifecycle {
    ignore_changes = [members]
  }
}

While I can go into UI and map this after the organization and group is created would prefer to have a different resource to configure group sync settings and allow terraform to manager the dependency of creating org, 1-N groups and then creating group_sync settings for the org

[ewt-sk]

Can we get some traction on this? This makes us unable to configure our instance with Terraform at all, and it will cause us to have to write our own automations through the API, which is a significant amount of work.

[ethanndickson]

The new resource, coderd_organization_group_sync is available in the latest provider release!

[ewt-sk]

Much appreciated, we are testing it today!