feat: multiple sso email domains support (#345)

Co-authored-by: Radosław Skałbania <[email protected]>

README.md

@@ -473,6 +473,16 @@ $ cd terraform-provider-castai
 $ make build
 ```
 
+After you build the provider, you have to set the `~/.terraformrc` configuration to let terraform know you want to use local provider:
+```terraform
+provider_installation {
+  dev_overrides {
+    "castai/castai" = "<path-to-terraform-provider-castai-repository>"
+  }
+  direct {}
+}
+```
+
 _`make build` builds the provider and install symlinks to that build for all terraform projects in `examples/*` dir.
 Now you can work on `examples/localdev`._
 

castai/resource_sso_connection.go

@@ -7,16 +7,18 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/castai/terraform-provider-castai/castai/sdk"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"golang.org/x/crypto/bcrypt"
+
+	"github.com/castai/terraform-provider-castai/castai/sdk"
 )
 
 const (
-	FieldSSOConnectionName        = "name"
-	FieldSSOConnectionEmailDomain = "email_domain"
+	FieldSSOConnectionName                   = "name"
+	FieldSSOConnectionEmailDomain            = "email_domain"
+	FieldSSOConnectionAdditionalEmailDomains = "additional_email_domains"
 
 	FieldSSOConnectionAAD            = "aad"
 	FieldSSOConnectionADDomain       = "ad_domain"
@@ -55,6 +57,17 @@ func resourceSSOConnection() *schema.Resource {
 				Description:      "Email domain of the connection",
 				ValidateDiagFunc: validation.ToDiagFunc(validation.StringIsNotWhiteSpace),
 			},
+			FieldSSOConnectionAdditionalEmailDomains: {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: "Additional email domains that will be allowed to sign in via the connection",
+				MinItems:    1,
+				Elem: &schema.Schema{
+					Required:         false,
+					Type:             schema.TypeString,
+					ValidateDiagFunc: validation.ToDiagFunc(validation.StringIsNotWhiteSpace),
+				},
+			},
 			FieldSSOConnectionAAD: {
 				Type:        schema.TypeList,
 				MaxItems:    1,
@@ -141,6 +154,14 @@ func resourceCastaiSSOConnectionCreate(ctx context.Context, data *schema.Resourc
 		EmailDomain: data.Get(FieldSSOConnectionEmailDomain).(string),
 	}
 
+	if v, ok := data.Get(FieldSSOConnectionAdditionalEmailDomains).([]any); ok && len(v) > 0 {
+		var domains []string
+		for _, v := range v {
+			domains = append(domains, v.(string))
+		}
+		req.AdditionalEmailDomains = toPtr(domains)
+	}
+
 	if v, ok := data.Get(FieldSSOConnectionAAD).([]any); ok && len(v) > 0 {
 		req.Aad = toADConnector(v[0].(map[string]any))
 	}
@@ -182,6 +203,9 @@ func resourceCastaiSSOConnectionRead(ctx context.Context, data *schema.ResourceD
 	if err := data.Set(FieldSSOConnectionEmailDomain, connection.EmailDomain); err != nil {
 		return diag.Errorf("setting email domain: %v", err)
 	}
+	if err := data.Set(FieldSSOConnectionAdditionalEmailDomains, connection.AdditionalEmailDomains); err != nil {
+		return diag.Errorf("setting additional email domains: %v", err)
+	}
 
 	return nil
 }
@@ -190,6 +214,7 @@ func resourceCastaiSSOConnectionUpdate(ctx context.Context, data *schema.Resourc
 	if !data.HasChanges(
 		FieldSSOConnectionName,
 		FieldSSOConnectionEmailDomain,
+		FieldSSOConnectionAdditionalEmailDomains,
 		FieldSSOConnectionAAD,
 		FieldSSOConnectionOkta,
 	) {
@@ -206,6 +231,14 @@ func resourceCastaiSSOConnectionUpdate(ctx context.Context, data *schema.Resourc
 		req.EmailDomain = toPtr(v.(string))
 	}
 
+	if v, ok := data.Get(FieldSSOConnectionAdditionalEmailDomains).([]any); ok && len(v) > 0 {
+		var domains []string
+		for _, v := range v {
+			domains = append(domains, v.(string))
+		}
+		req.AdditionalEmailDomains = toPtr(domains)
+	}
+
 	if v, ok := data.Get(FieldSSOConnectionAAD).([]any); ok && len(v) > 0 {
 		req.Aad = toADConnector(v[0].(map[string]any))
 	}