feat: Adding github_enterprise_ip_allow_list_entry resource #2649
Conversation
ErikElkins
changed the title
|
@ErikElkins Apologies for the delay on getting to this PR. Would you be willing to fix the lint issue? Thank you! |
stevehipwell
left a comment
stevehipwell
left a comment
There was a problem hiding this comment.
Is there a REST API for this functionality?
| } | ||
|
|
||
| // Helper function to get Enterprise ID from slug | ||
| func getEnterpriseID(ctx context.Context, client *githubv4.Client, enterpriseSlug string) (string, error) { |
There was a problem hiding this comment.
AFAIK enterprise slug is the ID, the GraphQL ID shouldn't pollute TF.
There was a problem hiding this comment.
If i understand this correctly, you'd still want the resource to reference the slug (and not the GraphQL ID) like so:
resource "github_enterprise_ip_allow_list_entry" "example" {
enterprise_slug = "my-enterprise-slug"
ip = "1.2.3.4"
}If you pass enterprise_slug to the CreateIpAllowListEntry mutation it will fail with Error: Could not resolve to a node with the global id of 'my-enterprise-slug' (i tested with a real one). It looks to need the GraphQL ID, and not the slug. If we keep the lookup like this, we should be able to keep the GraphQL ID out of the terraform and have the lookup take place behind the scenes.
There was a problem hiding this comment.
I think it makes sense that it's not the enterprise_slug as AFAIK that Mutation also works for Organizations, which could have the same slug as the enterprise
There was a problem hiding this comment.
The GraphQL ID may be required, but it shouldn't be the resource ID as that should be the slug. I'm not fully familiar with the GitHub GraphQL implementation but isn't the whole point of GraphQL that you can do everything with a single query; in which case why can't you use the slug to lookup the GraphQL ID in the same query?
There was a problem hiding this comment.
Yeah, you can combine multiple "requests" in a single GQL query, but directly dependant things aren't possible AFAIK.
But there one can then just use sequential queries. And one can't mix mutations and queries in a single request
There was a problem hiding this comment.
I can't see a pending REST implementation. We may have to leak a GraphQL ID into the state after all. I'd suggest using <graphql-id>:<name> for the ID so if we get a REST implementation we can remove the GraphQL dependency.
There was a problem hiding this comment.
I don't recommend using name as it's actually a description field and can contain long text.
And since name is mutable, it would change the ID even if the actual resource didn't change.
Existing IP entry in UI: 
Add entry in UI:
Edit entry in UI:
There was a problem hiding this comment.
Are we sure IP isn't unique in the context of an enterprise?
There was a problem hiding this comment.
Yes, we have had multiple duplicate IPs. We could treat it as unique even if the API allows duplicate IPS. One reason for allowing duplicate IPs would be ease of management.
For example the IPs in api.github.com/meta have duplicates between products. If I'd be syncing these blindly to the allowlist with the product name (which we are doing) then it needs to enable duplicate IPS 😬
There was a problem hiding this comment.
Not that it's relevant to this PR, but wouldn't you run them through distinct by default?
github-project-automation
bot
moved this from 👀 In review
to 🏗 In progress
in 🧰 Octokit Active
|
Yep! Let me jump in here. |
Co-authored-by: Steve Hipwell <[email protected]>
Co-authored-by: Steve Hipwell <[email protected]>
|
Oh, i see the other PR. Should we just close this? EDIT: NEVERMIND |
Doesn't look like they've added it since I opened the PR. |
gateixeira
left a comment
gateixeira
left a comment
There was a problem hiding this comment.
hi @ErikElkins 👋
I was updating your PR to have the lint fixed and realized that the acceptance tests seem to also not pass. Can you please update the PR with the following? Feel free to validate on your end.
Co-authored-by: gateixeira <[email protected]>
Co-authored-by: gateixeira <[email protected]>
Co-authored-by: gateixeira <[email protected]>
gateixeira
left a comment
gateixeira
left a comment
There was a problem hiding this comment.
@ErikElkins thanks for the changes!
| StateContext: schema.ImportStatePassthroughContext, | ||
| }, | ||
|
|
||
| Schema: map[string]*schema.Schema{ |
There was a problem hiding this comment.
Please add a top-level Description field
|
|
||
| d.SetId(string(mutation.CreateIpAllowListEntry.IpAllowListEntry.ID)) | ||
|
|
||
| return resourceGithubEnterpriseIpAllowListEntryRead(ctx, d, meta) |
There was a problem hiding this comment.
Please remove the call to Read in Create. Instead set any computed values based on the response
| return diag.FromErr(err) | ||
| } | ||
|
|
||
| return resourceGithubEnterpriseIpAllowListEntryRead(ctx, d, meta) |
There was a problem hiding this comment.
| err := client.Query(ctx, &query, variables) | ||
| if err != nil { | ||
| if strings.Contains(err.Error(), "Could not resolve to a node with the global id") { | ||
| log.Printf("[INFO] Removing IP allow list entry (%s) from state because it no longer exists in GitHub", d.Id()) |
There was a problem hiding this comment.
Please use tflog.Info instead of log.Printf
| } | ||
|
|
||
| // Helper function to get Enterprise ID from slug | ||
| func getEnterpriseID(ctx context.Context, client *githubv4.Client, enterpriseSlug string) (string, error) { |
There was a problem hiding this comment.
This function seems to exist already in resource_github_enterprise_organization.go, could you re-use that?
Maybe it could be moved to util_v4.go?
| ) | ||
|
|
||
| func TestAccGithubEnterpriseIpAllowListEntry_basic(t *testing.T) { | ||
| t.Skip("Acceptance test requires a real GitHub Enterprise environment") |
There was a problem hiding this comment.
| t.Skip("Acceptance test requires a real GitHub Enterprise environment") |
| PreCheck: func() { | ||
| skipUnlessEnterprise(t) | ||
| }, | ||
| Providers: testAccProviders, |
There was a problem hiding this comment.
| Providers: testAccProviders, | |
| ProviderFactories: providerFactories, |
| resource.TestCheckResourceAttr(resourceName, "enterprise_slug", enterpriseSlug), | ||
| resource.TestCheckResourceAttr(resourceName, "ip", ip), | ||
| resource.TestCheckResourceAttr(resourceName, "name", name), | ||
| resource.TestCheckResourceAttr(resourceName, "is_active", fmt.Sprintf("%t", isActive)), |
There was a problem hiding this comment.
| resource.TestCheckResourceAttr(resourceName, "is_active", fmt.Sprintf("%t", isActive)), | |
| resource.TestCheckResourceAttr(resourceName, "is_active", strconv.FormatBool(isActive)), |
| } | ||
|
|
||
| func TestAccGithubEnterpriseIpAllowListEntry_update(t *testing.T) { | ||
| t.Skip("Acceptance test requires a real GitHub Enterprise environment") |
There was a problem hiding this comment.
| t.Skip("Acceptance test requires a real GitHub Enterprise environment") |
| PreCheck: func() { | ||
| skipUnlessEnterprise(t) | ||
| }, | ||
| Providers: testAccProviders, |
There was a problem hiding this comment.
| Providers: testAccProviders, | |
| ProviderFactories: providerFactories, |
|
@ErikElkins Are you able to continue finalizing this PR? :) |
5 participants
Resolves #2648
Before the change?
After the change?
github_enterprise_ip_allow_list_entryresource.Pull request checklist
Does this introduce a breaking change?
Please see our docs on breaking changes to help!