Expose GitHub team ID

provider/cmd/pulumi-resource-pulumiservice/schema.json

@@ -454,7 +454,7 @@
           "type": "string"
         },
         "name": {
-          "description": "The team name.",
+          "description": "The team's name. Required for \"pulumi\" teams.",
           "type": "string"
         },
         "displayName": {
@@ -473,8 +473,12 @@
           }
         },
         "organizationName": {
-          "description": "The organization's name.",
+          "description": "The name of the Pulumi organization the team belongs to.",
           "type": "string"
+        },
+        "githubTeamId": {
+            "description": "The GitHub ID of the team to mirror. Must be in the same GitHub organization that the Pulumi org is backed by.",
+            "type": "number"
         }
       },
       "inputProperties": {
@@ -483,7 +487,7 @@
           "type": "string"
         },
         "name": {
-          "description": "The team name.",
+          "description": "The team's name. Required for \"pulumi\" teams.",
           "type": "string"
         },
         "displayName": {
@@ -502,11 +506,15 @@
           }
         },
         "organizationName": {
-          "description": "The organization's name.",
+          "description": "The name of the Pulumi organization the team belongs to.",
           "type": "string"
+        },
+        "githubTeamId": {
+            "description": "The GitHub ID of the team to mirror. Must be in the same GitHub organization that the Pulumi org is backed by.",
+            "type": "number"
         }
       },
-      "requiredInputs": ["name", "organizationName", "teamType"]
+      "requiredInputs": ["organizationName", "teamType"]
     },
     "pulumiservice:index:TeamAccessToken": {
       "description": "The Pulumi Cloud allows users to create access tokens scoped to team. Team access tokens is a resource to create them and assign them to a team",

provider/pkg/internal/pulumiapi/teams.go

@@ -4,7 +4,7 @@
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
-//     http://www.apache.org/licenses/LICENSE-2.0
+//	http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
@@ -46,6 +46,7 @@ type createTeamRequest struct {
 	Name         string `json:"name"`
 	DisplayName  string `json:"displayName"`
 	Description  string `json:"description"`
+	GitHubTeamID int64  `json:"githubTeamID,omitempty"`
 }
 
 type updateTeamRequest struct {
@@ -86,7 +87,6 @@ func (c *Client) ListTeams(ctx context.Context, orgName string) ([]Team, error)
 
 	var teamArray Teams
 	_, err := c.do(ctx, http.MethodGet, apiUrl, nil, &teamArray)
-
 	if err != nil {
 		return nil, fmt.Errorf("failed to list teams for %q: %w", orgName, err)
 	}
@@ -113,22 +113,22 @@ func (c *Client) GetTeam(ctx context.Context, orgName string, teamName string) (
 	return &team, nil
 }
 
-func (c *Client) CreateTeam(ctx context.Context, orgName, teamName, teamType, displayName, description string) (*Team, error) {
+func (c *Client) CreateTeam(ctx context.Context, orgName, teamName, teamType, displayName, description string, teamID int64) (*Team, error) {
+	teamtypeList := []string{"github", "pulumi"}
+	if !contains(teamtypeList, teamType) {
+		return nil, fmt.Errorf("teamtype must be one of %v, got %q", teamtypeList, teamType)
+	}
+
 	if len(orgName) == 0 {
 		return nil, errors.New("orgname must not be empty")
 	}
 
-	if len(teamName) == 0 {
+	if len(teamName) == 0 && teamType != "github" {
 		return nil, errors.New("teamname must not be empty")
 	}
 
-	if len(teamType) == 0 {
-		return nil, errors.New("teamtype must not be empty")
-	}
-
-	teamtypeList := []string{"github", "pulumi"}
-	if !contains(teamtypeList, teamType) {
-		return nil, fmt.Errorf("teamtype must be one of %v, got %q", teamtypeList, teamType)
+	if teamType == "github" && teamID == 0 {
+		return nil, errors.New("github teams require a githubTeamId")
 	}
 
 	apiPath := path.Join("orgs", orgName, "teams", teamType)
@@ -139,11 +139,11 @@ func (c *Client) CreateTeam(ctx context.Context, orgName, teamName, teamType, di
 		Name:         teamName,
 		DisplayName:  displayName,
 		Description:  description,
+		GitHubTeamID: teamID,
 	}
 
 	var team Team
 	_, err := c.do(ctx, http.MethodPost, apiPath, createReq, &team)
-
 	if err != nil {
 		return nil, fmt.Errorf("failed to create team: %w", err)
 	}
@@ -168,15 +168,13 @@ func (c *Client) UpdateTeam(ctx context.Context, orgName, teamName, displayName,
 	}
 
 	_, err := c.do(ctx, "PATCH", apiPath, updateReq, nil)
-
 	if err != nil {
 		return fmt.Errorf("failed to update team: %w", err)
 	}
 	return nil
 }
 
 func (c *Client) DeleteTeam(ctx context.Context, orgName, teamName string) error {
-
 	if len(orgName) == 0 {
 		return errors.New("orgname must not be empty")
 	}
@@ -220,7 +218,6 @@ func (c *Client) updateTeamMembership(ctx context.Context, orgName, teamName, us
 	}
 
 	_, err := c.do(ctx, http.MethodPatch, apiPath, updateMembershipReq, nil)
-
 	if err != nil {
 		return fmt.Errorf("failed to update team membership: %w", err)
 	}
@@ -266,7 +263,6 @@ func (c *Client) AddStackPermission(ctx context.Context, stack StackName, teamNa
 	}
 
 	_, err := c.do(ctx, http.MethodPatch, apiPath, addStackPermissionRequest, nil)
-
 	if err != nil {
 		return fmt.Errorf("failed to add stack permission for team: %w", err)
 	}
@@ -289,7 +285,6 @@ func (c *Client) RemoveStackPermission(ctx context.Context, stack StackName, tea
 	}
 
 	_, err := c.do(ctx, http.MethodPatch, apiPath, removeStackPermissionRequest, nil)
-
 	if err != nil {
 		return fmt.Errorf("failed to remove stack permission for team: %w", err)
 	}

provider/pkg/internal/pulumiapi/teams_test.go

@@ -98,41 +98,63 @@ func TestGetTeam(t *testing.T) {
 func TestCreateTeam(t *testing.T) {
 	orgName := "an-organization"
 	teamName := "a-team"
-	teamType := "pulumi"
 	displayName := "A Team"
 	description := "The A Team"
-	team := Team{
-		Type:        teamType,
-		Name:        teamName,
-		DisplayName: displayName,
-		Description: description,
-	}
-	t.Run("Happy Path", func(t *testing.T) {
+	t.Run("Happy Path (pulumi team)", func(t *testing.T) {
+		expected := Team{
+			Type:        "pulumi",
+			Name:        teamName,
+			DisplayName: displayName,
+			Description: description,
+		}
 		c, cleanup := startTestServer(t, testServerConfig{
 			ExpectedReqMethod: http.MethodPost,
 			ExpectedReqPath:   "/api/orgs/an-organization/teams/pulumi",
 			ExpectedReqBody: createTeamRequest{
 				Organization: orgName,
-				TeamType:     teamType,
+				TeamType:     "pulumi",
 				Name:         teamName,
 				DisplayName:  displayName,
 				Description:  description,
 			},
-			ResponseBody: team,
+			ResponseBody: expected,
 			ResponseCode: 201,
 		})
 		defer cleanup()
-		actualTeam, err := c.CreateTeam(ctx, orgName, teamName, teamType, displayName, description)
+		actualTeam, err := c.CreateTeam(ctx, orgName, teamName, "pulumi", displayName, description, 0)
 		assert.NoError(t, err)
-		assert.Equal(t, team, *actualTeam)
+		assert.Equal(t, expected, *actualTeam)
 	})
-	t.Run("Error", func(t *testing.T) {
+	t.Run("Happy Path (github team)", func(t *testing.T) {
+		expected := Team{
+			Type:        "github",
+			Name:        teamName,
+			DisplayName: displayName,
+			Description: description,
+		}
+		c, cleanup := startTestServer(t, testServerConfig{
+			ExpectedReqMethod: http.MethodPost,
+			ExpectedReqPath:   "/api/orgs/an-organization/teams/github",
+			ExpectedReqBody: createTeamRequest{
+				TeamType:     "github",
+				Organization: orgName,
+				GitHubTeamID: 1,
+			},
+			ResponseBody: expected,
+			ResponseCode: 201,
+		})
+		defer cleanup()
+		actualTeam, err := c.CreateTeam(ctx, orgName, "", "github", "", "", 1)
+		assert.NoError(t, err)
+		assert.Equal(t, expected, *actualTeam)
+	})
+	t.Run("Error (pulumi team)", func(t *testing.T) {
 		c, cleanup := startTestServer(t, testServerConfig{
 			ExpectedReqMethod: http.MethodPost,
 			ExpectedReqPath:   "/api/orgs/an-organization/teams/pulumi",
 			ExpectedReqBody: createTeamRequest{
 				Organization: orgName,
-				TeamType:     teamType,
+				TeamType:     "pulumi",
 				Name:         teamName,
 				DisplayName:  displayName,
 				Description:  description,
@@ -143,10 +165,34 @@ func TestCreateTeam(t *testing.T) {
 			},
 		})
 		defer cleanup()
-		team, err := c.CreateTeam(ctx, orgName, teamName, teamType, displayName, description)
+		team, err := c.CreateTeam(ctx, orgName, teamName, "pulumi", displayName, description, 0)
 		assert.Nil(t, team, "team should be nil since error was returned")
 		assert.EqualError(t, err, "failed to create team: 401 API error: unauthorized")
 	})
+	t.Run("Error (github team missing ID)", func(t *testing.T) {
+		c, cleanup := startTestServer(t, testServerConfig{})
+		defer cleanup()
+		_, err := c.CreateTeam(ctx, orgName, "", "github", "", "", 0)
+		assert.EqualError(t, err, "github teams require a githubTeamId")
+	})
+	t.Run("Error (invalid team type)", func(t *testing.T) {
+		c, cleanup := startTestServer(t, testServerConfig{})
+		defer cleanup()
+		_, err := c.CreateTeam(ctx, orgName, "", "foo", "", "", 0)
+		assert.EqualError(t, err, "teamtype must be one of [github pulumi], got \"foo\"")
+	})
+	t.Run("Error (invalid team name for pulumi team)", func(t *testing.T) {
+		c, cleanup := startTestServer(t, testServerConfig{})
+		defer cleanup()
+		_, err := c.CreateTeam(ctx, orgName, "", "pulumi", "", "", 0)
+		assert.EqualError(t, err, "teamname must not be empty")
+	})
+	t.Run("Error (missing org name)", func(t *testing.T) {
+		c, cleanup := startTestServer(t, testServerConfig{})
+		defer cleanup()
+		_, err := c.CreateTeam(ctx, "", "", "pulumi", "", "", 0)
+		assert.EqualError(t, err, "orgname must not be empty")
+	})
 }
 
 func TestAddMemberToTeam(t *testing.T) {
@@ -214,7 +260,6 @@ func TestAddStackPermission(t *testing.T) {
 	})
 }
 
-
 func TestRemoveStackPermission(t *testing.T) {
 	teamName := "a-team"
 	stack := StackName{

provider/pkg/provider/team.go

@@ -35,6 +35,7 @@ type PulumiServiceTeamInput struct {
 	Description      string
 	OrganizationName string
 	Members          []string
+	GitHubTeamID     int64
 }
 
 func (i *PulumiServiceTeamInput) ToPropertyMap() resource.PropertyMap {
@@ -45,6 +46,7 @@ func (i *PulumiServiceTeamInput) ToPropertyMap() resource.PropertyMap {
 	pm["description"] = resource.NewPropertyValue(i.Description)
 	pm["members"] = resource.NewPropertyValue(i.Members)
 	pm["organizationName"] = resource.NewPropertyValue(i.OrganizationName)
+	pm["githubTeamId"] = resource.NewPropertyValue(i.GitHubTeamID)
 	return pm
 }
 
@@ -85,6 +87,10 @@ func ToPulumiServiceTeamInput(inputMap resource.PropertyMap) PulumiServiceTeamIn
 		input.OrganizationName = inputMap["organizationName"].StringValue()
 	}
 
+	if inputMap["githubTeamId"].HasValue() && inputMap["githubTeamId"].IsNumber() {
+		input.GitHubTeamID = int64(inputMap["githubTeamId"].NumberValue())
+	}
+
 	return input
 }
 
@@ -138,7 +144,38 @@ func (t *PulumiServiceTeamResource) Diff(req *pulumirpc.DiffRequest) (*pulumirpc
 }
 
 func (t *PulumiServiceTeamResource) Read(req *pulumirpc.ReadRequest) (*pulumirpc.ReadResponse, error) {
-	return nil, errors.New("Read construct is not yet implemented")
+	ctx := context.Background()
+
+	orgName, teamName, err := splitSingleSlashString(req.Id)
+	if err != nil {
+		return nil, err
+	}
+
+	team, err := t.client.GetTeam(ctx, orgName, teamName)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read Team (%q): %w", req.Id, err)
+	}
+	if team == nil {
+		return &pulumirpc.ReadResponse{}, nil
+	}
+	inputs := PulumiServiceTeamInput{
+		Description:      team.Description,
+		DisplayName:      team.DisplayName,
+		Name:             team.Name,
+		Type:             team.Type,
+		OrganizationName: orgName,
+	}
+	for _, m := range team.Members {
+		inputs.Members = append(inputs.Members, m.GithubLogin)
+	}
+	props, err := plugin.MarshalProperties(inputs.ToPropertyMap(), plugin.MarshalOptions{})
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal inputs to properties: %w", err)
+	}
+	return &pulumirpc.ReadResponse{
+		Id:         req.Id,
+		Properties: props,
+	}, nil
 }
 
 func (t *PulumiServiceTeamResource) Update(req *pulumirpc.UpdateRequest) (*pulumirpc.UpdateResponse, error) {
@@ -164,7 +201,8 @@ func (t *PulumiServiceTeamResource) Update(req *pulumirpc.UpdateRequest) (*pulum
 		t.updateTeam(context.Background(), inputsChanged)
 	}
 
-	if !Equal(teamOld.Members, teamNew.Members) {
+	// github teams can't manage membership.
+	if !Equal(teamOld.Members, teamNew.Members) && teamNew.Type != "github" {
 		inputsChanged.Members = teamNew.Members
 		for _, usernameToDelete := range teamOld.Members {
 			if !InSlice(usernameToDelete, teamNew.Members) {
@@ -245,17 +283,16 @@ func (t *PulumiServiceTeamResource) updateTeam(ctx context.Context, input Pulumi
 }
 
 func (t *PulumiServiceTeamResource) createTeam(ctx context.Context, input PulumiServiceTeamInput) (*string, error) {
-	_, err := t.client.CreateTeam(ctx, input.OrganizationName, input.Name, input.Type, input.DisplayName, input.Description)
+	team, err := t.client.CreateTeam(ctx, input.OrganizationName, input.Name, input.Type, input.DisplayName, input.Description, input.GitHubTeamID)
 	if err != nil {
 		return nil, err
 	}
 
-	teamUrn := fmt.Sprintf("%s/%s", input.OrganizationName, input.Name)
+	teamUrn := fmt.Sprintf("%s/%s", input.OrganizationName, team.Name)
 	return &teamUrn, nil
 }
 
 func (t *PulumiServiceTeamResource) deleteFromTeam(ctx context.Context, orgName string, teamName string, userName string) error {
-
 	if len(orgName) == 0 {
 		return errors.New("orgname must not be empty")
 	}
@@ -269,7 +306,6 @@ func (t *PulumiServiceTeamResource) deleteFromTeam(ctx context.Context, orgName
 	}
 
 	return t.client.DeleteMemberFromTeam(ctx, orgName, teamName, userName)
-
 }
 
 func (t *PulumiServiceTeamResource) addToTeam(ctx context.Context, orgName string, teamName string, userName string) error {