maxlaverse · maxlaverse · Jan 17, 2025 · Jan 15, 2025
diff --git a/docs/data-sources/org_collection.md b/docs/data-sources/org_collection.md
@@ -31,6 +31,39 @@ resource "bitwarden_item_login" "administrative_user" {
   organization_id = data.bitwarden_organization.terraform.id
   collection_ids  = [data.bitwarden_org_collection.terraform.id]
 }
+
+# Example of usage with ACLs:
+locals {
+  emails =[
+    "[email protected]",
+    "[email protected]",
+  ]
+}
+
+data "bitwarden_org_member" "regular_users" {
+  organization_id = data.bitwarden_organization.terraform.id
+  count          = length(local.emails)
+  email          = local.emails[count.index]
+}
+
+
+resource "bitwarden_org_collection" "my_collection" {
+  organization_id = data.bitwarden_organization.terraform.id
+  name            = "my-collection"
+
+
+  dynamic "member" {
+    for_each = data.bitwarden_org_member.regular_users
+    content {
+        id = member.value.id
+        read_only = true
+    }
+  }
+
+  member {
+    id = data.bitwarden_org_member.john.id
+  }
+}
 ```
 
 <!-- schema generated by tfplugindocs -->
@@ -47,7 +80,7 @@ resource "bitwarden_item_login" "administrative_user" {
 
 ### Read-Only
 
-- `member` (List of Object) [Experimental] Member of a collection. (see [below for nested schema](#nestedatt--member))
+- `member` (Set of Object) [Experimental] Member of a collection. (see [below for nested schema](#nestedatt--member))
 - `name` (String) Name.
 
 <a id="nestedatt--member"></a>
@@ -56,6 +89,5 @@ resource "bitwarden_item_login" "administrative_user" {
 Read-Only:
 
 - `hide_passwords` (Boolean)
-- `org_member_id` (String)
+- `id` (String)
 - `read_only` (Boolean)
-- `user_email` (String)
diff --git a/docs/data-sources/org_member.md b/docs/data-sources/org_member.md
@@ -0,0 +1,43 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "bitwarden_org_member Data Source - terraform-provider-bitwarden"
+subcategory: ""
+description: |-
+  Use this data source to get information on an existing organization member.
+---
+
+# bitwarden_org_member (Data Source)
+
+Use this data source to get information on an existing organization member.
+
+## Example Usage
+
+```terraform
+data "bitwarden_organization" "terraform" {
+  search = "Terraform"
+}
+data "bitwarden_org_member" "john" {
+  email          = "[email protected]"
+  organization_id = data.bitwarden_organization.terraform.id
+}
+
+
+# Example of usage of the data source:
+# See org_collection
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `organization_id` (String) Identifier of the organization.
+
+### Optional
+
+- `email` (String) User email.
+- `id` (String) Identifier.
+
+### Read-Only
+
+- `name` (String) Name.
diff --git a/docs/resources/attachment.md b/docs/resources/attachment.md
@@ -22,7 +22,7 @@ resource "bitwarden_attachment" "vpn_config_from_content" {
   // NOTE: Only works when the experimental embedded client support is enabled
   file_name = "vpn-config.txt"
   content = jsonencode({
-    domain : "laverse.net",
+    domain : "example.com",
     persistence : {
       enabled : true,
     }

diff --git a/docs/resources/org_collection.md b/docs/resources/org_collection.md
@@ -43,7 +43,7 @@ resource "bitwarden_org_collection" "generated" {
 ### Optional
 
 - `id` (String) Identifier.
-- `member` (Block List) [Experimental] Member of a collection. (see [below for nested schema](#nestedblock--member))
+- `member` (Block Set) [Experimental] Member of a collection. (see [below for nested schema](#nestedblock--member))
 
 ### Read-Only
 
@@ -53,17 +53,13 @@ resource "bitwarden_org_collection" "generated" {
 
 Required:
 
-- `user_email` (String) [Experimental] User email.
+- `id` (String) Identifier.
 
 Optional:
 
 - `hide_passwords` (Boolean) [Experimental] Hide passwords.
 - `read_only` (Boolean) [Experimental] Read/Write permissions.
 
-Read-Only:
-
-- `org_member_id` (String) [Experimental] Identifier of the member in the organization.
-
 ## Import
 
 Import is supported using the following syntax:

diff --git a/examples/data-sources/bitwarden_org_collection/data-source.tf b/examples/data-sources/bitwarden_org_collection/data-source.tf
@@ -17,3 +17,36 @@ resource "bitwarden_item_login" "administrative_user" {
   organization_id = data.bitwarden_organization.terraform.id
   collection_ids  = [data.bitwarden_org_collection.terraform.id]
 }
+
+# Example of usage with ACLs:
+locals {
+  emails =[
+    "[email protected]",
+    "[email protected]",
+  ]
+}
+
+data "bitwarden_org_member" "regular_users" {
+  organization_id = data.bitwarden_organization.terraform.id
+  count          = length(local.emails)
+  email          = local.emails[count.index]
+}
+
+
+resource "bitwarden_org_collection" "my_collection" {
+  organization_id = data.bitwarden_organization.terraform.id
+  name            = "my-collection"
+
+
+  dynamic "member" {
+    for_each = data.bitwarden_org_member.regular_users
+    content {
+        id = member.value.id
+        read_only = true
+    }
+  }
+
+  member {
+    id = data.bitwarden_org_member.john.id
+  }
+}
diff --git a/examples/data-sources/bitwarden_org_member/data-source.tf b/examples/data-sources/bitwarden_org_member/data-source.tf
@@ -0,0 +1,12 @@
+
+data "bitwarden_organization" "terraform" {
+  search = "Terraform"
+}
+data "bitwarden_org_member" "john" {
+  email          = "[email protected]"
+  organization_id = data.bitwarden_organization.terraform.id
+}
+
+
+# Example of usage of the data source:
+# See org_collection
diff --git a/examples/resources/bitwarden_attachment/resource.tf b/examples/resources/bitwarden_attachment/resource.tf
@@ -7,7 +7,7 @@ resource "bitwarden_attachment" "vpn_config_from_content" {
   // NOTE: Only works when the experimental embedded client support is enabled
   file_name = "vpn-config.txt"
   content = jsonencode({
-    domain : "laverse.net",
+    domain : "example.com",
     persistence : {
       enabled : true,
     }

diff --git a/internal/bitwarden/bwcli/password_manager.go b/internal/bitwarden/bwcli/password_manager.go
@@ -28,11 +28,13 @@ type PasswordManagerClient interface {
 	FindFolder(ctx context.Context, options ...bitwarden.ListObjectsOption) (*models.Folder, error)
 	FindItem(ctx context.Context, options ...bitwarden.ListObjectsOption) (*models.Item, error)
 	FindOrganization(ctx context.Context, options ...bitwarden.ListObjectsOption) (*models.Organization, error)
+	FindOrganizationMember(ctx context.Context, options ...bitwarden.ListObjectsOption) (*models.OrgMember, error)
 	FindOrganizationCollection(ctx context.Context, options ...bitwarden.ListObjectsOption) (*models.OrgCollection, error)
 	GetAttachment(ctx context.Context, itemId, attachmentId string) ([]byte, error)
 	GetFolder(context.Context, models.Folder) (*models.Folder, error)
 	GetItem(context.Context, models.Item) (*models.Item, error)
 	GetOrganization(context.Context, models.Organization) (*models.Organization, error)
+	GetOrganizationMember(context.Context, models.OrgMember) (*models.OrgMember, error)
 	GetOrganizationCollection(ctx context.Context, collection models.OrgCollection) (*models.OrgCollection, error)
 	GetSessionKey() string
 	HasSessionKey() bool
@@ -237,6 +239,10 @@ func (c *client) GetOrganization(ctx context.Context, obj models.Organization) (
 	return getObject(ctx, c, obj, obj.Object, obj.ID)
 }
 
+func (c *client) GetOrganizationMember(ctx context.Context, obj models.OrgMember) (*models.OrgMember, error) {
+	return nil, fmt.Errorf("getting organization members is only supported by the embedded client")
+}
+
 func (c *client) GetOrganizationCollection(ctx context.Context, obj models.OrgCollection) (*models.OrgCollection, error) {
 	return getObject(ctx, c, obj, obj.Object, obj.ID)
 }
@@ -296,6 +302,10 @@ func (c *client) FindOrganization(ctx context.Context, options ...bitwarden.List
 	return findGenericObject[models.Organization](ctx, c, models.ObjectTypeOrganization, options...)
 }
 
+func (c *client) FindOrganizationMember(ctx context.Context, options ...bitwarden.ListObjectsOption) (*models.OrgMember, error) {
+	return nil, fmt.Errorf("find organization members is only supported by the embedded client")
+}
+
 func (c *client) FindOrganizationCollection(ctx context.Context, options ...bitwarden.ListObjectsOption) (*models.OrgCollection, error) {
 	return findGenericObject[models.OrgCollection](ctx, c, models.ObjectTypeOrgCollection, options...)
 }

diff --git a/internal/bitwarden/client.go b/internal/bitwarden/client.go
@@ -26,11 +26,13 @@ type PasswordManager interface {
 	FindFolder(ctx context.Context, options ...ListObjectsOption) (*models.Folder, error)
 	FindItem(ctx context.Context, options ...ListObjectsOption) (*models.Item, error)
 	FindOrganization(ctx context.Context, options ...ListObjectsOption) (*models.Organization, error)
+	FindOrganizationMember(ctx context.Context, options ...ListObjectsOption) (*models.OrgMember, error)
 	FindOrganizationCollection(ctx context.Context, options ...ListObjectsOption) (*models.OrgCollection, error)
 	GetAttachment(ctx context.Context, itemId, attachmentId string) ([]byte, error)
 	GetFolder(context.Context, models.Folder) (*models.Folder, error)
 	GetItem(context.Context, models.Item) (*models.Item, error)
 	GetOrganization(context.Context, models.Organization) (*models.Organization, error)
+	GetOrganizationMember(context.Context, models.OrgMember) (*models.OrgMember, error)
 	GetOrganizationCollection(ctx context.Context, collection models.OrgCollection) (*models.OrgCollection, error)
 	LoginWithAPIKey(ctx context.Context, password, clientId, clientSecret string) error
 	LoginWithPassword(ctx context.Context, username, password string) error

diff --git a/internal/bitwarden/embedded/member_mapping.go b/internal/bitwarden/embedded/member_mapping.go