Create an operations team and switch admins to moderators

The operations team will have admin permissions in the GitHub org
while the admins team will have moderator permissions.

This needs to be followed up with another commit to reduce the
permissions of the org admins teams to member. This is being
split up to avoid removing all admin permissions.

Author: tim-schilling

terraform/production/org.tfvars

@@ -7,6 +7,14 @@ admins = [
   "williln",
 ]
 
+ops_team = [
+  "cunla",
+  "ryancheley",
+  "Stormheg",
+  "tim-schilling",
+  "williln",
+]
+
 # Design members
 designers = [
   "akshayvinchurkar",
@@ -110,10 +118,23 @@ members = [
   "viscofuse",
   "Zakui",
 ]
-
 organization_teams = {
+  # This team should be enabled as moderators which can't be configured
+  # via the GitHub Terraform integration.
+  # https://github.com/organizations/django-commons/settings/moderators
   "Admins" = {
-    description = "django-commons administrators"
+    description = "django-commons administrators team with moderator permissions in the org."
+    # Use maintainers for organizational teams
+    maintainers = [
+      "cunla",
+      "ryancheley",
+      "Stormheg",
+      "tim-schilling",
+      "williln",
+    ]
+  }
+  "operations" = {
+    description = "django-commons operations team with admin permissions in the org."
     # Use maintainers for organizational teams
     maintainers = [
       "cunla",

terraform/resources-org.tf

@@ -1,7 +1,7 @@
 # GitHub Membership Resource
 # https://registry.terraform.io/providers/integrations/github/latest/docs/resources/membership
 data "github_users" "users" {
-  usernames = setunion(var.admins, var.members)
+  usernames = setunion(var.admins, var.ops_team, var.members)
 }
 
 output "invalid_users" {
@@ -11,6 +11,7 @@ output "invalid_users" {
 locals {
   users = merge(
     { for user in var.admins : user => "admin" if contains(data.github_users.users.logins, user) },
+    { for user in var.ops_team : user => "admin" if contains(data.github_users.users.logins, user) },
     { for user in var.members : user => "member" if contains(data.github_users.users.logins, user) }
   )
 }

terraform/variables.tf

@@ -2,7 +2,12 @@
 # https://www.terraform.io/language/values/variables
 
 variable "admins" {
-  description = "A set of admins to add to the organization"
+  description = "A set of users who are admins to add to the organization"
+  type        = set(string)
+}
+
+variable "ops_team" {
+  description = "A set of users who have operational permissions to add to the organization"
   type        = set(string)
 }