-
Notifications
You must be signed in to change notification settings - Fork 20
/
main.tf
60 lines (46 loc) · 2.53 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# ---------------------------------------------------------------------------------------------------------------------
# CREATE A GITHUB TEAM, TEAM MEMBERSHIPS AND ASSIGN THE TEAM TO REPOSITORIES WITH PERMISSIONS
#
# Create a Github team and add users as either members or maintainers. Users that aren't a member of the managed
# organization yet will receive an invite and hence not be part of the team before they accept the invitation and
# fulfill potential requirements such as enabled 2FA.
# This module also accepts a list of repositories to that the team can be added with "admin", "push", or "pull"
# permissions.
# ---------------------------------------------------------------------------------------------------------------------
resource "github_team" "team" {
count = var.module_enabled ? 1 : 0
name = var.name
description = var.description
privacy = var.privacy
parent_team_id = var.parent_team_id
ldap_dn = var.ldap_dn
create_default_maintainer = var.create_default_maintainer
depends_on = [var.module_depends_on]
}
locals {
maintainers = { for i in var.maintainers : lower(i) => { role = "maintainer", username = i } }
members = { for i in setsubtract(var.members, var.maintainers) : lower(i) => { role = "member", username = i } }
memberships = merge(local.maintainers, local.members)
}
resource "github_team_membership" "team_membership" {
for_each = var.module_enabled ? local.memberships : {}
team_id = try(github_team.team[0].id, null)
username = each.value.username
role = each.value.role
depends_on = [var.module_depends_on]
}
locals {
repo_admin = { for i in var.admin_repositories : lower(i) => { permission = "admin", repository = i } }
repo_maintain = { for i in var.maintain_repositories : lower(i) => { permission = "maintain", repository = i } }
repo_push = { for i in var.push_repositories : lower(i) => { permission = "push", repository = i } }
repo_triage = { for i in var.triage_repositories : lower(i) => { permission = "triage", repository = i } }
repo_pull = { for i in var.pull_repositories : lower(i) => { permission = "pull", repository = i } }
repositories = merge(local.repo_admin, local.repo_maintain, local.repo_push, local.repo_triage, local.repo_pull)
}
resource "github_team_repository" "team_repository" {
for_each = var.module_enabled ? local.repositories : {}
repository = each.value.repository
team_id = try(github_team.team[0].id, null)
permission = each.value.permission
depends_on = [var.module_depends_on]
}