chore(test-org): remove non-org members (#2798)

Author: apeabody

infra/terraform/test-org/org/github.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2023-2024 Google LLC
+ * Copyright 2023-2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,24 +16,11 @@
 provider "github" {}
 
 locals {
-  owners = flatten(
-    [for repo, val in local.repos : [for owner in setunion(lookup(val, "admins", []), lookup(val, "maintainers", [])) : owner]]
+  repo_members = flatten(
+    [for repo, val in local.repos : [for member in setunion(lookup(val, "admins", []), lookup(val, "maintainers", [])) : member]]
   )
 
   org_members = [for login in setunion(data.github_organization.tgm.users[*].login, data.github_organization.gcp.users[*].login) : login]
-
-  invalid_owners = setsubtract(local.owners, local.org_members)
-}
-
-variable "temp_allow_invalid_owners" {
-  type        = list(string)
-  description = "Googlers added as owners on TF blueprint repos but are not part of the GCP or TGM orgs yet."
-  default = [
-    "nidhi0710", # remove once heynidhi@ is added to GCP org
-    "sylvioneto",
-    "erictune",
-    "megelatim",
-  ]
 }
 
 data "github_organization" "tgm" {

infra/terraform/test-org/org/outputs.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019-2024 Google LLC
+ * Copyright 2019-2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -101,13 +101,16 @@ output "ci_media_cdn_vod_project_id" {
 }
 
 output "modules" {
-  value = [for value in local.repos : value if try(value.module, true)]
-
-  precondition {
-    condition     = length(setsubtract(local.invalid_owners, var.temp_allow_invalid_owners)) == 0
-    error_message = "Provided Repo Owners are not currently members of GCP or TGM Orgs: ${join(", ", setsubtract(local.invalid_owners, var.temp_allow_invalid_owners))}. You can bypass this error by setting `-var='temp_allow_invalid_owners=[\"${join("\",\"", local.invalid_owners)}\"]'` when running plan/apply."
-  }
+  value = [for value in local.repos : merge(value,
+    try({ maintainers = sort(setintersection(local.org_members, value.maintainers)) }, {}),
+    try({ admins = sort(setintersection(local.org_members, value.admins)) }, {})
+    ) if try(value.module, true)
+  ]
+}
 
+output "removed_members" {
+  value       = setsubtract(local.repo_members, local.org_members)
+  description = "Members not part of GCP or TGM orgs (removed from config)"
 }
 
 output "bpt_folder" {