Fix restrict pushes on github_branch_protection. Fix branch protection tests

github/data_source_github_user.go

@@ -181,13 +181,13 @@ func dataSourceGithubUserRead(d *schema.ResourceData, meta interface{}) error {
 	if err = d.Set("following", user.GetFollowing()); err != nil {
 		return err
 	}
-	if err = d.Set("created_at", user.GetCreatedAt()); err != nil {
+	if err = d.Set("created_at", user.GetCreatedAt().String()); err != nil {
 		return err
 	}
-	if err = d.Set("updated_at", user.GetUpdatedAt()); err != nil {
+	if err = d.Set("updated_at", user.GetUpdatedAt().String()); err != nil {
 		return err
 	}
-	if err = d.Set("suspended_at", user.GetSuspendedAt()); err != nil {
+	if err = d.Set("suspended_at", user.GetSuspendedAt().String()); err != nil {
 		return err
 	}
 	if err = d.Set("node_id", user.GetNodeID()); err != nil {

github/data_source_github_user_test.go

@@ -19,7 +19,7 @@ func TestAccGithubUserDataSource(t *testing.T) {
 		`, testOwnerFunc())
 
 		check := resource.ComposeAggregateTestCheckFunc(
-			resource.TestCheckResourceAttrSet("data.github_user.test", "name"),
+			resource.TestCheckResourceAttrSet("data.github_user.test", "login"),
 			resource.TestCheckResourceAttrSet("data.github_user.test", "id"),
 		)
 

github/migrate_github_branch_protection.go

@@ -42,3 +42,40 @@ func resourceGithubBranchProtectionUpgradeV0(_ context.Context, rawState map[str
 
 	return rawState, nil
 }
+
+func resourceGithubBranchProtectionV1() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"push_restrictions": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"blocks_creations": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
+		},
+	}
+}
+
+func resourceGithubBranchProtectionUpgradeV1(_ context.Context, rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) {
+	var blocksCreations bool = false
+
+	if v, ok := rawState["blocks_creations"]; ok {
+		blocksCreations = v.(bool)
+	}
+
+	if v, ok := rawState["push_restrictions"]; ok {
+		rawState["restrict_pushes"] = []interface{}{map[string]interface{}{
+			"blocks_creations": blocksCreations,
+			"push_allowances":  v,
+		}}
+	}
+
+	delete(rawState, "blocks_creations")
+	delete(rawState, "push_restrictions")
+
+	return rawState, nil
+}

github/resource_github_branch_protection.go

@@ -13,7 +13,7 @@ import (
 
 func resourceGithubBranchProtection() *schema.Resource {
 	return &schema.Resource{
-		SchemaVersion: 1,
+		SchemaVersion: 2,
 
 		Schema: map[string]*schema.Schema{
 			// Input
@@ -40,12 +40,6 @@ func resourceGithubBranchProtection() *schema.Resource {
 				Default:     false,
 				Description: "Setting this to 'true' to allow force pushes on the branch.",
 			},
-			PROTECTION_BLOCKS_CREATIONS: {
-				Type:        schema.TypeBool,
-				Optional:    true,
-				Default:     false,
-				Description: "Setting this to 'true' to block creating the branch.",
-			},
 			PROTECTION_IS_ADMIN_ENFORCED: {
 				Type:        schema.TypeBool,
 				Optional:    true,
@@ -104,7 +98,7 @@ func resourceGithubBranchProtection() *schema.Resource {
 							Optional:    true,
 							Description: "Restrict pull request review dismissals.",
 						},
-						PROTECTION_RESTRICTS_REVIEW_DISMISSERS: {
+						PROTECTION_REVIEW_DISMISSAL_ALLOWANCES: {
 							Type:        schema.TypeSet,
 							Optional:    true,
 							Description: "The list of actor Names/IDs with dismissal access. If not empty, 'restrict_dismissals' is ignored. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.",
@@ -116,7 +110,7 @@ func resourceGithubBranchProtection() *schema.Resource {
 							Description: "The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.",
 							Elem:        &schema.Schema{Type: schema.TypeString},
 						},
-						PROTECTION_REQUIRES_LAST_PUSH_APPROVAL: {
+						PROTECTION_REQUIRE_LAST_PUSH_APPROVAL: {
 							Type:        schema.TypeBool,
 							Optional:    true,
 							Default:     false,
@@ -146,10 +140,25 @@ func resourceGithubBranchProtection() *schema.Resource {
 				},
 			},
 			PROTECTION_RESTRICTS_PUSHES: {
-				Type:        schema.TypeSet,
+				Type:        schema.TypeList,
 				Optional:    true,
-				Description: "The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.",
-				Elem:        &schema.Schema{Type: schema.TypeString},
+				Description: "Restrict who can push to matching branches.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						PROTECTION_BLOCKS_CREATIONS: {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Default:     true,
+							Description: "Restrict pushes that create matching branches.",
+						},
+						PROTECTION_PUSH_ALLOWANCES: {
+							Type:        schema.TypeSet,
+							Optional:    true,
+							Description: "The list of actor Names/IDs that may push to the branch. Actor names must either begin with a '/' for users or the organization name followed by a '/' for teams.",
+							Elem:        &schema.Schema{Type: schema.TypeString},
+						},
+					},
+				},
 			},
 			PROTECTION_FORCE_PUSHES_BYPASSERS: {
 				Type:        schema.TypeSet,
@@ -174,6 +183,11 @@ func resourceGithubBranchProtection() *schema.Resource {
 				Upgrade: resourceGithubBranchProtectionUpgradeV0,
 				Version: 0,
 			},
+			{
+				Type:    resourceGithubBranchProtectionV1().CoreConfigSchema().ImpliedType(),
+				Upgrade: resourceGithubBranchProtectionUpgradeV1,
+				Version: 1,
+			},
 		},
 	}
 }
@@ -265,7 +279,6 @@ func resourceGithubBranchProtectionRead(d *schema.ResourceData, meta interface{}
 	variables := map[string]interface{}{
 		"id": d.Id(),
 	}
-
 	ctx := context.WithValue(context.Background(), ctxId, d.Id())
 	client := meta.(*Owner).v4client
 	err := client.Query(ctx, &query, variables)
@@ -278,7 +291,6 @@ func resourceGithubBranchProtectionRead(d *schema.ResourceData, meta interface{}
 
 		return err
 	}
-
 	protection := query.Node.Node
 
 	err = d.Set(PROTECTION_PATTERN, protection.Pattern)
@@ -296,11 +308,6 @@ func resourceGithubBranchProtectionRead(d *schema.ResourceData, meta interface{}
 		log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_ALLOWS_FORCE_PUSHES, protection.Repository.Name, protection.Pattern, d.Id())
 	}
 
-	err = d.Set(PROTECTION_BLOCKS_CREATIONS, protection.BlocksCreations)
-	if err != nil {
-		log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_BLOCKS_CREATIONS, protection.Repository.Name, protection.Pattern, d.Id())
-	}
-
 	err = d.Set(PROTECTION_IS_ADMIN_ENFORCED, protection.IsAdminEnforced)
 	if err != nil {
 		log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_IS_ADMIN_ENFORCED, protection.Repository.Name, protection.Pattern, d.Id())
@@ -350,11 +357,6 @@ func resourceGithubBranchProtectionRead(d *schema.ResourceData, meta interface{}
 		log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_FORCE_PUSHES_BYPASSERS, protection.Repository.Name, protection.Pattern, d.Id())
 	}
 
-	err = d.Set(PROTECTION_REQUIRES_LAST_PUSH_APPROVAL, protection.RequireLastPushApproval)
-	if err != nil {
-		log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_REQUIRES_LAST_PUSH_APPROVAL, protection.Repository.Name, protection.Pattern, d.Id())
-	}
-
 	err = d.Set(PROTECTION_LOCK_BRANCH, protection.LockBranch)
 	if err != nil {
 		log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_LOCK_BRANCH, protection.Repository.Name, protection.Pattern, d.Id())