-
Notifications
You must be signed in to change notification settings - Fork 737
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for managing organization ip allow list entries (Fixes #1067) #1315
Closed
douglascayers
wants to merge
12
commits into
integrations:main
from
douglascayers:issue1067/manage-org-ip-allow-lists
Closed
Changes from all commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
329b375
reusable org ip allow list functions
douglascayers 8c461b5
refactored to use util function
douglascayers 376d231
resource to manage ip allow list entries
douglascayers 486fae8
id is a reserved terraform property
douglascayers 197218d
add githubv4IsNodeNotFoundError
douglascayers 5bd1d44
clarify the resource manages a single ip entry
douglascayers 2d89704
rename util since specific for ip allow list entries
douglascayers fe9fa22
fix org id conversion
douglascayers b2fe09f
handle when ip allow list entry not found
douglascayers 8986ef5
add graphql node id
douglascayers 786b224
graphql mutation query fixes
douglascayers f09f644
use for loop iterator value
douglascayers File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,221 @@ | ||
package github | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"log" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/helper/schema" | ||
"github.com/shurcooL/githubv4" | ||
) | ||
|
||
func resourceGithubOrganizationIpAllowList() *schema.Resource { | ||
return &schema.Resource{ | ||
Read: resourceGithubOrganizationIpAllowListRead, | ||
Create: resourceGithubOrganizationIpAllowListCreate, | ||
Update: resourceGithubOrganizationIpAllowListUpdate, | ||
Delete: resourceGithubOrganizationIpAllowListDelete, | ||
|
||
Importer: &schema.ResourceImporter{ | ||
State: resourceGithubOrganizationIpAllowListImport, | ||
}, | ||
|
||
SchemaVersion: 1, | ||
Schema: map[string]*schema.Schema{ | ||
"name": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Description: "The name of the IP allow list entry.", | ||
}, | ||
"allow_list_value": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
Description: "A single IP address or range of IP addresses in CIDR notation.", | ||
}, | ||
"is_active": { | ||
Type: schema.TypeBool, | ||
Optional: true, | ||
Default: true, | ||
Description: "Whether the entry is currently active. Default is true.", | ||
}, | ||
"created_at": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
Description: "Identifies the date and time when the object was created.", | ||
}, | ||
"updated_at": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
Description: "Identifies the date and time when the object was last updated.", | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func resourceGithubOrganizationIpAllowListImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { | ||
orgName := meta.(*Owner).name | ||
|
||
// Fetch all IP allow list entries for the org. | ||
ipAllowListEntries, err := getOrganizationIpAllowListEntries(meta) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
// For user convenience, we support importing ip allow list entries | ||
// by both their graphql node id or by their ip allow list value. | ||
// For example, "IALE_kwHNBQk8ps2ADPDc" or "192.168.1.1/24" | ||
valueToImport := d.Id() | ||
ipAllowListEntryId := "" | ||
|
||
for _, ipAllowListEntry := range ipAllowListEntries { | ||
if string(ipAllowListEntry.ID) == valueToImport || string(ipAllowListEntry.AllowListValue) == valueToImport { | ||
ipAllowListEntryId = string(ipAllowListEntry.ID) | ||
break | ||
} | ||
} | ||
|
||
if ipAllowListEntryId == "" { | ||
return nil, fmt.Errorf("Organization %s does not have an IP allow list entry for %s.", orgName, valueToImport) | ||
} | ||
|
||
d.SetId(ipAllowListEntryId) | ||
err = resourceGithubOrganizationIpAllowListRead(d, meta) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
// resourceGithubOrganizationIpAllowListRead calls d.SetId("") if the ip entry does not exist | ||
if d.Id() == "" { | ||
return nil, fmt.Errorf("Organization %s does not have an IP allow list entry for %s.", orgName, valueToImport) | ||
} | ||
|
||
return []*schema.ResourceData{d}, nil | ||
} | ||
|
||
func resourceGithubOrganizationIpAllowListRead(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*Owner).v4client | ||
ctx := context.Background() | ||
|
||
var query struct { | ||
Node struct { | ||
IpAllowListEntry struct { | ||
ID githubv4.String | ||
Name githubv4.String | ||
AllowListValue githubv4.String | ||
IsActive githubv4.Boolean | ||
CreatedAt githubv4.String | ||
UpdatedAt githubv4.String | ||
} `graphql:"... on IpAllowListEntry"` | ||
} `graphql:"node(id: $id)"` | ||
} | ||
|
||
variables := map[string]interface{}{ | ||
"id": d.Id(), | ||
} | ||
|
||
err := client.Query(ctx, &query, variables) | ||
if err != nil { | ||
if githubv4IsNodeNotFoundError(err) { | ||
log.Printf("[INFO] Removing ip allow list entry %s from state because it no longer exists in GitHub", d.Id()) | ||
d.SetId("") | ||
return nil | ||
} | ||
return err | ||
} | ||
|
||
d.Set("name", query.Node.IpAllowListEntry.Name) | ||
d.Set("allow_list_value", query.Node.IpAllowListEntry.AllowListValue) | ||
d.Set("is_active", query.Node.IpAllowListEntry.IsActive) | ||
d.Set("created_at", query.Node.IpAllowListEntry.CreatedAt) | ||
d.Set("updated_at", query.Node.IpAllowListEntry.UpdatedAt) | ||
|
||
return nil | ||
} | ||
|
||
func resourceGithubOrganizationIpAllowListCreate(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*Owner).v4client | ||
ctx := context.Background() | ||
|
||
orgId := meta.(*Owner).nodeId | ||
name := d.Get("name").(string) | ||
allowListValue := d.Get("allow_list_value").(string) | ||
isActive := d.Get("is_active").(bool) | ||
|
||
var mutate struct { | ||
CreateIpAllowListEntry struct { | ||
IpAllowListEntry struct { | ||
ID githubv4.String | ||
} `graphql:"ipAllowListEntry"` | ||
} `graphql:"createIpAllowListEntry(input: $input)"` | ||
} | ||
|
||
input := githubv4.CreateIpAllowListEntryInput{ | ||
OwnerID: githubv4.NewID(orgId), | ||
Name: (*githubv4.String)(&name), | ||
AllowListValue: githubv4.String(allowListValue), | ||
IsActive: githubv4.Boolean(isActive), | ||
} | ||
|
||
err := client.Mutate(ctx, &mutate, input, nil) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
d.SetId(string(mutate.CreateIpAllowListEntry.IpAllowListEntry.ID)) | ||
|
||
return resourceGithubOrganizationIpAllowListRead(d, meta) | ||
} | ||
|
||
func resourceGithubOrganizationIpAllowListUpdate(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*Owner).v4client | ||
ctx := context.Background() | ||
|
||
name := d.Get("name").(string) | ||
allowListValue := d.Get("allow_list_value").(string) | ||
isActive := d.Get("is_active").(bool) | ||
|
||
var mutate struct { | ||
UpdateIpAllowListEntry struct { | ||
IpAllowListEntry struct { | ||
ID githubv4.String | ||
} `graphql:"ipAllowListEntry"` | ||
} `graphql:"updateIpAllowListEntry(input: $input)"` | ||
} | ||
|
||
input := githubv4.UpdateIpAllowListEntryInput{ | ||
IPAllowListEntryID: d.Id(), | ||
Name: (*githubv4.String)(&name), | ||
AllowListValue: githubv4.String(allowListValue), | ||
IsActive: githubv4.Boolean(isActive), | ||
} | ||
|
||
err := client.Mutate(ctx, &mutate, input, nil) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
d.SetId(string(mutate.UpdateIpAllowListEntry.IpAllowListEntry.ID)) | ||
|
||
return resourceGithubOrganizationIpAllowListRead(d, meta) | ||
} | ||
|
||
func resourceGithubOrganizationIpAllowListDelete(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*Owner).v4client | ||
ctx := context.Background() | ||
|
||
var mutate struct { | ||
DeleteIpAllowListEntry struct { | ||
IpAllowListEntry struct { | ||
ID githubv4.String | ||
} `graphql:"ipAllowListEntry"` | ||
} `graphql:"deleteIpAllowListEntry(input: $input)"` | ||
} | ||
|
||
input := githubv4.DeleteIpAllowListEntryInput{ | ||
IPAllowListEntryID: d.Id(), | ||
} | ||
|
||
err := client.Mutate(ctx, &mutate, input, nil) | ||
return err | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🧹 Moved from
github/util_v4.go
because this isn't v4 api specific (as far as I can tell) and looked similar to theexpandStringList
func that was here, too.