terraform-provider-github
terraform-provider-github copied to clipboard
integrations
feat: Add `github_actions_enterprise_permissions`
Resolves part of #1199
This adds a new resource github_actions_enterprise_permissions to control GitHub Actions policy on an enterprise.
data "github_enterprise" "example-enterprise" {
slug = "my-enterprise"
}
data "github_organization" "example-org" {
name = "my-org"
}
resource "github_actions_enterprise_permissions" "test" {
enterprise_id = data.github_enterprise.example-enterprise.slug
allowed_actions = "selected"
enabled_organizations = "selected"
allowed_actions_config {
github_owned_allowed = true
patterns_allowed = ["actions/cache@*", "actions/checkout@*"]
verified_allowed = true
}
enabled_organizations_config {
organization_ids = [data.github_organization.example-org.id]
}
}
Pull request checklist
- [x] Tests for the changes have been added (for bug fixes / features)
- [x] Docs have been reviewed and added / updated if needed (for bug fixes / features)
Does this introduce a breaking change?
Please see our docs on breaking changes to help!
- [ ] Yes
- [x] No
When running the new integration tests, I get the following error:
resource_github_actions_enterprise_permissions_test.go:261: Step 1/1 error: Error running pre-apply refresh: exit status 1
Error: Could not resolve to a Business with the URL slug of ''.
with data.github_enterprise.enterprise,
on terraform_plugin_test.tf line 3, in data "github_enterprise" "enterprise":
3: data "github_enterprise" "enterprise" {
Can you reproduce this? Am I missing some kind of setup?
I missed the check on ENTERPRISE_SLUG and ENTERPRISE_ACCOUNT that the other enterprise dependent integration tests do here: https://github.com/integrations/terraform-provider-github/blob/main/github/resource_github_enterprise_organization_test.go#L91
Updated the PR.
I don't know if there is a good reason for this, but between this PR and #2158 there is some naming inconsistency: github_enterprise_actions... vs. github_actions_enterprise.... I just noticed it when looking at the PRs list:
@laughedelic good catch. I have a slight preference for github_enterprise_actions... since these are settings that only exist in enterprise, though I'd be happy to hear arguments either way.
That was my thinking too, though there was only one example (github_enterprise_organization) to go off of. Either way works for me.
I named this after github_actions_organization_permissions. But if we think there will be more enterprise resources, github_enterprise... would be better.
Works in my enterprise. Import doesn't work, as it always tries to force replacement, but applying without an import seems to be fine, since it's authoritative.
I think that's acceptable tbh.
$ terragrunt import github_enterprise_actions_permissions.enterprise enterprise
Import successful!
The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
$ terragrunt plan
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# github_enterprise_actions_permissions.enterprise must be replaced
-/+ resource "github_enterprise_actions_permissions" "enterprise" {
+ enterprise_id = "enterprise" # forces replacement
~ id = "enterprise" -> (known after apply)
# (2 unchanged attributes hidden)
~ allowed_actions_config {
~ patterns_allowed = [
- "test/*",
# (7 unchanged elements hidden)
]
# (2 unchanged attributes hidden)
}
}