diff --git a/docs/data-sources/organization.md b/docs/data-sources/organization.md index def786ba5d..fb6eeab97b 100644 --- a/docs/data-sources/organization.md +++ b/docs/data-sources/organization.md @@ -56,3 +56,5 @@ data "github_organization" "example" { - `dependency_graph_enabled_for_new_repositories` - Whether dependency graph is automatically enabled for new repositories. - `secret_scanning_enabled_for_new_repositories` - Whether secret scanning is automatically enabled for new repositories. - `secret_scanning_push_protection_enabled_for_new_repositories` - Whether secret scanning push protection is automatically enabled for new repositories. +- `secret_scanning_push_protection_custom_link_enabled` - Whether a custom link is shown to contributors blocked by secret scanning push protection. +- `secret_scanning_push_protection_custom_link` - URL displayed to contributors blocked by secret scanning push protection. diff --git a/docs/resources/organization_settings.md b/docs/resources/organization_settings.md index 6275f737c9..9e7978dceb 100644 --- a/docs/resources/organization_settings.md +++ b/docs/resources/organization_settings.md @@ -38,6 +38,8 @@ resource "github_organization_settings" "test" { dependency_graph_enabled_for_new_repositories = false secret_scanning_enabled_for_new_repositories = false secret_scanning_push_protection_enabled_for_new_repositories = false + secret_scanning_push_protection_custom_link_enabled = true + secret_scanning_push_protection_custom_link = "https://example.com/secret-scanning-help" } ``` @@ -71,6 +73,8 @@ The following arguments are supported: - `dependency_graph_enabled_for_new_repositories` - (Optional) Whether or not dependency graph is enabled for new repositories. Defaults to `false`. - `secret_scanning_enabled_for_new_repositories` - (Optional) Whether or not secret scanning is enabled for new repositories. Defaults to `false`. - `secret_scanning_push_protection_enabled_for_new_repositories` - (Optional) Whether or not secret scanning push protection is enabled for new repositories. Defaults to `false`. +- `secret_scanning_push_protection_custom_link_enabled` - (Optional) Whether a custom link is shown to contributors blocked by secret scanning push protection. Setting this to `true` requires `secret_scanning_push_protection_custom_link` to be a non-empty URL. If managed at the enterprise level via `github_enterprise_security_analysis_settings`, this resource overrides that value for this organization. +- `secret_scanning_push_protection_custom_link` - (Optional) URL displayed to contributors blocked by secret scanning push protection. Requires `secret_scanning_push_protection_custom_link_enabled` to be `true`. ## Attributes Reference diff --git a/examples/resources/organization_settings/example_1.tf b/examples/resources/organization_settings/example_1.tf index 1dab26f0ab..265fd55ce4 100644 --- a/examples/resources/organization_settings/example_1.tf +++ b/examples/resources/organization_settings/example_1.tf @@ -25,4 +25,6 @@ resource "github_organization_settings" "test" { dependency_graph_enabled_for_new_repositories = false secret_scanning_enabled_for_new_repositories = false secret_scanning_push_protection_enabled_for_new_repositories = false + secret_scanning_push_protection_custom_link_enabled = true + secret_scanning_push_protection_custom_link = "https://example.com/secret-scanning-help" } diff --git a/github/data_source_github_organization.go b/github/data_source_github_organization.go index b5222b0868..0f7b77c7d2 100644 --- a/github/data_source_github_organization.go +++ b/github/data_source_github_organization.go @@ -141,6 +141,14 @@ func dataSourceGithubOrganization() *schema.Resource { Type: schema.TypeBool, Computed: true, }, + "secret_scanning_push_protection_custom_link_enabled": { + Type: schema.TypeBool, + Computed: true, + }, + "secret_scanning_push_protection_custom_link": { + Type: schema.TypeString, + Computed: true, + }, "summary_only": { Type: schema.TypeBool, Optional: true, @@ -265,6 +273,8 @@ func dataSourceGithubOrganizationRead(ctx context.Context, d *schema.ResourceDat _ = d.Set("dependency_graph_enabled_for_new_repositories", organization.GetDependencyGraphEnabledForNewRepos()) _ = d.Set("secret_scanning_enabled_for_new_repositories", organization.GetSecretScanningEnabledForNewRepos()) _ = d.Set("secret_scanning_push_protection_enabled_for_new_repositories", organization.GetSecretScanningPushProtectionEnabledForNewRepos()) + _ = d.Set("secret_scanning_push_protection_custom_link_enabled", organization.GetSecretScanningPushProtectionCustomLinkEnabled()) + _ = d.Set("secret_scanning_push_protection_custom_link", organization.GetSecretScanningPushProtectionCustomLink()) } d.SetId(strconv.FormatInt(organization.GetID(), 10)) diff --git a/github/data_source_github_organization_test.go b/github/data_source_github_organization_test.go index 5d8da74a42..f19a52466c 100644 --- a/github/data_source_github_organization_test.go +++ b/github/data_source_github_organization_test.go @@ -41,6 +41,7 @@ func TestAccGithubOrganizationDataSource(t *testing.T) { resource.TestCheckResourceAttrSet("data.github_organization.test", "dependency_graph_enabled_for_new_repositories"), resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_enabled_for_new_repositories"), resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_push_protection_enabled_for_new_repositories"), + resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_push_protection_custom_link_enabled"), ) resource.Test(t, resource.TestCase{ @@ -139,6 +140,8 @@ func TestAccGithubOrganizationDataSource(t *testing.T) { resource.TestCheckNoResourceAttr("data.github_organization.test", "dependency_graph_enabled_for_new_repositories"), resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_enabled_for_new_repositories"), resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_push_protection_enabled_for_new_repositories"), + resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_push_protection_custom_link_enabled"), + resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_push_protection_custom_link"), ) resource.Test(t, resource.TestCase{ diff --git a/github/resource_github_organization_settings.go b/github/resource_github_organization_settings.go index ac2a832de4..10984390d4 100644 --- a/github/resource_github_organization_settings.go +++ b/github/resource_github_organization_settings.go @@ -169,6 +169,18 @@ func resourceGithubOrganizationSettings() *schema.Resource { Default: false, Description: "Whether or not secret scanning push protection is enabled for new repositories.", }, + "secret_scanning_push_protection_custom_link_enabled": { + Type: schema.TypeBool, + Optional: true, + Computed: true, + Description: "Whether a custom link is shown to contributors who are blocked from pushing a secret by push protection. Setting this to `true` requires `secret_scanning_push_protection_custom_link` to be a non-empty URL. If managed at the enterprise level via `github_enterprise_security_analysis_settings`, this resource overrides that value for this organization.", + }, + "secret_scanning_push_protection_custom_link": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "URL displayed to contributors who are blocked from pushing a secret by push protection. Requires `secret_scanning_push_protection_custom_link_enabled` to be `true`.", + }, }, } } @@ -290,6 +302,14 @@ func buildOrganizationSettings(d *schema.ResourceData, isEnterprise bool) *githu if shouldInclude("secret_scanning_push_protection_enabled_for_new_repositories") { settings.SecretScanningPushProtectionEnabledForNewRepos = new(d.Get("secret_scanning_push_protection_enabled_for_new_repositories").(bool)) } + if shouldInclude("secret_scanning_push_protection_custom_link_enabled") { + settings.SecretScanningPushProtectionCustomLinkEnabled = new(d.Get("secret_scanning_push_protection_custom_link_enabled").(bool)) + } + if shouldInclude("secret_scanning_push_protection_custom_link") { + if v, ok := d.GetOk("secret_scanning_push_protection_custom_link"); ok { + settings.SecretScanningPushProtectionCustomLink = new(v.(string)) + } + } // Enterprise-specific field if isEnterprise { @@ -399,6 +419,12 @@ func resourceGithubOrganizationSettingsCreateOrUpdate(d *schema.ResourceData, me if settings.SecretScanningPushProtectionEnabledForNewRepos != nil { log.Printf("[DEBUG] SecretScanningPushProtectionEnabledForNewRepos: %v", *settings.SecretScanningPushProtectionEnabledForNewRepos) } + if settings.SecretScanningPushProtectionCustomLinkEnabled != nil { + log.Printf("[DEBUG] SecretScanningPushProtectionCustomLinkEnabled: %v", *settings.SecretScanningPushProtectionCustomLinkEnabled) + } + if settings.SecretScanningPushProtectionCustomLink != nil { + log.Printf("[DEBUG] SecretScanningPushProtectionCustomLink: %s", *settings.SecretScanningPushProtectionCustomLink) + } orgSettings, _, err := client.Organizations.Edit(ctx, org, settings) if err != nil { @@ -513,6 +539,12 @@ func resourceGithubOrganizationSettingsRead(d *schema.ResourceData, meta any) er if err = d.Set("secret_scanning_push_protection_enabled_for_new_repositories", orgSettings.GetSecretScanningPushProtectionEnabledForNewRepos()); err != nil { return err } + if err = d.Set("secret_scanning_push_protection_custom_link_enabled", orgSettings.GetSecretScanningPushProtectionCustomLinkEnabled()); err != nil { + return err + } + if err = d.Set("secret_scanning_push_protection_custom_link", orgSettings.GetSecretScanningPushProtectionCustomLink()); err != nil { + return err + } return nil } diff --git a/github/resource_github_organization_settings_test.go b/github/resource_github_organization_settings_test.go index 742f779b3e..ed1cc5cbc8 100644 --- a/github/resource_github_organization_settings_test.go +++ b/github/resource_github_organization_settings_test.go @@ -39,6 +39,8 @@ func TestAccGithubOrganizationSettings(t *testing.T) { dependency_graph_enabled_for_new_repositories = false secret_scanning_enabled_for_new_repositories = false secret_scanning_push_protection_enabled_for_new_repositories = false + secret_scanning_push_protection_custom_link_enabled = true + secret_scanning_push_protection_custom_link = "https://example.com/secret-scanning-help" }` check := resource.ComposeTestCheckFunc( @@ -159,6 +161,7 @@ func TestAccGithubOrganizationSettings(t *testing.T) { dependency_graph_enabled_for_new_repositories = false secret_scanning_enabled_for_new_repositories = false secret_scanning_push_protection_enabled_for_new_repositories = false + secret_scanning_push_protection_custom_link_enabled = false }` check := resource.ComposeTestCheckFunc( @@ -206,6 +209,10 @@ func TestAccGithubOrganizationSettings(t *testing.T) { "github_organization_settings.test", "secret_scanning_push_protection_enabled_for_new_repositories", "false", ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "secret_scanning_push_protection_custom_link_enabled", "false", + ), ) resource.Test(t, resource.TestCase{ @@ -234,6 +241,8 @@ func TestAccGithubOrganizationSettings(t *testing.T) { dependency_graph_enabled_for_new_repositories = true secret_scanning_enabled_for_new_repositories = false secret_scanning_push_protection_enabled_for_new_repositories = true + secret_scanning_push_protection_custom_link_enabled = true + secret_scanning_push_protection_custom_link = "https://example.com/secret-scanning-help" }` check := resource.ComposeTestCheckFunc( @@ -281,6 +290,14 @@ func TestAccGithubOrganizationSettings(t *testing.T) { "github_organization_settings.test", "secret_scanning_push_protection_enabled_for_new_repositories", "true", ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "secret_scanning_push_protection_custom_link_enabled", "true", + ), + resource.TestCheckResourceAttr( + "github_organization_settings.test", + "secret_scanning_push_protection_custom_link", "https://example.com/secret-scanning-help", + ), ) resource.Test(t, resource.TestCase{ diff --git a/templates/data-sources/organization.md.tmpl b/templates/data-sources/organization.md.tmpl index bc36284217..22e6c3f545 100644 --- a/templates/data-sources/organization.md.tmpl +++ b/templates/data-sources/organization.md.tmpl @@ -52,3 +52,5 @@ Use this data source to retrieve basic information about a GitHub Organization. - `dependency_graph_enabled_for_new_repositories` - Whether dependency graph is automatically enabled for new repositories. - `secret_scanning_enabled_for_new_repositories` - Whether secret scanning is automatically enabled for new repositories. - `secret_scanning_push_protection_enabled_for_new_repositories` - Whether secret scanning push protection is automatically enabled for new repositories. +- `secret_scanning_push_protection_custom_link_enabled` - Whether a custom link is shown to contributors blocked by secret scanning push protection. +- `secret_scanning_push_protection_custom_link` - URL displayed to contributors blocked by secret scanning push protection. diff --git a/templates/resources/organization_settings.md.tmpl b/templates/resources/organization_settings.md.tmpl index bdd5318c1a..a249b677df 100644 --- a/templates/resources/organization_settings.md.tmpl +++ b/templates/resources/organization_settings.md.tmpl @@ -42,6 +42,8 @@ The following arguments are supported: - `dependency_graph_enabled_for_new_repositories` - (Optional) Whether or not dependency graph is enabled for new repositories. Defaults to `false`. - `secret_scanning_enabled_for_new_repositories` - (Optional) Whether or not secret scanning is enabled for new repositories. Defaults to `false`. - `secret_scanning_push_protection_enabled_for_new_repositories` - (Optional) Whether or not secret scanning push protection is enabled for new repositories. Defaults to `false`. +- `secret_scanning_push_protection_custom_link_enabled` - (Optional) Whether a custom link is shown to contributors blocked by secret scanning push protection. Setting this to `true` requires `secret_scanning_push_protection_custom_link` to be a non-empty URL. If managed at the enterprise level via `github_enterprise_security_analysis_settings`, this resource overrides that value for this organization. +- `secret_scanning_push_protection_custom_link` - (Optional) URL displayed to contributors blocked by secret scanning push protection. Requires `secret_scanning_push_protection_custom_link_enabled` to be `true`. ## Attributes Reference