feat: add enterprise teams resources and data sources

Add support for managing GitHub Enterprise Teams (enterprise-level teams):

Resources:
- github_enterprise_team: create/update/delete enterprise teams
- github_enterprise_team_membership: manage team members
- github_enterprise_team_organizations: assign teams to organizations

Data sources:
- github_enterprise_team: lookup by slug or ID
- github_enterprise_teams: list all enterprise teams
- github_enterprise_team_membership: check user membership
- github_enterprise_team_organizations: list assigned orgs

Note: These endpoints require GitHub Enterprise Cloud with a classic PAT
that has enterprise admin permissions.

Author: github-actions[bot]

github/data_source_github_enterprise_team.go

@@ -0,0 +1,118 @@
+package github
+
+import (
+	"context"
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceGithubEnterpriseTeam() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubEnterpriseTeamRead,
+
+		Schema: map[string]*schema.Schema{
+			"enterprise_slug": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The slug of the enterprise.",
+			},
+			"slug": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"team_id"},
+				Description:   "The slug of the enterprise team.",
+			},
+			"team_id": {
+				Type:          schema.TypeInt,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"slug"},
+				Description:   "The numeric ID of the enterprise team.",
+			},
+			"name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The name of the enterprise team.",
+			},
+			"description": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "A description of the enterprise team.",
+			},
+			"organization_selection_type": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Specifies which organizations in the enterprise should have access to this team.",
+			},
+			"group_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The ID of the IdP group to assign team membership with.",
+			},
+		},
+	}
+}
+
+func dataSourceGithubEnterpriseTeamRead(d *schema.ResourceData, meta any) error {
+	client := meta.(*Owner).v3client
+	enterpriseSlug := strings.TrimSpace(d.Get("enterprise_slug").(string))
+	if enterpriseSlug == "" {
+		return fmt.Errorf("enterprise_slug must not be empty")
+	}
+
+	ctx := context.Background()
+
+	var te *enterpriseTeam
+	if v, ok := d.GetOk("team_id"); ok {
+		teamID := int64(v.(int))
+		if teamID != 0 {
+			found, err := findEnterpriseTeamByID(ctx, client, enterpriseSlug, teamID)
+			if err != nil {
+				return err
+			}
+			if found == nil {
+				return fmt.Errorf("could not find enterprise team %d in enterprise %s", teamID, enterpriseSlug)
+			}
+			te = found
+		}
+	}
+
+	if te == nil {
+		teamSlug := strings.TrimSpace(d.Get("slug").(string))
+		if teamSlug == "" {
+			return fmt.Errorf("one of slug or team_id must be set")
+		}
+		found, _, err := getEnterpriseTeamBySlug(ctx, client, enterpriseSlug, teamSlug)
+		if err != nil {
+			return err
+		}
+		te = found
+	}
+
+	d.SetId(buildSlashTwoPartID(enterpriseSlug, strconv.FormatInt(te.ID, 10)))
+	_ = d.Set("enterprise_slug", enterpriseSlug)
+	_ = d.Set("slug", te.Slug)
+	_ = d.Set("team_id", int(te.ID))
+	_ = d.Set("name", te.Name)
+	if te.Description != nil {
+		_ = d.Set("description", *te.Description)
+	} else {
+		_ = d.Set("description", "")
+	}
+	orgSel := te.OrganizationSelectionType
+	if orgSel == "" {
+		orgSel = "disabled"
+	}
+	_ = d.Set("organization_selection_type", orgSel)
+	if te.GroupID != nil {
+		_ = d.Set("group_id", *te.GroupID)
+	} else {
+		_ = d.Set("group_id", "")
+	}
+
+	return nil
+}

github/data_source_github_enterprise_team_membership.go

@@ -0,0 +1,83 @@
+package github
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceGithubEnterpriseTeamMembership() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubEnterpriseTeamMembershipRead,
+
+		Schema: map[string]*schema.Schema{
+			"enterprise_slug": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The slug of the enterprise.",
+			},
+			"enterprise_team": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The slug or ID of the enterprise team.",
+			},
+			"username": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The GitHub username.",
+			},
+			"role": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The role of the user in the enterprise team, if returned by the API.",
+			},
+			"state": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The membership state, if returned by the API.",
+			},
+			"etag": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "ETag of the membership response.",
+			},
+		},
+	}
+}
+
+func dataSourceGithubEnterpriseTeamMembershipRead(d *schema.ResourceData, meta any) error {
+	client := meta.(*Owner).v3client
+	enterpriseSlug := strings.TrimSpace(d.Get("enterprise_slug").(string))
+	enterpriseTeam := strings.TrimSpace(d.Get("enterprise_team").(string))
+	username := strings.TrimSpace(d.Get("username").(string))
+	if enterpriseSlug == "" {
+		return fmt.Errorf("enterprise_slug must not be empty")
+	}
+	if enterpriseTeam == "" {
+		return fmt.Errorf("enterprise_team must not be empty")
+	}
+	if username == "" {
+		return fmt.Errorf("username must not be empty")
+	}
+
+	ctx := context.Background()
+	m, resp, err := getEnterpriseTeamMembershipDetails(ctx, client, enterpriseSlug, enterpriseTeam, username)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(buildSlashThreePartID(enterpriseSlug, enterpriseTeam, username))
+	_ = d.Set("enterprise_slug", enterpriseSlug)
+	_ = d.Set("enterprise_team", enterpriseTeam)
+	_ = d.Set("username", username)
+	if m != nil {
+		_ = d.Set("role", m.Role)
+		_ = d.Set("state", m.State)
+	}
+	if resp != nil {
+		_ = d.Set("etag", resp.Header.Get("ETag"))
+	}
+	return nil
+}

github/data_source_github_enterprise_team_organizations.go

@@ -0,0 +1,66 @@
+package github
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceGithubEnterpriseTeamOrganizations() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubEnterpriseTeamOrganizationsRead,
+
+		Schema: map[string]*schema.Schema{
+			"enterprise_slug": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The slug of the enterprise.",
+			},
+			"enterprise_team": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The slug or ID of the enterprise team.",
+			},
+			"organization_slugs": {
+				Type:        schema.TypeSet,
+				Computed:    true,
+				Description: "Set of organization slugs that the enterprise team is assigned to.",
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Set:         schema.HashString,
+			},
+		},
+	}
+}
+
+func dataSourceGithubEnterpriseTeamOrganizationsRead(d *schema.ResourceData, meta any) error {
+	client := meta.(*Owner).v3client
+	enterpriseSlug := strings.TrimSpace(d.Get("enterprise_slug").(string))
+	enterpriseTeam := strings.TrimSpace(d.Get("enterprise_team").(string))
+	if enterpriseSlug == "" {
+		return fmt.Errorf("enterprise_slug must not be empty")
+	}
+	if enterpriseTeam == "" {
+		return fmt.Errorf("enterprise_team must not be empty")
+	}
+
+	ctx := context.Background()
+	orgs, err := listEnterpriseTeamOrganizations(ctx, client, enterpriseSlug, enterpriseTeam)
+	if err != nil {
+		return err
+	}
+
+	slugs := make([]string, 0, len(orgs))
+	for _, org := range orgs {
+		if org.Login != "" {
+			slugs = append(slugs, org.Login)
+		}
+	}
+
+	d.SetId(buildSlashTwoPartID(enterpriseSlug, enterpriseTeam))
+	_ = d.Set("enterprise_slug", enterpriseSlug)
+	_ = d.Set("enterprise_team", enterpriseTeam)
+	_ = d.Set("organization_slugs", slugs)
+	return nil
+}