fix: change user groups from List to Set type to prevent ordering issues

- Changed groups attribute from types.List to types.Set in user resource and data sources
- This prevents Terraform from detecting phantom changes when group order differs
- Updated example files to use correct attribute names (first_name/last_name, disabled)
- Added acceptance tests for user resource with groups
- Added CHANGELOG.md to track changes

Author: Trozz

CHANGELOG.md

@@ -0,0 +1,35 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Fixed
+- Fixed groups ordering issue in `pocketid_user` resource where Terraform would detect phantom changes when group IDs were in different order. Changed `groups` attribute from List to Set type to properly handle unordered collections.
+- Fixed attribute names in example files - changed `given_name`/`family_name` to `first_name`/`last_name` and `enabled` to `disabled` to match actual schema.
+
+## [0.1.0] - 2024-01-09
+
+### Added
+- Initial release of the Terraform Provider for PocketID
+- `pocketid_client` resource for managing OAuth2/OIDC clients
+- `pocketid_user` resource for managing users
+- `pocketid_group` resource for managing user groups
+- `pocketid_client` data source for reading client information
+- `pocketid_clients` data source for listing all clients
+- `pocketid_user` data source for reading user information
+- `pocketid_users` data source for listing and filtering users
+- `pocketid_group` data source for reading group information
+- `pocketid_groups` data source for listing and filtering groups
+- Provider configuration with base URL and API token authentication
+- Support for TLS certificate verification skip option
+- Comprehensive documentation and examples
+- Full test coverage for all resources and data sources
+- CI/CD pipeline with GitHub Actions
+- GoReleaser configuration for automated releases
+
+[Unreleased]: https://github.com/Trozz/terraform-provider-pocketid/compare/v0.1.0...HEAD
+[0.1.0]: https://github.com/Trozz/terraform-provider-pocketid/releases/tag/v0.1.0

examples/resources/users_groups.tf

@@ -24,56 +24,56 @@ resource "pocketid_group" "api_consumers" {
 # This resource creates the user account, but authentication setup is done separately
 
 resource "pocketid_user" "admin_user" {
-  username    = "admin"
-  email       = "admin@example.com"
-  given_name  = "Admin"
-  family_name = "User"
+  username   = "admin"
+  email      = "admin@example.com"
+  first_name = "Admin"
+  last_name  = "User"
 
   # Assign to administrator group
   groups = [
     pocketid_group.administrators.id
   ]
 
-  enabled = true
+
 }
 
 resource "pocketid_user" "john_doe" {
-  username    = "john.doe"
-  email       = "john.doe@example.com"
-  given_name  = "John"
-  family_name = "Doe"
+  username   = "john.doe"
+  email      = "john.doe@example.com"
+  first_name = "John"
+  last_name  = "Doe"
 
   # Assign to multiple groups
   groups = [
     pocketid_group.developers.id,
     pocketid_group.users.id
   ]
 
-  enabled = true
+
 }
 
 resource "pocketid_user" "jane_smith" {
-  username    = "jane.smith"
-  email       = "jane.smith@example.com"
-  given_name  = "Jane"
-  family_name = "Smith"
+  username   = "jane.smith"
+  email      = "jane.smith@example.com"
+  first_name = "Jane"
+  last_name  = "Smith"
 
   groups = [
     pocketid_group.users.id
   ]
 
-  enabled = true
+
 }
 
 # Example: Disabled User Account
 resource "pocketid_user" "inactive_user" {
-  username    = "old.employee"
-  email       = "old.employee@example.com"
-  given_name  = "Former"
-  family_name = "Employee"
+  username   = "old.employee"
+  email      = "old.employee@example.com"
+  first_name = "Former"
+  last_name  = "Employee"
 
   # User is disabled - cannot authenticate
-  enabled = false
+  disabled = true
 }
 
 # Example: Service Account User
@@ -82,14 +82,14 @@ resource "pocketid_user" "service_account" {
   email    = "ci-cd@example.com"
 
   # Service accounts might not need human names
-  given_name  = "CI/CD"
-  family_name = "Service"
+  first_name = "CI/CD"
+  last_name  = "Service"
 
   groups = [
     pocketid_group.api_consumers.id
   ]
 
-  enabled = true
+
 }
 
 # Example: Using Dynamic Groups
@@ -110,44 +110,44 @@ resource "pocketid_group" "departments" {
 variable "team_members" {
   description = "List of team members to create"
   type = list(object({
-    username    = string
-    email       = string
-    given_name  = string
-    family_name = string
-    department  = string
+    username   = string
+    email      = string
+    first_name = string
+    last_name  = string
+    department = string
   }))
   default = [
     {
-      username    = "alice.johnson"
-      email       = "alice.johnson@example.com"
-      given_name  = "Alice"
-      family_name = "Johnson"
-      department  = "engineering"
+      username   = "alice.johnson"
+      email      = "alice.johnson@example.com"
+      first_name = "Alice"
+      last_name  = "Johnson"
+      department = "engineering"
     },
     {
-      username    = "bob.wilson"
-      email       = "bob.wilson@example.com"
-      given_name  = "Bob"
-      family_name = "Wilson"
-      department  = "marketing"
+      username   = "bob.wilson"
+      email      = "bob.wilson@example.com"
+      first_name = "Bob"
+      last_name  = "Wilson"
+      department = "marketing"
     }
   ]
 }
 
 resource "pocketid_user" "team_members" {
   for_each = { for member in var.team_members : member.username => member }
 
-  username    = each.value.username
-  email       = each.value.email
-  given_name  = each.value.given_name
-  family_name = each.value.family_name
+  username   = each.value.username
+  email      = each.value.email
+  first_name = each.value.first_name
+  last_name  = each.value.last_name
 
   groups = [
     pocketid_group.users.id,
     pocketid_group.departments[each.value.department].id
   ]
 
-  enabled = true
+
 }
 
 # Example: Outputs for Integration
@@ -182,13 +182,13 @@ output "developer_users" {
 # resource "pocketid_user" "new_admin" {
 #   username    = "admin2"
 #   email       = "admin2@example.com"
-#   given_name  = "Second"
-#   family_name = "Admin"
+#   first_name  = "Second"
+#   last_name = "Admin"
 #
 #   # Reference the existing group
 #   groups = [
 #     data.pocketid_group.existing_admins.id
 #   ]
 #
-#   enabled = true
+# }
 # }

internal/datasources/user_data_source.go

@@ -38,7 +38,7 @@ type userDataSourceModel struct {
 	IsAdmin   types.Bool   `tfsdk:"is_admin"`
 	Locale    types.String `tfsdk:"locale"`
 	Disabled  types.Bool   `tfsdk:"disabled"`
-	Groups    types.List   `tfsdk:"groups"`
+	Groups    types.Set    `tfsdk:"groups"`
 }
 
 // Metadata returns the data source type name.
@@ -85,7 +85,7 @@ func (d *userDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, r
 				Description: "Whether the user account is disabled.",
 				Computed:    true,
 			},
-			"groups": schema.ListAttribute{
+			"groups": schema.SetAttribute{
 				Description: "List of group IDs the user belongs to.",
 				Computed:    true,
 				ElementType: types.StringType,
@@ -160,11 +160,11 @@ func (d *userDataSource) Read(ctx context.Context, req datasource.ReadRequest, r
 		for _, group := range userResp.UserGroups {
 			groupIDs = append(groupIDs, group.ID)
 		}
-		groups, diags := types.ListValueFrom(ctx, types.StringType, groupIDs)
+		groups, diags := types.SetValueFrom(ctx, types.StringType, groupIDs)
 		resp.Diagnostics.Append(diags...)
 		state.Groups = groups
 	} else {
-		state.Groups = types.ListNull(types.StringType)
+		state.Groups = types.SetNull(types.StringType)
 	}
 
 	// Set state

internal/datasources/users_data_source.go

@@ -43,7 +43,7 @@ type userModel struct {
 	IsAdmin   types.Bool   `tfsdk:"is_admin"`
 	Locale    types.String `tfsdk:"locale"`
 	Disabled  types.Bool   `tfsdk:"disabled"`
-	Groups    types.List   `tfsdk:"groups"`
+	Groups    types.Set    `tfsdk:"groups"`
 }
 
 // Metadata returns the data source type name.
@@ -94,7 +94,7 @@ func (d *usersDataSource) Schema(_ context.Context, _ datasource.SchemaRequest,
 							Description: "Whether the user account is disabled.",
 							Computed:    true,
 						},
-						"groups": schema.ListAttribute{
+						"groups": schema.SetAttribute{
 							Description: "List of group IDs the user belongs to.",
 							Computed:    true,
 							ElementType: types.StringType,
@@ -168,11 +168,11 @@ func (d *usersDataSource) Read(ctx context.Context, req datasource.ReadRequest,
 			for _, group := range userResp.UserGroups {
 				groupIDs = append(groupIDs, group.ID)
 			}
-			groups, diags := types.ListValueFrom(ctx, types.StringType, groupIDs)
+			groups, diags := types.SetValueFrom(ctx, types.StringType, groupIDs)
 			resp.Diagnostics.Append(diags...)
 			userState.Groups = groups
 		} else {
-			userState.Groups = types.ListNull(types.StringType)
+			userState.Groups = types.SetNull(types.StringType)
 		}
 
 		state.Users = append(state.Users, userState)