Terraform v2 #15
Merged
Terraform v2 #15
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The wiki seems like a possibility and the security alerts seems like a good thing to enable by default until someone complains.
…n does. Removes the security template and other sections that aren't 100% obviously critical. We can always re-add these later, but teams can also configure this manually.
This should make it easier to determine what a parent team relates to versus what a child team relates to.
I didn't see it was used for the playground repo.
These need to be merged rather than concatenated.
Adds a comment to hopefully reduce confusion.
The Django Commons admin team will have access to all teams by being owners in the organization. That isn't controlled by the terraform plan.
|
Terraform plan in terraform Plan: 4 to add, 11 to change, 1 to destroy.Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
!~ update in-place
-/+ destroy and then create replacement
Terraform will perform the following actions:
# github_organization_security_manager.this will be created
+ resource "github_organization_security_manager" "this" {
+ id = (known after apply)
+ team_slug = (known after apply)
}
# github_repository.this[".github"] will be updated in-place
!~ resource "github_repository" "this" {
+ archive_on_destroy = true
!~ delete_branch_on_merge = false -> true
+ description = "A Special Repository."
!~ has_discussions = false -> true
!~ has_wiki = true -> false
id = ".github"
+ merge_commit_message = "PR_TITLE"
+ merge_commit_title = "MERGE_MESSAGE"
name = ".github"
+ squash_merge_commit_message = "BLANK"
+ squash_merge_commit_title = "PR_TITLE"
!~ vulnerability_alerts = false -> true
# (27 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# github_repository.this["controls"] will be updated in-place
!~ resource "github_repository" "this" {
+ archive_on_destroy = true
!~ delete_branch_on_merge = false -> true
!~ has_discussions = false -> true
!~ has_wiki = true -> false
id = "controls"
+ merge_commit_message = "PR_TITLE"
+ merge_commit_title = "MERGE_MESSAGE"
name = "controls"
+ squash_merge_commit_message = "BLANK"
+ squash_merge_commit_title = "PR_TITLE"
!~ vulnerability_alerts = false -> true
# (28 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# github_repository.this["django-commons-playground"] will be updated in-place
!~ resource "github_repository" "this" {
+ archive_on_destroy = true
!~ delete_branch_on_merge = false -> true
!~ has_discussions = false -> true
!~ has_wiki = true -> false
id = "django-commons-playground"
+ merge_commit_message = "PR_TITLE"
+ merge_commit_title = "MERGE_MESSAGE"
name = "django-commons-playground"
+ squash_merge_commit_message = "BLANK"
+ squash_merge_commit_title = "PR_TITLE"
!~ vulnerability_alerts = false -> true
# (28 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# github_repository.this["membership"] will be updated in-place
!~ resource "github_repository" "this" {
+ archive_on_destroy = true
!~ delete_branch_on_merge = false -> true
+ description = "Membership repository for the django-commons organization."
!~ has_wiki = true -> false
id = "membership"
+ merge_commit_message = "PR_TITLE"
+ merge_commit_title = "MERGE_MESSAGE"
name = "membership"
+ squash_merge_commit_message = "BLANK"
+ squash_merge_commit_title = "PR_TITLE"
!~ vulnerability_alerts = false -> true
# (28 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# github_team.org_teams["Admins"] will be updated in-place
!~ resource "github_team" "org_teams" {
+ description = "django-commons administrators"
id = "9763562"
name = "Admins"
# (10 unchanged attributes hidden)
}
# github_team.org_teams["security-team"] will be created
+ resource "github_team" "org_teams" {
+ create_default_maintainer = false
+ description = "django-commons security team"
+ etag = (known after apply)
+ id = (known after apply)
+ members_count = (known after apply)
+ name = "security-team"
+ node_id = (known after apply)
+ parent_team_read_id = (known after apply)
+ parent_team_read_slug = (known after apply)
+ privacy = "closed"
+ slug = (known after apply)
}
# github_team.repo_admin_team["django-commons-playground"] will be updated in-place
!~ resource "github_team" "repo_admin_team" {
+ description = "Admin team for the django-commons-playground repository"
id = "9757650"
name = "django-commons-playground-admins"
# (10 unchanged attributes hidden)
}
# github_team.repo_committer_team["django-commons-playground"] will be updated in-place
!~ resource "github_team" "repo_committer_team" {
+ description = "Committers team for the django-commons-playground repository"
id = "9757668"
name = "django-commons-playground-committers"
# (10 unchanged attributes hidden)
}
# github_team.repo_team["django-commons-playground"] will be updated in-place
!~ resource "github_team" "repo_team" {
+ description = "Main team for the django-commons-playground repository"
id = "9757678"
name = "django-commons-playground"
# (10 unchanged attributes hidden)
}
# github_team_members.org_team_members["security-team"] will be created
+ resource "github_team_members" "org_team_members" {
+ id = (known after apply)
+ team_id = (known after apply)
+ members {
+ role = "maintainer"
+ username = "matthiask"
}
+ members {
+ role = "maintainer"
+ username = "tim-schilling"
}
}
# github_team_members.repo_admin_members["django-commons-playground"] will be updated in-place
!~ resource "github_team_members" "repo_admin_members" {
id = "9757650"
# (1 unchanged attribute hidden)
- members {
- role = "maintainer" -> null
- username = "Stormheg" -> null
}
- members {
- role = "maintainer" -> null
- username = "cunla" -> null
}
- members {
- role = "maintainer" -> null
- username = "ryancheley" -> null
}
- members {
- role = "maintainer" -> null
- username = "tim-schilling" -> null
}
- members {
- role = "maintainer" -> null
- username = "williln" -> null
}
+ members {
+ role = "member"
+ username = "Stormheg"
}
+ members {
+ role = "member"
+ username = "cunla"
}
+ members {
+ role = "member"
+ username = "ryancheley"
}
+ members {
+ role = "member"
+ username = "tim-schilling"
}
+ members {
+ role = "member"
+ username = "williln"
}
}
# github_team_members.repo_committer_team_members["django-commons-playground"] will be updated in-place
!~ resource "github_team_members" "repo_committer_team_members" {
id = "9757668"
# (1 unchanged attribute hidden)
- members {
- role = "maintainer" -> null
- username = "Stormheg" -> null
}
- members {
- role = "maintainer" -> null
- username = "cunla" -> null
}
- members {
- role = "maintainer" -> null
- username = "ryancheley" -> null
}
- members {
- role = "maintainer" -> null
- username = "tim-schilling" -> null
}
- members {
- role = "maintainer" -> null
- username = "williln" -> null
}
# (1 unchanged block hidden)
}
# github_team_members.repo_team_members["django-commons-playground"] will be updated in-place
!~ resource "github_team_members" "repo_team_members" {
id = "9757678"
# (1 unchanged attribute hidden)
- members {
- role = "maintainer" -> null
- username = "Stormheg" -> null
}
- members {
- role = "maintainer" -> null
- username = "cunla" -> null
}
- members {
- role = "maintainer" -> null
- username = "ryancheley" -> null
}
- members {
- role = "maintainer" -> null
- username = "tim-schilling" -> null
}
- members {
- role = "maintainer" -> null
- username = "williln" -> null
}
+ members {
+ role = "member"
+ username = "Stormheg"
}
+ members {
+ role = "member"
+ username = "cunla"
}
+ members {
+ role = "member"
+ username = "ryancheley"
}
+ members {
+ role = "member"
+ username = "tim-schilling"
}
+ members {
+ role = "member"
+ username = "williln"
}
# (1 unchanged block hidden)
}
# github_team_settings.this["django-commons-playground"] must be replaced
-/+ resource "github_team_settings" "this" {
!~ id = "******************" -> (known after apply)
!~ team_id = "django-commons-playground" -> "9757678" # forces replacement
!~ team_slug = "django-commons-playground" -> (known after apply)
!~ team_uid = "T_kwDOCaaRBM4AlOPu" -> (known after apply)
+ review_request_delegation {
+ algorithm = "LOAD_BALANCE"
+ member_count = 2
+ notify = false
}
}
Plan: 4 to add, 11 to change, 1 to destroy.📝 Plan generated in Plan org changes and list them in a PR #30 |
|
@cunla did this incorporate all of Lacey's suggestions from the other PR? I think it did, but I haven't gone through it thoroughly. |
I think I included everything that was suggested. |
|
Are we good with merging this? I would like to merge so I can track what's happening in the |
Admins shouldn't be in the committers team. Their admin permissions allow them all the same permissions as the committers team. It allows repos to split notifications a bit better. If a person wants to be in both, that can be controlled in the variables file. I attempted to clean up the comments a bit more with the refactor. Some of the comments no longer made sense. I reduced some of the code with a concat function call which should help make the repo team definition a bit easier to understand.
If this doesn't work, I'll revert.
tim-schilling
approved these changes
Jul 25, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
Following all the comments, as well as a short conversation I had with @tim-schilling, I decided to simplify the terraform code.
The main difference compared to the previous version is:
Since we have only three repository teams for each repository (repo-team, repo-admins-team and repo-committers-team) - we can define it as part of the repository definition.
So now, looking at two repositories as samples:
controlsdoes not have the teams structure associated with it (nocontrols-admin/controls-committersteams), and it is defined byskip_team_creation=truedjango-commons-playgroundhas three teams associated with it:django-commons-playgroundwith all users fromadmins/committers/memberslists.django-commons-playground-committerswith all users fromadmins/committerslists.django-commons-playground-adminswith all users fromadminslist.