kapicorp
diff --git a/‎terraform/common.py‎
Lines changed: 30 additions & 2 deletions b/‎terraform/common.py‎
Lines changed: 30 additions & 2 deletions
diff --git a/‎terraform/github.py‎
Lines changed: 57 additions & 0 deletions b/‎terraform/github.py‎
Lines changed: 57 additions & 0 deletions
@@ -4,6 +4,7 @@
 from enum import StrEnum, auto
 
 from kapitan.inputs.kadet import Dict, load_from_search_paths
+from kapitan.utils import prune_empty
 from pydantic import field_validator
 
 kgenlib = load_from_search_paths("kgenlib")
@@ -12,6 +13,10 @@
 TERRAFORM_DISALLOWED_CHARS_REGEX = r"[^a-zA-Z\.\-\_\@]"
 
 
+def tf_id(*id_chunks: str) -> str:
+    return "_".join(cleanup_terraform_resource_id(i) for i in id_chunks if i.strip())
+
+
 def cleanup_terraform_resource_id(resource_id: str) -> str:
     """
     Some characters can't be used inside of a terraform resource.
@@ -36,6 +41,15 @@ class TerraformBlockTypes(StrEnum):
     RESOURCE = auto()
     TERRAFORM = auto()
     VARIABLE = auto()
+    MODULE = auto()
+
+
+def sortedDeep(d):
+    if isinstance(d, list):
+        return [sortedDeep(v) for v in d]
+    if isinstance(d, (dict, Dict)):
+        return {k: sortedDeep(d[k]) for k in sorted(d)}
+    return d
 
 
 class TerraformStore(kgenlib.BaseStore):
@@ -50,10 +64,13 @@ def dump(self, output_filename=None):
                 output_format = getattr(content, "filename", "output.tf.json")
 
             filename = output_format.format(content=content)
+            if content.prune:
+                content.root = Dict(prune_empty(content.root))
             self.root.setdefault(filename, Dict()).merge_update(
                 content.root, box_merge_lists="extend"
             )
 
+        self.root = Dict(sortedDeep(self.root))
         return super().dump(already_processed=True)
 
 
@@ -69,7 +86,7 @@ class TerraformBlock(kgenlib.BaseContent):
     def name_must_valid_terraform_id(cls, v):
         allowed = set(string.ascii_letters + string.digits + "_-")
         if not set(v) <= allowed:
-            raise ValueError(f"Invalid character in terraform id: {v}")
+            v = cleanup_terraform_resource_id(v)
         return v
 
     def new(self):
@@ -152,12 +169,14 @@ def get_reference(
 
 class TerraformResource(TerraformBlock):
     block_type: TerraformBlockTypes = TerraformBlockTypes.RESOURCE
+    prune: bool = True
 
     def body(self):
         # We pop/purge them because these are internal kapitan instructions
         self.moved_from(self.config.pop("moved_from", None))
         self.import_from(self.config.pop("import_from", None))
-
+        kapitan_metadata = self.config.pop("_kapitan_", {})
+        self.prune = kapitan_metadata.get("prune", self.prune)
         super().body()
 
     def import_from(self, import_id: str = None):
@@ -189,6 +208,15 @@ def body(self):
                 self.set_local(name, value)
 
 
+class TerraformModule(TerraformBlock):
+    block_type: TerraformBlockTypes = TerraformBlockTypes.MODULE
+
+    def body(self):
+        config = self.config
+        id = config.get("id", self.id)
+        self.root.module.setdefault(id, config)
+
+
 class TerraformData(TerraformBlock):
     block_type: TerraformBlockTypes = TerraformBlockTypes.DATA
 
 
@@ -18,6 +18,9 @@ def body(self):
         tag_protection_config = config.pop("tag_protection", {})
         deploy_keys_config = config.pop("deploy_keys", {})
         ruleset_config = config.pop("repository_ruleset", {})
+        actions_config = config.pop("actions", {})
+        access_permissions_config = config.pop("permissions", {})
+        autolink_references_config = config.pop("autolink", {})
 
         resource_name = self.name
         logger.debug(f"Processing github_repository {resource_name}")
@@ -43,6 +46,9 @@ def body(self):
             branch_protection.filename = "github_branch_protection.tf"
             branch_protection.set(branch_protection.config)
             branch_protection.add("repository_id", repository.get_reference("node_id"))
+            branch_protection.set(
+                {"pattern": branches_name}
+            )  # Ensures the pattern is unique to the branch name and doesn't default to `main`
             self.add(branch_protection)
 
         for rule_name, tag_pattern in tag_protection_config.items():
@@ -84,3 +90,54 @@ def body(self):
             repository_ruleset.filename = "github_repository_ruleset.tf"
             repository_ruleset.set(repository_ruleset.config)
             self.add(repository_ruleset)
+
+        if actions_config.get("access_level") is not None:
+            gha_actions_access = TerraformResource(
+                id=f"{resource_id}_actions_access",
+                type="github_actions_repository_access_level",
+                config={
+                    "repository": repository.get_reference("name"),
+                    "access_level": actions_config.get("access_level"),
+                },
+            )
+            gha_actions_access.filename = "github_repository_actions.tf"
+            gha_actions_access.set(gha_actions_access.config)
+            gha_actions_access.add("repository", repository.get_reference("name"))
+            self.add(gha_actions_access)
+
+        for permission_type, permission_config in access_permissions_config.items():
+            logger.debug(f"Processing permissions for {resource_name}")
+            for entity, permission in permission_config.items():
+                if permission_type == "team":
+                    config = {"team_id": f"{entity}", "permission": f"{permission}"}
+                else:
+                    config = {"username": f"{entity}", "permission": f"{permission}"}
+                repository_collaborators = TerraformResource(
+                    id=f"{resource_name}_access_permissions".replace(".", ""),
+                    type="github_repository_collaborators",
+                    config=config,
+                )
+                repository_collaborators.filename = "github_repository_collaborators.tf"
+                repository_collaborators.add(
+                    "repository", repository.get_reference("name")
+                )
+                repository_collaborators.add(
+                    permission_type, [repository_collaborators.config]
+                )
+                self.add(repository_collaborators)
+
+        for key_prefix, target_url in autolink_references_config.items():
+            logger.debug(f"Processing autolink referneces for {resource_name}")
+            config = {
+                "key_prefix": f"{key_prefix}-",
+                "target_url_template": f"{target_url}",
+            }
+            autolink_references = TerraformResource(
+                id=f"{key_prefix}".replace(".", ""),
+                type="github_repository_autolink_reference",
+                config=config,
+            )
+            autolink_references.filename = "github_repository_autolink_reference.tf"
+            autolink_references.set(autolink_references.config)
+            autolink_references.add("repository", repository.get_reference("name"))
+            self.add(autolink_references)