feat: Support github_team_repository (#11)

* feat: enable github_team_repository resource

* remove cross variable validation

* chore: using use a composite key format

* chore: create local team_repository

* Add new variable to README.md

* Update README.md

* Update variables description

* Update variables in examples

---------

Co-authored-by: Alvaro Gonzalez <[email protected]>
Co-authored-by: Igor Rodionov <[email protected]>

Author: 3 people

README.md

@@ -205,7 +205,8 @@ Here is an example of using this module:
 | <a name="input_squash_merge_commit_title"></a> [squash\_merge\_commit\_title](#input\_squash\_merge\_commit\_title) | Squash merge commit title. Must be PR\_TITLE or COMMIT\_OR\_PR\_TITLE. | `string` | `"PR_TITLE"` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br/>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
-| <a name="input_teams"></a> [teams](#input\_teams) | A map of teams and their permissions for the repository | `map(string)` | `{}` | no |
+| <a name="input_teams"></a> [teams](#input\_teams) | A map of teams and their permissions for the repository. This will create github_repository_collaborators resources for each team. | `map(string)` | `{}` | no |
+| <a name="input_team_repository"></a> [team_repository](#input\_team_repository) | A map of permissions and their teams for the repository. This will create github_team_repository resources for each team. Format: { permission = [list of teams] } | `map(list(string))` | `{}` | no |
 | <a name="input_template"></a> [template](#input\_template) | Template repository | <pre>object({<br/>    owner                = string<br/>    name                 = string<br/>    include_all_branches = optional(bool, false)<br/>  })</pre> | `null` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
 | <a name="input_topics"></a> [topics](#input\_topics) | List of repository topics | `list(string)` | `[]` | no |

examples/complete/main.tf

@@ -55,14 +55,15 @@ module "example" {
   custom_properties = var.custom_properties
   environments      = var.environments
 
-  variables   = var.variables
-  secrets     = var.secrets
-  deploy_keys = var.deploy_keys
-  webhooks    = var.webhooks
-  labels      = var.labels
-  teams       = var.teams
-  users       = var.users
-  rulesets    = var.rulesets
+  variables       = var.variables
+  secrets         = var.secrets
+  deploy_keys     = var.deploy_keys
+  webhooks        = var.webhooks
+  labels          = var.labels
+  teams           = var.teams
+  team_repository = var.team_repository
+  users           = var.users
+  rulesets        = var.rulesets
 
 }
 

examples/complete/variables.tf

@@ -402,12 +402,24 @@ variable "labels" {
 }
 
 variable "teams" {
-  description = "A map of teams and their permissions for the repository"
+  description = "A map of teams and their permissions for the repository. This will create github_repository_collaborators resources for each team "
   type        = map(string)
   default     = {}
   nullable    = false
 }
 
+variable "team_repository" {
+  description = "A map of permissions and their teams for the repository. This will create github_team_repository resources for each team. Format: { permission = [list of teams] }"
+  type        = map(list(string))
+  default     = {}
+  nullable    = false
+
+  validation {
+    condition     = alltrue([for permission, teams in var.team_repository : contains(["pull", "triage", "push", "maintain", "admin"], permission)])
+    error_message = "Team repository permissions must be one of: pull, triage, push, maintain, admin"
+  }
+}
+
 variable "users" {
   description = "A map of users and their permissions for the repository"
   type        = map(string)

examples/minimum/main.tf

@@ -53,12 +53,13 @@ module "example" {
   custom_properties = var.custom_properties
   environments      = var.environments
 
-  variables   = var.variables
-  secrets     = var.secrets
-  deploy_keys = var.deploy_keys
-  webhooks    = var.webhooks
-  labels      = var.labels
-  teams       = var.teams
-  users       = var.users
-  rulesets    = var.rulesets
+  variables       = var.variables
+  secrets         = var.secrets
+  deploy_keys     = var.deploy_keys
+  webhooks        = var.webhooks
+  labels          = var.labels
+  teams           = var.teams
+  team_repository = var.team_repository
+  users           = var.users
+  rulesets        = var.rulesets
 }

examples/minimum/variables.tf

@@ -377,12 +377,24 @@ variable "labels" {
 }
 
 variable "teams" {
-  description = "A map of teams and their permissions for the repository"
+  description = "A map of teams and their permissions for the repository. This will create github_repository_collaborators resources for each team "
   type        = map(string)
   default     = {}
   nullable    = false
 }
 
+variable "team_repository" {
+  description = "A map of permissions and their teams for the repository. This will create github_team_repository resources for each team. Format: { permission = [list of teams] }"
+  type        = map(list(string))
+  default     = {}
+  nullable    = false
+
+  validation {
+    condition     = alltrue([for permission, teams in var.team_repository : contains(["pull", "triage", "push", "maintain", "admin"], permission)])
+    error_message = "Team repository permissions must be one of: pull, triage, push, maintain, admin"
+  }
+}
+
 variable "users" {
   description = "A map of users and their permissions for the repository"
   type        = map(string)

main.tf

@@ -377,6 +377,25 @@ resource "github_repository_collaborators" "default" {
   }
 }
 
+locals {
+  team_repository = merge([
+    for permission, teams in var.team_repository : {
+      for team in teams : "${team}_${permission}" => {
+        team_id    = team
+        permission = permission
+      }
+    }
+  ]...)
+}
+
+resource "github_team_repository" "default" {
+  for_each = module.this.enabled && length(var.teams) == 0 && length(var.team_repository) > 0 ? local.team_repository : {}
+
+  repository = join("", github_repository.default[*].name)
+  team_id    = each.value.team_id
+  permission = each.value.permission
+}
+
 locals {
   organization_roles_map = {
     "maintain" = "2"

variables.tf

@@ -408,12 +408,24 @@ variable "labels" {
 }
 
 variable "teams" {
-  description = "A map of teams and their permissions for the repository"
+  description = "A map of teams and their permissions for the repository. This will create github_repository_collaborators resources for each team "
   type        = map(string)
   default     = {}
   nullable    = false
 }
 
+variable "team_repository" {
+  description = "A map of permissions and their teams for the repository. This will create github_team_repository resources for each team. Format: { permission = [list of teams] }"
+  type        = map(list(string))
+  default     = {}
+  nullable    = false
+
+  validation {
+    condition     = alltrue([for permission, teams in var.team_repository : contains(["pull", "triage", "push", "maintain", "admin"], permission)])
+    error_message = "Team repository permissions must be one of: pull, triage, push, maintain, admin"
+  }
+}
+
 variable "users" {
   description = "A map of users and their permissions for the repository"
   type        = map(string)