From 66d5b3f60109887474e6b9d932b859bb0c884cbc Mon Sep 17 00:00:00 2001 From: Reinier Timmer Date: Wed, 11 Jan 2023 23:12:52 +0100 Subject: [PATCH] fix: verify & set parent team after creation (#1449) * explicitly check & set parent team after creation * Added comment about setting a parent team * Fix comment formatting * comment formatting Co-authored-by: Nick Floyd <139819+nickfloyd@users.noreply.github.com> Co-authored-by: Keegan Campbell --- github/resource_github_team.go | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/github/resource_github_team.go b/github/resource_github_team.go index 69061428cc..45d5f061f3 100644 --- a/github/resource_github_team.go +++ b/github/resource_github_team.go @@ -105,6 +105,31 @@ func resourceGithubTeamCreate(d *schema.ResourceData, meta interface{}) error { return err } + /* + When using a GitHub App for authentication, `members:write` permissions on the App are needed. + + However, when using a GitHub App, CreateTeam will not correctly nest the team under the parent, + if the parent team was created by someone else than the GitHub App. In that case, the response + object will contain a `nil` parent object. + + This can be resolved by using an additional call to EditTeamByID. This will be able to set the + parent team correctly when using a GitHub App with `members:write` permissions. + + Note that this is best-effort: when running this with a PAT that does not have admin permissions + on the parent team, the operation might still fail to set the parent team. + */ + if newTeam.ParentTeamID != nil && githubTeam.Parent == nil { + _, _, err := client.Teams.EditTeamByID(ctx, + *githubTeam.Organization.ID, + *githubTeam.ID, + newTeam, + false) + + if err != nil { + return err + } + } + create_default_maintainer := d.Get("create_default_maintainer").(bool) if !create_default_maintainer { log.Printf("[DEBUG] Removing default maintainer from team: %s (%s)", name, ownerName)