r/github_branch_protection: check invalid users (integrations#158)

kfcampbell · Jul 16, 2019 · 16ec782 · 16ec782
1 parent 1562326
commit 16ec782
Show file tree

Hide file tree

Showing 2 changed files with 93 additions and 2 deletions.
diff --git a/github/resource_github_branch_protection.go b/github/resource_github_branch_protection.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"strings"
 
 	"github.com/google/go-github/v25/github"
 	"github.com/hashicorp/terraform/helper/schema"
@@ -163,7 +164,7 @@ func resourceGithubBranchProtectionCreate(d *schema.ResourceData, meta interface
 
 	log.Printf("[DEBUG] Creating branch protection: %s/%s (%s)",
 		orgName, repoName, branch)
-	_, _, err = client.Repositories.UpdateBranchProtection(ctx,
+	protection, _, err := client.Repositories.UpdateBranchProtection(ctx,
 		orgName,
 		repoName,
 		branch,
@@ -173,6 +174,10 @@ func resourceGithubBranchProtectionCreate(d *schema.ResourceData, meta interface
 		return err
 	}
 
+	if err := checkBranchRestrictionsUsers(protection.GetRestrictions(), protectionRequest.GetRestrictions()); err != nil {
+		return err
+	}
+
 	d.SetId(buildTwoPartID(&repoName, &branch))
 
 	if err = requireSignedCommitsUpdate(d, meta); err != nil {
@@ -270,7 +275,7 @@ func resourceGithubBranchProtectionUpdate(d *schema.ResourceData, meta interface
 
 	log.Printf("[DEBUG] Updating branch protection: %s/%s (%s)",
 		orgName, repoName, branch)
-	_, _, err = client.Repositories.UpdateBranchProtection(ctx,
+	protection, _, err := client.Repositories.UpdateBranchProtection(ctx,
 		orgName,
 		repoName,
 		branch,
@@ -280,6 +285,10 @@ func resourceGithubBranchProtectionUpdate(d *schema.ResourceData, meta interface
 		return err
 	}
 
+	if err := checkBranchRestrictionsUsers(protection.GetRestrictions(), protectionRequest.GetRestrictions()); err != nil {
+		return err
+	}
+
 	if protectionRequest.RequiredPullRequestReviews == nil {
 		_, err = client.Repositories.RemovePullRequestReviewEnforcement(ctx,
 			orgName,
@@ -573,3 +582,34 @@ func expandNestedSet(m map[string]interface{}, target string) []string {
 	}
 	return res
 }
+
+func checkBranchRestrictionsUsers(actual *github.BranchRestrictions, expected *github.BranchRestrictionsRequest) error {
+	if expected == nil {
+		return nil
+	}
+
+	expectedUsers := expected.Users
+
+	if actual == nil {
+		return fmt.Errorf("unable to add users in restrictions: %s", strings.Join(expectedUsers, ", "))
+	}
+
+	actualLoopUp := make(map[string]struct{}, len(actual.Users))
+	for _, a := range actual.Users {
+		actualLoopUp[a.GetLogin()] = struct{}{}
+	}
+
+	notFounds := make([]string, 0, len(actual.Users))
+
+	for _, e := range expectedUsers {
+		if _, ok := actualLoopUp[e]; !ok {
+			notFounds = append(notFounds, e)
+		}
+	}
+
+	if len(notFounds) == 0 {
+		return nil
+	}
+
+	return fmt.Errorf("unable to add users in restrictions: %s", strings.Join(notFounds, ", "))
+}
diff --git a/github/resource_github_branch_protection_test.go b/github/resource_github_branch_protection_test.go
@@ -3,6 +3,7 @@ package github
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"sort"
 	"testing"
 
@@ -65,6 +66,36 @@ func TestAccGithubBranchProtection_basic(t *testing.T) {
 	})
 }
 
+func TestAccGithubBranchProtection_users(t *testing.T) {
+	rString := acctest.RandString(5)
+	repoName := fmt.Sprintf("tf-acc-test-branch-prot-%s", rString)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccGithubBranchProtectionDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config:      testAccGithubBranchProtectionConfigUser(repoName, "user_with_underscore"),
+				ExpectError: regexp.MustCompile("unable to add users in restrictions: user_with_underscore"),
+			},
+			{
+				Config: testAccGithubBranchProtectionConfigUser(repoName, testUser),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("github_branch_protection.master", "repository", repoName),
+					resource.TestCheckResourceAttr("github_branch_protection.master", "branch", "master"),
+					resource.TestCheckResourceAttr("github_branch_protection.master", "enforce_admins", "true"),
+					resource.TestCheckResourceAttr("github_branch_protection.master", "restrictions.0.users.#", "1"),
+				),
+			},
+			{
+				Config:      testAccGithubBranchProtectionConfigUser(repoName, "user_with_underscore"),
+				ExpectError: regexp.MustCompile("unable to add users in restrictions: user_with_underscore"),
+			},
+		},
+	})
+}
+
 func TestAccGithubBranchProtection_teams(t *testing.T) {
 	var firstP, secondP, thirdP github.Protection
 
@@ -475,3 +506,23 @@ resource "github_branch_protection" "master" {
 }
 `, repoName, repoName, firstTeamName, secondTeamName)
 }
+
+func testAccGithubBranchProtectionConfigUser(repoName, user string) string {
+	return fmt.Sprintf(`
+resource "github_repository" "test" {
+  name        = "%s"
+  description = "Terraform Acceptance Test %s"
+  auto_init   = true
+}
+
+resource "github_branch_protection" "master" {
+  repository = "${github_repository.test.name}"
+  branch     = "master"
+  enforce_admins = true
+
+  restrictions {
+    users = ["%s"]
+  }
+}
+`, repoName, repoName, user)
+}