Merge pull request #51 from agilize/develop

Felippe Ferreira · web-flow · commit b52d6e7bd52f · 2025-07-09T12:33:32.000-03:00
feature: import existing users and create new users with scheduled activation
diff --git a/docs/resources/user.md b/docs/resources/user.md
@@ -46,6 +46,51 @@ resource "jumpcloud_user" "example" {
 }
 ```
 
+### User with STAGED State and Scheduled Activation
+
+This example shows how to create a user in STAGED state with scheduled activation:
+
+```hcl
+resource "jumpcloud_user" "staged_user" {
+  username = "staged.user"
+  email    = "staged.user@example.com"
+  password = "SecurePassword123!"
+
+  firstname = "Staged"
+  lastname  = "User"
+
+  # Create user in STAGED state
+  state = "STAGED"
+
+  # Schedule activation for a future date
+  activation_scheduled      = true
+  scheduled_activation_date = "2024-01-15T09:00:00Z"
+}
+```
+
+### Importing Existing Users
+
+You can import users that were created manually in the JumpCloud console:
+
+```bash
+# Import using the JumpCloud user ID
+terraform import jumpcloud_user.existing_user 507f1f77bcf86cd799439011
+```
+
+After importing, you can manage the user through Terraform:
+
+```hcl
+resource "jumpcloud_user" "existing_user" {
+  # Configuration will be populated from the imported user
+  username = "imported.user"
+  email    = "imported.user@example.com"
+
+  # You can now manage this user through Terraform
+  firstname = "Imported"
+  lastname  = "User"
+}
+```
+
 ### User with Custom Attributes and MFA Enabled
 
 ```hcl
@@ -316,6 +361,9 @@ The following arguments are supported:
 * `samba_service_user` - (Optional) Whether the user is a Samba service user. Defaults to `false`.
 * `sudo` - (Optional) Whether to grant sudo access to the user. Defaults to `false`.
 * `suspended` - (Optional) Whether the user is suspended. Defaults to `false`.
+* `state` - (Optional) The state of the user. Valid values are `ACTIVATED`, `STAGED`, `DISABLED`. Defaults to `ACTIVATED`.
+* `activation_scheduled` - (Optional) Whether user activation is scheduled for a future date. Defaults to `false`.
+* `scheduled_activation_date` - (Optional) Date when user should be automatically activated (ISO 8601 format). Only used when `activation_scheduled` is `true`.
 * `unix_uid` - (Optional) The Unix UID for the user. Must be an integer.
 * `unix_guid` - (Optional) The Unix GUID for the user. Must be an integer.
 * `disable_device_max_login_attempts` - (Optional, Deprecated) Whether to disable maximum login attempts for the user's devices. Defaults to `false`. Use `bypass_managed_device_lockout` instead.
@@ -337,13 +385,42 @@ In addition to all arguments above, the following attributes are exported:
 
 ## Import
 
-Users can be imported using the ID, e.g.,
+Users can be imported using their JumpCloud user ID. This allows you to bring existing JumpCloud users (created manually in the console or through other means) under Terraform management.
 
 ```bash
 $ terraform import jumpcloud_user.example 5f0c1b2c3d4e5f6g7h8i9j0k
 ```
 
-This allows you to bring existing JumpCloud users under Terraform management.
+### Finding User IDs
+
+You can find the user ID in several ways:
+
+1. **JumpCloud Console**: Navigate to the user's profile page - the ID is in the URL
+2. **JumpCloud API**: Use the `/api/systemusers` endpoint to list users and their IDs
+3. **CLI Tools**: Use JumpCloud's CLI tools or API clients
+
+### Import Process
+
+When importing a user:
+
+1. The import process will read all current user attributes from JumpCloud
+2. All fields (including state, activation settings, custom attributes, etc.) will be populated
+3. After import, you can modify the Terraform configuration to manage the user going forward
+4. The user's current state (ACTIVATED, STAGED, etc.) will be preserved
+
+### Example Import Workflow
+
+```bash
+# 1. Import the existing user
+terraform import jumpcloud_user.john_doe 507f1f77bcf86cd799439011
+
+# 2. Run terraform plan to see the current state
+terraform plan
+
+# 3. Update your .tf file to match the imported state or make desired changes
+# 4. Apply any changes
+terraform apply
+```
 
 ## State Management Considerations
 
diff --git a/examples/resources/jumpcloud_user/resource.tf b/examples/resources/jumpcloud_user/resource.tf
@@ -63,4 +63,32 @@ resource "jumpcloud_user" "temporary" {
       password,
     ]
   }
-} 
+}
+
+# Exemplo de usuário em estado STAGED com agendamento de ativação
+resource "jumpcloud_user" "staged_user" {
+  username  = "staged.user"
+  email     = "staged.user@example.com"
+  firstname = "Staged"
+  lastname  = "User"
+
+  password = "SecurePassword789!"
+
+  # Criar usuário em estado STAGED
+  state = "STAGED"
+
+  # Agendar ativação para uma data futura
+  activation_scheduled      = true
+  scheduled_activation_date = "2024-01-15T09:00:00Z"
+
+  # Configurações organizacionais
+  company     = "Example Inc."
+  department  = "HR"
+  job_title   = "New Hire"
+
+  # Atributos personalizados
+  attributes = {
+    onboarding_status = "pending"
+    start_date       = "2024-01-15"
+  }
+}
diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/ProtonMail/go-crypto v1.1.3 // indirect
 	github.com/agext/levenshtein v1.2.2 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
-	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/cloudflare/circl v1.6.1 // indirect
 	github.com/fatih/color v1.16.0 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
diff --git a/go.sum b/go.sum
@@ -11,8 +11,8 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
 github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA=
 github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8=
-github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
-github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
+github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
+github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo=
 github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
diff --git a/jumpcloud/authentication/conditional_access/resource_conditional_access_rule_test.go b/jumpcloud/authentication/conditional_access/resource_conditional_access_rule_test.go
@@ -14,21 +14,20 @@ import (
 func TestResourceConditionalAccessRule(t *testing.T) {
 	r := ResourceConditionalAccessRule()
 	// Use standard Go testing instead of assert
-	if r == nil {
-		t.Fatal("Expected non-nil resource")
-	}
-	if r.Schema["name"] == nil {
-		t.Fatal("Expected non-nil name schema")
-	}
-	if r.Schema["policy_id"] == nil {
-		t.Fatal("Expected non-nil policy_id schema")
-	}
-	if r.Schema["conditions"] == nil {
-		t.Fatal("Expected non-nil conditions schema")
+
+	// Check resource and schema are not nil
+	if r == nil || r.Schema == nil {
+		t.Fatal("Expected non-nil resource and schema")
 	}
-	if r.Schema["action"] == nil {
-		t.Fatal("Expected non-nil action schema")
+
+	// Check required schema fields
+	requiredFields := []string{"name", "policy_id", "conditions", "action"}
+	for _, field := range requiredFields {
+		if r.Schema[field] == nil {
+			t.Fatalf("Expected non-nil %s schema", field)
+		}
 	}
+	// Check required context functions
 	if r.CreateContext == nil {
 		t.Fatal("Expected non-nil CreateContext")
 	}
diff --git a/jumpcloud/users/users_directory/resource_user.go b/jumpcloud/users/users_directory/resource_user.go
@@ -237,6 +237,8 @@ type User struct {
 	PasswordlessSudo            bool            `json:"passwordless_sudo,omitempty"`
 	SambaServiceUser            bool            `json:"samba_service_user,omitempty"`
 	State                       string          `json:"state,omitempty"`
+	ActivationScheduled         bool            `json:"activation_scheduled,omitempty"`
+	ScheduledActivationDate     string          `json:"scheduled_activation_date,omitempty"`
 	Sudo                        bool            `json:"sudo,omitempty"`
 	Suspended                   bool            `json:"suspended,omitempty"`
 	SystemUsername              string          `json:"systemUsername,omitempty"`
@@ -280,6 +282,9 @@ func ResourceUser() *schema.Resource {
 		ReadContext:   resourceUserRead,
 		UpdateContext: resourceUserUpdate,
 		DeleteContext: resourceUserDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: resourceUserImport,
+		},
 		Schema: map[string]*schema.Schema{
 			"id": {
 				Type:     schema.TypeString,
@@ -560,9 +565,21 @@ func ResourceUser() *schema.Resource {
 				},
 			},
 			"state": {
-				Type:     schema.TypeString,
-				Optional: true,
-				Computed: true,
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "User state (ACTIVATED, STAGED, DISABLED, etc.)",
+			},
+			"activation_scheduled": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "Whether user activation is scheduled for a future date",
+			},
+			"scheduled_activation_date": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Date when user should be automatically activated (ISO 8601 format)",
 			},
 			"totp_enabled": {
 				Type:     schema.TypeBool,
@@ -679,6 +696,10 @@ func resourceUserCreate(ctx context.Context, d *schema.ResourceData, meta any) d
 		// Usar enable_global_admin_sudo se estiver definido, caso contrário usar sudo para compatibilidade
 		Sudo:      getFirstDefinedBool(d, []string{"enable_global_admin_sudo", "sudo"}),
 		Suspended: d.Get("suspended").(bool),
+		// Campos para controle de estado e agendamento de ativação
+		State:                   d.Get("state").(string),
+		ActivationScheduled:     d.Get("activation_scheduled").(bool),
+		ScheduledActivationDate: d.Get("scheduled_activation_date").(string),
 		// Mapeamento correto: bypass_managed_device_lockout -> disableDeviceMaxLoginAttempts
 		DisableDeviceMaxLoginAttempts: d.Get("bypass_managed_device_lockout").(bool),
 		AllowPublicKey:                d.Get("allow_public_key").(bool),
@@ -1072,6 +1093,14 @@ func resourceUserRead(ctx context.Context, d *schema.ResourceData, meta any) dia
 		return diag.FromErr(fmt.Errorf("error setting state: %v", err))
 	}
 
+	if err := d.Set("activation_scheduled", user.ActivationScheduled); err != nil {
+		return diag.FromErr(fmt.Errorf("error setting activation_scheduled: %v", err))
+	}
+
+	if err := d.Set("scheduled_activation_date", user.ScheduledActivationDate); err != nil {
+		return diag.FromErr(fmt.Errorf("error setting scheduled_activation_date: %v", err))
+	}
+
 	if err := d.Set("created", user.Created); err != nil {
 		return diag.FromErr(fmt.Errorf("error setting created: %v", err))
 	}
@@ -1398,6 +1427,10 @@ func resourceUserUpdate(ctx context.Context, d *schema.ResourceData, meta any) d
 		// Usar enable_global_admin_sudo se estiver definido, caso contrário usar sudo para compatibilidade
 		Sudo:      getFirstDefinedBool(d, []string{"enable_global_admin_sudo", "sudo"}),
 		Suspended: d.Get("suspended").(bool),
+		// Campos para controle de estado e agendamento de ativação
+		State:                   d.Get("state").(string),
+		ActivationScheduled:     d.Get("activation_scheduled").(bool),
+		ScheduledActivationDate: d.Get("scheduled_activation_date").(string),
 		// Mapeamento correto: bypass_managed_device_lockout -> disableDeviceMaxLoginAttempts
 		DisableDeviceMaxLoginAttempts: d.Get("bypass_managed_device_lockout").(bool),
 		AllowPublicKey:                d.Get("allow_public_key").(bool),
@@ -1749,3 +1782,35 @@ func resourceUserDelete(ctx context.Context, d *schema.ResourceData, meta any) d
 
 	return nil
 }
+
+// resourceUserImport imports an existing user by ID
+func resourceUserImport(ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	// The ID provided during import should be the JumpCloud user ID
+	userID := d.Id()
+
+	// Validate that the ID is not empty
+	if userID == "" {
+		return nil, fmt.Errorf("user ID cannot be empty")
+	}
+
+	// Set the ID in the resource data
+	d.SetId(userID)
+
+	// Call the read function to populate all the fields
+	diags := resourceUserRead(ctx, d, meta)
+	if diags.HasError() {
+		// Convert diagnostics to error for import
+		var errMsgs []string
+		for _, diag := range diags {
+			errMsgs = append(errMsgs, diag.Summary)
+		}
+		return nil, fmt.Errorf("failed to read user during import: %s", strings.Join(errMsgs, "; "))
+	}
+
+	// Check if the resource was found (ID would be empty if not found)
+	if d.Id() == "" {
+		return nil, fmt.Errorf("user with ID %s not found", userID)
+	}
+
+	return []*schema.ResourceData{d}, nil
+}
diff --git a/jumpcloud/users/users_directory/resource_user_test.go b/jumpcloud/users/users_directory/resource_user_test.go
@@ -451,3 +451,72 @@ resource "jumpcloud_user" "test_console" {
 }
 `
 }
+
+// TestAccResourceUserImport tests the import functionality
+func TestAccResourceUserImport(t *testing.T) {
+	resourceName := "jumpcloud_user.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { jctest.TestAccPreCheck(t) },
+		ProviderFactories: jctest.GetProviderFactories(),
+		CheckDestroy:      testAccCheckJumpCloudUserDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccJumpCloudUserConfig_basic(),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckJumpCloudUserExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "username", "testuser"),
+					resource.TestCheckResourceAttr(resourceName, "email", "testuser@example.com"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"password"}, // Password is not returned by API
+			},
+		},
+	})
+}
+
+// TestAccResourceUserStagedState tests creating users in STAGED state with scheduled activation
+func TestAccResourceUserStagedState(t *testing.T) {
+	resourceName := "jumpcloud_user.test_staged"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { jctest.TestAccPreCheck(t) },
+		ProviderFactories: jctest.GetProviderFactories(),
+		CheckDestroy:      testAccCheckJumpCloudUserDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccJumpCloudUserConfig_staged(),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckJumpCloudUserExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "username", "testuser_staged"),
+					resource.TestCheckResourceAttr(resourceName, "email", "testuser_staged@example.com"),
+					resource.TestCheckResourceAttr(resourceName, "state", "STAGED"),
+					resource.TestCheckResourceAttr(resourceName, "activation_scheduled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "scheduled_activation_date", "2024-12-31T23:59:59Z"),
+				),
+			},
+		},
+	})
+}
+
+// testAccJumpCloudUserConfig_staged returns a configuration for a user in STAGED state with scheduled activation
+func testAccJumpCloudUserConfig_staged() string {
+	return `
+resource "jumpcloud_user" "test_staged" {
+  username = "testuser_staged"
+  email    = "testuser_staged@example.com"
+  password = "TempPassword123!"
+
+  firstname = "Test"
+  lastname  = "Staged"
+
+  state                     = "STAGED"
+  activation_scheduled      = true
+  scheduled_activation_date = "2024-12-31T23:59:59Z"
+}
+`
+}
