Merge pull request integrations#1473 from F21/oidc-subject-claim-customization-template

feat: Add support for GitHub Actions OpenID Connect subject claim customization templates

Author: nickfloyd

github/data_source_github_actions_organization_oidc_subject_claim_customization_template.go

@@ -0,0 +1,44 @@
+package github
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func dataSourceGithubActionsOrganizationOIDCSubjectClaimCustomizationTemplate() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubActionsOrganizationOIDCSubjectClaimCustomizationTemplateRead,
+
+		Schema: map[string]*schema.Schema{
+			"include_claim_keys": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+	}
+}
+
+func dataSourceGithubActionsOrganizationOIDCSubjectClaimCustomizationTemplateRead(d *schema.ResourceData, meta interface{}) error {
+
+	client := meta.(*Owner).v3client
+	orgName := meta.(*Owner).name
+	ctx := meta.(*Owner).StopContext
+
+	err := checkOrganization(meta)
+	if err != nil {
+		return err
+	}
+
+	template, _, err := client.Actions.GetOrgOIDCSubjectClaimCustomTemplate(ctx, orgName)
+
+	if err != nil {
+		return err
+	}
+
+	d.SetId(orgName)
+	d.Set("include_claim_keys", template.IncludeClaimKeys)
+
+	return nil
+}

github/data_source_github_actions_organization_oidc_subject_claim_customization_template_test.go

@@ -0,0 +1,60 @@
+package github
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccGithubActionsOrganizationOIDCSubjectClaimCustomizationTemplateDataSource(t *testing.T) {
+
+	t.Run("get an organization oidc subject claim customization template without error", func(t *testing.T) {
+
+		config := `
+			resource "github_actions_organization_oidc_subject_claim_customization_template" "test" {
+				include_claim_keys = ["actor", "actor_id", "head_ref", "repository"]
+			}
+		`
+
+		config2 := config + `
+			data "github_actions_organization_oidc_subject_claim_customization_template" "test" {}
+		`
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr("data.github_actions_organization_oidc_subject_claim_customization_template.test", "include_claim_keys.#", "4"),
+			resource.TestCheckResourceAttr("data.github_actions_organization_oidc_subject_claim_customization_template.test", "include_claim_keys.0", "actor"),
+			resource.TestCheckResourceAttr("data.github_actions_organization_oidc_subject_claim_customization_template.test", "include_claim_keys.1", "actor_id"),
+			resource.TestCheckResourceAttr("data.github_actions_organization_oidc_subject_claim_customization_template.test", "include_claim_keys.2", "head_ref"),
+			resource.TestCheckResourceAttr("data.github_actions_organization_oidc_subject_claim_customization_template.test", "include_claim_keys.3", "repository"),
+		)
+
+		testCase := func(t *testing.T, mode string) {
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { skipUnlessMode(t, mode) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config: config,
+						Check:  resource.ComposeTestCheckFunc(),
+					},
+					{
+						Config: config2,
+						Check:  check,
+					},
+				},
+			})
+		}
+
+		t.Run("with an anonymous account", func(t *testing.T) {
+			t.Skip("anonymous account not supported for this operation")
+		})
+
+		t.Run("with an individual account", func(t *testing.T) {
+			t.Skip("individual account not supported for this operation")
+		})
+
+		t.Run("with an organization account", func(t *testing.T) {
+			testCase(t, organization)
+		})
+	})
+}

github/data_source_github_actions_repository_oidc_subject_claim_customization_template.go

@@ -0,0 +1,47 @@
+package github
+
+import "github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+
+func dataSourceGithubActionsRepositoryOIDCSubjectClaimCustomizationTemplate() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubActionsRepositoryOIDCSubjectClaimCustomizationTemplateRead,
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"use_default": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"include_claim_keys": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+	}
+}
+
+func dataSourceGithubActionsRepositoryOIDCSubjectClaimCustomizationTemplateRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*Owner).v3client
+
+	repository := d.Get("name").(string)
+	owner := meta.(*Owner).name
+	ctx := meta.(*Owner).StopContext
+
+	template, _, err := client.Actions.GetRepoOIDCSubjectClaimCustomTemplate(ctx, owner, repository)
+
+	if err != nil {
+		return err
+	}
+
+	d.SetId(repository)
+	d.Set("use_default", template.UseDefault)
+	d.Set("include_claim_keys", template.IncludeClaimKeys)
+
+	return nil
+}

github/data_source_github_actions_repository_oidc_subject_claim_customization_template_test.go

@@ -0,0 +1,104 @@
+package github
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccGithubActionsRepositoryOIDCSubjectClaimCustomizationTemplateDataSource(t *testing.T) {
+
+	randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
+
+	t.Run("get an repository oidc subject claim customization template without error", func(t *testing.T) {
+
+		config := fmt.Sprintf(`
+			resource "github_repository" "test" {
+				name = "tf-acc-test-%s"
+				private = true
+			}
+	
+			resource "github_actions_repository_oidc_subject_claim_customization_template" "test" {
+				repository = github_repository.test.name
+				use_default = false
+				include_claim_keys = ["repo", "context", "job_workflow_ref"]
+			}
+		`, randomID)
+
+		config2 := config + `
+			data "github_actions_repository_oidc_subject_claim_customization_template" "test" {
+				name = github_repository.test.name
+			}
+		`
+
+		config3 := fmt.Sprintf(`
+			resource "github_repository" "test" {
+				name = "tf-acc-test-%s"
+				private = true
+			}
+	
+			resource "github_actions_repository_oidc_subject_claim_customization_template" "test" {
+				repository = github_repository.test.name
+				use_default = true
+			}
+		`, randomID)
+
+		config4 := config3 + `
+			data "github_actions_repository_oidc_subject_claim_customization_template" "test" {
+				name = github_repository.test.name
+			}
+		`
+
+		check1 := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr("data.github_actions_repository_oidc_subject_claim_customization_template.test", "use_default", "false"),
+			resource.TestCheckResourceAttr("data.github_actions_repository_oidc_subject_claim_customization_template.test", "include_claim_keys.#", "3"),
+			resource.TestCheckResourceAttr("data.github_actions_repository_oidc_subject_claim_customization_template.test", "include_claim_keys.0", "repo"),
+			resource.TestCheckResourceAttr("data.github_actions_repository_oidc_subject_claim_customization_template.test", "include_claim_keys.1", "context"),
+			resource.TestCheckResourceAttr("data.github_actions_repository_oidc_subject_claim_customization_template.test", "include_claim_keys.2", "job_workflow_ref"),
+		)
+
+		check2 := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr("data.github_actions_repository_oidc_subject_claim_customization_template.test", "use_default", "true"),
+			resource.TestCheckNoResourceAttr("data.github_actions_repository_oidc_subject_claim_customization_template.test", "include_claim_keys"),
+		)
+
+		testCase := func(t *testing.T, mode string) {
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { skipUnlessMode(t, mode) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config: config,
+						Check:  resource.ComposeTestCheckFunc(),
+					},
+					{
+						Config: config2,
+						Check:  check1,
+					},
+					{
+						Config: config3,
+						Check:  resource.ComposeTestCheckFunc(),
+					},
+					{
+						Config: config4,
+						Check:  check2,
+					},
+				},
+			})
+		}
+
+		t.Run("with an anonymous account", func(t *testing.T) {
+			t.Skip("anonymous account not supported for this operation")
+		})
+
+		t.Run("with an individual account", func(t *testing.T) {
+			testCase(t, individual)
+		})
+
+		t.Run("with an organization account", func(t *testing.T) {
+			testCase(t, organization)
+		})
+	})
+}