refactor(ruleset): simplify validation logic and enhance conditions requirements for repository rulesets

Author: Ravio1i

github/resource_github_enterprise_ruleset.go

@@ -162,11 +162,11 @@ func resourceGithubEnterpriseRuleset() *schema.Resource {
 							},
 						},
 						"repository_name": {
-							Type:          schema.TypeList,
-							Optional:      true,
-							MaxItems:      1,
-							Description:   "Conditions for repository names that the ruleset targets. Conflicts with `repository_id` and `repository_property`.",
-							ConflictsWith: []string{"conditions.0.repository_id", "conditions.0.repository_property"},
+							Type:         schema.TypeList,
+							Optional:     true,
+							MaxItems:     1,
+							Description:  "Conditions for repository names that the ruleset targets. Exactly one of `repository_name`, `repository_id`, or `repository_property` must be set.",
+							ExactlyOneOf: []string{"conditions.0.repository_name", "conditions.0.repository_id", "conditions.0.repository_property"},
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"include": {
@@ -195,20 +195,20 @@ func resourceGithubEnterpriseRuleset() *schema.Resource {
 							},
 						},
 						"repository_id": {
-							Type:          schema.TypeList,
-							Optional:      true,
-							ConflictsWith: []string{"conditions.0.repository_name", "conditions.0.repository_property"},
-							Description:   "The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass. Conflicts with `repository_name` and `repository_property`.",
+							Type:         schema.TypeList,
+							Optional:     true,
+							ExactlyOneOf: []string{"conditions.0.repository_name", "conditions.0.repository_id", "conditions.0.repository_property"},
+							Description:  "The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass. Exactly one of `repository_name`, `repository_id`, or `repository_property` must be set.",
 							Elem: &schema.Schema{
 								Type: schema.TypeInt,
 							},
 						},
 						"repository_property": {
-							Type:          schema.TypeList,
-							Optional:      true,
-							MaxItems:      1,
-							Description:   "Conditions based on repository properties. Conflicts with `repository_name` and `repository_id`.",
-							ConflictsWith: []string{"conditions.0.repository_name", "conditions.0.repository_id"},
+							Type:         schema.TypeList,
+							Optional:     true,
+							MaxItems:     1,
+							Description:  "Conditions based on repository properties. Exactly one of `repository_name`, `repository_id`, or `repository_property` must be set.",
+							ExactlyOneOf: []string{"conditions.0.repository_name", "conditions.0.repository_id", "conditions.0.repository_property"},
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"include": {
@@ -878,9 +878,6 @@ func resourceGithubEnterpriseRulesetRead(ctx context.Context, d *schema.Resource
 		return diag.FromErr(err)
 	}
 
-	if err := d.Set("ruleset_id", ruleset.ID); err != nil {
-		return diag.FromErr(err)
-	}
 	if err := d.Set("name", ruleset.Name); err != nil {
 		return diag.FromErr(err)
 	}

github/resource_github_organization_ruleset.go

@@ -952,7 +952,7 @@ func resourceGithubOrganizationRulesetImport(ctx context.Context, d *schema.Reso
 }
 
 func resourceGithubOrganizationRulesetDiff(ctx context.Context, d *schema.ResourceDiff, _ any) error {
-	err := validateRulesetConditions(ctx, d, true)
+	err := validateRulesetConditions(ctx, d)
 	if err != nil {
 		return err
 	}

github/resource_github_repository_ruleset.go

@@ -884,7 +884,7 @@ func resourceGithubRepositoryRulesetImport(ctx context.Context, d *schema.Resour
 }
 
 func resourceGithubRepositoryRulesetDiff(ctx context.Context, d *schema.ResourceDiff, meta any) error {
-	err := validateRulesetConditions(ctx, d, false)
+	err := validateRulesetConditions(ctx, d)
 	if err != nil {
 		return err
 	}

github/util_ruleset_validation.go

@@ -129,7 +129,7 @@ func validateRules(ctx context.Context, d *schema.ResourceDiff, allowedRules []g
 	return nil
 }
 
-func validateRulesetConditions(ctx context.Context, d *schema.ResourceDiff, isOrg bool) error {
+func validateRulesetConditions(ctx context.Context, d *schema.ResourceDiff) error {
 	target := github.RulesetTarget(d.Get("target").(string))
 	tflog.Debug(ctx, "Validating conditions field based on target", map[string]any{"target": target})
 	conditionsRaw := d.Get("conditions").([]any)
@@ -143,7 +143,7 @@ func validateRulesetConditions(ctx context.Context, d *schema.ResourceDiff, isOr
 
 	switch target {
 	case github.RulesetTargetBranch, github.RulesetTargetTag:
-		return validateConditionsFieldForBranchAndTagTargets(ctx, target, conditions, isOrg)
+		return validateConditionsFieldForBranchAndTagTargets(ctx, target, conditions)
 	case github.RulesetTargetPush:
 		return validateConditionsFieldForPushTarget(ctx, conditions)
 	}
@@ -163,24 +163,14 @@ func validateRulesetRules(ctx context.Context, d *schema.ResourceDiff) error {
 	return validateRulesForTarget(ctx, d)
 }
 
-func validateConditionsFieldForBranchAndTagTargets(ctx context.Context, target github.RulesetTarget, conditions map[string]any, isOrg bool) error {
-	tflog.Debug(ctx, fmt.Sprintf("Validating conditions field for %s target", target), map[string]any{"target": target, "conditions": conditions, "isOrg": isOrg})
+func validateConditionsFieldForBranchAndTagTargets(ctx context.Context, target github.RulesetTarget, conditions map[string]any) error {
+	tflog.Debug(ctx, fmt.Sprintf("Validating conditions field for %s target", target), map[string]any{"target": target, "conditions": conditions})
 
 	if conditions["ref_name"] == nil || len(conditions["ref_name"].([]any)) == 0 {
 		tflog.Debug(ctx, fmt.Sprintf("Missing ref_name for %s target", target), map[string]any{"target": target})
 		return fmt.Errorf("ref_name must be set for %s target", target)
 	}
 
-	// Repository rulesets don't have repository_name or repository_id, only org rulesets do.
-	if isOrg {
-		hasRepoName := conditions["repository_name"] != nil && len(conditions["repository_name"].([]any)) != 0
-		hasRepoID := conditions["repository_id"] != nil && len(conditions["repository_id"].([]any)) != 0
-		hasRepoProp := conditions["repository_property"] != nil && len(conditions["repository_property"].([]any)) != 0
-		if !hasRepoName && !hasRepoID && !hasRepoProp {
-			tflog.Debug(ctx, fmt.Sprintf("Missing repository_name, repository_id, or repository_property for %s target", target), map[string]any{"target": target})
-			return fmt.Errorf("either repository_name, repository_id, or repository_property must be set for %s target", target)
-		}
-	}
 	tflog.Debug(ctx, fmt.Sprintf("Conditions validation passed for %s target", target))
 	return nil
 }

github/util_ruleset_validation_test.go

@@ -114,7 +114,7 @@ func Test_validateRepositoryRulesetConditionsFieldForBranchAndTagTargets(t *test
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err := validateConditionsFieldForBranchAndTagTargets(t.Context(), tt.target, tt.conditions, false)
+			err := validateConditionsFieldForBranchAndTagTargets(t.Context(), tt.target, tt.conditions)
 			if tt.expectError {
 				if err == nil {
 					t.Errorf("expected error but got nil")
@@ -130,7 +130,7 @@ func Test_validateRepositoryRulesetConditionsFieldForBranchAndTagTargets(t *test
 	}
 }
 
-func Test_validateConditionsFieldForBranchAndTagTargets(t *testing.T) {
+func Test_validateConditionsFieldForBranchAndTagTargets_OrgLevel(t *testing.T) {
 	tests := []struct {
 		name        string
 		target      github.RulesetTarget
@@ -165,42 +165,11 @@ func Test_validateConditionsFieldForBranchAndTagTargets(t *testing.T) {
 			expectError: true,
 			errorMsg:    "ref_name must be set for branch target",
 		},
-		{
-			name:   "invalid branch target without repository_name or repository_id",
-			target: github.RulesetTargetBranch,
-			conditions: map[string]any{
-				"ref_name": []any{map[string]any{"include": []any{"~DEFAULT_BRANCH"}, "exclude": []any{}}},
-			},
-			expectError: true,
-			errorMsg:    "either repository_name or repository_id must be set for branch target",
-		},
-		{
-			name:   "invalid tag target with nil repository_name and repository_id",
-			target: github.RulesetTargetTag,
-			conditions: map[string]any{
-				"ref_name":        []any{map[string]any{"include": []any{"v*"}, "exclude": []any{}}},
-				"repository_name": nil,
-				"repository_id":   nil,
-			},
-			expectError: true,
-			errorMsg:    "either repository_name or repository_id must be set for tag target",
-		},
-		{
-			name:   "invalid branch target with empty repository_name and repository_id slices",
-			target: github.RulesetTargetBranch,
-			conditions: map[string]any{
-				"ref_name":        []any{map[string]any{"include": []any{"~DEFAULT_BRANCH"}, "exclude": []any{}}},
-				"repository_name": []any{},
-				"repository_id":   []any{},
-			},
-			expectError: true,
-			errorMsg:    "either repository_name or repository_id must be set for branch target",
-		},
 	}
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err := validateConditionsFieldForBranchAndTagTargets(t.Context(), tt.target, tt.conditions, true)
+			err := validateConditionsFieldForBranchAndTagTargets(t.Context(), tt.target, tt.conditions)
 			if tt.expectError {
 				if err == nil {
 					t.Errorf("expected error but got nil")