Fix restrict pushes on github_branch_protection. Fix branch protectio…

…n tests (#2045)

* Update restrict pushes. Fix branch protection tests

Change blocks_creations default to true. Fix broken build.

* add state migration

* rename push_restrictions to push_allowances

* correct state migration issue

* add docs clarification

* update migration func args

* fix test args

* cleanup tests

* Pass context.Background() in test

* fix timestamp fields

---------

Co-authored-by: Keegan Campbell <[email protected]>

github/data_source_github_user.go

@@ -181,13 +181,13 @@ func dataSourceGithubUserRead(d *schema.ResourceData, meta interface{}) error {
  if err = d.Set("following", user.GetFollowing()); err != nil {
  return err
  }
- if err = d.Set("created_at", user.GetCreatedAt()); err != nil {
+ if err = d.Set("created_at", user.GetCreatedAt().String()); err != nil {
  return err
  }
- if err = d.Set("updated_at", user.GetUpdatedAt()); err != nil {
+ if err = d.Set("updated_at", user.GetUpdatedAt().String()); err != nil {
  return err
  }
- if err = d.Set("suspended_at", user.GetSuspendedAt()); err != nil {
+ if err = d.Set("suspended_at", user.GetSuspendedAt().String()); err != nil {
  return err
  }
  if err = d.Set("node_id", user.GetNodeID()); err != nil {

github/data_source_github_user_test.go

@@ -19,7 +19,7 @@ func TestAccGithubUserDataSource(t *testing.T) {
  `, testOwnerFunc())
 
  check := resource.ComposeAggregateTestCheckFunc(
- resource.TestCheckResourceAttrSet("data.github_user.test", "name"),
+ resource.TestCheckResourceAttrSet("data.github_user.test", "login"),
  resource.TestCheckResourceAttrSet("data.github_user.test", "id"),
  )
 

github/migrate_github_branch_protection.go

@@ -42,3 +42,40 @@ func resourceGithubBranchProtectionUpgradeV0(_ context.Context, rawState map[str
 
  return rawState, nil
 }
+
+func resourceGithubBranchProtectionV1() *schema.Resource {
+ return &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "push_restrictions": {
+ Type: schema.TypeSet,
+ Optional: true,
+ Elem: &schema.Schema{Type: schema.TypeString},
+ },
+ "blocks_creations": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Default: false,
+ },
+ },
+ }
+}
+
+func resourceGithubBranchProtectionUpgradeV1(_ context.Context, rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) {
+ var blocksCreations bool = false
+
+ if v, ok := rawState["blocks_creations"]; ok {
+ blocksCreations = v.(bool)
+ }
+
+ if v, ok := rawState["push_restrictions"]; ok {
+ rawState["restrict_pushes"] = []interface{}{map[string]interface{}{
+ "blocks_creations": blocksCreations,
+ "push_allowances": v,
+ }}
+ }
+
+ delete(rawState, "blocks_creations")
+ delete(rawState, "push_restrictions")
+
+ return rawState, nil
+}

github/resource_github_branch_protection.go

@@ -13,7 +13,7 @@ import (
 
 func resourceGithubBranchProtection() *schema.Resource {
  return &schema.Resource{
- SchemaVersion: 1,
+ SchemaVersion: 2,
 
  Schema: map[string]*schema.Schema{
  // Input
@@ -40,12 +40,6 @@ func resourceGithubBranchProtection() *schema.Resource {
  Default: false,
  Description: "Setting this to 'true' to allow force pushes on the branch.",
  },
- PROTECTION_BLOCKS_CREATIONS: {
- Type: schema.TypeBool,
- Optional: true,
- Default: false,
- Description: "Setting this to 'true' to block creating the branch.",
- },
  PROTECTION_IS_ADMIN_ENFORCED: {
  Type: schema.TypeBool,
  Optional: true,
@@ -104,7 +98,7 @@ func resourceGithubBranchProtection() *schema.Resource {
  Optional: true,
  Description: "Restrict pull request review dismissals.",
  },
- PROTECTION_RESTRICTS_REVIEW_DISMISSERS: {
+ PROTECTION_REVIEW_DISMISSAL_ALLOWANCES: {
  Type: schema.TypeSet,
  Optional: true,
  Description: "The list of actor Names/IDs with dismissal access. If not empty, 'restrict_dismissals' is ignored. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.",
@@ -116,7 +110,7 @@ func resourceGithubBranchProtection() *schema.Resource {
  Description: "The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.",
  Elem: &schema.Schema{Type: schema.TypeString},
  },
- PROTECTION_REQUIRES_LAST_PUSH_APPROVAL: {
+ PROTECTION_REQUIRE_LAST_PUSH_APPROVAL: {
  Type: schema.TypeBool,
  Optional: true,
  Default: false,
@@ -146,10 +140,25 @@ func resourceGithubBranchProtection() *schema.Resource {
  },
  },
  PROTECTION_RESTRICTS_PUSHES: {
- Type: schema.TypeSet,
+ Type: schema.TypeList,
  Optional: true,
- Description: "The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.",
- Elem: &schema.Schema{Type: schema.TypeString},
+ Description: "Restrict who can push to matching branches.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ PROTECTION_BLOCKS_CREATIONS: {
+ Type: schema.TypeBool,
+ Optional: true,
+ Default: true,
+ Description: "Restrict pushes that create matching branches.",
+ },
+ PROTECTION_PUSH_ALLOWANCES: {
+ Type: schema.TypeSet,
+ Optional: true,
+ Description: "The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.",
+ Elem: &schema.Schema{Type: schema.TypeString},
+ },
+ },
+ },
  },
  PROTECTION_FORCE_PUSHES_BYPASSERS: {
  Type: schema.TypeSet,
@@ -174,6 +183,11 @@ func resourceGithubBranchProtection() *schema.Resource {
  Upgrade: resourceGithubBranchProtectionUpgradeV0,
  Version: 0,
  },
+ {
+ Type: resourceGithubBranchProtectionV1().CoreConfigSchema().ImpliedType(),
+ Upgrade: resourceGithubBranchProtectionUpgradeV1,
+ Version: 1,
+ },
  },
  }
 }
@@ -265,7 +279,6 @@ func resourceGithubBranchProtectionRead(d *schema.ResourceData, meta interface{}
  variables := map[string]interface{}{
  "id": d.Id(),
  }
-
  ctx := context.WithValue(context.Background(), ctxId, d.Id())
  client := meta.(*Owner).v4client
  err := client.Query(ctx, &query, variables)
@@ -278,7 +291,6 @@ func resourceGithubBranchProtectionRead(d *schema.ResourceData, meta interface{}
 
  return err
  }
-
  protection := query.Node.Node
 
  err = d.Set(PROTECTION_PATTERN, protection.Pattern)
@@ -296,11 +308,6 @@ func resourceGithubBranchProtectionRead(d *schema.ResourceData, meta interface{}
  log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_ALLOWS_FORCE_PUSHES, protection.Repository.Name, protection.Pattern, d.Id())
  }
 
- err = d.Set(PROTECTION_BLOCKS_CREATIONS, protection.BlocksCreations)
- if err != nil {
- log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_BLOCKS_CREATIONS, protection.Repository.Name, protection.Pattern, d.Id())
- }
-
  err = d.Set(PROTECTION_IS_ADMIN_ENFORCED, protection.IsAdminEnforced)
  if err != nil {
  log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_IS_ADMIN_ENFORCED, protection.Repository.Name, protection.Pattern, d.Id())
@@ -350,11 +357,6 @@ func resourceGithubBranchProtectionRead(d *schema.ResourceData, meta interface{}
  log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_FORCE_PUSHES_BYPASSERS, protection.Repository.Name, protection.Pattern, d.Id())
  }
 
- err = d.Set(PROTECTION_REQUIRES_LAST_PUSH_APPROVAL, protection.RequireLastPushApproval)
- if err != nil {
- log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_REQUIRES_LAST_PUSH_APPROVAL, protection.Repository.Name, protection.Pattern, d.Id())
- }
-
  err = d.Set(PROTECTION_LOCK_BRANCH, protection.LockBranch)
  if err != nil {
  log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_LOCK_BRANCH, protection.Repository.Name, protection.Pattern, d.Id())