From e5cef986524652a4ca700e6378b42c44bed9140a Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 19 Dec 2024 12:33:15 -0800 Subject: [PATCH 01/10] give eng admin test --- terraform/repo-2.tf | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 terraform/repo-2.tf diff --git a/terraform/repo-2.tf b/terraform/repo-2.tf new file mode 100644 index 0000000..cf6fb5f --- /dev/null +++ b/terraform/repo-2.tf @@ -0,0 +1,5 @@ +resource "github_team_repository" "repo-1" { + team_id = "engineers" + repository = "repo-2" + permission = "admin" +} From f5a69922f99c3a28b963a4762bf002d15e53b2de Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 19 Dec 2024 12:34:46 -0800 Subject: [PATCH 02/10] fix --- terraform/repo-2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/repo-2.tf b/terraform/repo-2.tf index cf6fb5f..6fc4fd7 100644 --- a/terraform/repo-2.tf +++ b/terraform/repo-2.tf @@ -1,4 +1,4 @@ -resource "github_team_repository" "repo-1" { +resource "github_team_repository" "repo-2" { team_id = "engineers" repository = "repo-2" permission = "admin" From 3add2361a02eb2b96b68323f1f8e15c8edf52e28 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 19 Dec 2024 12:39:39 -0800 Subject: [PATCH 03/10] change permission --- README.md | 10 ++++++++++ terraform/repo-2.tf | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7f9dbbe..5ae041b 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,13 @@ # repo-access A demo using the GitHub terraform provider to manage access to repos within an org + +## Usage + +Valid Permissions: + +- `pull` (read) default +- `triage` +- `push` (write) +- `maintain` +- `admin` diff --git a/terraform/repo-2.tf b/terraform/repo-2.tf index 6fc4fd7..f27ef1d 100644 --- a/terraform/repo-2.tf +++ b/terraform/repo-2.tf @@ -1,5 +1,5 @@ resource "github_team_repository" "repo-2" { team_id = "engineers" repository = "repo-2" - permission = "admin" + permission = "write" } From 8ccc4f26bc3f02560c1f74fe26340c97983ff7ec Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 19 Dec 2024 12:42:14 -0800 Subject: [PATCH 04/10] push --- terraform/repo-2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/repo-2.tf b/terraform/repo-2.tf index f27ef1d..b09ada9 100644 --- a/terraform/repo-2.tf +++ b/terraform/repo-2.tf @@ -1,5 +1,5 @@ resource "github_team_repository" "repo-2" { team_id = "engineers" repository = "repo-2" - permission = "write" + permission = "push" } From 73c7e3fe7740a32006b5559bc5032bff13510e3a Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 19 Dec 2024 12:45:55 -0800 Subject: [PATCH 05/10] add the admins --- terraform/repo-2.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/terraform/repo-2.tf b/terraform/repo-2.tf index b09ada9..67a8f2c 100644 --- a/terraform/repo-2.tf +++ b/terraform/repo-2.tf @@ -3,3 +3,9 @@ resource "github_team_repository" "repo-2" { repository = "repo-2" permission = "push" } + +resource "github_team_repository" "repo-2" { + team_id = "admins" + repository = "repo-2" + permission = "admin" +} From 7881057aee4941ef89ec8a5c061eb5345a3af9cb Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 19 Dec 2024 13:02:18 -0800 Subject: [PATCH 06/10] try with a module --- terraform/.terraform.lock.hcl | 22 ++++++++++++++++++++++ terraform/modules/repo_access/main.tf | 19 +++++++++++++++++++ terraform/repo-2.tf | 23 ++++++++++++++--------- 3 files changed, 55 insertions(+), 9 deletions(-) create mode 100644 terraform/modules/repo_access/main.tf diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index 9cda9ed..442914d 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -1,6 +1,28 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/hashicorp/github" { + version = "6.4.0" + hashes = [ + "h1:YiGCvjr7R77HGTzw81legWicEHApVTli8O+ooDpLexE=", + "zh:00f431c2a2510efcb1115442dda5e90815bcb16e1a3301679ade0139fa963d3b", + "zh:12a862f4317b3cb65682c1b687650cd91eeee99e63774bdcfa8bcfc64bad097b", + "zh:226d5e09ff27f94cb9336089181d26f85cb30219b863a579597f2e107f37de49", + "zh:402ecaa5add568a52ee01d816810f3b90f693be35c680fcdc9b6284bf55326f1", + "zh:60e3bdd9fbefb3c1d790bc08889c1dc0e83636b82284faaa709411aa4f96bb9f", + "zh:625099eeff2f8aaecd22a24a451b326828435c8f9de86f2e5e99872e7b467fa7", + "zh:79e8b665421009df2260f50e10da1f7a7863b557ece96e2b07dfd2fad1e86fcd", + "zh:98e471fefc93dcfedeec750c694110db7d3331dc3a256191d30b9d2f70d12157", + "zh:a17702765e1fa92d1c288ddfd97075819ad61b344b341be7e09c554c841a6d9e", + "zh:ca72ccf40624ae26bf4660d8dd84a51638f0a1e78d5f19fdfaafaef97f838af6", + "zh:d009ab5527d45c44c424d26cd2eb51a5a6a6448f3fb1023b675789588cc08d64", + "zh:e5811be1e942a75b14dfcd3e03523d8df60cfbde0d7e24d75e78480a02a58949", + "zh:e6008ad28225ad6996b06bcd7f3070863329df406a56754e7fb9c31d6301ace4", + "zh:f1d93f56ea4f87183a5de4780704907605851d95a2d285a9ec755bf784c5569c", + "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", + ] +} + provider "registry.terraform.io/integrations/github" { version = "6.4.0" constraints = "~> 6.0" diff --git a/terraform/modules/repo_access/main.tf b/terraform/modules/repo_access/main.tf new file mode 100644 index 0000000..2614521 --- /dev/null +++ b/terraform/modules/repo_access/main.tf @@ -0,0 +1,19 @@ +variable "repo" { + description = "The name of the GitHub repository" + type = string +} + +variable "access" { + description = "List of team access configurations" + type = list(object({ + team = string + permission = string + })) +} + +resource "github_team_repository" "repo_access" { + for_each = { for team in var.access : team.team => team } + repository = var.repo + team_id = each.value.team + permission = each.value.permission +} diff --git a/terraform/repo-2.tf b/terraform/repo-2.tf index 67a8f2c..4f3af95 100644 --- a/terraform/repo-2.tf +++ b/terraform/repo-2.tf @@ -1,11 +1,16 @@ -resource "github_team_repository" "repo-2" { - team_id = "engineers" - repository = "repo-2" - permission = "push" -} +module "repo_access" { + source = "./modules/repo_access" + + repo = "repo-2" -resource "github_team_repository" "repo-2" { - team_id = "admins" - repository = "repo-2" - permission = "admin" + access = [ + { + team = "engineers" + permission = "push" + }, + { + team = "admins" + permission = "admin" + } + ] } From d167707d6a53868cdb37376170bb9a4f29e48bf9 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 19 Dec 2024 13:16:48 -0800 Subject: [PATCH 07/10] set owner again --- terraform/modules/repo_access/main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/terraform/modules/repo_access/main.tf b/terraform/modules/repo_access/main.tf index 2614521..4748e12 100644 --- a/terraform/modules/repo_access/main.tf +++ b/terraform/modules/repo_access/main.tf @@ -11,6 +11,12 @@ variable "access" { })) } +variable "owner" { + description = "The owner of the GitHub repository (organization or user)" + type = string + default = "birki-sandbox" +} + resource "github_team_repository" "repo_access" { for_each = { for team in var.access : team.team => team } repository = var.repo From 99107e8b2d12f7485c0dd5a9e44ea25bf2d60f99 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 19 Dec 2024 13:30:36 -0800 Subject: [PATCH 08/10] test --- terraform/modules/{repo_access => access}/main.tf | 8 +------- terraform/repo-2.tf | 4 ++-- 2 files changed, 3 insertions(+), 9 deletions(-) rename terraform/modules/{repo_access => access}/main.tf (66%) diff --git a/terraform/modules/repo_access/main.tf b/terraform/modules/access/main.tf similarity index 66% rename from terraform/modules/repo_access/main.tf rename to terraform/modules/access/main.tf index 4748e12..f6a4310 100644 --- a/terraform/modules/repo_access/main.tf +++ b/terraform/modules/access/main.tf @@ -11,13 +11,7 @@ variable "access" { })) } -variable "owner" { - description = "The owner of the GitHub repository (organization or user)" - type = string - default = "birki-sandbox" -} - -resource "github_team_repository" "repo_access" { +resource "github_team_repository" "access" { for_each = { for team in var.access : team.team => team } repository = var.repo team_id = each.value.team diff --git a/terraform/repo-2.tf b/terraform/repo-2.tf index 4f3af95..786e38b 100644 --- a/terraform/repo-2.tf +++ b/terraform/repo-2.tf @@ -1,5 +1,5 @@ -module "repo_access" { - source = "./modules/repo_access" +module "access" { + source = "./modules/access" repo = "repo-2" From 1c3d6807ad6416a5b11c80ecb5e3e4ec7dcd78d5 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 19 Dec 2024 13:47:38 -0800 Subject: [PATCH 09/10] test using yaml --- repos/repo-1.yaml | 2 ++ terraform/.terraform.lock.hcl | 22 ---------------------- terraform/main.tf | 16 ++++++++++++++++ terraform/modules/access/main.tf | 19 ------------------- terraform/repo-1.tf | 5 ----- terraform/repo-2.tf | 16 ---------------- 6 files changed, 18 insertions(+), 62 deletions(-) create mode 100644 repos/repo-1.yaml create mode 100644 terraform/main.tf delete mode 100644 terraform/modules/access/main.tf delete mode 100644 terraform/repo-1.tf delete mode 100644 terraform/repo-2.tf diff --git a/repos/repo-1.yaml b/repos/repo-1.yaml new file mode 100644 index 0000000..b64cbc8 --- /dev/null +++ b/repos/repo-1.yaml @@ -0,0 +1,2 @@ +- team: engineers + permission: pull diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index 442914d..9cda9ed 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -1,28 +1,6 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. -provider "registry.terraform.io/hashicorp/github" { - version = "6.4.0" - hashes = [ - "h1:YiGCvjr7R77HGTzw81legWicEHApVTli8O+ooDpLexE=", - "zh:00f431c2a2510efcb1115442dda5e90815bcb16e1a3301679ade0139fa963d3b", - "zh:12a862f4317b3cb65682c1b687650cd91eeee99e63774bdcfa8bcfc64bad097b", - "zh:226d5e09ff27f94cb9336089181d26f85cb30219b863a579597f2e107f37de49", - "zh:402ecaa5add568a52ee01d816810f3b90f693be35c680fcdc9b6284bf55326f1", - "zh:60e3bdd9fbefb3c1d790bc08889c1dc0e83636b82284faaa709411aa4f96bb9f", - "zh:625099eeff2f8aaecd22a24a451b326828435c8f9de86f2e5e99872e7b467fa7", - "zh:79e8b665421009df2260f50e10da1f7a7863b557ece96e2b07dfd2fad1e86fcd", - "zh:98e471fefc93dcfedeec750c694110db7d3331dc3a256191d30b9d2f70d12157", - "zh:a17702765e1fa92d1c288ddfd97075819ad61b344b341be7e09c554c841a6d9e", - "zh:ca72ccf40624ae26bf4660d8dd84a51638f0a1e78d5f19fdfaafaef97f838af6", - "zh:d009ab5527d45c44c424d26cd2eb51a5a6a6448f3fb1023b675789588cc08d64", - "zh:e5811be1e942a75b14dfcd3e03523d8df60cfbde0d7e24d75e78480a02a58949", - "zh:e6008ad28225ad6996b06bcd7f3070863329df406a56754e7fb9c31d6301ace4", - "zh:f1d93f56ea4f87183a5de4780704907605851d95a2d285a9ec755bf784c5569c", - "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", - ] -} - provider "registry.terraform.io/integrations/github" { version = "6.4.0" constraints = "~> 6.0" diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 0000000..f1e1921 --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,16 @@ +locals { + repos = { for f in fileset(path.module, "../repos/**.yaml") : + trimsuffix(basename(f), ".yaml") => [ + for entry in yamldecode(file(f)) : + merge(entry, { "repo_name" = trimsuffix(basename(f), ".yaml") }) + ] + } +} + +resource "github_team_repository" "repo_access" { + for_each = { for repo, teams in local.repos : repo => teams } + + repository = each.value[0].repo_name + team_id = each.value[0].team + permission = each.value[0].permission +} diff --git a/terraform/modules/access/main.tf b/terraform/modules/access/main.tf deleted file mode 100644 index f6a4310..0000000 --- a/terraform/modules/access/main.tf +++ /dev/null @@ -1,19 +0,0 @@ -variable "repo" { - description = "The name of the GitHub repository" - type = string -} - -variable "access" { - description = "List of team access configurations" - type = list(object({ - team = string - permission = string - })) -} - -resource "github_team_repository" "access" { - for_each = { for team in var.access : team.team => team } - repository = var.repo - team_id = each.value.team - permission = each.value.permission -} diff --git a/terraform/repo-1.tf b/terraform/repo-1.tf deleted file mode 100644 index 1e569d0..0000000 --- a/terraform/repo-1.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "github_team_repository" "repo-1" { - team_id = "engineers" - repository = "repo-1" - permission = "pull" -} diff --git a/terraform/repo-2.tf b/terraform/repo-2.tf deleted file mode 100644 index 786e38b..0000000 --- a/terraform/repo-2.tf +++ /dev/null @@ -1,16 +0,0 @@ -module "access" { - source = "./modules/access" - - repo = "repo-2" - - access = [ - { - team = "engineers" - permission = "push" - }, - { - team = "admins" - permission = "admin" - } - ] -} From 50cb132db5ad0b19d554d6a8a71fa11654da541f Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Thu, 19 Dec 2024 13:49:18 -0800 Subject: [PATCH 10/10] another test --- repos/repo-2.yaml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 repos/repo-2.yaml diff --git a/repos/repo-2.yaml b/repos/repo-2.yaml new file mode 100644 index 0000000..cf9c740 --- /dev/null +++ b/repos/repo-2.yaml @@ -0,0 +1,4 @@ +- team: engineers + permission: pull +- team: admins + permission: admin