From cdd86757d11ac2bae93d2dcd87ac041169fe368c Mon Sep 17 00:00:00 2001 From: Timo Sand Date: Thu, 18 Dec 2025 20:11:54 +0200 Subject: [PATCH 1/3] Set `role_id` also in `resourceGithubOrganizationRoleCreate`` Since it's a computed value, it should be set in Create and Read Signed-off-by: Timo Sand --- github/resource_github_organization_role.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/github/resource_github_organization_role.go b/github/resource_github_organization_role.go index d6da7fa746..3cdd1c3440 100644 --- a/github/resource_github_organization_role.go +++ b/github/resource_github_organization_role.go @@ -84,6 +84,9 @@ func resourceGithubOrganizationRoleCreate(ctx context.Context, d *schema.Resourc } d.SetId(fmt.Sprint(role.GetID())) + if err = d.Set("role_id", role.GetID()); err != nil { + return diag.FromErr(err) + } return nil } From d4c4649f70d3bcb4f0b58e5f3005364a171fd445 Mon Sep 17 00:00:00 2001 From: Timo Sand Date: Fri, 19 Dec 2025 00:27:29 +0200 Subject: [PATCH 2/3] API doesn't accept `base_role = none` Signed-off-by: Timo Sand --- github/resource_github_organization_role.go | 22 ++++++++++++++----- .../resource_github_organization_role_test.go | 17 +++++++------- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/github/resource_github_organization_role.go b/github/resource_github_organization_role.go index 3cdd1c3440..5c868194b5 100644 --- a/github/resource_github_organization_role.go +++ b/github/resource_github_organization_role.go @@ -73,12 +73,18 @@ func resourceGithubOrganizationRoleCreate(ctx context.Context, d *schema.Resourc permissionsStr[i] = v.(string) } - role, _, err := client.Organizations.CreateCustomOrgRole(ctx, orgName, &github.CreateOrUpdateOrgRoleOptions{ + createOrUpdateOrgRoleOptions := &github.CreateOrUpdateOrgRoleOptions{ Name: github.String(d.Get("name").(string)), Description: github.String(d.Get("description").(string)), - BaseRole: github.String(d.Get("base_role").(string)), Permissions: permissionsStr, - }) + } + + baseRole := d.Get("base_role").(string) + if baseRole != "none" { + createOrUpdateOrgRoleOptions.BaseRole = github.String(baseRole) + } + + role, _, err := client.Organizations.CreateCustomOrgRole(ctx, orgName, createOrUpdateOrgRoleOptions) if err != nil { return diag.FromErr(fmt.Errorf("error creating organization role (%s/%s): %w", orgName, d.Get("name").(string), err)) } @@ -126,8 +132,14 @@ func resourceGithubOrganizationRoleRead(ctx context.Context, d *schema.ResourceD if err = d.Set("description", role.Description); err != nil { return diag.FromErr(err) } - if err = d.Set("base_role", role.BaseRole); err != nil { - return diag.FromErr(err) + if role.BaseRole != nil { + if err = d.Set("base_role", role.BaseRole); err != nil { + return diag.FromErr(err) + } + } else { + if err = d.Set("base_role", "none"); err != nil { + return diag.FromErr(err) + } } if err = d.Set("permissions", role.Permissions); err != nil { return diag.FromErr(err) diff --git a/github/resource_github_organization_role_test.go b/github/resource_github_organization_role_test.go index 210a3f68b9..4f9cb80067 100644 --- a/github/resource_github_organization_role_test.go +++ b/github/resource_github_organization_role_test.go @@ -12,6 +12,7 @@ func TestAccGithubOrganizationRole(t *testing.T) { t.Run("can create an empty organization role", func(t *testing.T) { randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) name := fmt.Sprintf("tf-acc-org-role-%s", randomID) + baseRole := "none" config := fmt.Sprintf(` resource "github_organization_role" "test" { name = "%s" @@ -25,12 +26,12 @@ func TestAccGithubOrganizationRole(t *testing.T) { Steps: []resource.TestStep{ { Config: config, - Check: resource.ComposeTestCheckFunc( + Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttrSet("github_organization_role.test", "id"), resource.TestCheckResourceAttrSet("github_organization_role.test", "role_id"), resource.TestCheckResourceAttr("github_organization_role.test", "name", name), - resource.TestCheckResourceAttr("github_organization_role.test", "base_role", "none"), - resource.TestCheckResourceAttrSet("github_organization_role.test", "permissions.#"), + resource.TestCheckResourceAttr("github_organization_role.test", "base_role", baseRole), + resource.TestCheckNoResourceAttr("github_organization_role.test", "permissions"), resource.TestCheckResourceAttr("github_organization_role.test", "permissions.#", "0"), ), }, @@ -57,11 +58,11 @@ func TestAccGithubOrganizationRole(t *testing.T) { Steps: []resource.TestStep{ { Config: config, - Check: resource.ComposeTestCheckFunc( + Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttrSet("github_organization_role.test", "id"), resource.TestCheckResourceAttr("github_organization_role.test", "name", name), resource.TestCheckResourceAttr("github_organization_role.test", "base_role", baseRole), - resource.TestCheckResourceAttrSet("github_organization_role.test", "permissions.#"), + resource.TestCheckNoResourceAttr("github_organization_role.test", "permissions"), resource.TestCheckResourceAttr("github_organization_role.test", "permissions.#", "0"), ), }, @@ -167,7 +168,7 @@ func TestAccGithubOrganizationRole(t *testing.T) { Steps: []resource.TestStep{ { Config: config, - Check: resource.ComposeTestCheckFunc( + Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttrSet("github_organization_role.test", "id"), resource.TestCheckResourceAttrSet("github_organization_role.test", "role_id"), resource.TestCheckResourceAttr("github_organization_role.test", "name", name), @@ -175,8 +176,8 @@ func TestAccGithubOrganizationRole(t *testing.T) { resource.TestCheckResourceAttr("github_organization_role.test", "base_role", baseRole), resource.TestCheckResourceAttrSet("github_organization_role.test", "permissions.#"), resource.TestCheckResourceAttr("github_organization_role.test", "permissions.#", "2"), - resource.TestCheckResourceAttr("github_organization_role.test", "permissions.0", permission0), - resource.TestCheckResourceAttr("github_organization_role.test", "permissions.1", permission1), + resource.TestCheckTypeSetElemAttr("github_organization_role.test", "permissions.*", permission0), + resource.TestCheckTypeSetElemAttr("github_organization_role.test", "permissions.*", permission1), ), }, }, From e73ea1d05ce9a9f5f74578c67b40006b6069f128 Mon Sep 17 00:00:00 2001 From: Timo Sand Date: Fri, 19 Dec 2025 17:41:13 +0200 Subject: [PATCH 3/3] Revert unnecessary change Signed-off-by: Timo Sand --- github/resource_github_organization_role_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/github/resource_github_organization_role_test.go b/github/resource_github_organization_role_test.go index 4f9cb80067..6c40ca71e0 100644 --- a/github/resource_github_organization_role_test.go +++ b/github/resource_github_organization_role_test.go @@ -12,7 +12,6 @@ func TestAccGithubOrganizationRole(t *testing.T) { t.Run("can create an empty organization role", func(t *testing.T) { randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) name := fmt.Sprintf("tf-acc-org-role-%s", randomID) - baseRole := "none" config := fmt.Sprintf(` resource "github_organization_role" "test" { name = "%s" @@ -30,7 +29,7 @@ func TestAccGithubOrganizationRole(t *testing.T) { resource.TestCheckResourceAttrSet("github_organization_role.test", "id"), resource.TestCheckResourceAttrSet("github_organization_role.test", "role_id"), resource.TestCheckResourceAttr("github_organization_role.test", "name", name), - resource.TestCheckResourceAttr("github_organization_role.test", "base_role", baseRole), + resource.TestCheckResourceAttr("github_organization_role.test", "base_role", "none"), resource.TestCheckNoResourceAttr("github_organization_role.test", "permissions"), resource.TestCheckResourceAttr("github_organization_role.test", "permissions.#", "0"), ),