TF-9704 Added organization_scoped resource to oauth client

CHANGELOG.md

@@ -5,6 +5,7 @@
 
 FEATURES:
 * `r/tfe_workspace`: Add `ignore_additional_tag_names` which explicitly ignores `tag_names` _not_ defined by config so they will not be overwritten by the configured tags, by @brandonc and @mbillow [1254](https://github.com/hashicorp/terraform-provider-tfe/pull/1254)
+* `r/tfe_oauth_client`: Add `organization_scoped` attribute, by @Netra2104 [1142](https://github.com/hashicorp/terraform-provider-tfe/pull/1142)
 
 BUG FIXES:
 

internal/provider/resource_tfe_oauth_client.go

@@ -22,6 +22,7 @@ func resourceTFEOAuthClient() *schema.Resource {
 		Create: resourceTFEOAuthClientCreate,
 		Read:   resourceTFEOAuthClientRead,
 		Delete: resourceTFEOAuthClientDelete,
+		Update: resourceTFEOAuthClientUpdate,
 
 		CustomizeDiff: customizeDiffIfProviderDefaultOrganizationChanged,
 
@@ -111,6 +112,12 @@ func resourceTFEOAuthClient() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+
+			"organization_scoped": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
 		},
 	}
 }
@@ -138,12 +145,13 @@ func resourceTFEOAuthClientCreate(d *schema.ResourceData, meta interface{}) erro
 	// The tfe.OAuthClientCreateOptions has omitempty for these values, so if it
 	// is empty, then it will be ignored in the create request
 	options := tfe.OAuthClientCreateOptions{
-		Name:            tfe.String(name),
-		APIURL:          tfe.String(d.Get("api_url").(string)),
-		HTTPURL:         tfe.String(d.Get("http_url").(string)),
-		OAuthToken:      tfe.String(d.Get("oauth_token").(string)),
-		Key:             tfe.String(key),
-		ServiceProvider: tfe.ServiceProvider(serviceProvider),
+		Name:               tfe.String(name),
+		APIURL:             tfe.String(d.Get("api_url").(string)),
+		HTTPURL:            tfe.String(d.Get("http_url").(string)),
+		OAuthToken:         tfe.String(d.Get("oauth_token").(string)),
+		Key:                tfe.String(key),
+		ServiceProvider:    tfe.ServiceProvider(serviceProvider),
+		OrganizationScoped: tfe.Bool(d.Get("organization_scoped").(bool)),
 	}
 
 	if serviceProvider == tfe.ServiceProviderAzureDevOpsServer {
@@ -188,6 +196,7 @@ func resourceTFEOAuthClientRead(d *schema.ResourceData, meta interface{}) error
 	d.Set("api_url", oc.APIURL)
 	d.Set("http_url", oc.HTTPURL)
 	d.Set("service_provider", string(oc.ServiceProvider))
+	d.Set("organization_scoped", oc.OrganizationScoped)
 
 	switch len(oc.OAuthTokens) {
 	case 0:
@@ -215,3 +224,20 @@ func resourceTFEOAuthClientDelete(d *schema.ResourceData, meta interface{}) erro
 
 	return nil
 }
+
+func resourceTFEOAuthClientUpdate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(ConfiguredClient)
+
+	// Create a new options struct.
+	options := tfe.OAuthClientUpdateOptions{
+		OrganizationScoped: tfe.Bool(d.Get("organization_scoped").(bool)),
+	}
+
+	log.Printf("[DEBUG] Update OAuth client %s", d.Id())
+	_, err := config.Client.OAuthClients.Update(ctx, d.Id(), options)
+	if err != nil {
+		return fmt.Errorf("Error updating OAuth client %s: %w", d.Id(), err)
+	}
+
+	return resourceTFEOAuthClientRead(d, meta)
+}

internal/provider/resource_tfe_oauth_client_test.go

@@ -45,6 +45,39 @@ func TestAccTFEOAuthClient_basic(t *testing.T) {
 	})
 }
 
+func TestAccTFEOAuthClientWithOrganizationScoped_basic(t *testing.T) {
+	oc := &tfe.OAuthClient{}
+	rInt := rand.New(rand.NewSource(time.Now().UnixNano())).Int()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			if envGithubToken == "" {
+				t.Skip("Please set GITHUB_TOKEN to run this test")
+			}
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckTFEOAuthClientDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTFEOAuthClient_basic(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTFEOAuthClientExists("tfe_oauth_client.foobar", oc),
+					testAccCheckTFEOAuthClientAttributes(oc),
+					resource.TestCheckResourceAttr(
+						"tfe_oauth_client.foobar", "api_url", "https://api.github.com"),
+					resource.TestCheckResourceAttr(
+						"tfe_oauth_client.foobar", "http_url", "https://github.com"),
+					resource.TestCheckResourceAttr(
+						"tfe_oauth_client.foobar", "service_provider", "github"),
+					resource.TestCheckResourceAttr(
+						"tfe_oauth_client.foobar", "organization_scoped", "true"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccTFEOAuthClient_rsaKeys(t *testing.T) {
 	oc := &tfe.OAuthClient{}
 	rInt := rand.New(rand.NewSource(time.Now().UnixNano())).Int()
@@ -153,6 +186,7 @@ resource "tfe_oauth_client" "foobar" {
   http_url         = "https://github.com"
   oauth_token      = "%s"
   service_provider = "github"
+  organization_scoped = true
 }`, rInt, envGithubToken)
 }
 

website/docs/r/oauth_client.html.markdown

@@ -24,6 +24,7 @@ resource "tfe_oauth_client" "test" {
   http_url         = "https://github.com"
   oauth_token      = "my-vcs-provider-token"
   service_provider = "github"
+  organization_scoped = true
 }
 ```
 
@@ -89,6 +90,7 @@ Link.
 * `service_provider` - (Required) The VCS provider being connected with. Valid
   options are `ado_server`, `ado_services`, `bitbucket_hosted`, `bitbucket_server`, `github`, `github_enterprise`, `gitlab_hosted`,
   `gitlab_community_edition`, or `gitlab_enterprise_edition`.
+* `organization_scoped` - (Optional) Whether or not the oauth client is scoped to all projects and workspaces in the organization. Defaults to `true`.
 
 ## Attributes Reference