chore(integration): fix failing tests referencing workspace_owner.rbac_roles (#369)

johnstcn · web-flow · commit f75fb0b27385 · 2025-03-19T14:53:20.000Z
diff --git a/docs/data-sources/workspace_owner.md b/docs/data-sources/workspace_owner.md
@@ -53,7 +53,15 @@ resource "coder_env" "git_author_email" {
 - `login_type` (String) The type of login the user has.
 - `name` (String) The username of the user.
 - `oidc_access_token` (String) A valid OpenID Connect access token of the workspace owner. This is only available if the workspace owner authenticated with OpenID Connect. If a valid token cannot be obtained, this value will be an empty string.
-- `rbac_roles` (List of Map) The RBAC roles and associated org ids of which the user is assigned.
+- `rbac_roles` (List of Object) The RBAC roles of which the user is assigned. (see [below for nested schema](#nestedatt--rbac_roles))
 - `session_token` (String) Session token for authenticating with a Coder deployment. It is regenerated every time a workspace is started.
 - `ssh_private_key` (String, Sensitive) The user's generated SSH private key.
 - `ssh_public_key` (String) The user's generated SSH public key.
+
+<a id="nestedatt--rbac_roles"></a>
+### Nested Schema for `rbac_roles`
+
+Read-Only:
+
+- `name` (String)
+- `org_id` (String)
diff --git a/integration/integration_test.go b/integration/integration_test.go
@@ -122,7 +122,7 @@ func TestIntegration(t *testing.T) {
 				"workspace_owner.ssh_private_key":   `(?s)^.+?BEGIN OPENSSH PRIVATE KEY.+?END OPENSSH PRIVATE KEY.+?$`,
 				"workspace_owner.ssh_public_key":    `(?s)^ssh-ed25519.+$`,
 				"workspace_owner.login_type":        ``,
-				"workspace_owner.rbac_roles":        `\[\]`,
+				"workspace_owner.rbac_roles":        ``,
 			},
 		},
 		{
@@ -151,7 +151,36 @@ func TestIntegration(t *testing.T) {
 				"workspace_owner.ssh_private_key":   `(?s)^.+?BEGIN OPENSSH PRIVATE KEY.+?END OPENSSH PRIVATE KEY.+?$`,
 				"workspace_owner.ssh_public_key":    `(?s)^ssh-ed25519.+$`,
 				"workspace_owner.login_type":        `password`,
-				"workspace_owner.rbac_roles":        `\[\]`,
+				"workspace_owner.rbac_roles":        ``,
+			},
+		},
+		{
+			name:       "workspace-owner-rbac-roles",
+			minVersion: "v2.21.0", // anticipated version, update as required
+			expectedOutput: map[string]string{
+				"provisioner.arch":                  runtime.GOARCH,
+				"provisioner.id":                    `[a-zA-Z0-9-]+`,
+				"provisioner.os":                    runtime.GOOS,
+				"workspace.access_port":             `\d+`,
+				"workspace.access_url":              `https?://\D+:\d+`,
+				"workspace.id":                      `[a-zA-z0-9-]+`,
+				"workspace.name":                    ``,
+				"workspace.start_count":             `1`,
+				"workspace.template_id":             `[a-zA-Z0-9-]+`,
+				"workspace.template_name":           `workspace-owner`,
+				"workspace.template_version":        `.+`,
+				"workspace.transition":              `start`,
+				"workspace_owner.email":             `testing@coder\.com`,
+				"workspace_owner.full_name":         `default`,
+				"workspace_owner.groups":            `\[(\"Everyone\")?\]`,
+				"workspace_owner.id":                `[a-zA-Z0-9-]+`,
+				"workspace_owner.name":              `testing`,
+				"workspace_owner.oidc_access_token": `^$`, // TODO: test OIDC integration
+				"workspace_owner.session_token":     `.+`,
+				"workspace_owner.ssh_private_key":   `(?s)^.+?BEGIN OPENSSH PRIVATE KEY.+?END OPENSSH PRIVATE KEY.+?$`,
+				"workspace_owner.ssh_public_key":    `(?s)^ssh-ed25519.+$`,
+				"workspace_owner.login_type":        `password`,
+				"workspace_owner.rbac_roles":        `(?is)\[(\{"name":"[a-z0-9-:]+","org_id":"[a-f0-9-]+"\},?)+\]`,
 			},
 		},
 		{
diff --git a/integration/workspace-owner-rbac-roles/main.tf b/integration/workspace-owner-rbac-roles/main.tf
@@ -0,0 +1,57 @@
+terraform {
+  required_providers {
+    coder = {
+      source = "coder/coder"
+    }
+    local = {
+      source = "hashicorp/local"
+    }
+  }
+}
+
+data "coder_provisioner" "me" {}
+data "coder_workspace" "me" {}
+data "coder_workspace_owner" "me" {}
+
+locals {
+  # NOTE: these must all be strings in the output
+  output = {
+    "provisioner.arch" : data.coder_provisioner.me.arch,
+    "provisioner.id" : data.coder_provisioner.me.id,
+    "provisioner.os" : data.coder_provisioner.me.os,
+    "workspace.access_port" : tostring(data.coder_workspace.me.access_port),
+    "workspace.access_url" : data.coder_workspace.me.access_url,
+    "workspace.id" : data.coder_workspace.me.id,
+    "workspace.name" : data.coder_workspace.me.name,
+    "workspace.start_count" : tostring(data.coder_workspace.me.start_count),
+    "workspace.template_id" : data.coder_workspace.me.template_id,
+    "workspace.template_name" : data.coder_workspace.me.template_name,
+    "workspace.template_version" : data.coder_workspace.me.template_version,
+    "workspace.transition" : data.coder_workspace.me.transition,
+    "workspace_owner.email" : data.coder_workspace_owner.me.email,
+    "workspace_owner.full_name" : data.coder_workspace_owner.me.full_name,
+    "workspace_owner.groups" : jsonencode(data.coder_workspace_owner.me.groups),
+    "workspace_owner.id" : data.coder_workspace_owner.me.id,
+    "workspace_owner.name" : data.coder_workspace_owner.me.name,
+    "workspace_owner.oidc_access_token" : data.coder_workspace_owner.me.oidc_access_token,
+    "workspace_owner.session_token" : data.coder_workspace_owner.me.session_token,
+    "workspace_owner.ssh_private_key" : data.coder_workspace_owner.me.ssh_private_key,
+    "workspace_owner.ssh_public_key" : data.coder_workspace_owner.me.ssh_public_key,
+    "workspace_owner.login_type" : data.coder_workspace_owner.me.login_type,
+    "workspace_owner.rbac_roles" : jsonencode(data.coder_workspace_owner.me.rbac_roles),
+  }
+}
+
+variable "output_path" {
+  type = string
+}
+
+resource "local_file" "output" {
+  filename = var.output_path
+  content  = jsonencode(local.output)
+}
+
+output "output" {
+  value     = local.output
+  sensitive = true
+}
