Resource: EMU External Groups Sync (#1094)

kfcampbell · web-flow · commit 32f3009afd96 · 2022-05-02T08:42:49.000-07:00
* Initial commit of testing emus

* Initial commit of creating EMU group mapping

* Add read and delete operations

* Tweaks to make updating work

* Refactor coercion into reusable function

* Simplify case logic

* Add import logic

* Whitespace change to test commit verification

* Rework importation logic a bit

* Bump to go-github v43 in EMU resource

* Removing some extraneous whitespaces

* Import logic mostly working

* Fully fix import logic

* Add docs and doc link

* Remove time.Sleep

* Remove vendoring hack as bug has been fixed

* Remove extraneous comment in examples/emu
diff --git a/.gitignore b/.gitignore
@@ -14,6 +14,7 @@ website/node_modules
 .vagrant/
 *.backup
 ./*.tfstate
+**/*.terraform.lock.hcl
 .terraform/
 *.log
 *.bak
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -48,11 +48,11 @@ Once you have the repository cloned, there's a couple of additional steps you'll
 1. Write a test describing what you will fix. See [`github_label`](./github/resource_github_issue_label_test.go) for an example format.
 1. Run your test and observe it fail. Enabling debug output allows for observing the underlying requests and responses made as well as viewing state (search `STATE:`) generated during the acceptance test run.
 ```sh
-TF_LOG=DEBUG TF_ACC=1  go test -v   ./... -run ^TestAccGithubIssueLabel
+TF_LOG=DEBUG TF_ACC=1 go test -v ./... -run ^TestAccGithubIssueLabel
 ```
 1. Align the resource's implementation to your test case and observe it pass:
 ```sh
-TF_ACC=1  go test -v   ./... -run ^TestAccGithubIssueLabel
+TF_ACC=1 go test -v ./... -run ^TestAccGithubIssueLabel
 ```
 
 Note that some resources still use a previous format that is incompatible with automated test runs, which depend on using the `skipUnlessMode` helper. When encountering these resources, tests are rewritten to the latest format.
diff --git a/examples/emu/main.tf b/examples/emu/main.tf
@@ -0,0 +1,15 @@
+provider "github" {
+}
+
+terraform {
+  required_providers {
+    github = {
+      source  = "integrations/github"
+    }
+  }
+}
+
+resource "github_emu_group_mapping" "example_emu_group_mapping" {
+  team_slug = "emu-test-team"
+  group_id = 28836
+}
diff --git a/github/provider.go b/github/provider.go
@@ -121,6 +121,7 @@ func Provider() terraform.ResourceProvider {
 			"github_team_members":                             resourceGithubTeamMembers(),
 			"github_team_repository":                          resourceGithubTeamRepository(),
 			"github_team_sync_group_mapping":                  resourceGithubTeamSyncGroupMapping(),
+			"github_emu_group_mapping":                        resourceGithubEMUGroupMapping(),
 			"github_team":                                     resourceGithubTeam(),
 			"github_user_gpg_key":                             resourceGithubUserGpgKey(),
 			"github_user_invitation_accepter":                 resourceGithubUserInvitationAccepter(),
diff --git a/github/resource_github_emu_group_mapping.go b/github/resource_github_emu_group_mapping.go
@@ -0,0 +1,169 @@
+package github
+
+import (
+	"context"
+	"fmt"
+	"strconv"
+
+	"github.com/google/go-github/v43/github"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func resourceGithubEMUGroupMapping() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceGithubEMUGroupMappingCreate,
+		Read:   resourceGithubEMUGroupMappingRead,
+		Update: resourceGithubEMUGroupMappingUpdate,
+		Delete: resourceGithubEMUGroupMappingDelete,
+		Importer: &schema.ResourceImporter{
+			State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+				id, err := strconv.Atoi(d.Id())
+				if err != nil {
+					return nil, err
+				}
+				if err := d.Set("group_id", id); err != nil {
+					return nil, err
+				}
+				ctx := context.WithValue(context.Background(), ctxId, d.Id())
+				client := meta.(*Owner).v3client
+				orgName := meta.(*Owner).name
+				group, _, err := client.Teams.GetExternalGroup(ctx, orgName, int64(id))
+				if err != nil {
+					return nil, err
+				}
+				if len(group.Teams) != 1 {
+					return nil, fmt.Errorf("could not get team_slug from %v number of teams", len(group.Teams))
+				}
+				if err := d.Set("team_slug", group.Teams[0].TeamName); err != nil {
+					return nil, err
+				}
+				d.SetId(fmt.Sprintf("teams/%s/external-groups", d.Id()))
+				return []*schema.ResourceData{d}, nil
+			},
+		},
+		Schema: map[string]*schema.Schema{
+			"team_slug": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"group_id": {
+				Type:     schema.TypeInt,
+				Required: true,
+			},
+			"etag": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceGithubEMUGroupMappingCreate(d *schema.ResourceData, meta interface{}) error {
+	return resourceGithubEMUGroupMappingUpdate(d, meta)
+}
+
+func resourceGithubEMUGroupMappingRead(d *schema.ResourceData, meta interface{}) error {
+	err := checkOrganization(meta)
+	if err != nil {
+		return err
+	}
+	client := meta.(*Owner).v3client
+	orgName := meta.(*Owner).name
+
+	id, ok := d.GetOk("group_id")
+	if !ok {
+		return fmt.Errorf("could not get group id from provided value")
+	}
+	id64, err := getInt64FromInterface(id)
+	if err != nil {
+		return err
+	}
+
+	ctx := context.WithValue(context.Background(), ctxId, d.Id())
+
+	group, resp, err := client.Teams.GetExternalGroup(ctx, orgName, id64)
+	if err != nil {
+		return err
+	}
+
+	d.Set("etag", resp.Header.Get("ETag"))
+	d.Set("group", group)
+	return nil
+}
+
+func resourceGithubEMUGroupMappingUpdate(d *schema.ResourceData, meta interface{}) error {
+	err := checkOrganization(meta)
+	if err != nil {
+		return err
+	}
+	client := meta.(*Owner).v3client
+	orgName := meta.(*Owner).name
+	ctx := context.WithValue(context.Background(), ctxId, d.Id())
+
+	teamSlug, ok := d.GetOk("team_slug")
+	if !ok {
+		return fmt.Errorf("could not get team slug from provided value")
+	}
+
+	id, ok := d.GetOk("group_id")
+	if !ok {
+		return fmt.Errorf("could not get group id from provided value")
+	}
+	id64, err := getInt64FromInterface(id)
+	if err != nil {
+		return err
+	}
+
+	eg := &github.ExternalGroup{
+		GroupID: &id64,
+	}
+
+	_, _, err = client.Teams.UpdateConnectedExternalGroup(ctx, orgName, teamSlug.(string), eg)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(fmt.Sprintf("teams/%s/external-groups", teamSlug))
+	return resourceGithubEMUGroupMappingRead(d, meta)
+}
+
+func resourceGithubEMUGroupMappingDelete(d *schema.ResourceData, meta interface{}) error {
+	err := checkOrganization(meta)
+	if err != nil {
+		return err
+	}
+	client := meta.(*Owner).v3client
+	orgName := meta.(*Owner).name
+
+	teamSlug, ok := d.GetOk("team_slug")
+	if !ok {
+		return fmt.Errorf("could not parse team slug from provided value")
+	}
+
+	ctx := context.WithValue(context.Background(), ctxId, d.Id())
+
+	_, err = client.Teams.RemoveConnectedExternalGroup(ctx, orgName, teamSlug.(string))
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func getInt64FromInterface(val interface{}) (int64, error) {
+	var id64 int64
+	switch val := val.(type) {
+	case int64:
+		id64 = val
+	case int:
+		id64 = int64(val)
+	case string:
+		var err error
+		id64, err = strconv.ParseInt(val, 10, 64)
+		if err != nil {
+			return 0, fmt.Errorf("could not parse id from string: %v", err)
+		}
+	default:
+		return 0, fmt.Errorf("unexpected type converting to int64 from interface")
+	}
+	return id64, nil
+}
diff --git a/github/util.go b/github/util.go
@@ -20,7 +20,7 @@ const (
 
 func checkOrganization(meta interface{}) error {
 	if !meta.(*Owner).IsOrganization {
-		return fmt.Errorf("This resource can only be used in the context of an organization, %q is a user.", meta.(*Owner).name)
+		return fmt.Errorf("this resource can only be used in the context of an organization, %q is a user", meta.(*Owner).name)
 	}
 
 	return nil
diff --git a/go.sum b/go.sum
@@ -42,7 +42,6 @@ github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQ
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bombsimon/wsl/v3 v3.0.0 h1:w9f49xQatuaeTJFaNP4SpiWSR5vfT6IstPtM62JjcqA=
 github.com/bombsimon/wsl/v3 v3.0.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
-github.com/bradleyfalzon/ghinstallation/v2 v2.0.3/go.mod h1:tlgi+JWCXnKFx/Y4WtnDbZEINo31N5bcvnCoqieefmk=
 github.com/bradleyfalzon/ghinstallation/v2 v2.0.4/go.mod h1:B40qPqJxWE0jDZgOR1JmaMy+4AY1eBP+IByOvqyAKp0=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
@@ -158,7 +157,6 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
diff --git a/website/docs/r/emu_group_mapping.html.markdown b/website/docs/r/emu_group_mapping.html.markdown
@@ -0,0 +1,35 @@
+---
+layout: "github"
+page_title: "GitHub: github_emu_group_mapping"
+description: |-
+  Manages mappings between external groups for enterprise managed users.
+---
+
+# github_emu_group_mapping
+
+This resource manages mappings between external groups for enterprise managed users and GitHub teams. It wraps the API detailed [here](https://docs.github.com/en/rest/reference/teams#external-groups). Note that this is a distinct resource from `github_team_sync_group_mapping`. `github_emu_group_mapping` is special to the Enterprise Managed User (EMU) external group feature, whereas `github_team_sync_group_mapping` is specific to Identity Provider Groups.
+
+## Example Usage
+
+```hcl
+resource "github_emu_group_mapping" "example_emu_group_mapping" {
+  team_slug = "emu-test-team" # The GitHub team name to modify
+  group_id = 28836 # The group ID of the external group to link
+}
+
+# Note that here GITHUB_OWNER and GITHUB_TOKEN have been set in the environment.
+```
+
+## Argument Reference
+
+The following arguments are supported:
+* `team_slug` - (Required) Slug of the GitHub team
+* `group_id`  - (Required) Integer corresponding to the external group ID to be linked
+
+## Import
+
+GitHub EMU External Group Mappings can be imported using the external `group_id`, e.g.
+
+```
+$ terraform import github_emu_group_mapping.example_emu_group_mapping 28836
+```
diff --git a/website/github.erb b/website/github.erb
@@ -169,6 +169,9 @@
             <li>
               <a href="/docs/providers/github/r/team_sync_group_mapping.html">github_team_sync_group_mapping</a>
             </li>
+            <li>
+              <a href="/docs/providers/github/r/emu_group_mapping.html">github_emu_group_mapping</a>
+            </li>
             <li>
               <a href="/docs/providers/github/r/user_gpg_key.html">github_user_gpg_key</a>
             </li>

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ const (`
`20`	`20`
`21`	`21`	`func checkOrganization(meta interface{}) error {`
`22`	`22`	`if !meta.(*Owner).IsOrganization {`
`23`		`- return fmt.Errorf("This resource can only be used in the context of an organization, %q is a user.", meta.(*Owner).name)`
	`23`	`+ return fmt.Errorf("this resource can only be used in the context of an organization, %q is a user", meta.(*Owner).name)`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`return nil`