-
Notifications
You must be signed in to change notification settings - Fork 697
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add repo action access level resource (#1448)
- Loading branch information
Showing
5 changed files
with
238 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
package github | ||
|
||
import ( | ||
"context" | ||
"github.com/google/go-github/v48/github" | ||
"github.com/hashicorp/terraform-plugin-sdk/helper/schema" | ||
"github.com/hashicorp/terraform-plugin-sdk/helper/validation" | ||
) | ||
|
||
func resourceGithubActionsRepositoryAccessLevel() *schema.Resource { | ||
return &schema.Resource{ | ||
Create: resourceGithubActionsRepositoryAccessLevelCreateOrUpdate, | ||
Read: resourceGithubActionsRepositoryAccessLevelRead, | ||
Update: resourceGithubActionsRepositoryAccessLevelCreateOrUpdate, | ||
Delete: resourceGithubActionsRepositoryAccessLevelDelete, | ||
Importer: &schema.ResourceImporter{ | ||
State: schema.ImportStatePassthrough, | ||
}, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
"access_level": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ValidateFunc: validation.StringInSlice([]string{"none", "user", "organization", "enterprise"}, false), | ||
}, | ||
"repository": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ValidateFunc: validation.StringLenBetween(1, 100), | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func resourceGithubActionsRepositoryAccessLevelCreateOrUpdate(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*Owner).v3client | ||
owner := meta.(*Owner).name | ||
repoName := d.Get("repository").(string) | ||
ctx := context.Background() | ||
if !d.IsNewResource() { | ||
ctx = context.WithValue(ctx, ctxId, d.Id()) | ||
} | ||
|
||
accessLevel := d.Get("access_level").(string) | ||
actionAccessLevel := github.RepositoryActionsAccessLevel{ | ||
AccessLevel: github.String(accessLevel), | ||
} | ||
|
||
_, err := client.Repositories.EditActionsAccessLevel(ctx, owner, repoName, actionAccessLevel) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
d.SetId(repoName) | ||
return resourceGithubActionsRepositoryAccessLevelRead(d, meta) | ||
} | ||
|
||
func resourceGithubActionsRepositoryAccessLevelRead(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*Owner).v3client | ||
owner := meta.(*Owner).name | ||
repoName := d.Id() | ||
ctx := context.WithValue(context.Background(), ctxId, repoName) | ||
|
||
actionAccessLevel, _, err := client.Repositories.GetActionsAccessLevel(ctx, owner, repoName) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
_ = d.Set("access_level", actionAccessLevel.GetAccessLevel()) | ||
|
||
return nil | ||
} | ||
|
||
func resourceGithubActionsRepositoryAccessLevelDelete(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*Owner).v3client | ||
owner := meta.(*Owner).name | ||
repoName := d.Id() | ||
ctx := context.WithValue(context.Background(), ctxId, repoName) | ||
|
||
actionAccessLevel := github.RepositoryActionsAccessLevel{ | ||
AccessLevel: github.String("none"), | ||
} | ||
_, err := client.Repositories.EditActionsAccessLevel(ctx, owner, repoName, actionAccessLevel) | ||
|
||
return err | ||
} |
108 changes: 108 additions & 0 deletions
108
github/resource_github_actions_repository_access_level_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
package github | ||
|
||
import ( | ||
"fmt" | ||
"github.com/hashicorp/terraform-plugin-sdk/helper/acctest" | ||
"github.com/hashicorp/terraform-plugin-sdk/helper/resource" | ||
"testing" | ||
) | ||
|
||
func TestAccGithubActionsRepositoryAccessLevel(t *testing.T) { | ||
t.Run("test setting of user action access level", func(t *testing.T) { | ||
randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) | ||
accessLevel := "user" | ||
config := fmt.Sprintf(` | ||
resource "github_repository" "test" { | ||
name = "tf-acc-test-topic-%[1]s" | ||
description = "Terraform acceptance tests %[1]s" | ||
topics = ["terraform", "testing"] | ||
visibility = "private" | ||
} | ||
resource "github_actions_repository_access_level" "test" { | ||
access_level = "%s" | ||
repository = github_repository.test.name | ||
} | ||
`, randomID, accessLevel) | ||
|
||
check := resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr( | ||
"github_actions_repository_access_level.test", "access_level", accessLevel, | ||
), | ||
) | ||
|
||
testCase := func(t *testing.T, mode string) { | ||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { skipUnlessMode(t, mode) }, | ||
Providers: testAccProviders, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: config, | ||
Check: check, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
t.Run("with an anonymous account", func(t *testing.T) { | ||
t.Skip("anonymous account not supported for this operation") | ||
}) | ||
|
||
t.Run("with an individual account", func(t *testing.T) { | ||
testCase(t, individual) | ||
}) | ||
|
||
t.Run("with an organization account", func(t *testing.T) { | ||
t.Skip("organization account not supported for this input") | ||
}) | ||
}) | ||
|
||
t.Run("test setting of organization action access level", func(t *testing.T) { | ||
randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) | ||
accessLevel := "organization" | ||
config := fmt.Sprintf(` | ||
resource "github_repository" "test" { | ||
name = "tf-acc-test-topic-%[1]s" | ||
description = "Terraform acceptance tests %[1]s" | ||
topics = ["terraform", "testing"] | ||
visibility = "private" | ||
} | ||
resource "github_actions_repository_access_level" "test" { | ||
access_level = "%s" | ||
repository = github_repository.test.name | ||
} | ||
`, randomID, accessLevel) | ||
|
||
check := resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttr( | ||
"github_actions_repository_access_level.test", "access_level", accessLevel, | ||
), | ||
) | ||
|
||
testCase := func(t *testing.T, mode string) { | ||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { skipUnlessMode(t, mode) }, | ||
Providers: testAccProviders, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: config, | ||
Check: check, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
t.Run("with an anonymous account", func(t *testing.T) { | ||
t.Skip("anonymous account not supported for this operation") | ||
}) | ||
|
||
t.Run("with an individual account", func(t *testing.T) { | ||
t.Skip("individual account not supported for this input") | ||
}) | ||
|
||
t.Run("with an organization account", func(t *testing.T) { | ||
testCase(t, organization) | ||
}) | ||
}) | ||
} |
40 changes: 40 additions & 0 deletions
40
website/docs/r/actions_repository_access_level.html.markdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
--- | ||
layout: "github" | ||
page_title: "GitHub: github_actions_repository_access_level" | ||
description: |- | ||
Manages Actions and Reusable Workflow access for a GitHub repository | ||
--- | ||
|
||
# github_actions_repository_access_level | ||
|
||
This resource allows you to set the access level of a non-public repositories actions and reusable workflows for use in other repositories. | ||
You must have admin access to a repository to use this resource. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
resource "github_repository" "example" { | ||
name = "my-repository" | ||
visibility = "private" | ||
} | ||
resource "github_actions_repository_access_level" "test" { | ||
access_level = "user" | ||
repository = github_repository.example.name | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are supported: | ||
|
||
* `repository` - (Required) The GitHub repository | ||
* `access_level` - (Required) Where the actions or reusable workflows of the repository may be used. Possible values are `none`, `user`, `organization`, or `enterprise`. | ||
|
||
## Import | ||
|
||
This resource can be imported using the name of the GitHub repository: | ||
|
||
``` | ||
$ terraform import github_actions_repository_access_level.test <github_repository_name> | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters