From 7dd7b9dc85707c18871826d4e0f1109207f19ebf Mon Sep 17 00:00:00 2001 From: jtsaito Date: Sun, 3 May 2020 20:55:32 +0200 Subject: [PATCH 1/7] Add vulnerability_alerts attribute for repositories --- github/resource_github_repository.go | 43 ++++++ github/resource_github_repository_test.go | 151 ++++++++++++++++++++++ website/docs/r/repository.html.markdown | 2 + 3 files changed, 196 insertions(+) diff --git a/github/resource_github_repository.go b/github/resource_github_repository.go index dd91357836..0838b7f43f 100644 --- a/github/resource_github_repository.go +++ b/github/resource_github_repository.go @@ -118,6 +118,11 @@ func resourceGithubRepository() *schema.Resource { ValidateFunc: validation.StringMatch(regexp.MustCompile(`^[a-z0-9][a-z0-9-]*$`), "must include only lowercase alphanumeric characters or hyphens and cannot start with a hyphen"), }, }, + "vulnerability_alerts": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, "full_name": { Type: schema.TypeString, @@ -262,6 +267,26 @@ func resourceGithubRepositoryCreate(d *schema.ResourceData, meta interface{}) er } } + var alerts, private bool + if a, ok := d.GetOk("vulnerability_alerts"); ok { + alerts = a.(bool) + } + if p, ok := d.GetOk("private"); ok { + private = p.(bool) + } + var createVulnerabilityAlerts func(context.Context, string, string) (*github.Response, error) + if private && alerts { + createVulnerabilityAlerts = client.Repositories.EnableVulnerabilityAlerts + } else if !private && !alerts { + createVulnerabilityAlerts = client.Repositories.DisableVulnerabilityAlerts + } + if createVulnerabilityAlerts != nil { + _, err = createVulnerabilityAlerts(ctx, orgName, repoName) + if err != nil { + return err + } + } + return resourceGithubRepositoryUpdate(d, meta) } @@ -334,6 +359,12 @@ func resourceGithubRepositoryRead(d *schema.ResourceData, meta interface{}) erro d.Set("template", []interface{}{}) } + vulnerabilityAlerts, _, err := client.Repositories.GetVulnerabilityAlerts(ctx, orgName, repoName) + if err != nil { + return fmt.Errorf("Error reading repository vulnerability alerts: %v", err) + } + d.Set("vulnerability_alerts", vulnerabilityAlerts) + return nil } @@ -374,6 +405,18 @@ func resourceGithubRepositoryUpdate(d *schema.ResourceData, meta interface{}) er } } + if d.HasChange("vulnerability_alerts") { + updateVulnerabilityAlerts := client.Repositories.DisableVulnerabilityAlerts + if vulnerabilityAlerts, ok := d.GetOk("vulnerability_alerts"); ok && vulnerabilityAlerts.(bool) { + updateVulnerabilityAlerts = client.Repositories.EnableVulnerabilityAlerts + } + + _, err = updateVulnerabilityAlerts(ctx, orgName, repoName) + if err != nil { + return err + } + } + return resourceGithubRepositoryRead(d, meta) } diff --git a/github/resource_github_repository_test.go b/github/resource_github_repository_test.go index 31e3790656..4f6127521f 100644 --- a/github/resource_github_repository_test.go +++ b/github/resource_github_repository_test.go @@ -83,6 +83,7 @@ func TestAccGithubRepository_basic(t *testing.T) { DefaultBranch: "master", Archived: false, }), + testAccCheckGithubVulnerabilityAlerts(rn, false), ), }, { @@ -101,6 +102,7 @@ func TestAccGithubRepository_basic(t *testing.T) { HasProjects: false, Archived: false, }), + testAccCheckGithubVulnerabilityAlerts(rn, false), ), }, { @@ -523,6 +525,78 @@ func TestAccGithubRepository_createFromTemplate(t *testing.T) { }) } +func TestAccGithubRepository_vulnerabilityAlerts(t *testing.T) { + var repo github.Repository + + rn := "github_repository.foo" + randString := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) + name := fmt.Sprintf("tf-acc-test-%s", randString) + description := fmt.Sprintf("Terraform acceptance tests %s", randString) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckGithubRepositoryDestroy, + Steps: []resource.TestStep{ + { + Config: testAccGithubRepositoryVulnerabilityAlertsConfig(randString), + Check: resource.ComposeTestCheckFunc( + testAccCheckGithubRepositoryExists(rn, &repo), + testAccCheckGithubRepositoryAttributes(&repo, &testAccGithubRepositoryExpectedAttributes{ + Name: name, + Description: description, + Homepage: "http://example.com/", + HasIssues: true, + HasWiki: true, + IsTemplate: false, + AllowMergeCommit: true, + AllowSquashMerge: false, + AllowRebaseMerge: false, + DeleteBranchOnMerge: false, + HasDownloads: true, + HasProjects: false, + DefaultBranch: "master", + Archived: false, + }), + testAccCheckGithubVulnerabilityAlerts(rn, true), + ), + }, + { + Config: testAccGithubRepositoryVulnerabilityAlertsUpdateConfig(randString), + Check: resource.ComposeTestCheckFunc( + testAccCheckGithubRepositoryExists(rn, &repo), + + testAccCheckGithubRepositoryAttributes(&repo, &testAccGithubRepositoryExpectedAttributes{ + Name: name, + Description: description, + Homepage: "http://example.com/", + HasIssues: true, + HasWiki: true, + IsTemplate: false, + AllowMergeCommit: true, + AllowSquashMerge: false, + AllowRebaseMerge: false, + DeleteBranchOnMerge: false, + HasDownloads: true, + HasProjects: false, + DefaultBranch: "master", + Archived: false, + }), + testAccCheckGithubVulnerabilityAlerts(rn, false), + ), + }, + { + ResourceName: rn, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{ + "auto_init", + }, + }, + }, + }) +} + func testAccCheckGithubRepositoryExists(n string, repo *github.Repository) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -557,6 +631,33 @@ func testAccCheckGithubRepositoryTemplateRepoAttribute(n string, repo *github.Re } } +func testAccCheckGithubVulnerabilityAlerts(n string, expected bool) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not Found: %s", n) + } + + repoName := rs.Primary.ID + if repoName == "" { + return fmt.Errorf("No repository name is set") + } + + org := testAccProvider.Meta().(*Organization) + conn := org.v3client + actual, _, err := conn.Repositories.GetVulnerabilityAlerts(context.TODO(), org.name, repoName) + if err != nil { + return err + } + + if expected != actual { + return fmt.Errorf("Unexpected vulnerability alerts, got: %t", actual) + } + + return nil + } +} + type testAccGithubRepositoryExpectedAttributes struct { Name string Description string @@ -965,3 +1066,53 @@ resource "github_branch_protection" "repo_name_master" { } `, randString) } + +func testAccGithubRepositoryVulnerabilityAlertsConfig(randString string) string { + return fmt.Sprintf(` +resource "github_repository" "foo" { + name = "tf-acc-test-%s" + description = "Terraform acceptance tests %s" + homepage_url = "http://example.com/" + + # So that acceptance tests can be run in a github organization + # with no billing + private = false + + has_issues = true + has_wiki = true + is_template = false + allow_merge_commit = true + allow_squash_merge = false + allow_rebase_merge = false + has_downloads = true + auto_init = false + + vulnerability_alerts = true +} +`, randString, randString) +} + +func testAccGithubRepositoryVulnerabilityAlertsUpdateConfig(randString string) string { + return fmt.Sprintf(` +resource "github_repository" "foo" { + name = "tf-acc-test-%s" + description = "Terraform acceptance tests %s" + homepage_url = "http://example.com/" + + # So that acceptance tests can be run in a github organization + # with no billing + private = false + + has_issues = true + has_wiki = true + is_template = false + allow_merge_commit = true + allow_squash_merge = false + allow_rebase_merge = false + has_downloads = true + auto_init = false + + vulnerability_alerts = false +} +`, randString, randString) +} diff --git a/website/docs/r/repository.html.markdown b/website/docs/r/repository.html.markdown index 06f13fd17a..ab521aaec4 100644 --- a/website/docs/r/repository.html.markdown +++ b/website/docs/r/repository.html.markdown @@ -78,6 +78,8 @@ initial repository creation and create the target branch inside of the repositor * `template` - (Optional) Use a template repository to create this resource. See [Template Repositories](#template-repositories) below for details. +* `vulnerability_alerts` - (Optional) Set to `true` to enable security alerts for vulnerable dependencies. Is `false` by default. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See [GitHub Documentation](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for details. + ### Template Repositories `template` supports the following arguments: From 244f07970163ec2498d7daf28b59a781adba502d Mon Sep 17 00:00:00 2001 From: jtsaito Date: Mon, 25 May 2020 07:08:39 +0200 Subject: [PATCH 2/7] Check change of vulnerability alerts only if new resource --- github/resource_github_repository.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github/resource_github_repository.go b/github/resource_github_repository.go index 0838b7f43f..b2c6819214 100644 --- a/github/resource_github_repository.go +++ b/github/resource_github_repository.go @@ -405,7 +405,7 @@ func resourceGithubRepositoryUpdate(d *schema.ResourceData, meta interface{}) er } } - if d.HasChange("vulnerability_alerts") { + if !d.IsNewResource() && d.HasChange("vulnerability_alerts") { updateVulnerabilityAlerts := client.Repositories.DisableVulnerabilityAlerts if vulnerabilityAlerts, ok := d.GetOk("vulnerability_alerts"); ok && vulnerabilityAlerts.(bool) { updateVulnerabilityAlerts = client.Repositories.EnableVulnerabilityAlerts From 11651f618b62ea5fed3b0371cc93f252474b7616 Mon Sep 17 00:00:00 2001 From: jtsaito Date: Mon, 25 May 2020 07:08:58 +0200 Subject: [PATCH 3/7] No default value for vulnerability alerts --- github/resource_github_repository.go | 1 - 1 file changed, 1 deletion(-) diff --git a/github/resource_github_repository.go b/github/resource_github_repository.go index b2c6819214..e5a45c0db4 100644 --- a/github/resource_github_repository.go +++ b/github/resource_github_repository.go @@ -121,7 +121,6 @@ func resourceGithubRepository() *schema.Resource { "vulnerability_alerts": { Type: schema.TypeBool, Optional: true, - Default: false, }, "full_name": { From c4916dd7ad50d339280b2380994dc532f6094ad8 Mon Sep 17 00:00:00 2001 From: jtsaito Date: Mon, 25 May 2020 07:09:25 +0200 Subject: [PATCH 4/7] Remove redundant test code --- github/resource_github_repository_test.go | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/github/resource_github_repository_test.go b/github/resource_github_repository_test.go index 4f6127521f..35010bfabd 100644 --- a/github/resource_github_repository_test.go +++ b/github/resource_github_repository_test.go @@ -633,19 +633,9 @@ func testAccCheckGithubRepositoryTemplateRepoAttribute(n string, repo *github.Re func testAccCheckGithubVulnerabilityAlerts(n string, expected bool) resource.TestCheckFunc { return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[n] - if !ok { - return fmt.Errorf("Not Found: %s", n) - } - - repoName := rs.Primary.ID - if repoName == "" { - return fmt.Errorf("No repository name is set") - } - org := testAccProvider.Meta().(*Organization) conn := org.v3client - actual, _, err := conn.Repositories.GetVulnerabilityAlerts(context.TODO(), org.name, repoName) + actual, _, err := conn.Repositories.GetVulnerabilityAlerts(context.TODO(), org.name, n) if err != nil { return err } @@ -1087,7 +1077,7 @@ resource "github_repository" "foo" { has_downloads = true auto_init = false - vulnerability_alerts = true + vulnerability_alerts = true } `, randString, randString) } @@ -1112,7 +1102,7 @@ resource "github_repository" "foo" { has_downloads = true auto_init = false - vulnerability_alerts = false + vulnerability_alerts = false } `, randString, randString) } From 059fa1e04592a3879d10d9f1118a7335ebcee259 Mon Sep 17 00:00:00 2001 From: jtsaito Date: Mon, 25 May 2020 07:12:18 +0200 Subject: [PATCH 5/7] Update website on repository vulnerability alerts --- website/docs/r/repository.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/repository.html.markdown b/website/docs/r/repository.html.markdown index ab521aaec4..fba24b472f 100644 --- a/website/docs/r/repository.html.markdown +++ b/website/docs/r/repository.html.markdown @@ -78,7 +78,7 @@ initial repository creation and create the target branch inside of the repositor * `template` - (Optional) Use a template repository to create this resource. See [Template Repositories](#template-repositories) below for details. -* `vulnerability_alerts` - (Optional) Set to `true` to enable security alerts for vulnerable dependencies. Is `false` by default. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See [GitHub Documentation](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for details. +* `vulnerability_alerts` - Set to `true` to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See [GitHub Documentation](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for details. ### Template Repositories From f71e18f687661df8b7171de690872dc9ac4e89ff Mon Sep 17 00:00:00 2001 From: Jeremy Udit Date: Fri, 18 Sep 2020 10:22:24 -0400 Subject: [PATCH 6/7] Add newline --- github/resource_github_repository_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github/resource_github_repository_test.go b/github/resource_github_repository_test.go index 4030b234eb..75e5fbcc18 100644 --- a/github/resource_github_repository_test.go +++ b/github/resource_github_repository_test.go @@ -524,4 +524,4 @@ func init() { Name: "github_repository", F: testSweepRepositories, }) -} \ No newline at end of file +} From 40b17dc736d265a14851c252a603892c057c29af Mon Sep 17 00:00:00 2001 From: Jeremy Udit Date: Fri, 18 Sep 2020 10:23:27 -0400 Subject: [PATCH 7/7] Update website/docs/r/repository.html.markdown --- website/docs/r/repository.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/repository.html.markdown b/website/docs/r/repository.html.markdown index b487ac5d11..1f9532c3f0 100644 --- a/website/docs/r/repository.html.markdown +++ b/website/docs/r/repository.html.markdown @@ -79,7 +79,7 @@ initial repository creation and create the target branch inside of the repositor * `template` - (Optional) Use a template repository to create this resource. See [Template Repositories](#template-repositories) below for details. -* `vulnerability_alerts` - Set to `true` to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See [GitHub Documentation](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for details. +* `vulnerability_alerts` (Optional) - Set to `true` to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See [GitHub Documentation](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for details. ### Template Repositories