Merge pull request #1 from zitadel/alpha

chore: release alpha as stable release

.github/pull_request_template.md

@@ -0,0 +1,14 @@
+### Definition of Ready
+
+- [ ] Short description of the feature/issue is added in the pr description
+- [ ] PR is linked to the corresponding user story
+- [ ] Acceptance criteria are met
+- [ ] All open todos and follow ups are defined in a new ticket and justified
+- [ ] Deviations from the acceptance criteria and design are agreed with the PO and documented.
+- [ ] No debug or dead code
+- [ ] My code has no repetitions
+- [ ] All non-functional requirements are met
+- [ ] The generic lifecycle acceptance test passes for affected resources.
+- [ ] Examples are up-to-date and meaningful. The provider version is incremented.
+- [ ] Docs are generated.
+- [ ] Code is generated where possible.

.github/workflows/pull_request.yaml

@@ -0,0 +1,93 @@
+name: Test Provider
+
+on: pull_request
+
+jobs:
+
+  lint:
+
+    runs-on: ubuntu-20.04
+
+    permissions:
+      contents: read
+
+    steps:
+
+      - name: Checkout Code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+          cache: false
+
+      - name: Avoid Typecheck Error On Embedded Fields
+        run: |
+          touch acceptance/keys/instance-level-admin-sa.json
+          touch acceptance/keys/org-level-admin-sa.json
+
+      - name: Lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.53.3
+          github-token: ${{ github.token }}
+          only-new-issues: true
+          skip-pkg-cache: true
+          skip-build-cache: true
+
+  test:
+
+    runs-on: ubuntu-20.04
+
+    permissions:
+      contents: read
+
+    steps:
+
+    - name: Checkout Code
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version-file: 'go.mod'
+
+    - name: Make Machinekey Directory Writable
+      working-directory: acceptance
+      run: "chmod -R 777 keys"
+
+    - name: Setup ZITADEL
+      working-directory: acceptance
+      run: docker compose run setup
+
+    - name: Download Go Modules
+      run: go mod download
+
+    - name: Run Acceptance Tests
+      run: TF_ACC=1 go test -coverprofile=profile.cov ./...
+
+    - name: Publish Coverage
+      uses: codecov/[email protected]
+      with:
+        file: profile.cov
+        name: acceptance-tests
+        flags: acceptance-tests
+
+    - name: Save Docker Compose Logs
+      if: always()
+      working-directory: acceptance
+      run: docker compose logs > .docker-compose.log
+
+    - name: Archive Docker Compose Logs
+      if: always()
+      uses: actions/upload-artifact@v3
+      with:
+        name: pull-request-tests
+        path: |
+          acceptance/.docker-compose.log
+        retention-days: 30

.github/workflows/release.yml

@@ -0,0 +1,45 @@
+# This GitHub action can publish assets for release when a tag is created.
+# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
+#
+# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your
+# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
+# secret. If you would rather own your own GPG handling, please fork this action
+# or use an alternative one for key handling.
+#
+# You will need to pass the `--batch` flag to `gpg` in your signing step
+# in `goreleaser` to indicate this is being used in a non-interactive mode.
+#
+name: release
+on:
+  push:
+    tags:
+      - 'v*'
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Unshallow
+        run: git fetch --prune --unshallow
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+      - name: Import GPG key
+        id: import_gpg
+        #https://github.com/hashicorp/ghaction-import-gpg/issues/11
+        uses: crazy-max/[email protected]
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+      - name: Run GoReleaser
+        uses: goreleaser/[email protected]
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+          # GitHub sets this automatically
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -27,3 +27,12 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+
+/test
+
+# IDEs
+.idea
+.run
+
+# local binary
+terraform-provider-zitadel

.golangci.yml

@@ -0,0 +1,13 @@
+run:
+  timeout: 10m
+linters:
+  disable-all: true
+  enable:
+    - typecheck
+    - gci
+linters-settings:
+  gci:
+    sections:
+    - standard
+    - default
+    - prefix(github.com/zitadel/terraform-provider-zitadel)

.goreleaser.yml

@@ -0,0 +1,60 @@
+# Visit https://goreleaser.com for documentation on how to customize this
+# behavior.
+before:
+  hooks:
+    # this is just an example and not a requirement for provider building/publishing
+    - go mod tidy
+builds:
+  - env:
+      # goreleaser does not work with CGO, it could also complicate
+      # usage by users in CI/CD systems like Terraform Cloud where
+      # they are unable to install libraries.
+      - CGO_ENABLED=0
+    mod_timestamp: '{{ .CommitTimestamp }}'
+    flags:
+      - -trimpath
+    ldflags:
+      - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}'
+    goos:
+      - freebsd
+      - windows
+      - linux
+      - darwin
+    goarch:
+      - amd64
+      - '386'
+      - arm
+      - arm64
+    ignore:
+      - goos: darwin
+        goarch: '386'
+    binary: '{{ .ProjectName }}_v{{ .Version }}'
+archives:
+  - format: zip
+    name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
+checksum:
+  extra_files:
+    - glob: 'terraform-registry-manifest.json'
+      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+  name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
+  algorithm: sha256
+signs:
+  - artifacts: checksum
+    args:
+      # if you are using this in a GitHub action or some other automated pipeline, you
+      # need to pass the batch flag to indicate its not interactive.
+      - "--batch"
+      - "--local-user"
+      - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
+      - "--output"
+      - "${signature}"
+      - "--detach-sign"
+      - "${artifact}"
+release:
+  extra_files:
+    - glob: 'terraform-registry-manifest.json'
+      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+  # If you want to manually examine the release before its live, uncomment this line:
+  draft: true
+changelog:
+  skip: true

CONTRIBUTING.md

@@ -1,5 +1,48 @@
-# Git Base Branch
+# Debug
 
-Please use the alpha branch as base until we merge alpha to main.
-You can find [more contributing instructions on the alpha branch](https://github.com/zitadel/terraform-provider-zitadel/blob/alpha/CONTRIBUTING.md).
+1. Run the local plugin code with your debugging IDE of choice with something similar to `go run ./... -debug`.
+2. Set breakpoints in your IDE.
+3. In your shell, apply the resource you are working on.
+   ```bash
+   # export the printed environment variable from the go run ./... -debug command above. E.g.
+   export TF_REATTACH_PROVIDERS='{"registry.terraform.io/zitadel/zitadel":{"Protocol":"grpc","ProtocolVersion":6,"Pid":8123,"Test":true,"Addr":{"Network":"unix","String":"/tmp/plugin275634719"}}}'
 
+   # go to a directory containing .tf files.
+   cd /my-zitadel-terraform-files
+
+   # apply them
+   terraform apply
+   ```
+4. The execution stops at your breakpoints.
+
+# Run Acceptance Tests
+
+Run a local ZITADEL instance using docker compose.
+
+```bash
+# To have the machine key written with the correct ownership, set your current users ID.
+export ZITADEL_DEV_UID="$(id -u)"
+
+# Setup ZITADEL
+docker compose --file ./acceptance/docker-compose.yaml run setup
+```
+
+Run the accepance tests using the machine key generated by ZITADEL.
+
+```bash
+TF_ACC=1 go test ./...
+```
+
+# Ensure the code is formatted correctly
+
+```bash
+go run github.com/golangci/golangci-lint/cmd/[email protected] run --fix
+```
+
+# Generate Docs
+
+1. Manually maintain files in /templates and /examples
+1. Generate the docs
+```bash
+go run github.com/hashicorp/terraform-plugin-docs/cmd/[email protected] generate
+ ```

README.md

@@ -10,29 +10,17 @@ Learn more about ZITADEL by checking out the [source repository on GitHub](https
 ## About this Terraform Provider
 
 This is the official ZITADEL Terraform provider.
-It lets you declare ZITADEL resources declaratively and apply the resources to any ZITADEL instance.
+It lets you declare ZITADEL resources and apply the resources to any ZITADEL instance.
 Importing existing resources to the Terraform state is supported.
-Therefore, as long as you have all resources declared, it is even easy to migrate state between instances.
-
-The provider is currently in [Beta state](https://zitadel.com/docs/support/general) and the support level is Enterprise Support.
-
-For general availability the following issues need to be resolved
-
-- [ ] [Release 1.0.0](https://github.com/zitadel/terraform-provider-zitadel/issues/85)
-- [x] [Run Tests on PR](https://github.com/zitadel/terraform-provider-zitadel/issues/92)
-- [ ] [Lifecycle Tests on all Ressources](https://github.com/zitadel/terraform-provider-zitadel/issues/91)
 
 ## Usage
 
 [Follow the Guide in our Docs](https://zitadel.com/docs/guides/manage/terraform/basics).
 Note that you need to create an authorized service user to access the ZITADEL APIs through the provider, as noted in the prerequisites.
 
-We don't guarantee that all resources are available in the provider.
-In case you miss something you are welcome to [contribute](#contributing).
-
 ## Contributing
 
-If you found a bug or want to request a new feature, please open an [issue](https://github.com/zitadel/terraform-provider-zitadel/issues).
+If you find a bug or want to request a new feature, please open an [issue](https://github.com/zitadel/terraform-provider-zitadel/issues).
 Contributions to the provider are very welcome, please follow the general guidance in the [Contribution Guide](https://github.com/zitadel/terraform-provider-zitadel/blob/main/CONTRIBUTING.md).
 
 ## Contributors

acceptance/Dockerfile

@@ -0,0 +1,7 @@
+FROM golang:1.20-alpine
+RUN apk add curl jq
+RUN go install github.com/zitadel/[email protected]
+COPY setup.sh config.json /
+RUN chmod +x /setup.sh
+WORKDIR /
+ENTRYPOINT [ "/setup.sh" ]

acceptance/config.go

@@ -0,0 +1,38 @@
+package acceptance
+
+import (
+	_ "embed"
+	"encoding/json"
+)
+
+var (
+	//go:embed keys/instance-level-admin-sa.json
+	instanceLevelAdminSAJSON []byte
+
+	//go:embed keys/org-level-admin-sa.json
+	orgLevelAdminSAJSON []byte
+
+	//go:embed config.json
+	configJson []byte
+)
+
+type Config struct {
+	OrgLevel      IsolatedInstance
+	InstanceLevel IsolatedInstance
+}
+
+type IsolatedInstance struct {
+	Domain      string
+	AdminSAJSON []byte
+}
+
+func GetConfig() Config {
+	val := Config{
+		OrgLevel:      IsolatedInstance{AdminSAJSON: orgLevelAdminSAJSON},
+		InstanceLevel: IsolatedInstance{AdminSAJSON: instanceLevelAdminSAJSON},
+	}
+	if err := json.Unmarshal(configJson, &val); err != nil {
+		panic(err)
+	}
+	return val
+}

acceptance/config.json

@@ -0,0 +1,8 @@
+{
+  "orgLevel": {
+    "domain": "org-level-tests.default.127.0.0.1.sslip.io"
+  },
+  "instanceLevel": {
+    "domain": "instance-level-tests.default.127.0.0.1.sslip.io"
+  }
+}