Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create data source for organization ip allow list #1275

Merged
merged 7 commits into from
Sep 20, 2022
Merged

Create data source for organization ip allow list #1275

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f22b908
feat: add data source to get org's ip allow list
douglascayers Sep 6, 2022
3d424ea
test: add test for org ip allow list data source
douglascayers Sep 6, 2022
f6b5f46
doc: document org ip allow list data source
douglascayers Sep 6, 2022
e4e1925
Merge branch 'integrations:main' into data-source-github-organization…
douglascayers Sep 10, 2022
4b67ba6
chore: backmerge from main
douglascayers Sep 19, 2022
e2ee290
Merge branch 'main' into data-source-github-organization-ip-allow-list
douglascayers Sep 19, 2022
c69919a
chore: sort resources
douglascayers Sep 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
125 changes: 125 additions & 0 deletions github/data_source_github_organization_ip_allow_list.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
package github

import (
"context"

"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/shurcooL/githubv4"
)

func dataSourceGithubOrganizationIpAllowList() *schema.Resource {
return &schema.Resource{
Read: dataSourceGithubOrganizationIpAllowListRead,

Schema: map[string]*schema.Schema{
"ip_allow_list": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"id": {
Type: schema.TypeString,
Computed: true,
},
"name": {
Type: schema.TypeString,
Computed: true,
},
"allow_list_value": {
Type: schema.TypeString,
Computed: true,
},
"is_active": {
Type: schema.TypeBool,
Computed: true,
},
"created_at": {
Type: schema.TypeString,
Computed: true,
},
"updated_at": {
Type: schema.TypeString,
Computed: true,
},
},
},
},
},
}
}

func dataSourceGithubOrganizationIpAllowListRead(d *schema.ResourceData, meta interface{}) error {
err := checkOrganization(meta)
if err != nil {
return err
}

ctx := context.Background()
client := meta.(*Owner).v4client
orgName := meta.(*Owner).name

type PageInfo struct {
StartCursor githubv4.String
EndCursor githubv4.String
HasNextPage githubv4.Boolean
HasPreviousPage githubv4.Boolean
}

type IpAllowListEntry struct {
ID githubv4.String
Name githubv4.String
AllowListValue githubv4.String
IsActive githubv4.Boolean
CreatedAt githubv4.String
UpdatedAt githubv4.String
}

type IpAllowListEntries struct {
Nodes []IpAllowListEntry
PageInfo PageInfo
TotalCount githubv4.Int
}

var query struct {
Organization struct {
ID githubv4.String
IpAllowListEntries IpAllowListEntries `graphql:"ipAllowListEntries(first: 100, after: $entriesCursor)"`
} `graphql:"organization(login: $login)"`
}

variables := map[string]interface{}{
"login": githubv4.String(orgName),
"entriesCursor": (*githubv4.String)(nil),
}

var ipAllowList []interface{}
var ipAllowListEntries []IpAllowListEntry

for {
err := client.Query(ctx, &query, variables)
if err != nil {
return err
}

ipAllowListEntries = append(ipAllowListEntries, query.Organization.IpAllowListEntries.Nodes...)
if !query.Organization.IpAllowListEntries.PageInfo.HasNextPage {
break
}
variables["entriesCursor"] = githubv4.NewString(query.Organization.IpAllowListEntries.PageInfo.EndCursor)
}
for index := range ipAllowListEntries {
ipAllowList = append(ipAllowList, map[string]interface{}{
"id": ipAllowListEntries[index].ID,
"name": ipAllowListEntries[index].Name,
"allow_list_value": ipAllowListEntries[index].AllowListValue,
"is_active": ipAllowListEntries[index].IsActive,
"created_at": ipAllowListEntries[index].CreatedAt,
"updated_at": ipAllowListEntries[index].UpdatedAt,
})
}

d.SetId(string(query.Organization.ID))
d.Set("ip_allow_list", ipAllowList)

return nil
}
53 changes: 53 additions & 0 deletions github/data_source_github_organization_ip_allow_list_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
package github

import (
"testing"

"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
)

func TestAccGithubOrganizationIpAllowListDataSource(t *testing.T) {

t.Run("queries without error", func(t *testing.T) {

config := `
data "github_organization_ip_allow_list" "all" {}
`

check := resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttrSet("data.github_organization_ip_allow_list.all", "ip_allow_list.0.id"),
resource.TestCheckResourceAttrSet("data.github_organization_ip_allow_list.all", "ip_allow_list.0.name"),
resource.TestCheckResourceAttrSet("data.github_organization_ip_allow_list.all", "ip_allow_list.0.allow_list_value"),
resource.TestCheckResourceAttrSet("data.github_organization_ip_allow_list.all", "ip_allow_list.0.is_active"),
resource.TestCheckResourceAttrSet("data.github_organization_ip_allow_list.all", "ip_allow_list.0.created_at"),
resource.TestCheckResourceAttrSet("data.github_organization_ip_allow_list.all", "ip_allow_list.0.updated_at"),
)

testCase := func(t *testing.T, mode string) {
resource.Test(t, resource.TestCase{
PreCheck: func() { skipUnlessMode(t, mode) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: config,
Check: check,
},
},
})
}

t.Run("with an anonymous account", func(t *testing.T) {
t.Skip("anonymous account not supported for this operation")
})

t.Run("with an individual account", func(t *testing.T) {
t.Skip("individual account not supported for this operation")
})

t.Run("with an organization account", func(t *testing.T) {
testCase(t, organization)
})

})

}
5 changes: 3 additions & 2 deletions github/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,8 +134,9 @@ func Provider() terraform.ResourceProvider {
},

DataSourcesMap: map[string]*schema.Resource{
"github_actions_secrets": dataSourceGithubActionsSecrets(),
"github_actions_organization_secrets": dataSourceGithubActionsOrganizationSecrets(),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorted the resources

"github_actions_public_key": dataSourceGithubActionsPublicKey(),
"github_actions_secrets": dataSourceGithubActionsSecrets(),
"github_branch": dataSourceGithubBranch(),
"github_collaborators": dataSourceGithubCollaborators(),
"github_dependabot_public_key": dataSourceGithubDependabotPublicKey(),
Expand All @@ -145,7 +146,7 @@ func Provider() terraform.ResourceProvider {
"github_ip_ranges": dataSourceGithubIpRanges(),
"github_membership": dataSourceGithubMembership(),
"github_organization": dataSourceGithubOrganization(),
"github_actions_organization_secrets": dataSourceGithubActionsOrganizationSecrets(),
"github_organization_ip_allow_list": dataSourceGithubOrganizationIpAllowList(),
Comment on lines -148 to +149
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorted the resources by moving actions resource to top; then added new the ip allow list resource

"github_organization_team_sync_groups": dataSourceGithubOrganizationTeamSyncGroups(),
"github_organization_teams": dataSourceGithubOrganizationTeams(),
"github_ref": dataSourceGithubRef(),
Expand Down
32 changes: 32 additions & 0 deletions website/docs/d/organization_ip_allow_list.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
---
layout: "github"
page_title: "GitHub: github_organization_ip_allow_list"
description: |-
Get the IP allow list of an organization.
---

# github_organization_ip_allow_list

Use this data source to retrieve information about the IP allow list of an organization.
The allow list for IP addresses will block access to private resources via the web, API,
and Git from any IP addresses that are not on the allow list.

## Example Usage

```hcl
data "github_organization_ip_allow_list" "all" {}
```

## Attributes Reference

* `ip_allow_list` - An Array of allowed IP addresses.
___

Each element in the `ip_allow_list` block consists of:

* `id` - The ID of the IP allow list entry.
* `name` - The name of the IP allow list entry.
* `allow_list_value` - A single IP address or range of IP addresses in CIDR notation.
* `is_active` - Whether the entry is currently active.
* `created_at` - Identifies the date and time when the object was created.
* `updated_at` - Identifies the date and time when the object was last updated.
3 changes: 3 additions & 0 deletions website/github.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@
<li>
<a href="/docs/providers/github/d/organization.html">github_organization</a>
</li>
<li>
<a href="/docs/providers/github/d/organization_ip_allow_list.html">github_organization_ip_allow_list</a>
</li>
<li>
<a href="/docs/providers/github/d/organization_team_sync_groups.html">github_organization_team_sync_groups</a>
</li>
Expand Down