Create data source for organization ip allow list (integrations#1275)

* feat: add data source to get org's ip allow list * test: add test for org ip allow list data source * doc: document org ip allow list data source * chore: backmerge from main * chore: sort resources
auto1-oss · Dec 28, 2022 · 75c59f8 · 75c59f8
1 parent 81855e0
commit 75c59f8
Show file tree

Hide file tree

Showing 5 changed files with 217 additions and 3 deletions.
diff --git a/github/data_source_github_organization_ip_allow_list.go b/github/data_source_github_organization_ip_allow_list.go
@@ -0,0 +1,125 @@
+package github
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/shurcooL/githubv4"
+)
+
+func dataSourceGithubOrganizationIpAllowList() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubOrganizationIpAllowListRead,
+
+		Schema: map[string]*schema.Schema{
+			"ip_allow_list": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"allow_list_value": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"is_active": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"created_at": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"updated_at": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceGithubOrganizationIpAllowListRead(d *schema.ResourceData, meta interface{}) error {
+	err := checkOrganization(meta)
+	if err != nil {
+		return err
+	}
+
+	ctx := context.Background()
+	client := meta.(*Owner).v4client
+	orgName := meta.(*Owner).name
+
+	type PageInfo struct {
+		StartCursor     githubv4.String
+		EndCursor       githubv4.String
+		HasNextPage     githubv4.Boolean
+		HasPreviousPage githubv4.Boolean
+	}
+
+	type IpAllowListEntry struct {
+		ID             githubv4.String
+		Name           githubv4.String
+		AllowListValue githubv4.String
+		IsActive       githubv4.Boolean
+		CreatedAt      githubv4.String
+		UpdatedAt      githubv4.String
+	}
+
+	type IpAllowListEntries struct {
+		Nodes      []IpAllowListEntry
+		PageInfo   PageInfo
+		TotalCount githubv4.Int
+	}
+
+	var query struct {
+		Organization struct {
+			ID                 githubv4.String
+			IpAllowListEntries IpAllowListEntries `graphql:"ipAllowListEntries(first: 100, after: $entriesCursor)"`
+		} `graphql:"organization(login: $login)"`
+	}
+
+	variables := map[string]interface{}{
+		"login":         githubv4.String(orgName),
+		"entriesCursor": (*githubv4.String)(nil),
+	}
+
+	var ipAllowList []interface{}
+	var ipAllowListEntries []IpAllowListEntry
+
+	for {
+		err := client.Query(ctx, &query, variables)
+		if err != nil {
+			return err
+		}
+
+		ipAllowListEntries = append(ipAllowListEntries, query.Organization.IpAllowListEntries.Nodes...)
+		if !query.Organization.IpAllowListEntries.PageInfo.HasNextPage {
+			break
+		}
+		variables["entriesCursor"] = githubv4.NewString(query.Organization.IpAllowListEntries.PageInfo.EndCursor)
+	}
+	for index := range ipAllowListEntries {
+		ipAllowList = append(ipAllowList, map[string]interface{}{
+			"id":               ipAllowListEntries[index].ID,
+			"name":             ipAllowListEntries[index].Name,
+			"allow_list_value": ipAllowListEntries[index].AllowListValue,
+			"is_active":        ipAllowListEntries[index].IsActive,
+			"created_at":       ipAllowListEntries[index].CreatedAt,
+			"updated_at":       ipAllowListEntries[index].UpdatedAt,
+		})
+	}
+
+	d.SetId(string(query.Organization.ID))
+	d.Set("ip_allow_list", ipAllowList)
+
+	return nil
+}
diff --git a/github/data_source_github_organization_ip_allow_list_test.go b/github/data_source_github_organization_ip_allow_list_test.go
@@ -0,0 +1,53 @@
+package github
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccGithubOrganizationIpAllowListDataSource(t *testing.T) {
+
+	t.Run("queries without error", func(t *testing.T) {
+
+		config := `
+			data "github_organization_ip_allow_list" "all" {}
+		`
+
+		check := resource.ComposeAggregateTestCheckFunc(
+			resource.TestCheckResourceAttrSet("data.github_organization_ip_allow_list.all", "ip_allow_list.0.id"),
+			resource.TestCheckResourceAttrSet("data.github_organization_ip_allow_list.all", "ip_allow_list.0.name"),
+			resource.TestCheckResourceAttrSet("data.github_organization_ip_allow_list.all", "ip_allow_list.0.allow_list_value"),
+			resource.TestCheckResourceAttrSet("data.github_organization_ip_allow_list.all", "ip_allow_list.0.is_active"),
+			resource.TestCheckResourceAttrSet("data.github_organization_ip_allow_list.all", "ip_allow_list.0.created_at"),
+			resource.TestCheckResourceAttrSet("data.github_organization_ip_allow_list.all", "ip_allow_list.0.updated_at"),
+		)
+
+		testCase := func(t *testing.T, mode string) {
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { skipUnlessMode(t, mode) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config: config,
+						Check:  check,
+					},
+				},
+			})
+		}
+
+		t.Run("with an anonymous account", func(t *testing.T) {
+			t.Skip("anonymous account not supported for this operation")
+		})
+
+		t.Run("with an individual account", func(t *testing.T) {
+			t.Skip("individual account not supported for this operation")
+		})
+
+		t.Run("with an organization account", func(t *testing.T) {
+			testCase(t, organization)
+		})
+
+	})
+
+}
diff --git a/github/provider.go b/github/provider.go
@@ -134,18 +134,19 @@ func Provider() terraform.ResourceProvider {
 		},
 
 		DataSourcesMap: map[string]*schema.Resource{
-			"github_actions_secrets":                 dataSourceGithubActionsSecrets(),
+			"github_actions_organization_secrets":    dataSourceGithubActionsOrganizationSecrets(),
 			"github_actions_public_key":              dataSourceGithubActionsPublicKey(),
+			"github_actions_secrets":                 dataSourceGithubActionsSecrets(),
 			"github_branch":                          dataSourceGithubBranch(),
 			"github_collaborators":                   dataSourceGithubCollaborators(),
-			"github_dependabot_public_key":           dataSourceGithubDependabotPublicKey(),
 			"github_dependabot_organization_secrets": dataSourceGithubDependabotOrganizationSecrets(),
+			"github_dependabot_public_key":           dataSourceGithubDependabotPublicKey(),
 			"github_dependabot_secrets":              dataSourceGithubDependabotSecrets(),
 			"github_external_groups":                 dataSourceGithubExternalGroups(),
 			"github_ip_ranges":                       dataSourceGithubIpRanges(),
 			"github_membership":                      dataSourceGithubMembership(),
 			"github_organization":                    dataSourceGithubOrganization(),
-			"github_actions_organization_secrets":    dataSourceGithubActionsOrganizationSecrets(),
+			"github_organization_ip_allow_list":      dataSourceGithubOrganizationIpAllowList(),
 			"github_organization_team_sync_groups":   dataSourceGithubOrganizationTeamSyncGroups(),
 			"github_organization_teams":              dataSourceGithubOrganizationTeams(),
 			"github_ref":                             dataSourceGithubRef(),

diff --git a/website/docs/d/organization_ip_allow_list.html.markdown b/website/docs/d/organization_ip_allow_list.html.markdown
@@ -0,0 +1,32 @@
+---
+layout: "github"
+page_title: "GitHub: github_organization_ip_allow_list"
+description: |-
+  Get the IP allow list of an organization.
+---
+
+# github_organization_ip_allow_list
+
+Use this data source to retrieve information about the IP allow list of an organization.
+The allow list for IP addresses will block access to private resources via the web, API,
+and Git from any IP addresses that are not on the allow list.
+
+## Example Usage
+
+```hcl
+data "github_organization_ip_allow_list" "all" {}
+```
+
+## Attributes Reference
+
+* `ip_allow_list` - An Array of allowed IP addresses.
+___
+
+Each element in the `ip_allow_list` block consists of:
+
+ * `id` - The ID of the IP allow list entry.
+ * `name` - The name of the IP allow list entry.
+ * `allow_list_value` - A single IP address or range of IP addresses in CIDR notation.
+ * `is_active` -  Whether the entry is currently active.
+ * `created_at` - Identifies the date and time when the object was created.
+ * `updated_at` - Identifies the date and time when the object was last updated.
diff --git a/website/github.erb b/website/github.erb
@@ -46,6 +46,9 @@
             <li>
               <a href="/docs/providers/github/d/organization.html">github_organization</a>
             </li>
+            <li>
+              <a href="/docs/providers/github/d/organization_ip_allow_list.html">github_organization_ip_allow_list</a>
+            </li>
             <li>
               <a href="/docs/providers/github/d/organization_team_sync_groups.html">github_organization_team_sync_groups</a>
             </li>