Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set LDAP DN on team creation #1491

Merged
merged 3 commits into from
Jan 18, 2023
Merged

Set LDAP DN on team creation #1491

merged 3 commits into from
Jan 18, 2023

Conversation

jMarkP
Copy link
Contributor

@jMarkP jMarkP commented Jan 17, 2023
edited
Loading

Set LDAPDN on the NewTeam on creation, if it's not the empty string. This avoids an extra call to the GHE API, but more importantly means the user does not need to be a site admin to create a team with LDAP sync

Resolves #1490

Behavior

Before the change?

  • The provider used to call client.Teams.CreateTeam() and then follow up with client.Admin.UpdateTeamLDAPMapping()
  • As well as being another call to the API, this requires that the user has the site_admin scope, but this is not required if the LDAP mapping is set on team creation

After the change?

  • Now the LDAPDN field is set in the call to client.Teams.CreateTeam() and the second call has been removed

Other information

  • This does introduce a potential imbalance for users who don't have site admin. They will be able to create a github_team resource with an LDAP mapping, but won't be able to update that mapping in the future. I'm not sure whether that's a blocker to this or not. Happy to hear your thoughts.
  • I've not added tests. There are no tests for LDAP mappings at the moment, and I presume it would be difficult to add to the test suite without access to a GHE appliance setup with AD integration.

Additional info

Pull request checklist

  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been reviewed and added / updated if needed (for bug fixes / features)
  • Added the appropriate label for the given change

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

  • Yes (Please add the Type: Breaking change label)
  • No

If Yes, what's the impact:

  • N/A

Pull request type

Please add the corresponding label for change this PR introduces:

  • Bugfix: Type: Bug
  • Feature/model/API additions: Type: Feature
  • Updates to docs or samples: Type: Documentation
  • Dependencies/code cleanup: Type: Maintenance

jMarkP and others added 2 commits January 17, 2023 17:45
@jMarkP
Set LDAP DN on team creation
d421340 
fixes integrations#1490 

Set `LDAPDN` on the `NewTeam` on creation, if it's not the empty string. This avoids an extra call to the GHE API, but more importantly means the user does not need to be a site admin to create a team with LDAP sync
@kfcampbell
Merge branch 'main' into patch-1
8cd86ff
@kfcampbell
Copy link
Member

@jMarkP should the same change be replicated across to the "Update" function as well?

@jMarkP
Copy link
Contributor Author

jMarkP commented Jan 18, 2023
edited
Loading

@jMarkP should the same change be replicated across to the "Update" function as well?

Unfortunately the team update endpoint doesn't seem to allow you to update the LDAP DN of a team: https://docs.github.com/en/enterprise-server@3.5/rest/teams/teams#update-a-team

You have to use the Update LDAP mapping admin endpoint which is what the update function already does

kfcampbell
kfcampbell approved these changes Jan 18, 2023
View reviewed changes
Copy link
Member

@kfcampbell kfcampbell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahh understood, thank you!

Integration tests are passing for me locally on both main and this branch.

@kfcampbell kfcampbell merged commit 8b93e4e into integrations:main Jan 18, 2023
@jMarkP
Copy link
Contributor Author

jMarkP commented Jan 18, 2023

Thanks for the merge @kfcampbell !

@jMarkP jMarkP deleted the patch-1 branch January 18, 2023 23:18
avidspartan1 pushed a commit to avidspartan1/terraform-provider-github that referenced this pull request Feb 5, 2024
@jMarkP @kfcampbell
Set LDAP DN on team creation (integrations#1491)
bab1ce9 
* Set LDAP DN on team creation

fixes integrations#1490 

Set `LDAPDN` on the `NewTeam` on creation, if it's not the empty string. This avoids an extra call to the GHE API, but more importantly means the user does not need to be a site admin to create a team with LDAP sync

* Fix linting?

Co-authored-by: Keegan Campbell <me@kfcampbell.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kfcampbell kfcampbell kfcampbell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Setting ldap_dn on github_team is inefficient, and requires site admin perms unnecessarily
2 participants
@jMarkP @kfcampbell