feat: Add github_organization_security_configuration and github_enterprise_security_configuration resource#3143
Closed
sprioriello wants to merge 2 commits intointegrations:mainfrom
Conversation
|
👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with |
sprioriello
changed the title
sprioriello
changed the title
deiga
suggested changes
Jan 30, 2026
sprioriello
changed the title
Author
|
@deiga ready for review |
Author
|
@nickfloyd @deiga is there anything else you need to help get this through. We are keen on this feature :) |
Collaborator
|
@sprioriello You'll need to at least rebase this 😬 |
deiga
suggested changes
Feb 13, 2026
Collaborator
deiga
left a comment
deiga
left a comment
There was a problem hiding this comment.
Please apply applicable changes also to the Org resource, I don't want to repeat myself there
Author
Acceptance Test ResultsAll 8 acceptance tests pass (4 organization + 4 enterprise): |
sprioriello
force-pushed
the
feat/organization-security-configuration
branch
from
47e7766 to
33ae057
Compare
Author
@deiga rebased and addressed comments as requested. Thank you |
deiga
suggested changes
Feb 17, 2026
Collaborator
deiga
left a comment
deiga
left a comment
There was a problem hiding this comment.
Please review all the comments we've left before and check that they are actually done. Many seem to have somehow gotten reverted
github/resource_github_enterprise_security_configuration_test.go
Outdated
Show resolved
Hide resolved
sprioriello
force-pushed
the
feat/organization-security-configuration
branch
from
a14d69e to
6fec8f5
Compare
sprioriello
force-pushed
the
feat/organization-security-configuration
branch
2 times, most recently
from
cdb1e63 to
6d3c919
Compare
Author
|
@deiga @stevehipwell ready for review |
deiga
suggested changes
Mar 1, 2026
Collaborator
deiga
left a comment
deiga
left a comment
There was a problem hiding this comment.
Before asking for review after this round, please make sure that any discussions from previous rounds have been addressed.
And see to it that comments are addressed across all changes, not just where we left them.
| enterprise := d.Get("enterprise_slug").(string) | ||
| name := d.Get("name").(string) | ||
|
|
||
| tflog.Debug(ctx, fmt.Sprintf("Creating enterprise code security configuration: %s/%s", enterprise, name), map[string]any{ |
Collaborator
There was a problem hiding this comment.
Don't use fmt.Sprintf inside tflog. calls
Suggested change
| tflog.Debug(ctx, fmt.Sprintf("Creating enterprise code security configuration: %s/%s", enterprise, name), map[string]any{ | |
| tflog.Debug(ctx, "Creating enterprise code security configuration", map[string]any{ |
| "id": configuration.GetID(), | ||
| }) | ||
|
|
||
| return resourceGithubEnterpriseSecurityConfigurationRead(ctx, d, meta) |
Collaborator
There was a problem hiding this comment.
You've managed to revert to the problematic behaviour, which we already asked you to remove.
Comment on lines
+283
to
+286
| enterprise, idStr, err := parseID2(d.Id()) | ||
| if err != nil { | ||
| return diag.FromErr(err) | ||
| } |
Collaborator
There was a problem hiding this comment.
Replace parsing fields from the ID with d.Get calls when we should have the information in State already
Comment on lines
+406
to
+414
| enterprise, idStr, err := parseID2(d.Id()) | ||
| if err != nil { | ||
| return diag.FromErr(err) | ||
| } | ||
|
|
||
| id, err := strconv.ParseInt(idStr, 10, 64) | ||
| if err != nil { | ||
| return diag.FromErr(err) | ||
| } |
Collaborator
There was a problem hiding this comment.
Replace with fetching data from State
| "id": id, | ||
| }) | ||
|
|
||
| return resourceGithubEnterpriseSecurityConfigurationRead(ctx, d, meta) |
Collaborator
There was a problem hiding this comment.
You need to populate any Computed fields inside Update
Suggested change
| return resourceGithubEnterpriseSecurityConfigurationRead(ctx, d, meta) | |
| return nil |
Comment on lines
+444
to
+452
| enterprise, idStr, err := parseID2(d.Id()) | ||
| if err != nil { | ||
| return diag.FromErr(err) | ||
| } | ||
|
|
||
| id, err := strconv.ParseInt(idStr, 10, 64) | ||
| if err != nil { | ||
| return diag.FromErr(err) | ||
| } |
Comment on lines
+491
to
+495
| id, err := buildID(enterpriseSlug, configID) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| d.SetId(id) |
Collaborator
There was a problem hiding this comment.
Since this is already the ID value, setting it again seems unnecessary
| return diag.FromErr(err) | ||
| } | ||
|
|
||
| id, err := buildID(enterprise, strconv.FormatInt(configuration.GetID(), 10)) |
Collaborator
There was a problem hiding this comment.
Since the configuration ID is needed for API calls, we should store it separately in the State as well
Collaborator
There was a problem hiding this comment.
Please add tests for these util functions
sprioriello
added a commit
to sprioriello/terraform-provider-github
that referenced
this pull request
Mar 16, 2026
…prise_security_configuration resources Adds resources to manage Code Security Configurations at the organization and enterprise level. Addresses all reviewer feedback from PR integrations#3143: - Fixed go-github import to v82 (matching go.mod) - Removed fmt.Sprintf from all tflog calls, using structured fields only - Create/Update set Computed fields directly and return nil (no Read call) - Added configuration_id Computed field for numeric API ID in State - Update/Delete use d.Get() from State instead of parsing composite ID - Simplified Import function, removed redundant buildID/SetId - Extracted setState helpers to DRY up Computed field population - Added unit tests for all util flatten functions Resolves integrations#2412
sprioriello
force-pushed
the
feat/organization-security-configuration
branch
from
8c53a8b to
616802e
Compare
…prise_security_configuration resources Adds two new resources to manage Code Security Configurations: - github_organization_security_configuration: manages code security configurations at the organization level - github_enterprise_security_configuration: manages code security configurations at the enterprise level Both resources include: - Full CRUD operations using GitHub's Code Security Configurations API - Composite IDs (org/enterprise + config ID) - 404-tolerant delete - tflog structured logging throughout - All optional fields use GetOk to avoid sending unset values - Custom import support - Shared expandCodeSecurityConfigurationCommon helper to avoid duplication - All 4 delegated fields on enterprise: code_scanning_delegated_alert_dismissal, secret_scanning_delegated_bypass, secret_scanning_delegated_bypass_options, secret_scanning_delegated_alert_dismissal - Fix flattenCodeScanningDefaultSetupOptions runner_type empty string drift Acceptance tests (5 per resource): - creates without error (with import verification) - updates without error - creates with nested options (runner, autosubmit) - creates with minimal config (with import verification) - creates with delegated bypass options Documentation added for both resources. Resolves integrations#2412 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Make `description` Optional+Computed on both org and enterprise security configuration resources (the API does not require it) - Add unit tests for `flattenCodeScanningDefaultSetupOptions` covering the empty RunnerType edge case that caused spurious plan diffs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sprioriello
force-pushed
the
feat/organization-security-configuration
branch
from
616802e to
ee7c8d5
Compare
Collaborator
|
Something went wrong with your changes. Please open a new PR |
Author
|
New PR: #3284 |
sprioriello
added a commit
to sprioriello/terraform-provider-github
that referenced
this pull request
Mar 16, 2026
- Remove fmt.Sprintf from all tflog calls; use static messages with structured fields map for dynamic data (28 instances fixed) - Add configuration_id Computed field to both resources so the numeric config ID is stored separately in state - Update/Delete now read enterprise_slug and configuration_id from state via d.Get() instead of parsing the composite ID - Update enterprise docs with configuration_id attribute Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
sprioriello
added a commit
to sprioriello/terraform-provider-github
that referenced
this pull request
Mar 17, 2026
- Remove fmt.Sprintf from all tflog calls; use static messages with structured fields map for dynamic data (28 instances fixed) - Add configuration_id Computed field to both resources so the numeric config ID is stored separately in state - Update/Delete now read enterprise_slug and configuration_id from state via d.Get() instead of parsing the composite ID - Update enterprise docs with configuration_id attribute Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
sprioriello
added a commit
to sprioriello/terraform-provider-github
that referenced
this pull request
Mar 17, 2026
…view feedback - Upgrade go-github imports from v83 to v84 across all feature files - Remove secret_scanning_delegated_bypass from enterprise resource (org-only API) - Fix reviewer_type enum casing to TEAM/ROLE to match GitHub API - Wire expandSecretScanningDelegatedBypass into org Create/Update - Remove hardcoded "disabled" defaults for code_security/secret_protection - Use GetOk for description field in expand (consistency with other Optional fields) - Add unit tests for all flatten utility functions (deiga requested) - Add missing ImportState steps to acceptance tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit adds a new resource github_organization_security_configuration & github_enterprise_security_configuration to manage Code Security Configurations at the organization & enterprise level respectively. It includes:
Resolves #2412
Before the change?
After the change?
Pull request checklist
Does this introduce a breaking change?
Please see our docs on breaking changes to help!
Tests