Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

r/github_branch_protection: check invalid users #158

Merged
merged 1 commit into from
Jul 16, 2019
Merged

r/github_branch_protection: check invalid users #158

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 42 additions & 2 deletions github/resource_github_branch_protection.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"fmt"
"log"
"net/http"
"strings"

"github.com/google/go-github/github"
"github.com/hashicorp/terraform/helper/schema"
Expand Down Expand Up @@ -146,7 +147,7 @@ func resourceGithubBranchProtectionCreate(d *schema.ResourceData, meta interface

log.Printf("[DEBUG] Creating branch protection: %s/%s (%s)",
orgName, repoName, branch)
_, _, err = client.Repositories.UpdateBranchProtection(ctx,
protection, _, err := client.Repositories.UpdateBranchProtection(ctx,
orgName,
repoName,
branch,
Expand All @@ -156,6 +157,10 @@ func resourceGithubBranchProtectionCreate(d *schema.ResourceData, meta interface
return err
}

if err := checkBranchRestrictionsUsers(protection.GetRestrictions(), protectionRequest.GetRestrictions()); err != nil {
return err
}

d.SetId(buildTwoPartID(&repoName, &branch))

return resourceGithubBranchProtectionRead(d, meta)
Expand Down Expand Up @@ -232,7 +237,7 @@ func resourceGithubBranchProtectionUpdate(d *schema.ResourceData, meta interface

log.Printf("[DEBUG] Updating branch protection: %s/%s (%s)",
orgName, repoName, branch)
_, _, err = client.Repositories.UpdateBranchProtection(ctx,
protection, _, err := client.Repositories.UpdateBranchProtection(ctx,
orgName,
repoName,
branch,
Expand All @@ -242,6 +247,10 @@ func resourceGithubBranchProtectionUpdate(d *schema.ResourceData, meta interface
return err
}

if err := checkBranchRestrictionsUsers(protection.GetRestrictions(), protectionRequest.GetRestrictions()); err != nil {
return err
}

if protectionRequest.RequiredPullRequestReviews == nil {
_, err = client.Repositories.RemovePullRequestReviewEnforcement(ctx,
orgName,
Expand Down Expand Up @@ -474,3 +483,34 @@ func expandNestedSet(m map[string]interface{}, target string) []string {
}
return res
}

func checkBranchRestrictionsUsers(actual *github.BranchRestrictions, expected *github.BranchRestrictionsRequest) error {
if expected == nil {
return nil
}

expectedUsers := expected.Users

if actual == nil {
return fmt.Errorf("unable to add users in restrictions: %s", strings.Join(expectedUsers, ", "))
}

actualLoopUp := make(map[string]struct{}, len(actual.Users))
for _, a := range actual.Users {
actualLoopUp[a.GetLogin()] = struct{}{}
}

notFounds := make([]string, 0, len(actual.Users))

for _, e := range expectedUsers {
if _, ok := actualLoopUp[e]; !ok {
notFounds = append(notFounds, e)
}
}

if len(notFounds) == 0 {
return nil
}

return fmt.Errorf("unable to add users in restrictions: %s", strings.Join(notFounds, ", "))
}
51 changes: 51 additions & 0 deletions github/resource_github_branch_protection_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package github
import (
"context"
"fmt"
"regexp"
"sort"
"testing"

Expand Down Expand Up @@ -63,6 +64,36 @@ func TestAccGithubBranchProtection_basic(t *testing.T) {
})
}

func TestAccGithubBranchProtection_users(t *testing.T) {
rString := acctest.RandString(5)
repoName := fmt.Sprintf("tf-acc-test-branch-prot-%s", rString)

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccGithubBranchProtectionDestroy,
Steps: []resource.TestStep{
{
Config: testAccGithubBranchProtectionConfigUser(repoName, "user_with_underscore"),
ExpectError: regexp.MustCompile("unable to add users in restrictions: user_with_underscore"),
},
{
Config: testAccGithubBranchProtectionConfigUser(repoName, testUser),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("github_branch_protection.master", "repository", repoName),
resource.TestCheckResourceAttr("github_branch_protection.master", "branch", "master"),
resource.TestCheckResourceAttr("github_branch_protection.master", "enforce_admins", "true"),
resource.TestCheckResourceAttr("github_branch_protection.master", "restrictions.0.users.#", "1"),
),
},
{
Config: testAccGithubBranchProtectionConfigUser(repoName, "user_with_underscore"),
ExpectError: regexp.MustCompile("unable to add users in restrictions: user_with_underscore"),
},
},
})
}

func TestAccGithubBranchProtection_teams(t *testing.T) {
var firstP, secondP, thirdP github.Protection

Expand Down Expand Up @@ -470,3 +501,23 @@ resource "github_branch_protection" "master" {
}
`, repoName, repoName, firstTeamName, secondTeamName)
}

func testAccGithubBranchProtectionConfigUser(repoName, user string) string {
return fmt.Sprintf(`
resource "github_repository" "test" {
name = "%s"
description = "Terraform Acceptance Test %s"
auto_init = true
}

resource "github_branch_protection" "master" {
repository = "${github_repository.test.name}"
branch = "master"
enforce_admins = true

restrictions {
users = ["%s"]
}
}
`, repoName, repoName, user)
}