Skip to content

Commit 1d79668

Browse files
ViacheslavKudinovViacheslavKudinov
authored
Merge branch 'main' into doc/fix-app-installation-repositories-usage-example
2 parents 2e3c79f + 080c081 commit 1d79668

File tree

2 files changed

+180
-197
lines changed

2 files changed

+180
-197
lines changed

github/resource_github_actions_organization_workflow_permissions.go

Lines changed: 101 additions & 120 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,6 @@ package github
22

33
import (
44
"context"
5-
"encoding/json"
6-
"errors"
7-
"fmt"
8-
"io"
9-
"net/http"
105

116
"github.com/google/go-github/v84/github"
127
"github.com/hashicorp/terraform-plugin-log/tflog"
@@ -15,22 +10,15 @@ import (
1510
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
1611
)
1712

18-
type GithubActionsOrganizationWorkflowPermissionsErrorResponse struct {
19-
Message string `json:"message"`
20-
Errors string `json:"errors"`
21-
DocumentationURL string `json:"documentation_url"`
22-
Status string `json:"status"`
23-
}
24-
2513
func resourceGithubActionsOrganizationWorkflowPermissions() *schema.Resource {
2614
return &schema.Resource{
2715
Description: "This resource allows you to manage GitHub Actions workflow permissions for a GitHub Organization account. This controls the default permissions granted to the GITHUB_TOKEN when running workflows and whether GitHub Actions can approve pull request reviews.\n\nYou must have organization admin access to use this resource.",
28-
CreateContext: resourceGithubActionsOrganizationWorkflowPermissionsCreateOrUpdate,
16+
CreateContext: resourceGithubActionsOrganizationWorkflowPermissionsCreate,
2917
ReadContext: resourceGithubActionsOrganizationWorkflowPermissionsRead,
30-
UpdateContext: resourceGithubActionsOrganizationWorkflowPermissionsCreateOrUpdate,
18+
UpdateContext: resourceGithubActionsOrganizationWorkflowPermissionsUpdate,
3119
DeleteContext: resourceGithubActionsOrganizationWorkflowPermissionsDelete,
3220
Importer: &schema.ResourceImporter{
33-
StateContext: schema.ImportStatePassthroughContext,
21+
StateContext: resourceGithubActionsOrganizationWorkflowPermissionsImport,
3422
},
3523

3624
Schema: map[string]*schema.Schema{
@@ -57,165 +45,158 @@ func resourceGithubActionsOrganizationWorkflowPermissions() *schema.Resource {
5745
}
5846
}
5947

60-
func handleEditWorkflowPermissionsError(ctx context.Context, err error, resp *github.Response) diag.Diagnostics {
61-
var ghErr *github.ErrorResponse
62-
if errors.As(err, &ghErr) {
63-
if ghErr.Response.StatusCode == http.StatusConflict {
64-
tflog.Info(ctx, "Detected conflict with workflow permissions", map[string]any{
65-
"status_code": ghErr.Response.StatusCode,
66-
})
67-
68-
errorResponse := &GithubActionsOrganizationWorkflowPermissionsErrorResponse{}
69-
data, readError := io.ReadAll(resp.Body)
70-
if readError == nil && data != nil {
71-
unmarshalError := json.Unmarshal(data, errorResponse)
72-
if unmarshalError != nil {
73-
tflog.Error(ctx, "Failed to unmarshal error response", map[string]any{
74-
"error": unmarshalError.Error(),
75-
})
76-
return diag.FromErr(unmarshalError)
77-
}
78-
79-
tflog.Debug(ctx, "Parsed workflow permissions conflict error", map[string]any{
80-
"message": errorResponse.Message,
81-
"errors": errorResponse.Errors,
82-
"documentation_url": errorResponse.DocumentationURL,
83-
"status": errorResponse.Status,
84-
})
85-
}
86-
return diag.FromErr(fmt.Errorf("you are trying to modify a value restricted by the Enterprise's settings.\n Message: %s\n Errors: %s\n Documentation URL: %s\n Status: %s\nerr: %w", errorResponse.Message, errorResponse.Errors, errorResponse.DocumentationURL, errorResponse.Status, err))
87-
}
88-
}
89-
90-
tflog.Trace(ctx, "Returning generic error", map[string]any{
91-
"error": err.Error(),
92-
})
93-
94-
return diag.FromErr(err)
95-
}
96-
97-
func resourceGithubActionsOrganizationWorkflowPermissionsCreateOrUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
98-
tflog.Trace(ctx, "Entering Create/Update workflow permissions", map[string]any{
99-
"organization_slug": d.Get("organization_slug").(string),
100-
})
101-
102-
client := meta.(*Owner).v3client
48+
func resourceGithubActionsOrganizationWorkflowPermissionsCreate(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
49+
meta := m.(*Owner)
50+
client := meta.v3client
10351

10452
organizationSlug := d.Get("organization_slug").(string)
105-
d.SetId(organizationSlug)
106-
107-
if d.IsNewResource() {
108-
tflog.Info(ctx, "Creating organization workflow permissions", map[string]any{
109-
"organization_slug": organizationSlug,
110-
})
111-
} else {
112-
tflog.Info(ctx, "Updating organization workflow permissions", map[string]any{
113-
"organization_slug": organizationSlug,
114-
})
115-
}
53+
defaultPermissions := d.Get("default_workflow_permissions").(string)
54+
canApprovePRReviews := d.Get("can_approve_pull_request_reviews").(bool)
11655

117-
workflowPerms := github.DefaultWorkflowPermissionOrganization{}
118-
119-
if v, ok := d.GetOk("default_workflow_permissions"); ok {
120-
workflowPerms.DefaultWorkflowPermissions = new(v.(string))
121-
}
56+
ctx = tflog.SetField(ctx, "organization_slug", organizationSlug)
57+
tflog.Info(ctx, "Creating workflow permissions")
12258

123-
if v, ok := d.GetOk("can_approve_pull_request_reviews"); ok {
124-
workflowPerms.CanApprovePullRequestReviews = new(v.(bool))
59+
workflowPerms := github.DefaultWorkflowPermissionOrganization{
60+
DefaultWorkflowPermissions: new(defaultPermissions),
61+
CanApprovePullRequestReviews: new(canApprovePRReviews),
12562
}
12663

127-
tflog.Debug(ctx, "Calling GitHub API to update workflow permissions", map[string]any{
128-
"organization_slug": organizationSlug,
129-
"default_workflow_permissions": workflowPerms.DefaultWorkflowPermissions,
130-
"can_approve_pull_request_reviews": workflowPerms.CanApprovePullRequestReviews,
64+
tflog.Debug(ctx, "Calling GitHub API to create workflow permissions", map[string]any{
65+
"default_workflow_permissions": defaultPermissions,
66+
"can_approve_pull_request_reviews": canApprovePRReviews,
13167
})
132-
_, resp, err := client.Actions.UpdateDefaultWorkflowPermissionsInOrganization(ctx, organizationSlug, workflowPerms)
68+
_, _, err := client.Actions.UpdateDefaultWorkflowPermissionsInOrganization(ctx, organizationSlug, workflowPerms)
13369
if err != nil {
134-
return handleEditWorkflowPermissionsError(ctx, err, resp)
70+
return diag.FromErr(err)
13571
}
13672

137-
tflog.Trace(ctx, "Exiting Create/Update workflow permissions successfully", map[string]any{
138-
"organization_slug": organizationSlug,
139-
})
73+
d.SetId(organizationSlug)
74+
75+
tflog.Trace(ctx, "Created workflow permissions successfully")
76+
14077
return nil
14178
}
14279

143-
func resourceGithubActionsOrganizationWorkflowPermissionsRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
144-
tflog.Trace(ctx, "Entering Read workflow permissions", map[string]any{
145-
"organization_slug": d.Id(),
146-
})
80+
func resourceGithubActionsOrganizationWorkflowPermissionsRead(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
81+
meta := m.(*Owner)
82+
client := meta.v3client
14783

148-
client := meta.(*Owner).v3client
84+
organizationSlug := d.Get("organization_slug").(string)
14985

150-
organizationSlug := d.Id()
151-
tflog.Debug(ctx, "Calling GitHub API to read workflow permissions", map[string]any{
152-
"organization_slug": organizationSlug,
153-
})
86+
ctx = tflog.SetField(ctx, "id", d.Id())
87+
ctx = tflog.SetField(ctx, "organization_slug", organizationSlug)
88+
tflog.Info(ctx, "Reading workflow permissions")
15489

15590
workflowPerms, _, err := client.Actions.GetDefaultWorkflowPermissionsInOrganization(ctx, organizationSlug)
15691
if err != nil {
15792
return diag.FromErr(err)
15893
}
15994

16095
tflog.Debug(ctx, "Retrieved workflow permissions from API", map[string]any{
161-
"organization_slug": organizationSlug,
16296
"default_workflow_permissions": workflowPerms.DefaultWorkflowPermissions,
16397
"can_approve_pull_request_reviews": workflowPerms.CanApprovePullRequestReviews,
16498
})
16599

166-
if err := d.Set("organization_slug", organizationSlug); err != nil {
167-
return diag.FromErr(err)
168-
}
169100
if err := d.Set("default_workflow_permissions", workflowPerms.DefaultWorkflowPermissions); err != nil {
170101
return diag.FromErr(err)
171102
}
172103
if err := d.Set("can_approve_pull_request_reviews", workflowPerms.CanApprovePullRequestReviews); err != nil {
173104
return diag.FromErr(err)
174105
}
175106

176-
tflog.Trace(ctx, "Exiting Read workflow permissions successfully", map[string]any{
177-
"organization_slug": organizationSlug,
178-
})
107+
tflog.Trace(ctx, "Read workflow permissions successfully")
179108

180109
return nil
181110
}
182111

183-
func resourceGithubActionsOrganizationWorkflowPermissionsDelete(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
184-
tflog.Trace(ctx, "Entering Delete workflow permissions", map[string]any{
185-
"organization_slug": d.Id(),
186-
})
112+
func resourceGithubActionsOrganizationWorkflowPermissionsUpdate(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
113+
meta := m.(*Owner)
114+
client := meta.v3client
187115

188-
client := meta.(*Owner).v3client
116+
organizationSlug := d.Get("organization_slug").(string)
117+
defaultPermissions := d.Get("default_workflow_permissions").(string)
118+
canApprovePRReviews := d.Get("can_approve_pull_request_reviews").(bool)
189119

190-
organizationSlug := d.Id()
191-
tflog.Info(ctx, "Deleting organization workflow permissions (resetting to defaults)", map[string]any{
192-
"organization_slug": organizationSlug,
120+
ctx = tflog.SetField(ctx, "id", d.Id())
121+
ctx = tflog.SetField(ctx, "organization_slug", organizationSlug)
122+
tflog.Info(ctx, "Updating workflow permissions")
123+
124+
workflowPerms := github.DefaultWorkflowPermissionOrganization{
125+
DefaultWorkflowPermissions: new(defaultPermissions),
126+
CanApprovePullRequestReviews: new(canApprovePRReviews),
127+
}
128+
129+
tflog.Debug(ctx, "Calling GitHub API to update workflow permissions", map[string]any{
130+
"default_workflow_permissions": defaultPermissions,
131+
"can_approve_pull_request_reviews": canApprovePRReviews,
193132
})
133+
_, _, err := client.Actions.UpdateDefaultWorkflowPermissionsInOrganization(ctx, organizationSlug, workflowPerms)
134+
if err != nil {
135+
return diag.FromErr(err)
136+
}
137+
138+
d.SetId(organizationSlug)
139+
140+
tflog.Trace(ctx, "Updated workflow permissions successfully")
141+
142+
return nil
143+
}
144+
145+
func resourceGithubActionsOrganizationWorkflowPermissionsDelete(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
146+
meta := m.(*Owner)
147+
client := meta.v3client
148+
149+
organizationSlug := d.Get("organization_slug").(string)
150+
151+
ctx = tflog.SetField(ctx, "id", d.Id())
152+
ctx = tflog.SetField(ctx, "organization_slug", organizationSlug)
153+
tflog.Info(ctx, "Deleting organization workflow permissions (resetting to defaults)")
194154

195155
// Reset to safe defaults
196156
workflowPerms := github.DefaultWorkflowPermissionOrganization{
197157
DefaultWorkflowPermissions: new("read"),
198158
CanApprovePullRequestReviews: new(false),
199159
}
200160

201-
tflog.Debug(ctx, "Using safe default values", map[string]any{
202-
"default_workflow_permissions": "read",
203-
"can_approve_pull_request_reviews": false,
204-
})
205-
206161
tflog.Debug(ctx, "Calling GitHub API to reset workflow permissions", map[string]any{
207-
"organization_slug": organizationSlug,
208162
"workflow_permissions": workflowPerms,
209163
})
210164

211-
_, resp, err := client.Actions.UpdateDefaultWorkflowPermissionsInOrganization(ctx, organizationSlug, workflowPerms)
165+
_, _, err := client.Actions.UpdateDefaultWorkflowPermissionsInOrganization(ctx, organizationSlug, workflowPerms)
212166
if err != nil {
213-
return handleEditWorkflowPermissionsError(ctx, err, resp)
167+
return diag.FromErr(err)
214168
}
215169

216-
tflog.Trace(ctx, "Exiting Delete workflow permissions successfully", map[string]any{
217-
"organization_slug": organizationSlug,
218-
})
170+
tflog.Trace(ctx, "Deleted workflow permissions successfully")
219171

220172
return nil
221173
}
174+
175+
func resourceGithubActionsOrganizationWorkflowPermissionsImport(ctx context.Context, d *schema.ResourceData, m any) ([]*schema.ResourceData, error) {
176+
meta := m.(*Owner)
177+
client := meta.v3client
178+
179+
organizationSlug := d.Id()
180+
181+
ctx = tflog.SetField(ctx, "id", d.Id())
182+
tflog.Info(ctx, "Importing organization workflow permissions")
183+
184+
workflowPerms, _, err := client.Actions.GetDefaultWorkflowPermissionsInOrganization(ctx, organizationSlug)
185+
if err != nil {
186+
return nil, err
187+
}
188+
189+
if err := d.Set("organization_slug", organizationSlug); err != nil {
190+
return nil, err
191+
}
192+
if err := d.Set("default_workflow_permissions", workflowPerms.DefaultWorkflowPermissions); err != nil {
193+
return nil, err
194+
}
195+
if err := d.Set("can_approve_pull_request_reviews", workflowPerms.CanApprovePullRequestReviews); err != nil {
196+
return nil, err
197+
}
198+
199+
tflog.Trace(ctx, "Imported workflow permissions successfully")
200+
201+
return []*schema.ResourceData{d}, nil
202+
}

0 commit comments

Comments
 (0)