coder · Emyrk · Aug 23, 2024 · Aug 21, 2024 · Aug 21, 2024 · Aug 21, 2024
diff --git a/cli/clitest/golden.go b/cli/clitest/golden.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/google/uuid"
 	"github.com/stretchr/testify/require"
 
 	"github.com/coder/coder/v2/cli/config"
@@ -184,10 +185,10 @@ func prepareTestData(t *testing.T) (*codersdk.Client, map[string]string) {
 	})
 	firstUser := coderdtest.CreateFirstUser(t, rootClient)
 	secondUser, err := rootClient.CreateUser(ctx, codersdk.CreateUserRequest{
-		Email:          "testuser2@coder.com",
-		Username:       "testuser2",
-		Password:       coderdtest.FirstUserParams.Password,
-		OrganizationID: firstUser.OrganizationID,
+		Email:           "testuser2@coder.com",
+		Username:        "testuser2",
+		Password:        coderdtest.FirstUserParams.Password,
+		OrganizationIDs: []uuid.UUID{firstUser.OrganizationID},
 	})
 	require.NoError(t, err)
 	version := coderdtest.CreateTemplateVersion(t, rootClient, firstUser.OrganizationID, nil)

diff --git a/cli/server_createadminuser.go b/cli/server_createadminuser.go
@@ -84,11 +84,11 @@ func (r *RootCmd) newCreateAdminUserCommand() *serpent.Command {
 			validateInputs := func(username, email, password string) error {
 				// Use the validator tags so we match the API's validation.
 				req := codersdk.CreateUserRequest{
-					Username:       "username",
-					Name:           "Admin User",
-					Email:          "email@coder.com",
-					Password:       "ValidPa$$word123!",
-					OrganizationID: uuid.New(),
+					Username:        "username",
+					Name:            "Admin User",
+					Email:           "email@coder.com",
+					Password:        "ValidPa$$word123!",
+					OrganizationIDs: []uuid.UUID{uuid.New()},
 				}
 				if username != "" {
 					req.Username = username

diff --git a/cli/user_delete_test.go b/cli/user_delete_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"testing"
 
+	"github.com/google/uuid"
 	"github.com/stretchr/testify/require"
 
 	"github.com/coder/coder/v2/cli/clitest"
@@ -27,12 +28,12 @@ func TestUserDelete(t *testing.T) {
 		require.NoError(t, err)
 
 		_, err = client.CreateUser(ctx, codersdk.CreateUserRequest{
-			Email:          "colin5@coder.com",
-			Username:       "coolin",
-			Password:       pw,
-			UserLoginType:  codersdk.LoginTypePassword,
-			OrganizationID: owner.OrganizationID,
-			DisableLogin:   false,
+			Email:           "colin5@coder.com",
+			Username:        "coolin",
+			Password:        pw,
+			UserLoginType:   codersdk.LoginTypePassword,
+			OrganizationIDs: []uuid.UUID{owner.OrganizationID},
+			DisableLogin:    false,
 		})
 		require.NoError(t, err)
 
@@ -58,12 +59,12 @@ func TestUserDelete(t *testing.T) {
 		require.NoError(t, err)
 
 		user, err := client.CreateUser(ctx, codersdk.CreateUserRequest{
-			Email:          "colin5@coder.com",
-			Username:       "coolin",
-			Password:       pw,
-			UserLoginType:  codersdk.LoginTypePassword,
-			OrganizationID: owner.OrganizationID,
-			DisableLogin:   false,
+			Email:           "colin5@coder.com",
+			Username:        "coolin",
+			Password:        pw,
+			UserLoginType:   codersdk.LoginTypePassword,
+			OrganizationIDs: []uuid.UUID{owner.OrganizationID},
+			DisableLogin:    false,
 		})
 		require.NoError(t, err)
 
@@ -89,12 +90,12 @@ func TestUserDelete(t *testing.T) {
 		require.NoError(t, err)
 
 		user, err := client.CreateUser(ctx, codersdk.CreateUserRequest{
-			Email:          "colin5@coder.com",
-			Username:       "coolin",
-			Password:       pw,
-			UserLoginType:  codersdk.LoginTypePassword,
-			OrganizationID: owner.OrganizationID,
-			DisableLogin:   false,
+			Email:           "colin5@coder.com",
+			Username:        "coolin",
+			Password:        pw,
+			UserLoginType:   codersdk.LoginTypePassword,
+			OrganizationIDs: []uuid.UUID{owner.OrganizationID},
+			DisableLogin:    false,
 		})
 		require.NoError(t, err)
 

diff --git a/cli/usercreate.go b/cli/usercreate.go
@@ -5,6 +5,7 @@ import (
 	"strings"
 
 	"github.com/go-playground/validator/v10"
+	"github.com/google/uuid"
 	"golang.org/x/xerrors"
 
 	"github.com/coder/pretty"
@@ -95,12 +96,12 @@ func (r *RootCmd) userCreate() *serpent.Command {
 			}
 
 			_, err = client.CreateUser(inv.Context(), codersdk.CreateUserRequest{
-				Email:          email,
-				Username:       username,
-				Name:           name,
-				Password:       password,
-				OrganizationID: organization.ID,
-				UserLoginType:  userLoginType,
+				Email:           email,
+				Username:        username,
+				Name:            name,
+				Password:        password,
+				OrganizationIDs: []uuid.UUID{organization.ID},
+				UserLoginType:   userLoginType,
 			})
 			if err != nil {
 				return err

diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
diff --git a/coderd/coderdtest/coderdtest.go b/coderd/coderdtest/coderdtest.go
@@ -646,11 +646,11 @@ func CreateFirstUser(t testing.TB, client *codersdk.Client) codersdk.CreateFirst
 // CreateAnotherUser creates and authenticates a new user.
 // Roles can include org scoped roles with 'roleName:<organization_id>'
 func CreateAnotherUser(t testing.TB, client *codersdk.Client, organizationID uuid.UUID, roles ...rbac.RoleIdentifier) (*codersdk.Client, codersdk.User) {
-	return createAnotherUserRetry(t, client, organizationID, 5, roles)
+	return createAnotherUserRetry(t, client, []uuid.UUID{organizationID}, 5, roles)
 }
 
 func CreateAnotherUserMutators(t testing.TB, client *codersdk.Client, organizationID uuid.UUID, roles []rbac.RoleIdentifier, mutators ...func(r *codersdk.CreateUserRequest)) (*codersdk.Client, codersdk.User) {
-	return createAnotherUserRetry(t, client, organizationID, 5, roles, mutators...)
+	return createAnotherUserRetry(t, client, []uuid.UUID{organizationID}, 5, roles, mutators...)
 }
 
 // AuthzUserSubject does not include the user's groups.
@@ -676,13 +676,13 @@ func AuthzUserSubject(user codersdk.User, orgID uuid.UUID) rbac.Subject {
 	}
 }
 
-func createAnotherUserRetry(t testing.TB, client *codersdk.Client, organizationID uuid.UUID, retries int, roles []rbac.RoleIdentifier, mutators ...func(r *codersdk.CreateUserRequest)) (*codersdk.Client, codersdk.User) {
+func createAnotherUserRetry(t testing.TB, client *codersdk.Client, organizationIDs []uuid.UUID, retries int, roles []rbac.RoleIdentifier, mutators ...func(r *codersdk.CreateUserRequest)) (*codersdk.Client, codersdk.User) {
 	req := codersdk.CreateUserRequest{
-		Email:          namesgenerator.GetRandomName(10) + "@coder.com",
-		Username:       RandomUsername(t),
-		Name:           RandomName(t),
-		Password:       "SomeSecurePassword!",
-		OrganizationID: organizationID,
+		Email:           namesgenerator.GetRandomName(10) + "@coder.com",
+		Username:        RandomUsername(t),
+		Name:            RandomName(t),
+		Password:        "SomeSecurePassword!",
+		OrganizationIDs: organizationIDs,
 	}
 	for _, m := range mutators {
 		m(&req)
@@ -694,7 +694,7 @@ func createAnotherUserRetry(t testing.TB, client *codersdk.Client, organizationI
 	if err != nil && retries >= 0 && xerrors.As(err, &apiError) {
 		if apiError.StatusCode() == http.StatusConflict {
 			retries--
-			return createAnotherUserRetry(t, client, organizationID, retries, roles)
+			return createAnotherUserRetry(t, client, organizationIDs, retries, roles)
 		}
 	}
 	require.NoError(t, err)
@@ -763,8 +763,9 @@ func createAnotherUserRetry(t testing.TB, client *codersdk.Client, organizationI
 		require.NoError(t, err, "update site roles")
 
 		// isMember keeps track of which orgs the user was added to as a member
-		isMember := map[uuid.UUID]bool{
-			organizationID: true,
+		isMember := make(map[uuid.UUID]bool)
+		for _, orgID := range organizationIDs {
+			isMember[orgID] = true
 		}
 
 		// Update org roles

diff --git a/coderd/userauth.go b/coderd/userauth.go
@@ -1436,11 +1436,11 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
 			}
 
 			//nolint:gocritic
-			user, _, err = api.CreateUser(dbauthz.AsSystemRestricted(ctx), tx, CreateUserRequest{
+			user, err = api.CreateUser(dbauthz.AsSystemRestricted(ctx), tx, CreateUserRequest{
 				CreateUserRequest: codersdk.CreateUserRequest{
-					Email:          params.Email,
-					Username:       params.Username,
-					OrganizationID: defaultOrganization.ID,
+					Email:           params.Email,
+					Username:        params.Username,
+					OrganizationIDs: []uuid.UUID{defaultOrganization.ID},
 				},
 				LoginType: params.LoginType,
 			})

diff --git a/coderd/userauth_test.go b/coderd/userauth_test.go
@@ -1471,10 +1471,10 @@ func TestUserLogout(t *testing.T) {
 		password = "SomeSecurePassword123!"
 	)
 	newUser, err := client.CreateUser(ctx, codersdk.CreateUserRequest{
-		Email:          email,
-		Username:       username,
-		Password:       password,
-		OrganizationID: firstUser.OrganizationID,
+		Email:           email,
+		Username:        username,
+		Password:        password,
+		OrganizationIDs: []uuid.UUID{firstUser.OrganizationID},
 	})
 	require.NoError(t, err)