feat: Added organization role support

Signed-off-by: Steve Hipwell <[email protected]>

Author: stevehipwell

github/data_source_github_organization_role.go

@@ -0,0 +1,80 @@
+package github
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceGithubOrganizationRole() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubOrganizationRoleRead,
+
+		Schema: map[string]*schema.Schema{
+			"role_id": {
+				Description: "The ID of the role.",
+				Type:        schema.TypeInt,
+				Required:    true,
+			},
+			"name": {
+				Description: "The name of the role.",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+			"description": {
+				Description: "A short description about who this role is for or what permissions it grants.",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+			"source": {
+				Description: "Source answers the question, \"where did this role come from?\"",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+			"base_role": {
+				Description: "The system role from which this role inherits permissions.",
+				Type:        schema.TypeString,
+				Computed:    true,
+			},
+			"permissions": {
+				Description: "A list of permissions included in this role.",
+				Type:        schema.TypeSet,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Computed:    true,
+			},
+		},
+	}
+}
+
+func dataSourceGithubOrganizationRoleRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*Owner).v3client
+	ctx := context.Background()
+	orgName := meta.(*Owner).name
+
+	roleId := int64(d.Get("role_id").(int))
+
+	role, _, err := client.Organizations.GetOrgRole(ctx, orgName, roleId)
+	if err != nil {
+		return err
+	}
+
+	r := map[string]any{
+		"role_id":     role.GetID(),
+		"name":        role.GetName(),
+		"description": role.GetDescription(),
+		"source":      role.GetSource(),
+		"base_role":   role.GetBaseRole(),
+		"permissions": role.Permissions,
+	}
+
+	d.SetId(strconv.FormatInt(role.GetID(), 10))
+
+	for k, v := range r {
+		if err := d.Set(k, v); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}

github/data_source_github_organization_role_teams.go

@@ -0,0 +1,112 @@
+package github
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/google/go-github/v66/github"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceGithubOrganizationRoleTeams() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubOrganizationRoleTeamsRead,
+
+		Schema: map[string]*schema.Schema{
+			"role_id": {
+				Description: "The unique identifier of the role to find teams for.",
+				Type:        schema.TypeInt,
+				Required:    true,
+				ForceNew:    true,
+			},
+			"teams": {
+				Description: "List of teams assigned to the organization role.",
+				Type:        schema.TypeList,
+				Computed:    true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Description: "Unique identifier of the team.",
+							Type:        schema.TypeInt,
+							Computed:    true,
+						},
+						"slug": {
+							Description: "Slug of the team name.",
+							Type:        schema.TypeString,
+							Computed:    true,
+						},
+						"name": {
+							Description: "Name of the team.",
+							Type:        schema.TypeString,
+							Computed:    true,
+						},
+						"permission": {
+							Description: "Permission that the team will have for its repositories.",
+							Type:        schema.TypeString,
+							Computed:    true,
+						},
+						// See https://github.com/google/go-github/issues/3364
+						// "assignment": {
+						// 	Description: "Determines if the team has a direct, indirect, or mixed relationship to a role.",
+						// 	Type:        schema.TypeString,
+						// 	Computed:    true,
+						// },
+						// "parent_team_id": {
+						// 	Description: "The ID of the parent team if this is an indirect assignment.",
+						// 	Type:        schema.TypeString,
+						// 	Computed:    true,
+						// },
+						// "parent_team_slug": {
+						// 	Description: "The slug of the parent team if this is an indirect assignment.",
+						// 	Type:        schema.TypeString,
+						// 	Computed:    true,
+						// },
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceGithubOrganizationRoleTeamsRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*Owner).v3client
+	ctx := context.Background()
+	orgName := meta.(*Owner).name
+
+	roleId := int64(d.Get("role_id").(int))
+
+	allTeams := make([]any, 0)
+
+	opts := &github.ListOptions{
+		PerPage: maxPerPage,
+	}
+
+	for {
+		teams, resp, err := client.Organizations.ListTeamsAssignedToOrgRole(ctx, orgName, roleId, opts)
+		if err != nil {
+			return err
+		}
+
+		for _, team := range teams {
+			t := map[string]any{
+				"id":         team.GetID(),
+				"slug":       team.GetSlug(),
+				"name":       team.GetName(),
+				"permission": team.GetPermission(),
+			}
+			allTeams = append(allTeams, t)
+		}
+
+		if resp.NextPage == 0 {
+			break
+		}
+		opts.Page = resp.NextPage
+	}
+
+	d.SetId(fmt.Sprintf("%d", roleId))
+	if err := d.Set("teams", allTeams); err != nil {
+		return fmt.Errorf("error setting teams: %s", err)
+	}
+
+	return nil
+}

github/data_source_github_organization_role_teams_test.go

@@ -0,0 +1,104 @@
+package github
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccDataSourceGithubOrganizationRoleTeams(t *testing.T) {
+	t.Run("get the organization role teams without error", func(t *testing.T) {
+		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
+		teamName := fmt.Sprintf("tf-acc-team-%s", randomID)
+		roleId := 8134
+		config := fmt.Sprintf(`
+			resource "github_team" "test" {
+				name = "%s"
+			}
+
+			resource "github_organization_role_team" "test" {
+				role_id   = %d
+				team_slug = github_team.test.slug
+			}
+
+			data "github_organization_role_teams" "test" {
+				role_id = %[2]d
+
+				depends_on = [
+					github_organization_role_team.test
+				]
+			}
+		`, teamName, roleId)
+
+		resource.Test(t, resource.TestCase{
+			PreCheck:  func() { skipUnlessMode(t, organization) },
+			Providers: testAccProviders,
+			Steps: []resource.TestStep{
+				{
+					Config: config,
+					Check: resource.ComposeTestCheckFunc(
+						resource.TestCheckResourceAttrSet("data.github_organization_role_teams.test", "teams.#"),
+						resource.TestCheckResourceAttr("data.github_organization_role_teams.test", "teams.#", "1"),
+						resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.0.id", "github_team.test", "id"),
+						resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.0.slug", "github_team.test", "slug"),
+						resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.0.name", "github_team.test", "name"),
+					),
+				},
+			},
+		})
+	})
+
+	t.Run("get indirect organization role teams without error", func(t *testing.T) {
+		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
+		teamName1 := fmt.Sprintf("tf-acc-team-1-%s", randomID)
+		teamName2 := fmt.Sprintf("tf-acc-team-2-%s", randomID)
+		roleId := 8134
+		config := fmt.Sprintf(`
+			resource "github_team" "test_1" {
+				name    = "%s"
+				privacy = "closed"
+			}
+
+			resource "github_team" "test_2" {
+				name           = "%s"
+				privacy        = "closed"
+				parent_team_id = github_team.test_1.id
+			}
+
+			resource "github_organization_role_team" "test" {
+				role_id   = %d
+				team_slug = github_team.test_1.slug
+			}
+
+			data "github_organization_role_teams" "test" {
+				role_id = %[3]d
+
+				depends_on = [
+					github_organization_role_team.test
+				]
+			}
+		`, teamName1, teamName2, roleId)
+
+		resource.Test(t, resource.TestCase{
+			PreCheck:  func() { skipUnlessMode(t, organization) },
+			Providers: testAccProviders,
+			Steps: []resource.TestStep{
+				{
+					Config: config,
+					Check: resource.ComposeTestCheckFunc(
+						resource.TestCheckResourceAttrSet("data.github_organization_role_teams.test", "teams.#"),
+						resource.TestCheckResourceAttr("data.github_organization_role_teams.test", "teams.#", "2"),
+						resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.0.id", "github_team.test_1", "id"),
+						resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.0.slug", "github_team.test_1", "slug"),
+						resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.0.name", "github_team.test_1", "name"),
+						resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.1.id", "github_team.test_2", "id"),
+						resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.1.slug", "github_team.test_2", "slug"),
+						resource.TestCheckResourceAttrPair("data.github_organization_role_teams.test", "teams.1.name", "github_team.test_2", "name"),
+					),
+				},
+			},
+		})
+	})
+}

github/data_source_github_organization_role_test.go

@@ -0,0 +1,38 @@
+package github
+
+import (
+	"fmt"
+	"strconv"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccDataSourceGithubOrganizationRole(t *testing.T) {
+	t.Run("get the organization role without error", func(t *testing.T) {
+		roleId := 138
+		config := fmt.Sprintf(`
+			data "github_organization_role" "test" {
+				role_id = %d
+			}
+		`, roleId)
+
+		resource.Test(t, resource.TestCase{
+			PreCheck:  func() { skipUnlessMode(t, organization) },
+			Providers: testAccProviders,
+			Steps: []resource.TestStep{
+				{
+					Config: config,
+					Check: resource.ComposeTestCheckFunc(
+						resource.TestCheckResourceAttr("data.github_organization_role.test", "role_id", strconv.Itoa(roleId)),
+						resource.TestCheckResourceAttr("data.github_organization_role.test", "name", "security_manager"),
+						resource.TestCheckResourceAttr("data.github_organization_role.test", "source", "Predefined"),
+						resource.TestCheckResourceAttr("data.github_organization_role.test", "base_role", "read"),
+						resource.TestCheckResourceAttrSet("data.github_organization_role.test", "description"),
+						resource.TestCheckResourceAttrSet("data.github_organization_role.test", "permissions.#"),
+					),
+				},
+			},
+		})
+	})
+}