diff --git a/docs/pages/reference/terraform-provider/data-sources/user.mdx b/docs/pages/reference/terraform-provider/data-sources/user.mdx index 67f8e507b287e..112f90de8664d 100644 --- a/docs/pages/reference/terraform-provider/data-sources/user.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/user.mdx @@ -80,5 +80,6 @@ Optional: Optional: +- `mfa_device_state` (Number) mfa_device_state reflects what the system knows about the user's MFA device. Note that this is a "best effort" property, in that it can be UNSPECIFIED. - `password_state` (Number) password_state reflects what the system knows about the user's password. Note that this is a "best effort" property, in that it can be UNSPECIFIED for users who were created before this property was introduced and didn't perform any password-related activity since then. See RFD 0159 for details. Do NOT use this value for authentication purposes! diff --git a/docs/pages/reference/terraform-provider/resources/user.mdx b/docs/pages/reference/terraform-provider/resources/user.mdx index 989c39616ab6d..f9edabaac8be2 100644 --- a/docs/pages/reference/terraform-provider/resources/user.mdx +++ b/docs/pages/reference/terraform-provider/resources/user.mdx @@ -126,5 +126,6 @@ Optional: Optional: +- `mfa_device_state` (Number) mfa_device_state reflects what the system knows about the user's MFA device. Note that this is a "best effort" property, in that it can be UNSPECIFIED. - `password_state` (Number) password_state reflects what the system knows about the user's password. Note that this is a "best effort" property, in that it can be UNSPECIFIED for users who were created before this property was introduced and didn't perform any password-related activity since then. See RFD 0159 for details. Do NOT use this value for authentication purposes! diff --git a/integrations/terraform/tfschema/types_terraform.go b/integrations/terraform/tfschema/types_terraform.go index 38d568127f8a7..38ab76114eee3 100644 --- a/integrations/terraform/tfschema/types_terraform.go +++ b/integrations/terraform/tfschema/types_terraform.go @@ -2649,11 +2649,18 @@ func GenSchemaUserV2(ctx context.Context) (github_com_hashicorp_terraform_plugin Optional: true, }, "status": { - Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{"password_state": { - Description: "password_state reflects what the system knows about the user's password. Note that this is a \"best effort\" property, in that it can be UNSPECIFIED for users who were created before this property was introduced and didn't perform any password-related activity since then. See RFD 0159 for details. Do NOT use this value for authentication purposes!", - Optional: true, - Type: github_com_hashicorp_terraform_plugin_framework_types.Int64Type, - }}), + Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{ + "mfa_device_state": { + Description: "mfa_device_state reflects what the system knows about the user's MFA device. Note that this is a \"best effort\" property, in that it can be UNSPECIFIED.", + Optional: true, + Type: github_com_hashicorp_terraform_plugin_framework_types.Int64Type, + }, + "password_state": { + Description: "password_state reflects what the system knows about the user's password. Note that this is a \"best effort\" property, in that it can be UNSPECIFIED for users who were created before this property was introduced and didn't perform any password-related activity since then. See RFD 0159 for details. Do NOT use this value for authentication purposes!", + Optional: true, + Type: github_com_hashicorp_terraform_plugin_framework_types.Int64Type, + }, + }), Description: "", Optional: true, }, @@ -27581,6 +27588,23 @@ func CopyUserV2FromTerraform(_ context.Context, tf github_com_hashicorp_terrafor } } } + { + a, ok := tf.Attrs["mfa_device_state"] + if !ok { + diags.Append(attrReadMissingDiag{"UserV2.Status.mfa_device_state"}) + } else { + v, ok := a.(github_com_hashicorp_terraform_plugin_framework_types.Int64) + if !ok { + diags.Append(attrReadConversionFailureDiag{"UserV2.Status.mfa_device_state", "github.com/hashicorp/terraform-plugin-framework/types.Int64"}) + } else { + var t github_com_gravitational_teleport_api_types.MFAState + if !v.Null && !v.Unknown { + t = github_com_gravitational_teleport_api_types.MFAState(v.Value) + } + obj.MfaDeviceState = t + } + } + } } } } @@ -28414,6 +28438,28 @@ func CopyUserV2ToTerraform(ctx context.Context, obj *github_com_gravitational_te tf.Attrs["password_state"] = v } } + { + t, ok := tf.AttrTypes["mfa_device_state"] + if !ok { + diags.Append(attrWriteMissingDiag{"UserV2.Status.mfa_device_state"}) + } else { + v, ok := tf.Attrs["mfa_device_state"].(github_com_hashicorp_terraform_plugin_framework_types.Int64) + if !ok { + i, err := t.ValueFromTerraform(ctx, github_com_hashicorp_terraform_plugin_go_tftypes.NewValue(t.TerraformType(ctx), nil)) + if err != nil { + diags.Append(attrWriteGeneralError{"UserV2.Status.mfa_device_state", err}) + } + v, ok = i.(github_com_hashicorp_terraform_plugin_framework_types.Int64) + if !ok { + diags.Append(attrWriteConversionFailureDiag{"UserV2.Status.mfa_device_state", "github.com/hashicorp/terraform-plugin-framework/types.Int64"}) + } + v.Null = int64(obj.MfaDeviceState) == 0 + } + v.Value = int64(obj.MfaDeviceState) + v.Unknown = false + tf.Attrs["mfa_device_state"] = v + } + } } v.Unknown = false tf.Attrs["status"] = v