Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Managing the list of TeamRepository resources #160

Closed
mattwynne opened this issue Oct 20, 2021 · 4 comments
Closed

Managing the list of TeamRepository resources #160

mattwynne opened this issue Oct 20, 2021 · 4 comments
Labels
awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). kind/enhancement Improvements or new features kind/question Questions about existing features resolution/by-design This issue won't be fixed because the functionality is working as designed

Comments

@mattwynne
Copy link

Suppose I have:

  • A repository, "awesome"
  • Two teams, "commiters" and "core"
const repo = new GitHub.Repository("awesome", { name: "awesome" })
const coreTeam = new github.Team(
  "core",
  {
    description: "Core team",
    name: "core",
    privacy: "closed",
  },
);
const committersTeam = new github.Team(
  "committers",
  {
    description: "All contributors,
    name: "committers",
    privacy: "closed",
  },
);

Now suppose I give the core team maintain access to the respository, using Pulumi. Something like this:

const coreTeamAccessToAwesome = new github.TeamRepository("core-awesome", {
  repository: "awesome",
  teamId: coreTeam.id,
  "maintain",
});

I can run pulumi up and the "Manage access" tab shows the right thing. 👌🏼

Suppose, however, someone then goes to that tab and manually adds the "committers" team to the repo too. Is there any way to detect this, and fix (i.e. remove that access) it using my Pulumi program?

I'm new to Pulimi / Terraform, so I might be missing something obvious, but I don't see a way, based on the API, to declare the list of TeamRepositories, only declare individual ones.
@mattwynne
Copy link
Author

mattwynne commented Oct 20, 2021
edited
Loading

Seems like this is related, and if I understand correctly it explains that my use-case isn't currently possible: integrations/terraform-provider-github#395

@mattwynne mattwynne mentioned this issue Oct 21, 2021
Open
@leezen leezen added awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). kind/enhancement Improvements or new features labels Oct 22, 2021
@mattwynne
Copy link
Author

It looks as though there's some progress on the problem upstream: integrations/terraform-provider-github#975

@guineveresaenger
Copy link
Contributor

Hi @mattwynne - I'm actually working on something similar right now.

My recommendation for a workaround by maintaining a list of TeamRepositories yourself. If a team that is under Pulumi management manually receives a TeamRepository they shouldn't have, a pulumi up will absolutely remove their access. This does have the drawback of needing to manage a permission config. It depends on your use case if this is helpful to you.

Please stay tuned for a blog post on precisely this topic coming out soon!

@guineveresaenger guineveresaenger added kind/question Questions about existing features resolution/by-design This issue won't be fixed because the functionality is working as designed labels Mar 23, 2022
@guineveresaenger
Copy link
Contributor

@mattwynne here's a use case that may be relevant to you: https://www.pulumi.com/blog/managing-github-with-pulumi/

I realize this issue is ancient so I'm going to close it for now - please feel free to reopen if this remains a concern!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). kind/enhancement Improvements or new features kind/question Questions about existing features resolution/by-design This issue won't be fixed because the functionality is working as designed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mattwynne @leezen @guineveresaenger