Created
December 31, 2020 02:35
-
-
Save Mark-McCracken/d23c2de953e2af799a1f19004316f037 to your computer and use it in GitHub Desktop.
terraform GitHub repo permissions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # grant permissions to just one specific repo | |
| resource github_team_repository reconciliations_analysts { | |
| repository = github_repository.reconciliations.name | |
| team_id = github_team.analysts.id | |
| permission = "push" | |
| } | |
| # grant permissions to all repos, if they've got the airflow tag | |
| resource github_team_repository airflow_engineers { | |
| for_each = toset([ for repo in local.airflow_repos: repo["name"] ]) | |
| repository = each.value | |
| team_id = github_team.engineers.id | |
| permission = "push" | |
| } | |
| resource github_team_repository airflow_scientists { | |
| for_each = toset([ for repo in local.airflow_repos: repo["name"] ]) | |
| repository = each.value | |
| team_id = github_team.analysts.id | |
| permission = "pull" | |
| } | |
| # carefully grant access to this repo - not higher than "maintain" permission | |
| resource github_team_repository github_config_admins { | |
| repository = github_repository.github_config.name | |
| team_id = github_team.admins.id | |
| permission = "maintain" | |
| } | |
| resource github_team_repository terraform_infra_ops { | |
| for_each = toset([ for repo in local.terraform_repos: repo["name"] ]) | |
| repository = each.value | |
| team_id = github_team.infra_ops.id | |
| permission = "push" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment