feat: Add custom property to oidc token

Author: gogoyan11

github/data_source_github_actions_organization_oidc_custom_property_inclusions.go

@@ -0,0 +1,52 @@
+package github
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceGithubActionsOrganizationOIDCCustomPropertyInclusions() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceGithubActionsOrganizationOIDCCustomPropertyInclusionsRead,
+
+		Schema: map[string]*schema.Schema{
+			"custom_property_names": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "A list of custom property names included in the OIDC token.",
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+	}
+}
+
+func dataSourceGithubActionsOrganizationOIDCCustomPropertyInclusionsRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+	client := meta.(*Owner).v3client
+	orgName := meta.(*Owner).name
+
+	err := checkOrganization(meta)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	inclusions, err := listOrgOIDCCustomPropertyInclusions(ctx, client, orgName)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	propertyNames := make([]string, len(inclusions))
+	for i, inclusion := range inclusions {
+		propertyNames[i] = inclusion.PropertyName
+	}
+
+	d.SetId(orgName)
+	if err := d.Set("custom_property_names", propertyNames); err != nil {
+		return diag.FromErr(err)
+	}
+
+	return nil
+}

github/provider.go

@@ -137,6 +137,7 @@ func Provider() *schema.Provider {
 			"github_actions_environment_secret":                                     resourceGithubActionsEnvironmentSecret(),
 			"github_actions_environment_variable":                                   resourceGithubActionsEnvironmentVariable(),
 			"github_actions_organization_oidc_subject_claim_customization_template": resourceGithubActionsOrganizationOIDCSubjectClaimCustomizationTemplate(),
+			"github_actions_organization_oidc_custom_property_inclusion":            resourceGithubActionsOrganizationOIDCCustomPropertyInclusion(),
 			"github_actions_organization_permissions":                               resourceGithubActionsOrganizationPermissions(),
 			"github_actions_organization_secret":                                    resourceGithubActionsOrganizationSecret(),
 			"github_actions_organization_secret_repositories":                       resourceGithubActionsOrganizationSecretRepositories(),
@@ -225,6 +226,7 @@ func Provider() *schema.Provider {
 			"github_actions_environment_secrets":                                    dataSourceGithubActionsEnvironmentSecrets(),
 			"github_actions_environment_variables":                                  dataSourceGithubActionsEnvironmentVariables(),
 			"github_actions_organization_oidc_subject_claim_customization_template": dataSourceGithubActionsOrganizationOIDCSubjectClaimCustomizationTemplate(),
+			"github_actions_organization_oidc_custom_property_inclusions":           dataSourceGithubActionsOrganizationOIDCCustomPropertyInclusions(),
 			"github_actions_organization_public_key":                                dataSourceGithubActionsOrganizationPublicKey(),
 			"github_actions_organization_registration_token":                        dataSourceGithubActionsOrganizationRegistrationToken(),
 			"github_actions_organization_secrets":                                   dataSourceGithubActionsOrganizationSecrets(),

github/resource_github_actions_organization_oidc_custom_property_inclusion.go

@@ -0,0 +1,146 @@
+package github
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/google/go-github/v84/github"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func resourceGithubActionsOrganizationOIDCCustomPropertyInclusion() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceGithubActionsOrganizationOIDCCustomPropertyInclusionCreate,
+		Read:   resourceGithubActionsOrganizationOIDCCustomPropertyInclusionRead,
+		Delete: resourceGithubActionsOrganizationOIDCCustomPropertyInclusionDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"custom_property_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The name of the custom property to include in the OIDC token.",
+			},
+		},
+	}
+}
+
+func resourceGithubActionsOrganizationOIDCCustomPropertyInclusionCreate(d *schema.ResourceData, meta any) error {
+	client := meta.(*Owner).v3client
+	orgName := meta.(*Owner).name
+	ctx := context.Background()
+
+	err := checkOrganization(meta)
+	if err != nil {
+		return err
+	}
+
+	customPropertyName := d.Get("custom_property_name").(string)
+
+	body := map[string]string{
+		"custom_property_name": customPropertyName,
+	}
+
+	req, err := client.NewRequest("POST", fmt.Sprintf("orgs/%s/actions/oidc/customization/properties/repo", orgName), body)
+	if err != nil {
+		return fmt.Errorf("error creating request to add OIDC custom property inclusion: %w", err)
+	}
+
+	_, err = client.Do(ctx, req, nil)
+	if err != nil {
+		return fmt.Errorf("error adding OIDC custom property inclusion %q for organization %q: %w", customPropertyName, orgName, err)
+	}
+
+	d.SetId(buildTwoPartID(orgName, customPropertyName))
+
+	return resourceGithubActionsOrganizationOIDCCustomPropertyInclusionRead(d, meta)
+}
+
+func resourceGithubActionsOrganizationOIDCCustomPropertyInclusionRead(d *schema.ResourceData, meta any) error {
+	client := meta.(*Owner).v3client
+	ctx := context.Background()
+
+	orgName, customPropertyName, err := parseTwoPartID(d.Id(), "organization", "custom_property_name")
+	if err != nil {
+		return err
+	}
+
+	err = checkOrganization(meta)
+	if err != nil {
+		return err
+	}
+
+	inclusions, err := listOrgOIDCCustomPropertyInclusions(ctx, client, orgName)
+	if err != nil {
+		return fmt.Errorf("error reading OIDC custom property inclusions for organization %q: %w", orgName, err)
+	}
+
+	found := false
+	for _, inclusion := range inclusions {
+		if inclusion.PropertyName == customPropertyName {
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		d.SetId("")
+		return nil
+	}
+
+	if err := d.Set("custom_property_name", customPropertyName); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func resourceGithubActionsOrganizationOIDCCustomPropertyInclusionDelete(d *schema.ResourceData, meta any) error {
+	client := meta.(*Owner).v3client
+	ctx := context.Background()
+
+	orgName, customPropertyName, err := parseTwoPartID(d.Id(), "organization", "custom_property_name")
+	if err != nil {
+		return err
+	}
+
+	err = checkOrganization(meta)
+	if err != nil {
+		return err
+	}
+
+	req, err := client.NewRequest("DELETE", fmt.Sprintf("orgs/%s/actions/oidc/customization/properties/repo/%s", orgName, customPropertyName), nil)
+	if err != nil {
+		return fmt.Errorf("error creating request to delete OIDC custom property inclusion: %w", err)
+	}
+
+	_, err = client.Do(ctx, req, nil)
+	if err != nil {
+		return fmt.Errorf("error deleting OIDC custom property inclusion %q for organization %q: %w", customPropertyName, orgName, err)
+	}
+
+	return nil
+}
+
+// OIDCCustomPropertyInclusion represents a custom property included in OIDC tokens.
+type OIDCCustomPropertyInclusion struct {
+	PropertyName string `json:"property_name"`
+}
+
+// listOrgOIDCCustomPropertyInclusions lists all custom properties included in OIDC tokens for an organization.
+func listOrgOIDCCustomPropertyInclusions(ctx context.Context, client *github.Client, orgName string) ([]*OIDCCustomPropertyInclusion, error) {
+	req, err := client.NewRequest("GET", fmt.Sprintf("orgs/%s/actions/oidc/customization/properties/repo", orgName), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var inclusions []*OIDCCustomPropertyInclusion
+	_, err = client.Do(ctx, req, &inclusions)
+	if err != nil {
+		return nil, err
+	}
+
+	return inclusions, nil
+}

github/resource_github_actions_organization_oidc_custom_property_inclusion_test.go

@@ -0,0 +1,126 @@
+package github
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccGithubActionsOrganizationOIDCCustomPropertyInclusion(t *testing.T) {
+	t.Run("creates and deletes an OIDC custom property inclusion without error", func(t *testing.T) {
+		config := `
+		resource "github_actions_organization_oidc_custom_property_inclusion" "test" {
+			custom_property_name = "environment"
+		}`
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr(
+				"github_actions_organization_oidc_custom_property_inclusion.test",
+				"custom_property_name", "environment",
+			),
+		)
+		resource.Test(t, resource.TestCase{
+			PreCheck:          func() { skipUnlessHasOrgs(t) },
+			ProviderFactories: providerFactories,
+			Steps: []resource.TestStep{
+				{
+					Config: config,
+					Check:  check,
+				},
+			},
+		})
+	})
+
+	t.Run("imports an OIDC custom property inclusion without error", func(t *testing.T) {
+		config := `
+		resource "github_actions_organization_oidc_custom_property_inclusion" "test" {
+			custom_property_name = "environment"
+		}`
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr(
+				"github_actions_organization_oidc_custom_property_inclusion.test",
+				"custom_property_name", "environment",
+			),
+		)
+
+		resource.Test(t, resource.TestCase{
+			PreCheck:          func() { skipUnlessHasOrgs(t) },
+			ProviderFactories: providerFactories,
+			Steps: []resource.TestStep{
+				{
+					Config: config,
+					Check:  check,
+				},
+				{
+					ResourceName:      "github_actions_organization_oidc_custom_property_inclusion.test",
+					ImportState:       true,
+					ImportStateVerify: true,
+				},
+			},
+		})
+	})
+
+	t.Run("manages multiple OIDC custom property inclusions", func(t *testing.T) {
+		config := `
+		resource "github_actions_organization_oidc_custom_property_inclusion" "env" {
+			custom_property_name = "environment"
+		}
+
+		resource "github_actions_organization_oidc_custom_property_inclusion" "team" {
+			custom_property_name = "team"
+		}`
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr(
+				"github_actions_organization_oidc_custom_property_inclusion.env",
+				"custom_property_name", "environment",
+			),
+			resource.TestCheckResourceAttr(
+				"github_actions_organization_oidc_custom_property_inclusion.team",
+				"custom_property_name", "team",
+			),
+		)
+
+		resource.Test(t, resource.TestCase{
+			PreCheck:          func() { skipUnlessHasOrgs(t) },
+			ProviderFactories: providerFactories,
+			Steps: []resource.TestStep{
+				{
+					Config: config,
+					Check:  check,
+				},
+			},
+		})
+	})
+}
+
+func TestAccGithubActionsOrganizationOIDCCustomPropertyInclusionsDataSource(t *testing.T) {
+	t.Run("reads OIDC custom property inclusions without error", func(t *testing.T) {
+		config := `
+		resource "github_actions_organization_oidc_custom_property_inclusion" "test" {
+			custom_property_name = "environment"
+		}
+
+		data "github_actions_organization_oidc_custom_property_inclusions" "test" {
+			depends_on = [github_actions_organization_oidc_custom_property_inclusion.test]
+		}`
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttrSet(
+				"data.github_actions_organization_oidc_custom_property_inclusions.test",
+				"custom_property_names.#",
+			),
+		)
+		resource.Test(t, resource.TestCase{
+			PreCheck:          func() { skipUnlessHasOrgs(t) },
+			ProviderFactories: providerFactories,
+			Steps: []resource.TestStep{
+				{
+					Config: config,
+					Check:  check,
+				},
+			},
+		})
+	})
+}

website/docs/d/actions_organization_oidc_custom_property_inclusions.html.markdown

@@ -0,0 +1,29 @@
+---
+layout: "github"
+page_title: "GitHub: github_actions_organization_oidc_custom_property_inclusions"
+description: |-
+  Lists the repository custom properties included in OIDC tokens for a GitHub organization
+---
+
+# github_actions_organization_oidc_custom_property_inclusions
+
+Use this data source to retrieve the list of repository custom properties that are included in the OIDC token for
+repository actions in a GitHub organization.
+
+## Example Usage
+
+```hcl
+data "github_actions_organization_oidc_custom_property_inclusions" "example" {}
+
+output "included_properties" {
+  value = data.github_actions_organization_oidc_custom_property_inclusions.example.custom_property_names
+}
+```
+
+## Argument Reference
+
+This data source has no required arguments.
+
+## Attributes Reference
+
+* `custom_property_names` - A list of custom property names that are included in the OIDC token.