Create an operations team and switch admins to moderators

tim-schilling · tim-schilling · commit bcf100c1468f · 2025-10-10T15:57:07.000-05:00
The operations team will have admin permissions in the GitHub org
while the admins team will have moderator permissions.
diff --git a/terraform/production/org.tfvars b/terraform/production/org.tfvars
@@ -7,6 +7,14 @@ admins = [
   "williln",
 ]
 
+ops_team = [
+  "cunla",
+  "ryancheley",
+  "Stormheg",
+  "tim-schilling",
+  "williln",
+]
+
 # Design members
 #
 # Enable following members when they've accepted the invite
@@ -104,10 +112,23 @@ members = [
   "viscofuse",
   "Zakui",
 ]
-
 organization_teams = {
+  # This team should be enabled as moderators which can't be configured
+  # via the GitHub Terraform integration.
+  # https://github.com/organizations/django-commons/settings/moderators
   "Admins" = {
-    description = "django-commons administrators"
+    description = "django-commons administrators team with moderator permissions in the org."
+    # Use maintainers for organizational teams
+    maintainers = [
+      "cunla",
+      "ryancheley",
+      "Stormheg",
+      "tim-schilling",
+      "williln",
+    ]
+  }
+  "operations" = {
+    description = "django-commons operations team with admin permissions in the org."
     # Use maintainers for organizational teams
     maintainers = [
       "cunla",
diff --git a/terraform/resources-org.tf b/terraform/resources-org.tf
@@ -1,7 +1,7 @@
 # GitHub Membership Resource
 # https://registry.terraform.io/providers/integrations/github/latest/docs/resources/membership
 data "github_users" "users" {
-  usernames = setunion(var.admins, var.members)
+  usernames = setunion(var.admins, var.ops_team, var.members)
 }
 
 output "invalid_users" {
@@ -10,7 +10,8 @@ output "invalid_users" {
 
 locals {
   users = merge(
-    { for user in var.admins : user => "admin" if contains(data.github_users.users.logins, user) },
+    { for user in var.admins : user => "member" if contains(data.github_users.users.logins, user) },
+    { for user in var.ops_team : user => "admin" if contains(data.github_users.users.logins, user) },
     { for user in var.members : user => "member" if contains(data.github_users.users.logins, user) }
   )
 }
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -2,7 +2,12 @@
 # https://www.terraform.io/language/values/variables
 
 variable "admins" {
-  description = "A set of admins to add to the organization"
+  description = "A set of users who are admins to add to the organization"
+  type        = set(string)
+}
+
+variable "ops_team" {
+  description = "A set of users who have operational permissions to add to the organization"
   type        = set(string)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`# GitHub Membership Resource`
`2`	`2`	`# https://registry.terraform.io/providers/integrations/github/latest/docs/resources/membership`
`3`	`3`	`data "github_users" "users" {`
`4`		`- usernames = setunion(var.admins, var.members)`
	`4`	`+ usernames = setunion(var.admins, var.ops_team, var.members)`
`5`	`5`	`}`
`6`	`6`
`7`	`7`	`output "invalid_users" {`
`@@ -10,7 +10,8 @@ output "invalid_users" {`
`10`	`10`
`11`	`11`	`locals {`
`12`	`12`	`users = merge(`
`13`		`- { for user in var.admins : user => "admin" if contains(data.github_users.users.logins, user) },`
	`13`	`+ { for user in var.admins : user => "member" if contains(data.github_users.users.logins, user) },`
	`14`	`+ { for user in var.ops_team : user => "admin" if contains(data.github_users.users.logins, user) },`
`14`	`15`	`{ for user in var.members : user => "member" if contains(data.github_users.users.logins, user) }`
`15`	`16`	`)`
`16`	`17`	`}`