Skip to content

Commit

Permalink
feat: add all teams as an import
Browse files Browse the repository at this point in the history
Signed-off-by: Sean Molenaar <[email protected]>
  • Loading branch information
SMillerDev committed Jul 14, 2024
1 parent 01be30a commit a189d99
Show file tree
Hide file tree
Showing 12 changed files with 118 additions and 62 deletions.
6 changes: 3 additions & 3 deletions .tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ teams = {
"timsutton",
"woodruffw",
],
formulae-web = [
formulae_brew_sh = [
"EricFromCanada",
"MikeMcQuaid",
"Rylan12",
Expand Down Expand Up @@ -130,10 +130,10 @@ teams = {
"jacobbednarz",
"MikeMcQuaid",
],
linux-fonts = [
homebrew-linux-fonts = [
"tani",
],
pip = [
brew-pip-audit = [
"alex",
"woodruffw",
],
Expand Down
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# terraform-user-management
# homebrew-user-management

User management for the Homebrew organisation using Terraform
User management for the Homebrew organisation using OpenTofu

## Requirements

Expand All @@ -18,3 +18,4 @@ User management for the Homebrew organisation using Terraform

- Google workspace management for brew.sh
- Google Cloud manangement for self-hosted workers
- Add DNSSimple
62 changes: 62 additions & 0 deletions github/groups.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
locals {
teams = concat(
[for team in keys(var.teams) : team if !contains(["bots", "taps"], team)],
keys(tomap(var.teams.maintainers)),
keys(tomap(var.teams.taps))
)
}

resource "github_team" "main" {
name = each.key
privacy = "closed"

for_each = { for team in keys(var.teams) : team => team if !contains(["bots", "taps"], team) }

lifecycle {
ignore_changes = [description]
}
}

resource "github_team" "maintainers" {
name = replace(each.key, "_", ".")
privacy = "closed"
parent_team_id = github_team.main["maintainers"].id

for_each = { for team in keys(var.teams.maintainers) : team => team }

lifecycle {
ignore_changes = [description]
}
}

resource "github_team" "taps" {
name = replace(each.key, "_", ".")
privacy = "closed"

for_each = { for team in keys(var.teams.taps) : team => team }

lifecycle {
ignore_changes = [description]
}
}

resource "github_team_membership" "ops_membership" {
for_each = toset(var.teams.maintainers.ops)
team_id = github_team.maintainers["ops"].id
username = each.key
role = contains(var.admins, each.key) ? "maintainer" : "member"
}

resource "github_team_membership" "plc_membership" {
for_each = toset(var.teams.plc)
team_id = github_team.main["plc"].id
username = each.key
role = contains(var.admins, each.key) ? "maintainer" : "member"
}

resource "github_team_membership" "tsc_membership" {
for_each = toset(var.teams.maintainers.tsc)
team_id = github_team.maintainers["tsc"].id
username = each.key
role = contains(var.admins, each.key) ? "maintainer" : "member"
}
4 changes: 0 additions & 4 deletions github/main_groups.tf

This file was deleted.

2 changes: 1 addition & 1 deletion github/membership.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ locals {
}

resource "github_membership" "general" {
for_each = toset([ for member in local.members: member if !contains(var.unmanagable_members, member)])
for_each = toset([for member in local.members : member if !contains(var.unmanagable_members, member)])
username = each.key
role = contains(var.admins, each.key) ? "admin" : "member"
}
Expand Down
10 changes: 0 additions & 10 deletions github/ops.tf

This file was deleted.

10 changes: 0 additions & 10 deletions github/plc.tf

This file was deleted.

10 changes: 0 additions & 10 deletions github/tsc.tf

This file was deleted.

22 changes: 11 additions & 11 deletions github/vars.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,19 @@ variable "teams" {
bots = list(string)
members = list(string)
maintainers = object({
cask = list(string)
brew = list(string)
core = list(string)
tsc = list(string)
ops = list(string)
formulae-web = list(string)
ci-orchestrator = list(string)
cask = list(string)
brew = list(string)
core = list(string)
tsc = list(string)
ops = list(string)
formulae_brew_sh = list(string)
ci-orchestrator = list(string)
})
taps = object({
bundle = list(string)
pip = list(string)
linux-fonts = list(string)
services = list(string)
bundle = list(string)
brew-pip-audit = list(string)
homebrew-linux-fonts = list(string)
services = list(string)
})
})
}
Expand Down
18 changes: 18 additions & 0 deletions import.tf
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,22 @@ import {
for_each = toset([for member in local.members : member if !contains(local.unmanagable_members, member)])
to = module.github.github_membership.general[each.key]
id = "Homebrew:${each.key}"
}

import {
for_each = { for team in keys(var.teams) : team => team if !contains(["bots", "taps"], team) }
to = module.github.github_team.main[each.key]
id = each.key
}

import {
for_each = { for team in keys(var.teams.taps) : team => team }
to = module.github.github_team.taps[each.key]
id = replace(each.key, "_", "-")
}

import {
for_each = { for team in keys(var.teams.maintainers) : team => team }
to = module.github.github_team.maintainers[each.key]
id = replace(each.key, "_", "-")
}
9 changes: 9 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,15 @@ terraform {
}
}

terraform {
required_providers {
github = {
source = "integrations/github"
version = "~> 6.0"
}
}
}

locals {
# these people can't have their membership managed by OpenTofu becuase they are Billing Managers in GitHub
unmanagable_members = ["p-linnane", "issyl0", "colindean", "MikeMcQuaid", "BrewSponsorsBot"]
Expand Down
22 changes: 11 additions & 11 deletions vars.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,19 @@ variable "teams" {
bots = list(string)
members = list(string)
maintainers = object({
cask = list(string)
brew = list(string)
core = list(string)
tsc = list(string)
ops = list(string)
formulae-web = list(string)
ci-orchestrator = list(string)
cask = list(string)
brew = list(string)
core = list(string)
tsc = list(string)
ops = list(string)
formulae_brew_sh = list(string)
ci-orchestrator = list(string)
})
taps = object({
bundle = list(string)
pip = list(string)
linux-fonts = list(string)
services = list(string)
bundle = list(string)
brew-pip-audit = list(string)
homebrew-linux-fonts = list(string)
services = list(string)
})
})
}
Expand Down

0 comments on commit a189d99

Please sign in to comment.