feat: Add github_organization_security_configuration and github_enterprise_security_configuration resource

[sprioriello]

This commit adds a new resource github_organization_security_configuration & github_enterprise_security_configuration to manage Code Security Configurations at the organization & enterprise level respectively. It includes:

• Resource implementation.
• Acceptance tests.
• Documentation.
• Provider registration.

Resolves #2412

---

Before the change?

• Resource not available.

After the change?

• Implement code security configuration resource on organizational level.

Pull request checklist

• Schema migrations have been created if needed (example)
• Tests for the changes have been added (for bug fixes / features)
• Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

• Yes
• No

---

Tests

==> Running acceptance tests on branch: 🌿 feat/organization-security-configuration 🌿...
TF_ACC=1 CGO_ENABLED=0 go test ./github/... -v -run '^TestAcc' -run='TestAccGithubOrganizationSecurityConfiguration'  -timeout 120m -count=1
=== RUN   TestAccGithubOrganizationSecurityConfiguration
=== RUN   TestAccGithubOrganizationSecurityConfiguration/creates_organization_security_configuration_without_error
=== RUN   TestAccGithubOrganizationSecurityConfiguration/updates_organization_security_configuration_without_error
=== RUN   TestAccGithubOrganizationSecurityConfiguration/creates_organization_security_configuration_with_options
=== RUN   TestAccGithubOrganizationSecurityConfiguration/creates_organization_security_configuration_with_minimal_config
--- PASS: TestAccGithubOrganizationSecurityConfiguration (48.02s)
    --- PASS: TestAccGithubOrganizationSecurityConfiguration/creates_organization_security_configuration_without_error (12.08s)
    --- PASS: TestAccGithubOrganizationSecurityConfiguration/updates_organization_security_configuration_without_error (15.99s)
    --- PASS: TestAccGithubOrganizationSecurityConfiguration/creates_organization_security_configuration_with_options (10.98s)
    --- PASS: TestAccGithubOrganizationSecurityConfiguration/creates_organization_security_configuration_with_minimal_config (8.96s)
PASS
ok      github.com/integrations/terraform-provider-github/v6/github     48.317s
==> Running acceptance tests on branch: 🌿 feat/organization-security-configuration 🌿...
TF_ACC=1 CGO_ENABLED=0 go test ./github/... -v -run '^TestAcc' -run='TestAccGithubEnterpriseSecurityConfiguration'  -timeout 120m -count=1
=== RUN   TestAccGithubEnterpriseSecurityConfiguration
=== RUN   TestAccGithubEnterpriseSecurityConfiguration/creates_enterprise_security_configuration_without_error
=== RUN   TestAccGithubEnterpriseSecurityConfiguration/updates_enterprise_security_configuration_without_error
=== RUN   TestAccGithubEnterpriseSecurityConfiguration/creates_enterprise_security_configuration_with_options
=== RUN   TestAccGithubEnterpriseSecurityConfiguration/creates_enterprise_security_configuration_with_minimal_config
--- PASS: TestAccGithubEnterpriseSecurityConfiguration (46.68s)
    --- PASS: TestAccGithubEnterpriseSecurityConfiguration/creates_enterprise_security_configuration_without_error (10.97s)
    --- PASS: TestAccGithubEnterpriseSecurityConfiguration/updates_enterprise_security_configuration_without_error (15.31s)
    --- PASS: TestAccGithubEnterpriseSecurityConfiguration/creates_enterprise_security_configuration_with_options (11.52s)
    --- PASS: TestAccGithubEnterpriseSecurityConfiguration/creates_enterprise_security_configuration_with_minimal_config (8.88s)
PASS
ok      github.com/integrations/terraform-provider-github/v6/github     46.923s

[github-actions]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

[sprioriello]

@deiga ready for review

[sprioriello]

@nickfloyd @deiga is there anything else you need to help get this through. We are keen on this feature :)

[deiga]

@sprioriello You'll need to at least rebase this 😬

[deiga]

Please apply applicable changes also to the Org resource, I don't want to repeat myself there

[deiga]

issue: Since the SDK has the omitempty tag configured for this field, I wonder if a default is going to be harmful. Especially since the API docs don't define a default either.
What if we don't set a default and use GetOk to check if we should include it or not in the payload?

[sprioriello]

Done. Removed all Default values from optional fields and switched to using d.GetOk() to check if values should be included in the payload. Applied to both enterprise and org resources.

[deiga]

You need to populate any Computed fields inside Create

Suggested change

	return resourceGithubEnterpriseSecurityConfigurationRead(ctx, d, meta)
	return nil

[sprioriello]

Done. Create now sets computed fields (target_type) and returns nil instead of calling Read.

[deiga]

question: Even though these are closely linked, do they really need to be set in tandem? Would it be safer set these 1 by 1?

[sprioriello]

Good point. Refactored to set each field individually using d.GetOk() rather than the tandem approach.

[deiga]

Please add a testcase which uses miminal configs to test that defaults work

[sprioriello]

Done. Added a "creates enterprise security configuration with minimal config" test that only sets enterprise_slug and name, and verifies target_type is set. Also added equivalent test for the org resource.

[deiga]

issue: These IDs seem to be just numbers, so a clash between resource is highly likely. What if we'd use buildID(enterprise, configuration.GetID()) to at least make the collision likelyhood smaller?

[sprioriello]

Done. Now using buildID(enterprise, strconv.FormatInt(configuration.GetID(), 10)) to create composite IDs. Updated Read, Update, Delete, and Import to use parseID2 accordingly. Also updated ImportStateIdPrefix in tests from "/" to ":" separator.

[deiga]

issue: These IDs seem to be just numbers, so a clash between resource is highly likely. What if we'd use buildID(org, configuration.GetID()) to at least make the collision likelyhood smaller?

[sprioriello]

Done. Same composite ID pattern applied to the org resource using buildID(org, ...).

[deiga]

Suggested change

	return resourceGithubOrganizationSecurityConfigurationRead(ctx, d, meta)
	return nil

[sprioriello]

Done. Create and Update in org resource now return nil instead of calling Read.

[sprioriello]

Acceptance Test Results

All 8 acceptance tests pass (4 organization + 4 enterprise):

--- PASS: TestAccGithubOrganizationSecurityConfiguration (56.53s)
    --- PASS: .../creates_organization_security_configuration_without_error (13.28s)
    --- PASS: .../updates_organization_security_configuration_without_error (19.47s)
    --- PASS: .../creates_organization_security_configuration_with_options (12.26s)
    --- PASS: .../creates_organization_security_configuration_with_minimal_config (11.51s)
PASS
ok      github.com/integrations/terraform-provider-github/v6/github     56.936s

--- PASS: TestAccGithubEnterpriseSecurityConfiguration (54.89s)
    --- PASS: .../creates_enterprise_security_configuration_without_error (13.85s)
    --- PASS: .../updates_enterprise_security_configuration_without_error (17.04s)
    --- PASS: .../creates_enterprise_security_configuration_with_options (12.63s)
    --- PASS: .../creates_enterprise_security_configuration_with_minimal_config (11.38s)
PASS
ok      github.com/integrations/terraform-provider-github/v6/github     55.324s

[sprioriello]

@sprioriello You'll need to at least rebase this 😬

@deiga rebased and addressed comments as requested. Thank you

[deiga]

Please review all the comments we've left before and check that they are actually done. Many seem to have somehow gotten reverted

[deiga]

You claimed to have removed this, but it's still there. What's going on?

Suggested change

ctx = context.WithValue(ctx, ctxId, d.Id())

[sprioriello]

Sorry my mistake. I made a mistake when rebasing and missed something. Should be fixed now.

[deiga]

issue: Please populate the Computed fields in Create

[sprioriello]

In both files, Create and Update now call Read at the end instead returning nil

[deiga]

You claimed to have removed this, but it's still there. What's going on?

Suggested change

ctx = context.WithValue(ctx, ctxId, d.Id())

[deiga]

I asked you to add some logging output with tflog, but you didn't?https://github.com/integrations/terraform-provider-github/pull/3143/changes#r2811597046

[sprioriello]

Added additional logging as requested with tflog library referencing the recent pull request to github/resource_github_organization_ruleset.go

[deiga]

You claimed to have removed this, but it's still there. What's going on?

Suggested change

ctx = context.WithValue(ctx, ctxId, d.Id())

[deiga]

issue: setting enterprise twice

[sprioriello]

Removed enterprise := d.Get("enterprise_slug").(string)

[deiga]

Please refactor all Check: in all TestStep to use ConfigStateCheck: instead. https://developer.hashicorp.com/terraform/plugin/testing/acceptance-tests/state-checks/resource

[sprioriello]

Done. Both test files migrated from Check: resource.ComposeTestCheckFunc(...) to ConfigStateChecks:

[deiga]

Please don't use single char variables, it degrades readability of the code a lot

[sprioriello]

Done. Renamed all single-char variables in util_security_configuration.go and the other two files.

[deiga]

Please add a Description

[sprioriello]

Added a description for both resources.