Housekeeping and bug fixes (#22)

CHANGELOG.md

@@ -1,5 +1,11 @@
 ## [Unreleased]
 
+## v0.4.1
+
+* Add `ResourceWithConfigure` to all resources
+* Make sure at least one type of authentication is set for the client
+* Fix bug where the `type` field was not being set on the `vaultwarden_organization_user` resource
+
 ## v0.4.0
 
 * Add `vaultwarden_account_register` resource

README.md

@@ -15,7 +15,6 @@ The Vaultwarden provider allows you to manage and configure [Vaultwarden](https:
 
 The provider supports Vaultwarden versions:
 * 1.32.x
-* 1.32.x
 * 1.31.x
 * 1.30.x
 * 1.29.x
@@ -99,6 +98,7 @@ The provider requires one of the following authentication methods for API operat
 * If user credentials are used, `email` and `master_password` are always required
 * Admin token is optional and can be combined with either authentication method
 * Without admin token, `/admin` endpoint operations will not be available
+* At least one authentication method must be set for the provider
 
 #### Static credentials
 

docs/index.md

@@ -19,29 +19,34 @@ More information about authentication methods can be found in the [provider repo
 provider "vaultwarden" {
   endpoint = "https://vaultwarden.example.com"
 
-  # Required: User Authentication
+  # Provide at least one of the following authentication methods
+
+  # Optional: Admin Authentication
+  # Required only for /admin (admin page) endpoint operations
+  admin_token = "your-token-here"
+
+  # Optional: User Authentication (credentials)
   email           = "your-email-here"
   master_password = "your-master-password-here"
 
   # Optional: API Authentication (OAuth2)
-  # When using OAuth2, user authentication above is still required
-  # client_id     = "your-client-id"
-  # client_secret = "your-client-secret"
-
-  # Optional: Admin Authentication
-  # Required only for /admin endpoint operations
-  # admin_token = "your-token-here"
+  # When using OAuth2, user credentials above are still required
+  client_id     = "your-client-id"
+  client_secret = "your-client-secret"
 }
 ```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
+### Required
+
+- `endpoint` (String) The endpoint of the Vaultwarden server
+
 ### Optional
 
 - `admin_token` (String, Sensitive) Token for admin page operations. This requires the `/admin` endpoint to be enabled.
 - `client_id` (String) OAuth2 client ID for API key authentication
 - `client_secret` (String, Sensitive) OAuth2 client secret for API key authentication
 - `email` (String) Email for API operations
-- `endpoint` (String) The endpoint of the Vaultwarden server
 - `master_password` (String, Sensitive) Master password for API operations

docs/resources/account_register.md

@@ -5,6 +5,7 @@ subcategory: ""
 description: |-
   This resource registers a new account on the Vaultwarden server.
   This resource will save the password in plain text to the state! Use caution!
+  Requires admin_token to be set in the provider configuration.
 ---
 
 # vaultwarden_account_register (Resource)
@@ -13,6 +14,8 @@ This resource registers a new account on the Vaultwarden server.
 
 This resource will save the password in plain text to the state! Use caution!
 
+Requires `admin_token` to be set in the provider configuration.
+
 ## Example Usage
 
 ```terraform

docs/resources/user.md

@@ -4,12 +4,15 @@ page_title: "vaultwarden_user Resource - vaultwarden"
 subcategory: ""
 description: |-
   This resource invites a user to the Vaultwarden server.
+  Requires admin_token to be set in the provider configuration.
 ---
 
 # vaultwarden_user (Resource)
 
 This resource invites a user to the Vaultwarden server.
 
+Requires `admin_token` to be set in the provider configuration.
+
 ## Example Usage
 
 ```terraform

examples/provider/provider.tf

@@ -1,16 +1,18 @@
 provider "vaultwarden" {
   endpoint = "https://vaultwarden.example.com"
 
-  # Required: User Authentication
+  # Provide at least one of the following authentication methods
+
+  # Optional: Admin Authentication
+  # Required only for /admin (admin page) endpoint operations
+  admin_token = "your-token-here"
+
+  # Optional: User Authentication (credentials)
   email           = "your-email-here"
   master_password = "your-master-password-here"
 
   # Optional: API Authentication (OAuth2)
-  # When using OAuth2, user authentication above is still required
-  # client_id     = "your-client-id"
-  # client_secret = "your-client-secret"
-
-  # Optional: Admin Authentication
-  # Required only for /admin endpoint operations
-  # admin_token = "your-token-here"
+  # When using OAuth2, user credentials above are still required
+  client_id     = "your-client-id"
+  client_secret = "your-client-secret"
 }

internal/provider/provider.go

@@ -55,7 +55,7 @@ func (p *VaultwardenProvider) Schema(_ context.Context, _ provider.SchemaRequest
 		Attributes: map[string]schema.Attribute{
 			"endpoint": schema.StringAttribute{
 				MarkdownDescription: "The endpoint of the Vaultwarden server",
-				Optional:            true,
+				Required:            true,
 			},
 			"admin_token": schema.StringAttribute{
 				MarkdownDescription: "Token for admin page operations. This requires the `/admin` endpoint to be enabled.",
@@ -224,13 +224,14 @@ func (p *VaultwardenProvider) Configure(ctx context.Context, req provider.Config
 	var opts []vaultwarden.ClientOption
 
 	// Check authentication methods
+	hasAdminAuth := adminToken != ""
 	hasUserAuth := email != "" && masterPassword != ""
 	hasAPIAuth := clientID != "" && clientSecret != ""
 
-	if !hasUserAuth && !hasAPIAuth {
+	if !hasUserAuth && !hasAPIAuth && !hasAdminAuth {
 		resp.Diagnostics.AddError(
 			"Missing authentication credentials",
-			"The provider requires either user credentials (email + master password) or API credentials (client_id + client_secret) for authentication. "+
+			"The provider requires at least one authentication method to be provided. "+
 				"Please provide one set of credentials either in the configuration or via environment variables.",
 		)
 	}
@@ -285,11 +286,11 @@ func (p *VaultwardenProvider) Configure(ctx context.Context, req provider.Config
 
 func (p *VaultwardenProvider) Resources(ctx context.Context) []func() resource.Resource {
 	return []func() resource.Resource{
-		UserResource,
-		OrganizationResource,
-		OrganizationCollectionResource,
 		AccountRegisterResource,
+		OrganizationCollectionResource,
+		OrganizationResource,
 		OrganizationUserResource,
+		UserResource,
 	}
 }
 

internal/provider/resource_account_register.go

@@ -17,6 +17,7 @@ import (
 
 // Ensure provider defined types fully satisfy framework interfaces.
 var _ resource.Resource = &AccountRegister{}
+var _ resource.ResourceWithConfigure = &AccountRegister{}
 
 func AccountRegisterResource() resource.Resource {
 	return &AccountRegister{}
@@ -41,7 +42,7 @@ func (r *AccountRegister) Metadata(ctx context.Context, req resource.MetadataReq
 
 func (r *AccountRegister) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
 	resp.Schema = schema.Schema{
-		MarkdownDescription: "This resource registers a new account on the Vaultwarden server.\n\nThis resource will save the password in plain text to the state! Use caution!",
+		MarkdownDescription: "This resource registers a new account on the Vaultwarden server.\n\nThis resource will save the password in plain text to the state! Use caution!\n\nRequires `admin_token` to be set in the provider configuration.",
 		Attributes: map[string]schema.Attribute{
 			"id": schema.StringAttribute{
 				Computed:            true,

internal/provider/resource_organization.go

@@ -17,6 +17,7 @@ import (
 
 // Ensure provider defined types fully satisfy framework interfaces.
 var _ resource.Resource = &Organization{}
+var _ resource.ResourceWithConfigure = &Organization{}
 var _ resource.ResourceWithImportState = &Organization{}
 
 func OrganizationResource() resource.Resource {

internal/provider/resource_organization_collection.go

@@ -19,6 +19,7 @@ import (
 
 // Ensure provider defined types fully satisfy framework interfaces.
 var _ resource.Resource = &OrganizationCollection{}
+var _ resource.ResourceWithConfigure = &OrganizationCollection{}
 var _ resource.ResourceWithImportState = &OrganizationCollection{}
 
 func OrganizationCollectionResource() resource.Resource {

internal/provider/resource_organization_user.go

@@ -8,6 +8,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
@@ -19,7 +20,8 @@ import (
 
 // Ensure provider defined types fully satisfy framework interfaces.
 var _ resource.Resource = &OrganizationUser{}
-var _ resource.ResourceWithImportState = &User{}
+var _ resource.ResourceWithConfigure = &OrganizationUser{}
+var _ resource.ResourceWithImportState = &OrganizationUser{}
 
 func OrganizationUserResource() resource.Resource {
 	return &OrganizationUser{}
@@ -66,6 +68,7 @@ func (r *OrganizationUser) Schema(ctx context.Context, req resource.SchemaReques
 				MarkdownDescription: "The role type of the user (Owner, Admin, User, Manager). Defaults to `User`",
 				Computed:            true,
 				Optional:            true,
+				Default:             stringdefault.StaticString("User"),
 				Validators: []validator.String{
 					stringvalidator.OneOf("Owner", "Admin", "User", "Manager"),
 				},
@@ -111,7 +114,7 @@ func (r *OrganizationUser) Create(ctx context.Context, req resource.CreateReques
 		return
 	}
 
-	// Parse the type string into a UserOrgType
+	// Parse the type string into a UserOrgType (value will always be present due to schema default)
 	var userType models.UserOrgType
 	if err := userType.FromString(data.Type.ValueString()); err != nil {
 		resp.Diagnostics.AddError(
@@ -147,6 +150,7 @@ func (r *OrganizationUser) Create(ctx context.Context, req resource.CreateReques
 	// Map response body to schema and populate Computed attribute values
 	data.ID = types.StringValue(userResp.ID)
 	data.Status = types.StringValue(userResp.Status.String())
+	data.Type = types.StringValue(userResp.Type.String())
 
 	// Write logs using the tflog package
 	// Documentation: https://terraform.io/plugin/log

internal/provider/resource_organization_user_test.go

@@ -69,7 +69,6 @@ resource "vaultwarden_organization" "test" {
 resource "vaultwarden_organization_user" "test" {
 	organization_id = vaultwarden_organization.test.id
 	email           = %[6]q
-	type            = "User"
 }
 `, test.TestBaseURL, test.TestEmail, test.TestPassword, test.TestAdminToken, orgName, email)
 }

internal/provider/resource_user.go

@@ -16,6 +16,7 @@ import (
 
 // Ensure provider defined types fully satisfy framework interfaces.
 var _ resource.Resource = &User{}
+var _ resource.ResourceWithConfigure = &User{}
 var _ resource.ResourceWithImportState = &User{}
 
 func UserResource() resource.Resource {
@@ -39,7 +40,7 @@ func (r *User) Metadata(ctx context.Context, req resource.MetadataRequest, resp
 
 func (r *User) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
 	resp.Schema = schema.Schema{
-		MarkdownDescription: "This resource invites a user to the Vaultwarden server.",
+		MarkdownDescription: "This resource invites a user to the Vaultwarden server.\n\nRequires `admin_token` to be set in the provider configuration.",
 		Attributes: map[string]schema.Attribute{
 			"id": schema.StringAttribute{
 				Computed:            true,