From c0bf5d12d1f5234bb06dc7a5092ca1c9251cd670 Mon Sep 17 00:00:00 2001 From: James Alseth Date: Tue, 27 Jan 2026 18:57:45 +0000 Subject: [PATCH] feat: Add support for members_can_change_repo_visibility in github_organization_settings Also added support for the github_organization data source. Signed-off-by: James Alseth --- github/data_source_github_organization.go | 5 + .../data_source_github_organization_test.go | 1 + .../resource_github_organization_settings.go | 15 ++ ...ource_github_organization_settings_test.go | 158 ++++++++++++++++++ website/docs/d/organization.html.markdown | 1 + .../r/organization_settings.html.markdown | 1 + 6 files changed, 181 insertions(+) diff --git a/github/data_source_github_organization.go b/github/data_source_github_organization.go index 3ba9121b1c..8aa7cbde9f 100644 --- a/github/data_source_github_organization.go +++ b/github/data_source_github_organization.go @@ -139,6 +139,10 @@ func dataSourceGithubOrganization() *schema.Resource { Type: schema.TypeBool, Computed: true, }, + "members_can_change_repo_visibility": { + Type: schema.TypeBool, + Computed: true, + }, "summary_only": { Type: schema.TypeBool, Optional: true, @@ -264,6 +268,7 @@ func dataSourceGithubOrganizationRead(d *schema.ResourceData, meta any) error { _ = d.Set("dependency_graph_enabled_for_new_repositories", organization.GetDependencyGraphEnabledForNewRepos()) _ = d.Set("secret_scanning_enabled_for_new_repositories", organization.GetSecretScanningEnabledForNewRepos()) _ = d.Set("secret_scanning_push_protection_enabled_for_new_repositories", organization.GetSecretScanningPushProtectionEnabledForNewRepos()) + _ = d.Set("members_can_change_repo_visibility", organization.GetMembersCanChangeRepoVisibility()) } d.SetId(strconv.FormatInt(organization.GetID(), 10)) diff --git a/github/data_source_github_organization_test.go b/github/data_source_github_organization_test.go index f9d4f0a5c1..92e344f04d 100644 --- a/github/data_source_github_organization_test.go +++ b/github/data_source_github_organization_test.go @@ -41,6 +41,7 @@ func TestAccGithubOrganizationDataSource(t *testing.T) { resource.TestCheckResourceAttrSet("data.github_organization.test", "dependency_graph_enabled_for_new_repositories"), resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_enabled_for_new_repositories"), resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_push_protection_enabled_for_new_repositories"), + resource.TestCheckResourceAttrSet("data.github_organization.test", "members_can_change_repo_visibility"), ) resource.Test(t, resource.TestCase{ diff --git a/github/resource_github_organization_settings.go b/github/resource_github_organization_settings.go index c9e4d6ce63..1073cc0728 100644 --- a/github/resource_github_organization_settings.go +++ b/github/resource_github_organization_settings.go @@ -81,6 +81,12 @@ func resourceGithubOrganizationSettings() *schema.Resource { Default: true, Description: "Whether or not organization members can create new repositories.", }, + "members_can_change_repo_visibility": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Whether or not organization members can change the visibility of repositories.", + }, "members_can_create_internal_repositories": { Type: schema.TypeBool, Optional: true, @@ -251,6 +257,9 @@ func buildOrganizationSettings(d *schema.ResourceData, isEnterprise bool) *githu if shouldInclude("members_can_create_repositories") { settings.MembersCanCreateRepos = github.Ptr(d.Get("members_can_create_repositories").(bool)) } + if shouldInclude("members_can_change_repo_visibility") { + settings.MembersCanChangeRepoVisibility = github.Ptr(d.Get("members_can_change_repo_visibility").(bool)) + } if shouldInclude("members_can_create_private_repositories") { settings.MembersCanCreatePrivateRepos = github.Ptr(d.Get("members_can_create_private_repositories").(bool)) } @@ -357,6 +366,9 @@ func resourceGithubOrganizationSettingsCreateOrUpdate(d *schema.ResourceData, me if settings.MembersCanCreateRepos != nil { log.Printf("[DEBUG] MembersCanCreateRepos: %v", *settings.MembersCanCreateRepos) } + if settings.MembersCanChangeRepoVisibility != nil { + log.Printf("[DEBUG] MembersCanChangeRepoVisibility: %v", *settings.MembersCanChangeRepoVisibility) + } if settings.MembersCanCreatePrivateRepos != nil { log.Printf("[DEBUG] MembersCanCreatePrivateRepos: %v", *settings.MembersCanCreatePrivateRepos) } @@ -468,6 +480,9 @@ func resourceGithubOrganizationSettingsRead(d *schema.ResourceData, meta any) er if err = d.Set("members_can_create_repositories", orgSettings.GetMembersCanCreateRepos()); err != nil { return err } + if err = d.Set("members_can_change_repo_visibility", orgSettings.GetMembersCanChangeRepoVisibility()); err != nil { + return err + } if err = d.Set("members_can_create_internal_repositories", orgSettings.GetMembersCanCreateInternalRepos()); err != nil { return err } diff --git a/github/resource_github_organization_settings_test.go b/github/resource_github_organization_settings_test.go index 2f32c9a060..02ca64d96a 100644 --- a/github/resource_github_organization_settings_test.go +++ b/github/resource_github_organization_settings_test.go @@ -25,6 +25,7 @@ func TestAccGithubOrganizationSettings(t *testing.T) { has_repository_projects = true default_repository_permission = "read" members_can_create_repositories = true + members_can_change_repo_visibility = true members_can_create_public_repositories = true members_can_create_private_repositories = true members_can_create_internal_repositories = false @@ -46,6 +47,150 @@ func TestAccGithubOrganizationSettings(t *testing.T) { "github_organization_settings.test", "billing_email", "test@example.com", ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "company", "Test Company", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "blog", "https://example.com", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "email", "test@example.com", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "twitter_username", "Test", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "location", "Test Location", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "name", "Test Name", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "description", "Test Description", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "has_organization_projects", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "has_repository_projects", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "default_repository_permission", "read", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_create_repositories", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_change_repo_visibility", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_create_public_repositories", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_create_private_repositories", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_create_internal_repositories", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_create_pages", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_create_public_pages", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_create_private_pages", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_fork_private_repositories", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "web_commit_signoff_required", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "advanced_security_enabled_for_new_repositories", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "dependabot_alerts_enabled_for_new_repositories", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "dependabot_security_updates_enabled_for_new_repositories", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "dependency_graph_enabled_for_new_repositories", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "secret_scanning_enabled_for_new_repositories", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "secret_scanning_push_protection_enabled_for_new_repositories", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "secret_scanning_validity_checks_enabled", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_delete_repositories", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_change_repo_visibility", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_invite_outside_collaborators", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_delete_issues", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "display_commenter_full_name_setting_enabled", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "readers_can_create_discussions", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_create_teams", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_view_dependency_insights", "false", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "default_repository_branch", "main", + ), ) resource.Test(t, resource.TestCase{ @@ -150,6 +295,7 @@ func TestAccGithubOrganizationSettings(t *testing.T) { resource "github_organization_settings" "test" { billing_email = "test@example.com" members_can_create_private_repositories = false + members_can_change_repo_visibility = false members_can_create_internal_repositories = false members_can_fork_private_repositories = false web_commit_signoff_required = false @@ -170,6 +316,10 @@ func TestAccGithubOrganizationSettings(t *testing.T) { "github_organization_settings.test", "members_can_create_private_repositories", "false", ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_change_repo_visibility", "false", + ), resource.TestCheckResourceAttr( "github_organization_settings.test", "members_can_create_internal_repositories", "false", @@ -225,6 +375,7 @@ func TestAccGithubOrganizationSettings(t *testing.T) { resource "github_organization_settings" "test" { billing_email = "test@example.com" members_can_create_private_repositories = false + members_can_change_repo_visibility = true members_can_create_internal_repositories = true members_can_fork_private_repositories = false web_commit_signoff_required = true @@ -245,6 +396,10 @@ func TestAccGithubOrganizationSettings(t *testing.T) { "github_organization_settings.test", "members_can_create_private_repositories", "false", ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "members_can_change_repo_visibility", "true", + ), resource.TestCheckResourceAttr( "github_organization_settings.test", "members_can_create_internal_repositories", "true", @@ -520,6 +675,7 @@ func TestAccGithubOrganizationSettings(t *testing.T) { resource.TestCheckResourceAttr("github_organization_settings.test", "secret_scanning_enabled_for_new_repositories", "true"), resource.TestCheckResourceAttr("github_organization_settings.test", "secret_scanning_push_protection_enabled_for_new_repositories", "true"), resource.TestCheckResourceAttr("github_organization_settings.test", "members_can_create_private_repositories", "true"), + resource.TestCheckResourceAttr("github_organization_settings.test", "members_can_change_repo_visibility", "true"), resource.TestCheckResourceAttr("github_organization_settings.test", "members_can_create_internal_repositories", "true"), resource.TestCheckResourceAttr("github_organization_settings.test", "members_can_create_pages", "true"), resource.TestCheckResourceAttr("github_organization_settings.test", "members_can_create_public_pages", "true"), @@ -551,6 +707,7 @@ func TestAccGithubOrganizationSettings(t *testing.T) { secret_scanning_enabled_for_new_repositories = false secret_scanning_push_protection_enabled_for_new_repositories = false members_can_create_private_repositories = false + members_can_change_repo_visibility = false members_can_create_internal_repositories = false members_can_create_pages = false members_can_create_public_pages = false @@ -567,6 +724,7 @@ func TestAccGithubOrganizationSettings(t *testing.T) { resource.TestCheckResourceAttr("github_organization_settings.test", "secret_scanning_enabled_for_new_repositories", "false"), resource.TestCheckResourceAttr("github_organization_settings.test", "secret_scanning_push_protection_enabled_for_new_repositories", "false"), resource.TestCheckResourceAttr("github_organization_settings.test", "members_can_create_private_repositories", "false"), + resource.TestCheckResourceAttr("github_organization_settings.test", "members_can_change_repo_visibility", "false"), resource.TestCheckResourceAttr("github_organization_settings.test", "members_can_create_internal_repositories", "false"), resource.TestCheckResourceAttr("github_organization_settings.test", "members_can_create_pages", "false"), resource.TestCheckResourceAttr("github_organization_settings.test", "members_can_create_public_pages", "false"), diff --git a/website/docs/d/organization.html.markdown b/website/docs/d/organization.html.markdown index 55979f8be1..9729038e75 100644 --- a/website/docs/d/organization.html.markdown +++ b/website/docs/d/organization.html.markdown @@ -43,6 +43,7 @@ data "github_organization" "example" { * `default_repository_permission` - Default permission level members have for organization repositories. * `members_allowed_repository_creation_type` - The type of repository allowed to be created by members of the organization. Can be one of `ALL`, `PUBLIC`, `PRIVATE`, `NONE`. * `members_can_create_repositories` - Whether non-admin organization members can create repositories. + * `members_can_change_repo_visibility` - Whether organization members can change the visibility of repositories. * `members_can_create_internal_repositories` - Whether organization members can create internal repositories. * `members_can_create_private_repositories` - Whether organization members can create private repositories. * `members_can_create_public_repositories` - Whether organization members can create public repositories. diff --git a/website/docs/r/organization_settings.html.markdown b/website/docs/r/organization_settings.html.markdown index c8a4db54a6..0fbbb94f93 100644 --- a/website/docs/r/organization_settings.html.markdown +++ b/website/docs/r/organization_settings.html.markdown @@ -58,6 +58,7 @@ The following arguments are supported: * `has_repository_projects` - (Optional) Whether or not repository projects are enabled for the organization. * `default_repository_permission` - (Optional) The default permission for organization members to create new repositories. Can be one of `read`, `write`, `admin`, or `none`. Defaults to `read`. * `members_can_create_repositories` - (Optional) Whether or not organization members can create new repositories. Defaults to `true`. +* `members_can_change_repo_visibility` - (Optional) Whether or not organization members can change the visibility of repositories. Defaults to `true`. * `members_can_create_public_repositories` - (Optional) Whether or not organization members can create new public repositories. Defaults to `true`. * `members_can_create_private_repositories` - (Optional) Whether or not organization members can create new private repositories. Defaults to `true`. * `members_can_create_internal_repositories` - (Optional) Whether or not organization members can create new internal repositories. For Enterprise Organizations only.