refactor!: allow computed values in v4 branch protections

Author: mariux

.pre-commit-config.yaml

@@ -8,10 +8,5 @@ repos:
       - id: tflint
       - id: phony-targets
       - id: terradoc-validate
-      - id: golangci-lint
       - id: terradoc-fmt
       - id: terradoc-generate
-      # - id: terramate-generate
-      - id: markdown-link-check
-        args: ['-p']   # When adding the -p flag, markdown-link-check will always with an exit code 0, even if dead links are found
-        verbose: true  # Forces the output of the hook to be printed even when the hook passes.

README.md

@@ -646,53 +646,55 @@ This is due to some terraform limitation and we will update the module once terr
 
       Default is `[]`.
 
-- [**`branch_protections`**](#var-branch_protections): *(Optional `list(branch_protection_v3)`)*<a name="var-branch_protections"></a>
-
-  **_DEPRECATED_** To ensure compatibility with future versions of this module, please use `branch_protections_v3`.
-  This argument is ignored if `branch_protections_v3` is used. Please see `branch_protections_v3` for supported attributes.
-
-  Default is `[]`.
-
 #### Branch Protections v4 Configuration
 
-- [**`branch_protections_v4`**](#var-branch_protections_v4): *(Optional `map(branch_protection_v4)`)*<a name="var-branch_protections_v4"></a>
+- [**`branch_protections_v4`**](#var-branch_protections_v4): *(Optional `list(branch_protection_v4)`)*<a name="var-branch_protections_v4"></a>
 
-  This map allows you to configure v4 branch protection for repositories in your organization.
+  This resource allows you to configure v4 branch protection for repositories in your organization.
 
-  Each element in the map is a branch to be protected and the value the corresponding to the desired configuration for the branch.
+  Each element in the list is a branch to be protected and the value the corresponding to the desired configuration for the branch.
 
   When applied, the branch will be protected from forced pushes and deletion.
   Additional constraints, such as required status checks or restrictions on users and teams, can also be configured.
 
-  **_NOTE_** This will take precedence over v3 branch protections.
+  **_NOTE:_** May conflict with v3 branch protections if used for the same branch.
+
+  Default is `[]`.
+
+  Each `branch_protection_v4` object in the list accepts the following attributes:
+
+  - [**`pattern`**](#attr-branch_protections_v4-pattern): *(**Required** `string`)*<a name="attr-branch_protections_v4-pattern"></a>
+
+    Identifies the protection rule pattern.
 
-  Default is `null`.
+  - [**`_key`**](#attr-branch_protections_v4-_key): *(Optional `string`)*<a name="attr-branch_protections_v4-_key"></a>
 
-  Each `branch_protection_v4` object in the map accepts the following attributes:
+    An alternative key to use in `for_each` resource creation.
+    Defaults to the value of `var.pattern`.
 
   - [**`allows_deletions`**](#attr-branch_protections_v4-allows_deletions): *(Optional `bool`)*<a name="attr-branch_protections_v4-allows_deletions"></a>
 
-    Setting this to true to allow the branch to be deleted.
+    Setting this to `true` to allow the branch to be deleted.
 
     Default is `false`.
 
   - [**`allows_force_pushes`**](#attr-branch_protections_v4-allows_force_pushes): *(Optional `bool`)*<a name="attr-branch_protections_v4-allows_force_pushes"></a>
 
-    Setting this to true to allow force pushes on the branch.
+    Setting this to `true` to allow force pushes on the branch.
 
     Default is `false`.
 
   - [**`blocks_creations`**](#attr-branch_protections_v4-blocks_creations): *(Optional `bool`)*<a name="attr-branch_protections_v4-blocks_creations"></a>
 
-    Setting this to true will block creating the branch.
+    Setting this to `true` will block creating the branch.
 
     Default is `false`.
 
   - [**`enforce_admins`**](#attr-branch_protections_v4-enforce_admins): *(Optional `bool`)*<a name="attr-branch_protections_v4-enforce_admins"></a>
 
-    Setting this to true enforces status checks for repository administrators.
+    Keeping this as `true` enforces status checks for repository administrators.
 
-    Default is `false`.
+    Default is `true`.
 
   - [**`push_restrictions`**](#attr-branch_protections_v4-push_restrictions): *(Optional `list(string)`)*<a name="attr-branch_protections_v4-push_restrictions"></a>
 
@@ -723,8 +725,6 @@ This is due to some terraform limitation and we will update the module once terr
 
     Enforce restrictions for pull request reviews.
 
-    Default is `null`.
-
     The `required_pull_request_reviews` object accepts the following attributes:
 
     - [**`dismiss_stale_reviews`**](#attr-branch_protections_v4-required_pull_request_reviews-dismiss_stale_reviews): *(Optional `bool`)*<a name="attr-branch_protections_v4-required_pull_request_reviews-dismiss_stale_reviews"></a>
@@ -733,26 +733,30 @@ This is due to some terraform limitation and we will update the module once terr
 
       Default is `true`.
 
+    - [**`restrict_dismissals`**](#attr-branch_protections_v4-required_pull_request_reviews-restrict_dismissals): *(Optional `bool`)*<a name="attr-branch_protections_v4-required_pull_request_reviews-restrict_dismissals"></a>
+
+      Restrict pull request review dismissals.
+
     - [**`dismissal_restrictions`**](#attr-branch_protections_v4-required_pull_request_reviews-dismissal_restrictions): *(Optional `list(string)`)*<a name="attr-branch_protections_v4-required_pull_request_reviews-dismissal_restrictions"></a>
 
       The list of actor Names/IDs with dismissal access.
-      If not empty, restrict_dismissals is ignored.
-      Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+      If not empty, `restrict_dismissals` is ignored
+      Actor names must either begin with a `/` for users or the organization name followed by a `/` for teams.
 
       Default is `[]`.
 
     - [**`pull_request_bypassers`**](#attr-branch_protections_v4-required_pull_request_reviews-pull_request_bypassers): *(Optional `list(string)`)*<a name="attr-branch_protections_v4-required_pull_request_reviews-pull_request_bypassers"></a>
 
       The list of actor Names/IDs that are allowed to bypass pull request requirements.
-      Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+      Actor names must either begin with a `/` for users or the organization name followed by a `/` for teams.
 
       Default is `[]`.
 
     - [**`require_code_owner_reviews`**](#attr-branch_protections_v4-required_pull_request_reviews-require_code_owner_reviews): *(Optional `bool`)*<a name="attr-branch_protections_v4-required_pull_request_reviews-require_code_owner_reviews"></a>
 
       Require an approved review in pull requests including files with a designated code owner.
 
-      Default is `false`.
+      Default is `true`.
 
     - [**`required_approving_review_count`**](#attr-branch_protections_v4-required_pull_request_reviews-required_approving_review_count): *(Optional `number`)*<a name="attr-branch_protections_v4-required_pull_request_reviews-required_approving_review_count"></a>
 
@@ -766,8 +770,6 @@ This is due to some terraform limitation and we will update the module once terr
     Enforce restrictions for required status checks.
     See Required Status Checks below for details.
 
-    Default is `null`.
-
     The `required_status_checks` object accepts the following attributes:
 
     - [**`strict`**](#attr-branch_protections_v4-required_status_checks-strict): *(Optional `bool`)*<a name="attr-branch_protections_v4-required_status_checks-strict"></a>

README.tfdoc.hcl

@@ -821,63 +821,70 @@ section {
             }
           }
         }
-
-        variable "branch_protections" {
-          type        = list(branch_protection_v3)
-          default     = []
-          description = <<-END
-            **_DEPRECATED_** To ensure compatibility with future versions of this module, please use `branch_protections_v3`.
-            This argument is ignored if `branch_protections_v3` is used. Please see `branch_protections_v3` for supported attributes.
-          END
-        }
       }
 
       section {
         title = "Branch Protections v4 Configuration"
 
         variable "branch_protections_v4" {
-          type        = map(branch_protection_v4)
-          default     = null
+          type        = list(branch_protection_v4)
+          default     = []
           description = <<-END
-            This map allows you to configure v4 branch protection for repositories in your organization.
+            This resource allows you to configure v4 branch protection for repositories in your organization.
 
-            Each element in the map is a branch to be protected and the value the corresponding to the desired configuration for the branch.
+            Each element in the list is a branch to be protected and the value the corresponding to the desired configuration for the branch.
 
             When applied, the branch will be protected from forced pushes and deletion.
             Additional constraints, such as required status checks or restrictions on users and teams, can also be configured.
 
-            **_NOTE_** This will take precedence over v3 branch protections.
+            **_NOTE:_** May conflict with v3 branch protections if used for the same branch.
           END
 
+          attribute "pattern" {
+            type        = string
+            required    = true
+            description = <<-END
+              Identifies the protection rule pattern.
+            END
+          }
+
+          attribute "_key" {
+            type        = string
+            description = <<-END
+              An alternative key to use in `for_each` resource creation.
+              Defaults to the value of `var.pattern`.
+            END
+          }
+
           attribute "allows_deletions" {
             type        = bool
             default     = false
             description = <<-END
-              Setting this to true to allow the branch to be deleted.
+              Setting this to `true` to allow the branch to be deleted.
             END
           }
 
           attribute "allows_force_pushes" {
             type        = bool
             default     = false
             description = <<-END
-              Setting this to true to allow force pushes on the branch.
+              Setting this to `true` to allow force pushes on the branch.
             END
           }
 
           attribute "blocks_creations" {
             type        = bool
             default     = false
             description = <<-END
-              Setting this to true will block creating the branch.
+              Setting this to `true` will block creating the branch.
             END
           }
 
           attribute "enforce_admins" {
             type        = bool
-            default     = false
+            default     = true
             description = <<-END
-              Setting this to true enforces status checks for repository administrators.
+              Keeping this as `true` enforces status checks for repository administrators.
             END
           }
 
@@ -916,7 +923,6 @@ section {
 
           attribute "required_pull_request_reviews" {
             type        = object(required_pull_request_reviews)
-            default     = null
             description = <<-END
               Enforce restrictions for pull request reviews.
             END
@@ -929,13 +935,20 @@ section {
               END
             }
 
+            attribute "restrict_dismissals" {
+              type        = bool
+              description = <<-END
+                Restrict pull request review dismissals.
+              END
+            }
+
             attribute "dismissal_restrictions" {
               type        = list(string)
               default     = []
               description = <<-END
                 The list of actor Names/IDs with dismissal access.
-                If not empty, restrict_dismissals is ignored.
-                Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+                If not empty, `restrict_dismissals` is ignored
+                Actor names must either begin with a `/` for users or the organization name followed by a `/` for teams.
               END
             }
 
@@ -944,13 +957,13 @@ section {
               default     = []
               description = <<-END
                 The list of actor Names/IDs that are allowed to bypass pull request requirements.
-                Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
+                Actor names must either begin with a `/` for users or the organization name followed by a `/` for teams.
               END
             }
 
             attribute "require_code_owner_reviews" {
               type        = bool
-              default     = false
+              default     = true
               description = <<-END
                 Require an approved review in pull requests including files with a designated code owner.
               END
@@ -968,7 +981,6 @@ section {
 
           attribute "required_status_checks" {
             type        = object(required_status_checks)
-            default     = null
             description = <<-END
               Enforce restrictions for required status checks.
               See Required Status Checks below for details.