Reduce org admins team to only be members

terraform/production/org.tfvars

@@ -7,6 +7,14 @@ admins = [
   "williln",
 ]
 
+super_admins = [
+  "cunla",
+  "ryancheley",
+  "Stormheg",
+  "tim-schilling",
+  "williln",
+]
+
 # Design members
 designers = [
   "akshayvinchurkar",
@@ -109,10 +117,23 @@ members = [
   "viscofuse",
   "Zakui",
 ]
-
 organization_teams = {
+  # This team should be enabled as moderators which can't be configured
+  # via the GitHub Terraform integration.
+  # https://github.com/organizations/django-commons/settings/moderators
   "Admins" = {
-    description = "django-commons administrators"
+    description = "django-commons administrators team with moderator permissions in the org."
+    # Use maintainers for organizational teams
+    maintainers = [
+      "cunla",
+      "ryancheley",
+      "Stormheg",
+      "tim-schilling",
+      "williln",
+    ]
+  }
+  "operations" = {
+    description = "django-commons operations team with admin permissions in the org."
     # Use maintainers for organizational teams
     maintainers = [
       "cunla",

terraform/resources-org.tf

@@ -1,7 +1,7 @@
 # GitHub Membership Resource
 # https://registry.terraform.io/providers/integrations/github/latest/docs/resources/membership
 data "github_users" "users" {
-  usernames = setunion(var.admins, var.members)
+  usernames = setunion(var.admins, var.super_admins, var.members)
 }
 
 output "invalid_users" {
@@ -10,7 +10,8 @@ output "invalid_users" {
 
 locals {
   users = merge(
-    { for user in var.admins : user => "admin" if contains(data.github_users.users.logins, user) },
+    { for user in var.admins : user => "member" if contains(data.github_users.users.logins, user) },
+    { for user in var.super_admins : user => "admin" if contains(data.github_users.users.logins, user) },
     { for user in var.members : user => "member" if contains(data.github_users.users.logins, user) }
   )
 }

terraform/variables.tf

@@ -2,7 +2,12 @@
 # https://www.terraform.io/language/values/variables
 
 variable "admins" {
-  description = "A set of admins to add to the organization"
+  description = "A set of users who are admins to add to the organization"
+  type        = set(string)
+}
+
+variable "super_admins" {
+  description = "A set of users who have operational permissions to add to the organization"
   type        = set(string)
 }