terraform-provider-github icon indicating copy to clipboard operation
terraform-provider-github copied to clipboard

Published 20 hours ago verified publisher icon integrations

[FEAT]: Organization Role Assignment

Open lukiffer opened this issue 9 months ago • 3 comments

Describe the need

I may have missed something, but after a reasonably thorough scan of the docs I didn't see a resource for organization role assignment to a user or team.

The API endpoints I'm referring to are:

  • https://docs.github.com/en/rest/orgs/organization-roles?apiVersion=2022-11-28#assign-an-organization-role-to-a-team
  • https://docs.github.com/en/rest/orgs/organization-roles?apiVersion=2022-11-28#assign-an-organization-role-to-a-user

Implementation may look something like:

resource "github_organization_role_assignment" "example" {
  role_id  = 12345
  username = "lukiffer"
}

resource "github_organization_role_assignment" "example" {
  role_id   = 12345
  team_slug = "example-team"
}

It would be great to have these as a single resource that managed the different assignment principals, but if this isn't feasible having separate, explicitly-named resources are probably fine too.

SDK Version

No response

API Version

No response

Relevant log output

Code of Conduct

  • [x] I agree to follow this project's Code of Conduct

lukiffer avatar Feb 25 '25 14:02 lukiffer

This would greatly simplify the management of access to repositories.

ardrigh avatar Mar 10 '25 00:03 ardrigh

Adding 👍 for this too.

ashraidiam avatar Mar 10 '25 12:03 ashraidiam

This is somewhat similar to #2314 which is implemented by #2322.

martinssipenko avatar Jun 03 '25 06:06 martinssipenko

After review, this appears to have been implemented as part of #2487 which addresses #2314. @stevehipwell I see you worked that pull request, can you confirm on this one?

@nickfloyd this one may be able to be closed as already implemented. One change could be potentially combining the resources into a single resource like @lukiffer originally requested but it looks like the functionality is there for this now individually, which may be preferred.

scottluskcis avatar Nov 06 '25 01:11 scottluskcis

@scottluskcis the PR has been merged so the functionality should be available.

@nickfloyd this one may be able to be closed as already implemented. One change could be potentially combining the resources into a single resource like @lukiffer originally requested but it looks like the functionality is there for this now individually, which may be preferred.

I wouldn't be against replacing github_organization_role_team & github_organization_role_user for github_organization_role_assignment with mutually exclusive inputs for either a team slug or a user login.

stevehipwell avatar Nov 06 '25 18:11 stevehipwell

@scottluskcis @stevehipwell I'd be good with either way, though now changing it might technically be a breaking change - candidly I prefer the singleton approach, @stevehipwell reminded me of that last week, it just feels cleaner and more expressive. All that to say, with something as coupled as this, separating it for the sake of separating it might add unnecessary duplication and confusion.

I'll leave it in the capable hands here if anyone feels strongly about any given approach.

nickfloyd avatar Nov 12 '25 16:11 nickfloyd

In #2487 github_organization_role_team was added, but isn't this the same as github_organization_role_team_assignment?

Nothing4You avatar Nov 13 '25 17:11 Nothing4You

I think the github_organization_role_team_assignment resource needs deprecating.

stevehipwell avatar Nov 13 '25 18:11 stevehipwell