From a772bf367700815e78944b8596fcbc4d644693a5 Mon Sep 17 00:00:00 2001 From: Steve Hipwell Date: Fri, 29 Nov 2024 15:43:39 +0000 Subject: [PATCH] feat: Added organization role support Signed-off-by: Steve Hipwell --- .markdownlint.yaml | 4 + ..._source_github_organization_custom_role.go | 3 +- ...rce_github_organization_repository_role.go | 95 ++++++++ ...ithub_organization_repository_role_test.go | 50 +++++ ...ce_github_organization_repository_roles.go | 84 +++++++ ...thub_organization_repository_roles_test.go | 65 ++++++ .../data_source_github_organization_role.go | 82 +++++++ ...a_source_github_organization_role_teams.go | 115 ++++++++++ ...rce_github_organization_role_teams_test.go | 104 +++++++++ ...ta_source_github_organization_role_test.go | 38 ++++ ...a_source_github_organization_role_users.go | 102 +++++++++ ...rce_github_organization_role_users_test.go | 97 ++++++++ .../data_source_github_organization_roles.go | 90 ++++++++ ...a_source_github_organization_roles_test.go | 28 +++ ...e_github_organization_security_managers.go | 75 +++++++ ...hub_organization_security_managers_test.go | 47 ++++ github/provider.go | 13 +- ...esource_github_organization_custom_role.go | 3 +- ...rce_github_organization_repository_role.go | 210 ++++++++++++++++++ ...ithub_organization_repository_role_test.go | 86 +++++++ github/resource_github_organization_role.go | 193 ++++++++++++++++ .../resource_github_organization_role_team.go | 138 ++++++++++++ ...urce_github_organization_role_team_test.go | 42 ++++ .../resource_github_organization_role_test.go | 85 +++++++ .../resource_github_organization_role_user.go | 138 ++++++++++++ ...urce_github_organization_role_user_test.go | 41 ++++ ...thub_organization_security_manager_test.go | 2 +- .../d/organization_custom_role.html.markdown | 2 + ...organization_repository_role.html.markdown | 33 +++ ...rganization_repository_roles.html.markdown | 35 +++ .../docs/d/organization_role.html.markdown | 32 +++ .../d/organization_role_teams.html.markdown | 37 +++ .../d/organization_role_users.html.markdown | 35 +++ .../docs/d/organization_roles.html.markdown | 34 +++ ...ganization_security_managers.html.markdown | 29 +++ .../r/organization_custom_role.html.markdown | 4 +- ...organization_repository_role.html.markdown | 50 +++++ .../docs/r/organization_role.html.markdown | 50 +++++ .../r/organization_role_team.html.markdown | 34 +++ .../r/organization_role_user.html.markdown | 34 +++ website/github.erb | 35 ++- 41 files changed, 2468 insertions(+), 6 deletions(-) create mode 100644 .markdownlint.yaml create mode 100644 github/data_source_github_organization_repository_role.go create mode 100644 github/data_source_github_organization_repository_role_test.go create mode 100644 github/data_source_github_organization_repository_roles.go create mode 100644 github/data_source_github_organization_repository_roles_test.go create mode 100644 github/data_source_github_organization_role.go create mode 100644 github/data_source_github_organization_role_teams.go create mode 100644 github/data_source_github_organization_role_teams_test.go create mode 100644 github/data_source_github_organization_role_test.go create mode 100644 github/data_source_github_organization_role_users.go create mode 100644 github/data_source_github_organization_role_users_test.go create mode 100644 github/data_source_github_organization_roles.go create mode 100644 github/data_source_github_organization_roles_test.go create mode 100644 github/data_source_github_organization_security_managers.go create mode 100644 github/data_source_github_organization_security_managers_test.go create mode 100644 github/resource_github_organization_repository_role.go create mode 100644 github/resource_github_organization_repository_role_test.go create mode 100644 github/resource_github_organization_role.go create mode 100644 github/resource_github_organization_role_team.go create mode 100644 github/resource_github_organization_role_team_test.go create mode 100644 github/resource_github_organization_role_test.go create mode 100644 github/resource_github_organization_role_user.go create mode 100644 github/resource_github_organization_role_user_test.go create mode 100644 website/docs/d/organization_repository_role.html.markdown create mode 100644 website/docs/d/organization_repository_roles.html.markdown create mode 100644 website/docs/d/organization_role.html.markdown create mode 100644 website/docs/d/organization_role_teams.html.markdown create mode 100644 website/docs/d/organization_role_users.html.markdown create mode 100644 website/docs/d/organization_roles.html.markdown create mode 100644 website/docs/d/organization_security_managers.html.markdown create mode 100644 website/docs/r/organization_repository_role.html.markdown create mode 100644 website/docs/r/organization_role.html.markdown create mode 100644 website/docs/r/organization_role_team.html.markdown create mode 100644 website/docs/r/organization_role_user.html.markdown diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000000..518e76a2af --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,4 @@ +MD013: false +MD024: + siblings_only: true +MD028: false diff --git a/github/data_source_github_organization_custom_role.go b/github/data_source_github_organization_custom_role.go index a2ae97ffeb..24472a8c17 100644 --- a/github/data_source_github_organization_custom_role.go +++ b/github/data_source_github_organization_custom_role.go @@ -12,8 +12,9 @@ import ( func dataSourceGithubOrganizationCustomRole() *schema.Resource { return &schema.Resource{ - Read: dataSourceGithubOrganizationCustomRoleRead, + DeprecationMessage: "This data source is deprecated and will be removed in a future release. Use the github_organization_repository_role data source instead.", + Read: dataSourceGithubOrganizationCustomRoleRead, Schema: map[string]*schema.Schema{ "name": { Type: schema.TypeString, diff --git a/github/data_source_github_organization_repository_role.go b/github/data_source_github_organization_repository_role.go new file mode 100644 index 0000000000..5fdb6218f7 --- /dev/null +++ b/github/data_source_github_organization_repository_role.go @@ -0,0 +1,95 @@ +package github + +import ( + "context" + "fmt" + "strconv" + + "github.com/google/go-github/v66/github" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceGithubOrganizationRepositoryRole() *schema.Resource { + return &schema.Resource{ + Description: "Lookup a custom organization repository role.", + + Read: dataSourceGithubOrganizationRepositoryRoleRead, + + Schema: map[string]*schema.Schema{ + "role_id": { + Description: "The ID of the organization repository role.", + Type: schema.TypeInt, + Required: true, + }, + "name": { + Description: "The name of the organization repository role.", + Type: schema.TypeString, + Computed: true, + }, + "description": { + Description: "The description of the organization repository role.", + Type: schema.TypeString, + Computed: true, + }, + "base_role": { + Description: "The system role from which this role inherits permissions.", + Type: schema.TypeString, + Computed: true, + }, + "permissions": { + Description: "The permissions included in this role.", + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Computed: true, + }, + }, + } +} + +func dataSourceGithubOrganizationRepositoryRoleRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId := int64(d.Get("role_id").(int)) + + // TODO: Use this code when go-github adds the functionality to get a custom repo role + // role, _, err := client.Organizations.GetCustomRepoRole(ctx, orgName, roleId) + // if err != nil { + // return err + // } + + roles, _, err := client.Organizations.ListCustomRepoRoles(ctx, orgName) + if err != nil { + return err + } + + var role *github.CustomRepoRoles + for _, r := range roles.CustomRepoRoles { + if r.GetID() == roleId { + role = r + break + } + } + if role == nil { + return fmt.Errorf("custom organization repo role with ID %d not found", roleId) + } + + r := map[string]any{ + "role_id": role.GetID(), + "name": role.GetName(), + "description": role.GetDescription(), + "base_role": role.GetBaseRole(), + "permissions": role.Permissions, + } + + d.SetId(strconv.FormatInt(role.GetID(), 10)) + + for k, v := range r { + if err := d.Set(k, v); err != nil { + return err + } + } + + return nil +} diff --git a/github/data_source_github_organization_repository_role_test.go b/github/data_source_github_organization_repository_role_test.go new file mode 100644 index 0000000000..377554d9d3 --- /dev/null +++ b/github/data_source_github_organization_repository_role_test.go @@ -0,0 +1,50 @@ +package github + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccGithubOrganizationRepositoryRoleDataSource(t *testing.T) { + t.Run("queries an organization repository role", func(t *testing.T) { + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + roleName := fmt.Sprintf(`tf-acc-test-%s`, randomID) + + config := fmt.Sprintf(` + resource "github_organization_repository_role" "test" { + name = "%s" + description = "Test role description" + base_role = "read" + permissions = [ + "reopen_issue", + "reopen_pull_request", + ] + } + + data "github_organization_repository_role" "test" { + role_id = github_organization_repository_role.test.role_id + + depends_on = [ github_organization_repository_role.test ] + } + `, roleName) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, enterprise) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair("data.github_organization_repository_role.test", "name", "github_organization_repository_role.test", "name"), + resource.TestCheckResourceAttrPair("data.github_organization_repository_role.test", "description", "github_organization_repository_role.test", "description"), + resource.TestCheckResourceAttrPair("data.github_organization_repository_role.test", "base_role", "github_organization_repository_role.test", "base_role"), + resource.TestCheckResourceAttrPair("data.github_organization_repository_role.test", "permissions.#", "github_organization_repository_role.test", "permissions.#"), + ), + }, + }, + }) + }) +} diff --git a/github/data_source_github_organization_repository_roles.go b/github/data_source_github_organization_repository_roles.go new file mode 100644 index 0000000000..11a8e7b687 --- /dev/null +++ b/github/data_source_github_organization_repository_roles.go @@ -0,0 +1,84 @@ +package github + +import ( + "context" + "fmt" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceGithubOrganizationRepositoryRoles() *schema.Resource { + return &schema.Resource{ + Description: "Lookup all custom repository roles in an organization.", + + Read: dataSourceGithubOrganizationRepositoryRolesRead, + + Schema: map[string]*schema.Schema{ + "roles": { + Description: "Available organization repository roles.", + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "role_id": { + Description: "The ID of the organization repository role.", + Type: schema.TypeInt, + Computed: true, + }, + "name": { + Description: "The name of the organization repository role.", + Type: schema.TypeString, + Computed: true, + }, + "description": { + Description: "The description of the organization repository role.", + Type: schema.TypeString, + Computed: true, + }, + "base_role": { + Description: "The system role from which this role inherits permissions.", + Type: schema.TypeString, + Computed: true, + }, + "permissions": { + Description: "The permissions included in this role.", + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Computed: true, + }, + }, + }, + }, + }, + } +} + +func dataSourceGithubOrganizationRepositoryRolesRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + ret, _, err := client.Organizations.ListCustomRepoRoles(ctx, orgName) + if err != nil { + return err + } + + allRoles := make([]any, ret.GetTotalCount()) + for i, role := range ret.CustomRepoRoles { + r := map[string]any{ + "role_id": role.GetID(), + "name": role.GetName(), + "description": role.GetDescription(), + "base_role": role.GetBaseRole(), + "permissions": role.Permissions, + } + allRoles[i] = r + } + + d.SetId(fmt.Sprintf("%s/github-org-repo-roles", orgName)) + if err := d.Set("roles", allRoles); err != nil { + return fmt.Errorf("error setting roles: %s", err) + } + + return nil +} diff --git a/github/data_source_github_organization_repository_roles_test.go b/github/data_source_github_organization_repository_roles_test.go new file mode 100644 index 0000000000..d205c79176 --- /dev/null +++ b/github/data_source_github_organization_repository_roles_test.go @@ -0,0 +1,65 @@ +package github + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccDataSourceGithubOrganizationRepositoryRoles(t *testing.T) { + t.Run("get empty organization roles without error", func(t *testing.T) { + config := ` + data "github_organization_repository_roles" "test" {} + ` + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, organization) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.github_organization_repository_roles.test", "roles.#"), + resource.TestCheckResourceAttr("data.github_organization_repository_roles.test", "roles.#", "0"), + ), + }, + }, + }) + }) + + t.Run("get organization roles without error", func(t *testing.T) { + config := ` + resource "github_organization_repository_role" "test" { + name = "%s" + description = "Test role description" + base_role = "read" + permissions = [ + "reopen_issue", + "reopen_pull_request", + ] + } + + data "github_organization_repository_roles" "test" { + depends_on = [ github_organization_repository_role.test ] + } + ` + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, enterprise) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.github_organization_repository_roles.test", "roles.#"), + resource.TestCheckResourceAttr("data.github_organization_repository_roles.test", "roles.#", "1"), + resource.TestCheckResourceAttrPair("data.github_organization_repository_roles.test", "roles.0.name", "github_organization_repository_role.test", "name"), + resource.TestCheckResourceAttrPair("data.github_organization_repository_roles.test", "roles.0.description", "github_organization_repository_role.test", "description"), + resource.TestCheckResourceAttrPair("data.github_organization_repository_roles.test", "roles.0.base_role", "github_organization_repository_role.test", "base_role"), + resource.TestCheckResourceAttrPair("data.github_organization_repository_roles.test", "roles.0.permissions.#", "github_organization_repository_role.test", "permissions.#"), + ), + }, + }, + }) + }) +} diff --git a/github/data_source_github_organization_role.go b/github/data_source_github_organization_role.go new file mode 100644 index 0000000000..58dc86daaa --- /dev/null +++ b/github/data_source_github_organization_role.go @@ -0,0 +1,82 @@ +package github + +import ( + "context" + "strconv" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceGithubOrganizationRole() *schema.Resource { + return &schema.Resource{ + Description: "Lookup a custom organization role.", + + Read: dataSourceGithubOrganizationRoleRead, + + Schema: map[string]*schema.Schema{ + "role_id": { + Description: "The ID of the organization role.", + Type: schema.TypeInt, + Required: true, + }, + "name": { + Description: "The name of the organization role.", + Type: schema.TypeString, + Computed: true, + }, + "description": { + Description: "The description of the organization role.", + Type: schema.TypeString, + Computed: true, + }, + "source": { + Description: "The source of this role; one of `Predefined`, `Organization`, or `Enterprise`.", + Type: schema.TypeString, + Computed: true, + }, + "base_role": { + Description: "The system role from which this role inherits permissions.", + Type: schema.TypeString, + Computed: true, + }, + "permissions": { + Description: "A list of permissions included in this role.", + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Computed: true, + }, + }, + } +} + +func dataSourceGithubOrganizationRoleRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId := int64(d.Get("role_id").(int)) + + role, _, err := client.Organizations.GetOrgRole(ctx, orgName, roleId) + if err != nil { + return err + } + + r := map[string]any{ + "role_id": role.GetID(), + "name": role.GetName(), + "description": role.GetDescription(), + "source": role.GetSource(), + "base_role": role.GetBaseRole(), + "permissions": role.Permissions, + } + + d.SetId(strconv.FormatInt(role.GetID(), 10)) + + for k, v := range r { + if err := d.Set(k, v); err != nil { + return err + } + } + + return nil +} diff --git a/github/data_source_github_organization_role_teams.go b/github/data_source_github_organization_role_teams.go new file mode 100644 index 0000000000..d19404523f --- /dev/null +++ b/github/data_source_github_organization_role_teams.go @@ -0,0 +1,115 @@ +package github + +import ( + "context" + "fmt" + + "github.com/google/go-github/v66/github" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceGithubOrganizationRoleTeams() *schema.Resource { + return &schema.Resource{ + Description: "Lookup all teams assigned to a custom organization role.", + + Read: dataSourceGithubOrganizationRoleTeamsRead, + + Schema: map[string]*schema.Schema{ + "role_id": { + Description: "The unique identifier of the organization role.", + Type: schema.TypeInt, + Required: true, + ForceNew: true, + }, + "teams": { + Description: "Teams assigned to the organization role.", + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "team_id": { + Description: "The ID of the team.", + Type: schema.TypeInt, + Computed: true, + }, + "slug": { + Description: "The Slug of the team name.", + Type: schema.TypeString, + Computed: true, + }, + "name": { + Description: "The name of the team.", + Type: schema.TypeString, + Computed: true, + }, + "permission": { + Description: "The permission that the team will have for its repositories.", + Type: schema.TypeString, + Computed: true, + }, + // TODO: Add these fields when go-github adds the functionality to get a custom org + // See https://github.com/google/go-github/issues/3364 + // "assignment": { + // Description: "Determines if the team has a direct, indirect, or mixed relationship to a role.", + // Type: schema.TypeString, + // Computed: true, + // }, + // "parent_team_id": { + // Description: "The ID of the parent team if this is an indirect assignment.", + // Type: schema.TypeString, + // Computed: true, + // }, + // "parent_team_slug": { + // Description: "The slug of the parent team if this is an indirect assignment.", + // Type: schema.TypeString, + // Computed: true, + // }, + }, + }, + }, + }, + } +} + +func dataSourceGithubOrganizationRoleTeamsRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId := int64(d.Get("role_id").(int)) + + allTeams := make([]any, 0) + + opts := &github.ListOptions{ + PerPage: maxPerPage, + } + + for { + teams, resp, err := client.Organizations.ListTeamsAssignedToOrgRole(ctx, orgName, roleId, opts) + if err != nil { + return err + } + + for _, team := range teams { + t := map[string]any{ + "id": team.GetID(), + "slug": team.GetSlug(), + "name": team.GetName(), + "permission": team.GetPermission(), + } + allTeams = append(allTeams, t) + } + + if resp.NextPage == 0 { + break + } + opts.Page = resp.NextPage + } + + d.SetId(fmt.Sprintf("%d", roleId)) + if err := d.Set("teams", allTeams); err != nil { + return fmt.Errorf("error setting teams: %s", err) + } + + return nil +} diff --git a/github/data_source_github_organization_role_teams_test.go b/github/data_source_github_organization_role_teams_test.go new file mode 100644 index 0000000000..00f3f0e55b --- /dev/null +++ b/github/data_source_github_organization_role_teams_test.go @@ -0,0 +1,104 @@ +package github + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccDataSourceGithubOrganizationRoleTeams(t *testing.T) { + t.Run("get the organization role teams without error", func(t *testing.T) { + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + teamName := fmt.Sprintf("tf-acc-team-%s", randomID) + roleId := 8134 + config := fmt.Sprintf(` + resource "github_team" "test" { + name = "%s" + } + + resource "github_organization_role_team" "test" { + role_id = %d + team_slug = github_team.test.slug + } + + data "github_organization_role_teams" "test" { + role_id = %[2]d + + depends_on = [ + github_organization_role_team.test + ] + } + `, teamName, roleId) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, organization) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.github_organization_role_teams.test", "teams.#"), + resource.TestCheckResourceAttr("data.github_organization_role_teams.test", "teams.#", "1"), + resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.0.team_id", "github_team.test", "id"), + resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.0.slug", "github_team.test", "slug"), + resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.0.name", "github_team.test", "name"), + ), + }, + }, + }) + }) + + t.Run("get indirect organization role teams without error", func(t *testing.T) { + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + teamName1 := fmt.Sprintf("tf-acc-team-1-%s", randomID) + teamName2 := fmt.Sprintf("tf-acc-team-2-%s", randomID) + roleId := 8134 + config := fmt.Sprintf(` + resource "github_team" "test_1" { + name = "%s" + privacy = "closed" + } + + resource "github_team" "test_2" { + name = "%s" + privacy = "closed" + parent_team_id = github_team.test_1.id + } + + resource "github_organization_role_team" "test" { + role_id = %d + team_slug = github_team.test_1.slug + } + + data "github_organization_role_teams" "test" { + role_id = %[3]d + + depends_on = [ + github_organization_role_team.test + ] + } + `, teamName1, teamName2, roleId) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, organization) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.github_organization_role_teams.test", "teams.#"), + resource.TestCheckResourceAttr("data.github_organization_role_teams.test", "teams.#", "2"), + resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.0.team_id", "github_team.test_1", "id"), + resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.0.slug", "github_team.test_1", "slug"), + resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.0.name", "github_team.test_1", "name"), + resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.1.team_id", "github_team.test_2", "id"), + resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.1.slug", "github_team.test_2", "slug"), + resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.1.name", "github_team.test_2", "name"), + ), + }, + }, + }) + }) +} diff --git a/github/data_source_github_organization_role_test.go b/github/data_source_github_organization_role_test.go new file mode 100644 index 0000000000..04558f09ee --- /dev/null +++ b/github/data_source_github_organization_role_test.go @@ -0,0 +1,38 @@ +package github + +import ( + "fmt" + "strconv" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccDataSourceGithubOrganizationRole(t *testing.T) { + t.Run("get the organization role without error", func(t *testing.T) { + roleId := 138 + config := fmt.Sprintf(` + data "github_organization_role" "test" { + role_id = %d + } + `, roleId) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, organization) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.github_organization_role.test", "role_id", strconv.Itoa(roleId)), + resource.TestCheckResourceAttr("data.github_organization_role.test", "name", "security_manager"), + resource.TestCheckResourceAttr("data.github_organization_role.test", "source", "Predefined"), + resource.TestCheckResourceAttr("data.github_organization_role.test", "base_role", "read"), + resource.TestCheckResourceAttrSet("data.github_organization_role.test", "description"), + resource.TestCheckResourceAttrSet("data.github_organization_role.test", "permissions.#"), + ), + }, + }, + }) + }) +} diff --git a/github/data_source_github_organization_role_users.go b/github/data_source_github_organization_role_users.go new file mode 100644 index 0000000000..ecfe254947 --- /dev/null +++ b/github/data_source_github_organization_role_users.go @@ -0,0 +1,102 @@ +package github + +import ( + "context" + "fmt" + + "github.com/google/go-github/v66/github" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceGithubOrganizationRoleUsers() *schema.Resource { + return &schema.Resource{ + Description: "Lookup all users assigned to a custom organization role.", + + Read: dataSourceGithubOrganizationRoleUsersRead, + + Schema: map[string]*schema.Schema{ + "role_id": { + Description: "The ID of the organization role.", + Type: schema.TypeInt, + Required: true, + ForceNew: true, + }, + "users": { + Description: "Users assigned to the organization role.", + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "user_id": { + Description: "The ID of the user.", + Type: schema.TypeInt, + Computed: true, + }, + "login": { + Description: "The login for the GitHub user account.", + Type: schema.TypeString, + Computed: true, + }, + // See https://github.com/google/go-github/issues/3364 + // "assignment": { + // Description: "Determines if the team has a direct, indirect, or mixed relationship to a role.", + // Type: schema.TypeString, + // Computed: true, + // }, + // "parent_team_id": { + // Description: "The ID of the parent team if this is an indirect assignment.", + // Type: schema.TypeString, + // Computed: true, + // }, + // "parent_team_slug": { + // Description: "The slug of the parent team if this is an indirect assignment.", + // Type: schema.TypeString, + // Computed: true, + // }, + }, + }, + }, + }, + } +} + +func dataSourceGithubOrganizationRoleUsersRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId := int64(d.Get("role_id").(int)) + + allUsers := make([]any, 0) + + opts := &github.ListOptions{ + PerPage: maxPerPage, + } + + for { + users, resp, err := client.Organizations.ListUsersAssignedToOrgRole(ctx, orgName, roleId, opts) + if err != nil { + return err + } + + for _, user := range users { + u := map[string]any{ + "id": user.GetID(), + "login": user.GetLogin(), + } + allUsers = append(allUsers, u) + } + + if resp.NextPage == 0 { + break + } + opts.Page = resp.NextPage + } + + d.SetId(fmt.Sprintf("%d", roleId)) + if err := d.Set("users", allUsers); err != nil { + return fmt.Errorf("error setting users: %s", err) + } + + return nil +} diff --git a/github/data_source_github_organization_role_users_test.go b/github/data_source_github_organization_role_users_test.go new file mode 100644 index 0000000000..4350b8e4d5 --- /dev/null +++ b/github/data_source_github_organization_role_users_test.go @@ -0,0 +1,97 @@ +package github + +import ( + "fmt" + "os" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccDataSourceGithubOrganizationRoleUsers(t *testing.T) { + login := os.Getenv("GITHUB_IN_ORG_USER") + if len(login) == 0 { + t.Skip("set inOrgUser to unskip this test run") + } + + t.Run("get the organization role users without error", func(t *testing.T) { + roleId := 8134 + config := fmt.Sprintf(` + resource "github_organization_role_user" "test" { + role_id = %d + login = "%s" + } + + data "github_organization_role_users" "test" { + role_id = %[1]d + + depends_on = [ + github_organization_role_user.test + ] + } + `, roleId, login) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, organization) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.github_organization_role_users.test", "users.#"), + resource.TestCheckResourceAttr("data.github_organization_role_users.test", "users.#", "1"), + resource.TestCheckResourceAttrSet("data.github_organization_role_users.test", "users.0.user_id"), + resource.TestCheckResourceAttr("data.github_organization_role_users.test", "users.0.login", login), + ), + }, + }, + }) + }) + + t.Run("get indirect organization role users without error", func(t *testing.T) { + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + teamName := fmt.Sprintf("tf-acc-team-%s", randomID) + roleId := 8134 + config := fmt.Sprintf(` + resource "github_team" "test" { + name = "%s" + privacy = "closed" + } + + resource "github_team_membership" "test" { + team_id = github_team.test.id + username = "%s" + } + + resource "github_organization_role_team" "test" { + role_id = %d + team_slug = github_team.test.slug + } + + data "github_organization_role_users" "test" { + role_id = %[3]d + + depends_on = [ + github_organization_role_team.test + ] + } + `, teamName, login, roleId) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, organization) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.github_organization_role_users.test", "users.#"), + resource.TestCheckResourceAttr("data.github_organization_role_users.test", "users.#", "1"), + resource.TestCheckResourceAttrSet("data.github_organization_role_users.test", "users.0.user_id"), + resource.TestCheckResourceAttr("data.github_organization_role_users.test", "users.0.login", login), + ), + }, + }, + }) + }) +} diff --git a/github/data_source_github_organization_roles.go b/github/data_source_github_organization_roles.go new file mode 100644 index 0000000000..dc24318994 --- /dev/null +++ b/github/data_source_github_organization_roles.go @@ -0,0 +1,90 @@ +package github + +import ( + "context" + "fmt" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceGithubOrganizationRoles() *schema.Resource { + return &schema.Resource{ + Description: "Lookup all custom roles in an organization.", + + Read: dataSourceGithubOrganizationRolesRead, + + Schema: map[string]*schema.Schema{ + "roles": { + Description: "Available organization roles.", + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "role_id": { + Description: "The ID of the organization role.", + Type: schema.TypeInt, + Computed: true, + }, + "name": { + Description: "The name of the organization role.", + Type: schema.TypeString, + Computed: true, + }, + "description": { + Description: "The description of the organization role.", + Type: schema.TypeString, + Computed: true, + }, + "source": { + Description: "The source of this role; one of `Predefined`, `Organization`, or `Enterprise`.", + Type: schema.TypeString, + Computed: true, + }, + "base_role": { + Description: "The system role from which this role inherits permissions.", + Type: schema.TypeString, + Computed: true, + }, + "permissions": { + Description: "A list of permissions included in this role.", + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Computed: true, + }, + }, + }, + }, + }, + } +} + +func dataSourceGithubOrganizationRolesRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + ret, _, err := client.Organizations.ListRoles(ctx, orgName) + if err != nil { + return err + } + + allRoles := make([]any, ret.GetTotalCount()) + for i, role := range ret.CustomRepoRoles { + r := map[string]any{ + "role_id": role.GetID(), + "name": role.GetName(), + "description": role.GetDescription(), + "source": role.GetSource(), + "base_role": role.GetBaseRole(), + "permissions": role.Permissions, + } + allRoles[i] = r + } + + d.SetId(fmt.Sprintf("%s/github-org-roles", orgName)) + if err := d.Set("roles", allRoles); err != nil { + return fmt.Errorf("error setting roles: %s", err) + } + + return nil +} diff --git a/github/data_source_github_organization_roles_test.go b/github/data_source_github_organization_roles_test.go new file mode 100644 index 0000000000..f945e84a30 --- /dev/null +++ b/github/data_source_github_organization_roles_test.go @@ -0,0 +1,28 @@ +package github + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccDataSourceGithubOrganizationRoles(t *testing.T) { + t.Run("get the organization roles without error", func(t *testing.T) { + config := ` + data "github_organization_roles" "test" {} + ` + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, organization) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.github_organization_roles.test", "roles.#"), + ), + }, + }, + }) + }) +} diff --git a/github/data_source_github_organization_security_managers.go b/github/data_source_github_organization_security_managers.go new file mode 100644 index 0000000000..3167f6b5d1 --- /dev/null +++ b/github/data_source_github_organization_security_managers.go @@ -0,0 +1,75 @@ +package github + +import ( + "context" + "fmt" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceGithubOrganizationSecurityManagers() *schema.Resource { + return &schema.Resource{ + Read: dataSourceGithubOrganizationSecurityManagersRead, + + Schema: map[string]*schema.Schema{ + "teams": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Description: "Unique identifier of the team.", + Type: schema.TypeInt, + Computed: true, + }, + "slug": { + Description: "Name based identifier of the team.", + Type: schema.TypeString, + Computed: true, + }, + "name": { + Description: "Name of the team.", + Type: schema.TypeString, + Computed: true, + }, + "permission": { + Description: "Permission that the team will have for its repositories.", + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + }, + } +} + +func dataSourceGithubOrganizationSecurityManagersRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + allTeams := make([]interface{}, 0) + + teams, _, err := client.Organizations.ListSecurityManagerTeams(ctx, orgName) + if err != nil { + return err + } + + for _, team := range teams { + t := map[string]any{ + "id": team.GetID(), + "slug": team.GetSlug(), + "name": team.GetName(), + "permission": team.GetPermission(), + } + allTeams = append(allTeams, t) + } + + d.SetId(fmt.Sprintf("%s/github-org-security-managers", orgName)) + if err := d.Set("teams", allTeams); err != nil { + return fmt.Errorf("error setting teams: %s", err) + } + + return nil +} diff --git a/github/data_source_github_organization_security_managers_test.go b/github/data_source_github_organization_security_managers_test.go new file mode 100644 index 0000000000..ce32902ed0 --- /dev/null +++ b/github/data_source_github_organization_security_managers_test.go @@ -0,0 +1,47 @@ +package github + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccDataSourceGithubOrganizationSecurityManagers(t *testing.T) { + t.Run("get the organization security managers without error", func(t *testing.T) { + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + teamName := fmt.Sprintf("tf-acc-%s", randomID) + + config := fmt.Sprintf(` + resource "github_team" "test" { + name = "%s" + } + + resource "github_organization_security_manager" "test" { + team_slug = github_team.test.slug + } + + data "github_organization_security_managers" "test" { + depends_on = [ + github_organization_security_manager.test + ] + } + `, teamName) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, organization) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.github_organization_security_managers.test", "teams.#"), + resource.TestCheckResourceAttr("data.github_organization_security_managers.test", "teams.#", "1"), + resource.TestCheckResourceAttr("data.github_organization_security_managers.test", "teams.0.name", teamName), + ), + }, + }, + }) + }) +} diff --git a/github/provider.go b/github/provider.go index a9a04d0474..e865c2c214 100644 --- a/github/provider.go +++ b/github/provider.go @@ -160,8 +160,12 @@ func Provider() *schema.Provider { "github_organization_block": resourceOrganizationBlock(), "github_organization_custom_role": resourceGithubOrganizationCustomRole(), "github_organization_project": resourceGithubOrganizationProject(), - "github_organization_security_manager": resourceGithubOrganizationSecurityManager(), + "github_organization_repository_role": resourceGithubOrganizationRepositoryRole(), + "github_organization_role": resourceGithubOrganizationRole(), + "github_organization_role_team": resourceGithubOrganizationRoleTeam(), + "github_organization_role_user": resourceGithubOrganizationRoleUser(), "github_organization_ruleset": resourceGithubOrganizationRuleset(), + "github_organization_security_manager": resourceGithubOrganizationSecurityManager(), "github_organization_settings": resourceGithubOrganizationSettings(), "github_organization_webhook": resourceGithubOrganizationWebhook(), "github_project_card": resourceGithubProjectCard(), @@ -232,6 +236,13 @@ func Provider() *schema.Provider { "github_organization_custom_role": dataSourceGithubOrganizationCustomRole(), "github_organization_external_identities": dataSourceGithubOrganizationExternalIdentities(), "github_organization_ip_allow_list": dataSourceGithubOrganizationIpAllowList(), + "github_organization_repository_role": dataSourceGithubOrganizationRepositoryRole(), + "github_organization_repository_roles": dataSourceGithubOrganizationRepositoryRoles(), + "github_organization_role": dataSourceGithubOrganizationRole(), + "github_organization_role_teams": dataSourceGithubOrganizationRoleTeams(), + "github_organization_role_users": dataSourceGithubOrganizationRoleUsers(), + "github_organization_roles": dataSourceGithubOrganizationRoles(), + "github_organization_security_managers": dataSourceGithubOrganizationSecurityManagers(), "github_organization_team_sync_groups": dataSourceGithubOrganizationTeamSyncGroups(), "github_organization_teams": dataSourceGithubOrganizationTeams(), "github_organization_webhooks": dataSourceGithubOrganizationWebhooks(), diff --git a/github/resource_github_organization_custom_role.go b/github/resource_github_organization_custom_role.go index 8bed03804d..632e3a5253 100644 --- a/github/resource_github_organization_custom_role.go +++ b/github/resource_github_organization_custom_role.go @@ -12,6 +12,8 @@ import ( func resourceGithubOrganizationCustomRole() *schema.Resource { return &schema.Resource{ + DeprecationMessage: "This resource is deprecated and will be removed in a future release. Use github_organization_repository_role resource instead.", + Create: resourceGithubOrganizationCustomRoleCreate, Read: resourceGithubOrganizationCustomRoleRead, Update: resourceGithubOrganizationCustomRoleUpdate, @@ -70,7 +72,6 @@ func resourceGithubOrganizationCustomRoleCreate(d *schema.ResourceData, meta int BaseRole: github.String(d.Get("base_role").(string)), Permissions: permissionsStr, }) - if err != nil { return fmt.Errorf("error creating GitHub custom repository role %s (%s): %s", orgName, d.Get("name").(string), err) } diff --git a/github/resource_github_organization_repository_role.go b/github/resource_github_organization_repository_role.go new file mode 100644 index 0000000000..9de5299dad --- /dev/null +++ b/github/resource_github_organization_repository_role.go @@ -0,0 +1,210 @@ +package github + +import ( + "context" + "fmt" + "log" + "strconv" + + "github.com/google/go-github/v66/github" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceGithubOrganizationRepositoryRole() *schema.Resource { + return &schema.Resource{ + Description: "Manage a custom organization repository role.", + Create: resourceGithubOrganizationRepositoryRoleCreate, + Read: resourceGithubOrganizationRepositoryRoleRead, + Update: resourceGithubOrganizationRepositoryRoleUpdate, + Delete: resourceGithubOrganizationRepositoryRoleDelete, + Importer: &schema.ResourceImporter{ + StateContext: schema.ImportStatePassthroughContext, + }, + + Schema: map[string]*schema.Schema{ + "role_id": { + Description: "The ID of the organization repository role.", + Type: schema.TypeInt, + Computed: true, + }, + "name": { + Description: "The name of the organization repository role.", + Type: schema.TypeString, + Required: true, + }, + "description": { + Description: "The description of the organization repository role.", + Type: schema.TypeString, + Optional: true, + }, + "base_role": { + Description: "The base role for the organization repository role.", + Type: schema.TypeString, + Required: true, + ValidateDiagFunc: validateValueFunc([]string{"read", "triage", "write", "maintain"}), + }, + "permissions": { + Description: "The permissions for the organization repository role.", + Type: schema.TypeSet, + Required: true, + Elem: &schema.Schema{Type: schema.TypeString}, + MinItems: 1, + }, + }, + } +} + +func resourceGithubOrganizationRepositoryRoleCreate(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + orgName := meta.(*Owner).name + ctx := context.Background() + + permissions := d.Get("permissions").(*schema.Set).List() + permissionsStr := make([]string, len(permissions)) + for i, v := range permissions { + permissionsStr[i] = v.(string) + } + + role, _, err := client.Organizations.CreateCustomRepoRole(ctx, orgName, &github.CreateOrUpdateCustomRepoRoleOptions{ + Name: github.String(d.Get("name").(string)), + Description: github.String(d.Get("description").(string)), + BaseRole: github.String(d.Get("base_role").(string)), + Permissions: permissionsStr, + }) + if err != nil { + return fmt.Errorf("error creating GitHub organization repository role (%s/%s): %s", orgName, d.Get("name").(string), err) + } + + d.SetId(fmt.Sprint(role.GetID())) + return resourceGithubOrganizationRoleRead(d, meta) +} + +func resourceGithubOrganizationRepositoryRoleRead(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId, err := strconv.ParseInt(d.Id(), 10, 64) + if err != nil { + return err + } + + // TODO: Use this code when go-github adds the functionality to get a custom repo role + // role, _, err := client.Organizations.GetCustomRepoRole(ctx, orgName, roleId) + // if err != nil { + // if ghErr, ok := err.(*github.ErrorResponse); ok { + // if ghErr.Response.StatusCode == http.StatusNotFound { + // log.Printf("[WARN] GitHub organization repository role (%s/%d) not found, removing from state", orgName, roleId) + // d.SetId("") + // return nil + // } + // } + // return err + // } + + roles, _, err := client.Organizations.ListCustomRepoRoles(ctx, orgName) + if err != nil { + return err + } + + var role *github.CustomRepoRoles + for _, r := range roles.CustomRepoRoles { + if r.GetID() == roleId { + role = r + break + } + } + + if role == nil { + log.Printf("[WARN] GitHub organization repository role (%s/%d) not found, removing from state", orgName, roleId) + d.SetId("") + return nil + } + + if err = d.Set("role_id", role.GetID()); err != nil { + return err + } + if err = d.Set("name", role.Name); err != nil { + return err + } + if err = d.Set("description", role.Description); err != nil { + return err + } + if err = d.Set("base_role", role.BaseRole); err != nil { + return err + } + if err = d.Set("permissions", role.Permissions); err != nil { + return err + } + + return nil +} + +func resourceGithubOrganizationRepositoryRoleUpdate(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId, err := strconv.ParseInt(d.Id(), 10, 64) + if err != nil { + return err + } + + permissions := d.Get("permissions").(*schema.Set).List() + permissionsStr := make([]string, len(permissions)) + for i, v := range permissions { + permissionsStr[i] = v.(string) + } + + update := &github.CreateOrUpdateCustomRepoRoleOptions{ + Name: github.String(d.Get("name").(string)), + Description: github.String(d.Get("description").(string)), + BaseRole: github.String(d.Get("base_role").(string)), + Permissions: permissionsStr, + } + + _, _, err = client.Organizations.UpdateCustomRepoRole(ctx, orgName, roleId, update) + if err != nil { + return fmt.Errorf("error updating GitHub organization repository role (%s/%s): %s", orgName, d.Get("name").(string), err) + } + + return resourceGithubOrganizationRoleRead(d, meta) +} + +func resourceGithubOrganizationRepositoryRoleDelete(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId, err := strconv.ParseInt(d.Id(), 10, 64) + if err != nil { + return err + } + + _, err = client.Organizations.DeleteCustomRepoRole(ctx, orgName, roleId) + if err != nil { + return fmt.Errorf("Error deleting GitHub organization repository role %s (%d): %s", orgName, roleId, err) + } + + return nil +} diff --git a/github/resource_github_organization_repository_role_test.go b/github/resource_github_organization_repository_role_test.go new file mode 100644 index 0000000000..885828635b --- /dev/null +++ b/github/resource_github_organization_repository_role_test.go @@ -0,0 +1,86 @@ +package github + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccGithubOrganizationRepositoryRole(t *testing.T) { + t.Run("can create an organization repository role without erroring", func(t *testing.T) { + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + name := fmt.Sprintf("tf-acc-org-repo-role-%s", randomID) + description := "This is a test org repo role." + baseRole := "write" + permission0 := "reopen_issue" + permission1 := "reopen_pull_request" + + config := fmt.Sprintf(` + resource "github_organization_repository_role" "test" { + name = "%s" + description = "%s" + base_role = "%s" + permissions = [ + "%s", + "%s" + ] + } + `, name, description, baseRole, permission0, permission1) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, enterprise) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("github_organization_repository_role.test", "id"), + resource.TestCheckResourceAttrSet("github_organization_repository_role.test", "role_id"), + resource.TestCheckResourceAttr("github_organization_repository_role.test", "name", name), + resource.TestCheckResourceAttr("github_organization_repository_role.test", "description", description), + resource.TestCheckResourceAttr("github_organization_repository_role.test", "base_role", baseRole), + resource.TestCheckResourceAttrSet("github_organization_repository_role.test", "permissions.#"), + resource.TestCheckResourceAttr("github_organization_repository_role.test", "permissions.#", "2"), + resource.TestCheckResourceAttr("github_organization_repository_role.test", "permissions.0", permission0), + resource.TestCheckResourceAttr("github_organization_repository_role.test", "permissions.1", permission1), + ), + }, + }, + }) + }) + + t.Run("can create an minimal organization repository role without erroring", func(t *testing.T) { + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + name := fmt.Sprintf("tf-acc-org-repo-role-%s", randomID) + permission0 := "reopen_issue" + + config := fmt.Sprintf(` + resource "github_organization_repository_role" "test" { + name = "%s" + permissions = [ + "%s" + ] + } + `, name, permission0) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, enterprise) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("github_organization_repository_role.test", "id"), + resource.TestCheckResourceAttr("github_organization_repository_role.test", "name", name), + resource.TestCheckResourceAttrSet("github_organization_repository_role.test", "base_role"), + resource.TestCheckResourceAttrSet("github_organization_repository_role.test", "permissions.#"), + resource.TestCheckResourceAttr("github_organization_repository_role.test", "permissions.#", "1"), + resource.TestCheckResourceAttr("github_organization_repository_role.test", "permissions.0", permission0), + ), + }, + }, + }) + }) +} diff --git a/github/resource_github_organization_role.go b/github/resource_github_organization_role.go new file mode 100644 index 0000000000..b1bf0ad5da --- /dev/null +++ b/github/resource_github_organization_role.go @@ -0,0 +1,193 @@ +package github + +import ( + "context" + "fmt" + "log" + "net/http" + "strconv" + + "github.com/google/go-github/v66/github" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceGithubOrganizationRole() *schema.Resource { + return &schema.Resource{ + Description: "Manage a custom organization role.", + + Create: resourceGithubOrganizationRoleCreate, + Read: resourceGithubOrganizationRoleRead, + Update: resourceGithubOrganizationRoleUpdate, + Delete: resourceGithubOrganizationRoleDelete, + Importer: &schema.ResourceImporter{ + StateContext: schema.ImportStatePassthroughContext, + }, + + Schema: map[string]*schema.Schema{ + "role_id": { + Description: "The ID of the organization role.", + Type: schema.TypeInt, + Computed: true, + }, + "name": { + Description: "The name of the organization role.", + Type: schema.TypeString, + Required: true, + }, + "description": { + Description: "The description of the organization role.", + Type: schema.TypeString, + Optional: true, + }, + "base_role": { + Description: "The base role for the organization role.", + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateDiagFunc: validateValueFunc([]string{"read", "triage", "write", "maintain", "admin"}), + }, + "permissions": { + Description: "The permissions for the organization role.", + Type: schema.TypeSet, + Required: true, + Elem: &schema.Schema{Type: schema.TypeString}, + MinItems: 1, + }, + }, + } +} + +func resourceGithubOrganizationRoleCreate(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + orgName := meta.(*Owner).name + ctx := context.Background() + + permissions := d.Get("permissions").(*schema.Set).List() + permissionsStr := make([]string, len(permissions)) + for i, v := range permissions { + permissionsStr[i] = v.(string) + } + + role, _, err := client.Organizations.CreateCustomOrgRole(ctx, orgName, &github.CreateOrUpdateOrgRoleOptions{ + Name: github.String(d.Get("name").(string)), + Description: github.String(d.Get("description").(string)), + BaseRole: github.String(d.Get("base_role").(string)), + Permissions: permissionsStr, + }) + if err != nil { + return fmt.Errorf("error creating GitHub custom organization role (%s/%s): %s", orgName, d.Get("name").(string), err) + } + + d.SetId(fmt.Sprint(role.GetID())) + return resourceGithubOrganizationRoleRead(d, meta) +} + +func resourceGithubOrganizationRoleRead(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId, err := strconv.ParseInt(d.Id(), 10, 64) + if err != nil { + return err + } + + role, _, err := client.Organizations.GetOrgRole(ctx, orgName, roleId) + if err != nil { + if ghErr, ok := err.(*github.ErrorResponse); ok { + if ghErr.Response.StatusCode == http.StatusNotFound { + log.Printf("[WARN] GitHub custom organization role (%s/%d) not found, removing from state", orgName, roleId) + d.SetId("") + return nil + } + } + return err + } + + if err = d.Set("role_id", role.GetID()); err != nil { + return err + } + if err = d.Set("name", role.Name); err != nil { + return err + } + if err = d.Set("description", role.Description); err != nil { + return err + } + if err = d.Set("base_role", role.BaseRole); err != nil { + return err + } + if err = d.Set("permissions", role.Permissions); err != nil { + return err + } + + return nil +} + +func resourceGithubOrganizationRoleUpdate(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId, err := strconv.ParseInt(d.Id(), 10, 64) + if err != nil { + return err + } + + permissions := d.Get("permissions").(*schema.Set).List() + permissionsStr := make([]string, len(permissions)) + for i, v := range permissions { + permissionsStr[i] = v.(string) + } + + update := &github.CreateOrUpdateOrgRoleOptions{ + Name: github.String(d.Get("name").(string)), + Description: github.String(d.Get("description").(string)), + BaseRole: github.String(d.Get("base_role").(string)), + Permissions: permissionsStr, + } + + _, _, err = client.Organizations.UpdateCustomOrgRole(ctx, orgName, roleId, update) + if err != nil { + return fmt.Errorf("error updating GitHub custom organization role (%s/%s): %s", orgName, d.Get("name").(string), err) + } + + return resourceGithubOrganizationRoleRead(d, meta) +} + +func resourceGithubOrganizationRoleDelete(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId, err := strconv.ParseInt(d.Id(), 10, 64) + if err != nil { + return err + } + + _, err = client.Organizations.DeleteCustomOrgRole(ctx, orgName, roleId) + if err != nil { + return fmt.Errorf("Error deleting GitHub custom organization role %s (%d): %s", orgName, roleId, err) + } + + return nil +} diff --git a/github/resource_github_organization_role_team.go b/github/resource_github_organization_role_team.go new file mode 100644 index 0000000000..f5a9baf03d --- /dev/null +++ b/github/resource_github_organization_role_team.go @@ -0,0 +1,138 @@ +package github + +import ( + "context" + "log" + "strconv" + + "github.com/google/go-github/v66/github" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceGithubOrganizationRoleTeam() *schema.Resource { + return &schema.Resource{ + Description: "Manage an association between an organization role and a team.", + + Create: resourceGithubOrganizationRoleTeamCreate, + Read: resourceGithubOrganizationRoleTeamRead, + Delete: resourceGithubOrganizationRoleTeamDelete, + Importer: &schema.ResourceImporter{ + StateContext: schema.ImportStatePassthroughContext, + }, + + Schema: map[string]*schema.Schema{ + "role_id": { + Description: "The ID of the organization role.", + Type: schema.TypeInt, + Required: true, + ForceNew: true, + }, + "team_slug": { + Description: "The slug of the team name.", + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + }, + } +} + +func resourceGithubOrganizationRoleTeamCreate(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId := int64(d.Get("role_id").(int)) + teamSlug := d.Get("team_slug").(string) + + _, err = client.Organizations.AssignOrgRoleToTeam(ctx, orgName, teamSlug, roleId) + if err != nil { + return err + } + + d.SetId(buildTwoPartID(strconv.FormatInt(roleId, 10), teamSlug)) + + return resourceGithubOrganizationRoleTeamRead(d, meta) +} + +func resourceGithubOrganizationRoleTeamRead(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleIdString, teamSlug, err := parseTwoPartID(d.Id(), "role_id", "team_slug") + if err != nil { + return err + } + roleId, err := strconv.ParseInt(roleIdString, 10, 64) + if err != nil { + return err + } + + opts := &github.ListOptions{ + PerPage: maxPerPage, + } + + var team *github.Team + for { + teams, resp, err := client.Organizations.ListTeamsAssignedToOrgRole(ctx, orgName, roleId, opts) + if err != nil { + return err + } + + for _, t := range teams { + if t.GetSlug() == teamSlug { + team = t + break + } + } + + if resp.NextPage == 0 { + break + } + opts.Page = resp.NextPage + } + + if team == nil { + log.Printf("[INFO] Removing organization role team (%d:%s) from state because it no longer exists in GitHub", roleId, teamSlug) + d.SetId("") + return nil + } + + if err = d.Set("role_id", roleId); err != nil { + return err + } + + if err = d.Set("team_slug", teamSlug); err != nil { + return err + } + + return nil +} + +func resourceGithubOrganizationRoleTeamDelete(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId := int64(d.Get("role_id").(int)) + teamSlug := d.Get("team_slug").(string) + + _, err = client.Organizations.RemoveOrgRoleFromTeam(ctx, orgName, teamSlug, roleId) + return err +} diff --git a/github/resource_github_organization_role_team_test.go b/github/resource_github_organization_role_team_test.go new file mode 100644 index 0000000000..266871b4c0 --- /dev/null +++ b/github/resource_github_organization_role_team_test.go @@ -0,0 +1,42 @@ +package github + +import ( + "fmt" + "strconv" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccGithubOrganizationRoleTeam(t *testing.T) { + t.Run("adds team to an organization org role", func(t *testing.T) { + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + teamName := fmt.Sprintf("tf-acc-team-%s", randomID) + roleId := 8134 + config := fmt.Sprintf(` + resource "github_team" "test" { + name = "%s" + } + + resource "github_organization_role_team" "test" { + role_id = %d + team_slug = github_team.test.slug + } + `, teamName, roleId) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, organization) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("github_organization_role_team.test", "role_id", strconv.Itoa(roleId)), + resource.TestCheckResourceAttrPair("github_team.test", "slug", "github_organization_role_team.test", "team_slug"), + ), + }, + }, + }) + }) +} diff --git a/github/resource_github_organization_role_test.go b/github/resource_github_organization_role_test.go new file mode 100644 index 0000000000..55eac10c89 --- /dev/null +++ b/github/resource_github_organization_role_test.go @@ -0,0 +1,85 @@ +package github + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccGithubOrganizationRole(t *testing.T) { + t.Run("can create an organization role without erroring", func(t *testing.T) { + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + name := fmt.Sprintf("tf-acc-org-role-%s", randomID) + description := "This is a test org role." + baseRole := "write" + permission0 := "read_organization_actions_usage_metrics" + permission1 := "read_audit_logs" + config := fmt.Sprintf(` + resource "github_organization_role" "test" { + name = "%s" + description = "%s" + base_role = "%s" + permissions = [ + "%s", + %s + ] + } + `, name, description, baseRole, permission0, permission1) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, enterprise) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("github_organization_role.test", "id"), + resource.TestCheckResourceAttrSet("github_organization_role.test", "role_id"), + resource.TestCheckResourceAttr("github_organization_role.test", "name", name), + resource.TestCheckResourceAttr("github_organization_role.test", "description", description), + resource.TestCheckResourceAttr("github_organization_role.test", "base_role", baseRole), + resource.TestCheckResourceAttrSet("github_organization_role.test", "permissions.#"), + resource.TestCheckResourceAttr("github_organization_role.test", "permissions.#", "2"), + resource.TestCheckResourceAttr("github_organization_role.test", "permissions.0", permission0), + resource.TestCheckResourceAttr("github_organization_role.test", "permissions.1", permission1), + ), + }, + }, + }) + }) + + t.Run("can create an minimal organization role without erroring", func(t *testing.T) { + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + name := fmt.Sprintf("tf-acc-org-role-%s", randomID) + permission0 := "read_organization_actions_usage_metrics" + + config := fmt.Sprintf(` + resource "github_organization_role" "test" { + name = "%s" + permissions = [ + "%s" + ] + } + `, name, permission0) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, enterprise) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("github_organization_role.test", "id"), + resource.TestCheckResourceAttr("github_organization_role.test", "name", name), + resource.TestCheckResourceAttrSet("github_organization_role.test", "base_role"), + resource.TestCheckResourceAttrSet("github_organization_role.test", "permissions.#"), + resource.TestCheckResourceAttr("github_organization_role.test", "permissions.#", "1"), + resource.TestCheckResourceAttr("github_organization_role.test", "permissions.0", permission0), + ), + }, + }, + }) + }) +} diff --git a/github/resource_github_organization_role_user.go b/github/resource_github_organization_role_user.go new file mode 100644 index 0000000000..2339e39f43 --- /dev/null +++ b/github/resource_github_organization_role_user.go @@ -0,0 +1,138 @@ +package github + +import ( + "context" + "log" + "strconv" + + "github.com/google/go-github/v66/github" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceGithubOrganizationRoleUser() *schema.Resource { + return &schema.Resource{ + Description: "Manage an association between an organization role and a user.", + + Create: resourceGithubOrganizationRoleUserCreate, + Read: resourceGithubOrganizationRoleUserRead, + Delete: resourceGithubOrganizationRoleUserDelete, + Importer: &schema.ResourceImporter{ + StateContext: schema.ImportStatePassthroughContext, + }, + + Schema: map[string]*schema.Schema{ + "role_id": { + Description: "The unique identifier of the organization role.", + Type: schema.TypeInt, + Required: true, + ForceNew: true, + }, + "login": { + Description: "The login for the GitHub user account.", + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + }, + } +} + +func resourceGithubOrganizationRoleUserCreate(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId := int64(d.Get("role_id").(int)) + login := d.Get("login").(string) + + _, err = client.Organizations.AssignOrgRoleToUser(ctx, orgName, login, roleId) + if err != nil { + return err + } + + d.SetId(buildTwoPartID(strconv.FormatInt(roleId, 10), login)) + + return resourceGithubOrganizationRoleUserRead(d, meta) +} + +func resourceGithubOrganizationRoleUserRead(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleIdString, login, err := parseTwoPartID(d.Id(), "role_id", "login") + if err != nil { + return err + } + roleId, err := strconv.ParseInt(roleIdString, 10, 64) + if err != nil { + return err + } + + opts := &github.ListOptions{ + PerPage: maxPerPage, + } + + var user *github.User + for { + users, resp, err := client.Organizations.ListUsersAssignedToOrgRole(ctx, orgName, roleId, opts) + if err != nil { + return err + } + + for _, u := range users { + if u.GetLogin() == login { + user = u + break + } + } + + if resp.NextPage == 0 { + break + } + opts.Page = resp.NextPage + } + + if user == nil { + log.Printf("[INFO] Removing organization role User (%d:%s) from state because it no longer exists in GitHub", roleId, login) + d.SetId("") + return nil + } + + if err = d.Set("role_id", roleId); err != nil { + return err + } + + if err = d.Set("login", login); err != nil { + return err + } + + return nil +} + +func resourceGithubOrganizationRoleUserDelete(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Owner).v3client + ctx := context.Background() + orgName := meta.(*Owner).name + + roleId := int64(d.Get("role_id").(int)) + login := d.Get("login").(string) + + _, err = client.Organizations.RemoveOrgRoleFromUser(ctx, orgName, login, roleId) + return err +} diff --git a/github/resource_github_organization_role_user_test.go b/github/resource_github_organization_role_user_test.go new file mode 100644 index 0000000000..072c470d62 --- /dev/null +++ b/github/resource_github_organization_role_user_test.go @@ -0,0 +1,41 @@ +package github + +import ( + "fmt" + "os" + "strconv" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccGithubOrganizationRoleUser(t *testing.T) { + t.Run("adds user to an organization org role", func(t *testing.T) { + login := os.Getenv("GITHUB_IN_ORG_USER") + if len(login) == 0 { + t.Skip("set inOrgUser to unskip this test run") + } + + roleId := 8134 + config := fmt.Sprintf(` + resource "github_organization_role_user" "test" { + role_id = %d + login = "%s" + } + `, roleId, login) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, organization) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("github_organization_role_user.test", "role_id", strconv.Itoa(roleId)), + resource.TestCheckResourceAttr("github_organization_role_user.test", "login", login), + ), + }, + }, + }) + }) +} diff --git a/github/resource_github_organization_security_manager_test.go b/github/resource_github_organization_security_manager_test.go index 070ad9ae4d..5fec6a7486 100644 --- a/github/resource_github_organization_security_manager_test.go +++ b/github/resource_github_organization_security_manager_test.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) -func TestAccGithubOrganizationSecurityManagers(t *testing.T) { +func TestAccGithubOrganizationSecurityManager(t *testing.T) { randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) t.Run("adds team as security manager", func(t *testing.T) { diff --git a/website/docs/d/organization_custom_role.html.markdown b/website/docs/d/organization_custom_role.html.markdown index 0fa51ac50d..b9ed7563df 100644 --- a/website/docs/d/organization_custom_role.html.markdown +++ b/website/docs/d/organization_custom_role.html.markdown @@ -7,6 +7,8 @@ description: |- # github\_organization\_custom\_role +~> **Note:** This data source is deprecated, please use the `github_organizationrepository_role` data source instead. + Use this data source to retrieve information about a custom role in a GitHub Organization. ~> Note: Custom roles are currently only available in GitHub Enterprise Cloud. diff --git a/website/docs/d/organization_repository_role.html.markdown b/website/docs/d/organization_repository_role.html.markdown new file mode 100644 index 0000000000..1ef13f6d08 --- /dev/null +++ b/website/docs/d/organization_repository_role.html.markdown @@ -0,0 +1,33 @@ +--- +layout: "github" +page_title: "GitHub: github_organization_repository_role Data Source" +description: |- + Lookup a custom organization repository role. +--- + +# github_organization_repository_role (Data Source) + +Lookup a custom organization repository role. + +~> **Note**: Custom organization repository roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +```terraform +data "github_organization_repository_role" "example" { + role_id = 1234 +} +``` + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization repository role. + +### Read-Only + +- `name` (String) The name of the organization repository role. +- `description` (String) The description of the organization repository role. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String) The permissions included in this role. diff --git a/website/docs/d/organization_repository_roles.html.markdown b/website/docs/d/organization_repository_roles.html.markdown new file mode 100644 index 0000000000..2b65549adb --- /dev/null +++ b/website/docs/d/organization_repository_roles.html.markdown @@ -0,0 +1,35 @@ +--- +layout: "github" +page_title: "GitHub: github_organization_repository_roles Data Source" +description: |- + Lookup all custom repository roles in an organization. +--- + +# github_organization_repository_roles (Data Source) + +Lookup all custom repository roles in an organization. + +~> **Note**: Custom organization repository roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +```terraform +data "github_organization_repository_roles" "example" { +} +``` + +## Schema + +### Read-Only + +- `roles` (Set of Object, see [schema](#nested-schema-for-roles)) Available organization repository roles. + +## Nested Schema for `roles` + +### Read-Only + +- `role_id` (Number) The ID of the organization repository role. +- `name` (String) The name of the organization repository role. +- `description` (String) The description of the organization repository role. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String) The permissions included in this role. diff --git a/website/docs/d/organization_role.html.markdown b/website/docs/d/organization_role.html.markdown new file mode 100644 index 0000000000..a6990af53d --- /dev/null +++ b/website/docs/d/organization_role.html.markdown @@ -0,0 +1,32 @@ +--- +layout: "github" +page_title: "GitHub: github_organization_role Data Source" +description: |- + Lookup a custom organization role. +--- + +# github_organization_role (Data Source) + +Lookup a custom organization role. + +## Example Usage + +```terraform +data "github_organization_role" "example" { + role_id = 1234 +} +``` + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. + +### Read-Only + +- `name` (String) The name of the organization role. +- `description` (String) The description of the organization role. +- `source` (String) The source of this role; one of `Predefined`, `Organization`, or `Enterprise`. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String) The permissions included in this role. diff --git a/website/docs/d/organization_role_teams.html.markdown b/website/docs/d/organization_role_teams.html.markdown new file mode 100644 index 0000000000..6dfe676109 --- /dev/null +++ b/website/docs/d/organization_role_teams.html.markdown @@ -0,0 +1,37 @@ +--- +layout: "github" +page_title: "GitHub: github_organization_role_teams Data Source" +description: |- + Lookup all teams assigned to a custom organization role. +--- + +# github_organization_role_teams (Data Source) + +Lookup all teams assigned to a custom organization role. + +## Example Usage + +```terraform +data "github_organization_role_teams" "example" { + role_id = 1234 +} +``` + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. + +### Read-Only + +- `teams` (Set of Object, see [schema](#nested-schema-for-teams)) Teams assigned to the organization role. + +## Nested Schema for `teams` + +### Read-Only + +- `team_id` (Number) The ID of the team. +- `slug` (String) The Slug of the team name. +- `name` (String) The name of the team. +- `permission` (String) The permission that the team will have for its repositories. diff --git a/website/docs/d/organization_role_users.html.markdown b/website/docs/d/organization_role_users.html.markdown new file mode 100644 index 0000000000..6ff6d46668 --- /dev/null +++ b/website/docs/d/organization_role_users.html.markdown @@ -0,0 +1,35 @@ +--- +layout: "github" +page_title: "GitHub: github_organization_role_users Data Source" +description: |- + Lookup all users assigned to a custom organization role. +--- + +# github_organization_role_users (Data Source) + +Lookup all users assigned to a custom organization role. + +## Example Usage + +```terraform +data "github_organization_role_users" "example" { + role_id = 1234 +} +``` + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. + +### Read-Only + +- `users` (Set of Object, see [schema](#nested-schema-for-users)) Users assigned to the organization role. + +## Nested Schema for `users` + +### Read-Only + +- `user_id` (Number) The ID of the user. +- `login` (String) The login for the GitHub user account. diff --git a/website/docs/d/organization_roles.html.markdown b/website/docs/d/organization_roles.html.markdown new file mode 100644 index 0000000000..78890f6d49 --- /dev/null +++ b/website/docs/d/organization_roles.html.markdown @@ -0,0 +1,34 @@ +--- +layout: "github" +page_title: "GitHub: github_organization_roles Data Source" +description: |- + Lookup all custom roles in an organization. +--- + +# github_organization_roles (Data Source) + +Lookup all custom roles in an organization. + +## Example Usage + +```terraform +data "github_organization_roles" "example" { +} +``` + +## Schema + +### Read-Only + +- `roles` (Set of Object, see [schema](#nested-schema-for-roles)) Available organization roles. + +## Nested Schema for `roles` + +### Read-Only + +- `role_id` (Number) The ID of the organization role. +- `name` (String) The name of the organization role. +- `description` (String) The description of the organization role. +- `source` (String) The source of this role; one of `Predefined`, `Organization`, or `Enterprise`. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String) The permissions included in this role. diff --git a/website/docs/d/organization_security_managers.html.markdown b/website/docs/d/organization_security_managers.html.markdown new file mode 100644 index 0000000000..3ebea2770d --- /dev/null +++ b/website/docs/d/organization_security_managers.html.markdown @@ -0,0 +1,29 @@ +--- +layout: "github" +page_title: "GitHub: github_organization_security_managers" +description: |- + Get the security managers for an organization. +--- + +# github_organization_security_managers + +Use this data source to retrieve the security managers for an organization. + +## Example Usage + +```hcl +data "github_organization_security_managers" "test" {} +``` + +## Attributes Reference + + * `teams` - An list of GitHub teams. Each `team` block consists of the fields documented below. + +___ + +The `team` block consists of: + + * `id` - Unique identifier of the team. + * `slug` - Name based identifier of the team. + * `name` - Name of the team. + * `permission` - Permission that the team will have for its repositories. diff --git a/website/docs/r/organization_custom_role.html.markdown b/website/docs/r/organization_custom_role.html.markdown index 683009c741..d2ae89d5d8 100644 --- a/website/docs/r/organization_custom_role.html.markdown +++ b/website/docs/r/organization_custom_role.html.markdown @@ -7,7 +7,9 @@ description: |- # github\_organization\_custom\_role -This resource allows you to create and manage custom roles in a GitHub Organization for use in repositories. +~> **Note:** This resource is deprecated, please use the `github_organizationrepository_role` resource instead. + +This resource allows you to create and manage custom roles in a GitHub Organization for use in repositories. ~> Note: Custom roles are currently only available in GitHub Enterprise Cloud. diff --git a/website/docs/r/organization_repository_role.html.markdown b/website/docs/r/organization_repository_role.html.markdown new file mode 100644 index 0000000000..4faa56d1a8 --- /dev/null +++ b/website/docs/r/organization_repository_role.html.markdown @@ -0,0 +1,50 @@ +--- +layout: "github" +page_title: "GitHub: github_organization_repository_role Resource" +description: |- + Manage a custom organization repository role. +--- + +# github_organization_repository_role (Resource) + +Manage a custom organization repository role. + +~> **Note**: Custom organization repository roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +```terraform +resource "github_organization_repository_role" "example" { + name = "example" + base_role = "read" + + permissions = [ + "add_assignee", + "add_label" + ] +} +``` + +## Schema + +### Required + +- `name` (String) The name of the organization repository role. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String, Min: 1) The permissions included in this role. + +### Optional + +- `description` (String) The description of the organization repository role. + +### Read-Only + +- `role_id` (Number) The ID of the organization repository role. + +## Import + +A custom organization repository role can be imported using its ID. + +```shell +terraform import github_organization_repository_role.example 1234 +``` diff --git a/website/docs/r/organization_role.html.markdown b/website/docs/r/organization_role.html.markdown new file mode 100644 index 0000000000..b28eb728a0 --- /dev/null +++ b/website/docs/r/organization_role.html.markdown @@ -0,0 +1,50 @@ +--- +layout: "github" +page_title: "GitHub: github_organization_role Resource" +description: |- + Manage a custom organization role. +--- + +# github_organization_role (Resource) + +Manage a custom organization role. + +~> **Note**: Custom organization roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +```terraform +resource "github_organization_role" "example" { + name = "example" + base_role = "read" + + permissions = [ + "read_organization_custom_org_role", + "read_organization_custom_repo_role" + ] +} +``` + +## Schema + +### Required + +- `name` (String) The name of the organization role. +- `permissions` (Set of String, Min: 1) The permissions included in this role. + +### Optional + +- `description` (String) The description of the organization role. +- `base_role` (String) The system role from which this role inherits permissions. + +### Read-Only + +- `role_id` (Number) The ID of the organization role. + +## Import + +A custom organization role can be imported using its ID. + +```shell +terraform import github_organization_role.example 1234 +``` diff --git a/website/docs/r/organization_role_team.html.markdown b/website/docs/r/organization_role_team.html.markdown new file mode 100644 index 0000000000..5518bb19bb --- /dev/null +++ b/website/docs/r/organization_role_team.html.markdown @@ -0,0 +1,34 @@ +--- +layout: "github" +page_title: "GitHub: github_organization_role_team Resource" +description: |- + Manage an association between an organization role and a team. +--- + +# github_organization_role_team (Resource) + +Manage an association between an organization role and a team. + +## Example Usage + +```terraform +resource "github_organization_role_team" "example" { + role_id = 1234 + team_slug = "example-team" +} +``` + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. +- `team_slug` (String) The slug of the team name. + +## Import + +An organization role team association can be imported using the role ID and the team slug separated by a `:`. + +```shell +terraform import github_organization_role_team.example "1234:example-team" +``` diff --git a/website/docs/r/organization_role_user.html.markdown b/website/docs/r/organization_role_user.html.markdown new file mode 100644 index 0000000000..c2a92c8a87 --- /dev/null +++ b/website/docs/r/organization_role_user.html.markdown @@ -0,0 +1,34 @@ +--- +layout: "github" +page_title: "GitHub: github_organization_role_user Resource" +description: |- + Manage an association between an organization role and a user. +--- + +# github_organization_role_user (Resource) + +Manage an association between an organization role and a user. + +## Example Usage + +```terraform +resource "github_organization_role_user" "example" { + role_id = 1234 + login = "example-user" +} +``` + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. +- `login` (String) The login for the GitHub user account. + +## Import + +An organization role user association can be imported using the role ID and the user login separated by a `:`. + +```shell +terraform import github_organization_role_team.example "1234:example-user" +``` diff --git a/website/github.erb b/website/github.erb index 62cac71347..35ce675c7e 100644 --- a/website/github.erb +++ b/website/github.erb @@ -121,6 +121,27 @@
  • github_organization_ip_allow_list
  • +
  • + organization_repository_role +
  • +
  • + organization_repository_roles +
  • +
  • + organization_role +
  • +
  • + organization_role_teams +
  • +
  • + organization_role_users +
  • +
  • + organization_roles +
  • +
  • + github_organization_security_managers +
  • github_organization_team_sync_groups
  • @@ -283,6 +304,18 @@
  • github_organization_project
  • +
  • + organization_repository_role +
  • +
  • + organization_role +
  • +
  • + organization_role_team +
  • +
  • + organization_role_user +
  • github_organization_ruleset
  • @@ -335,7 +368,7 @@ github_repository_environment_secret
  • - github_repository_environment_variable + github_repository_environment_variable
  • github_repository_file