terraform-provider-github icon indicating copy to clipboard operation
terraform-provider-github copied to clipboard
verified publisher icon integrations

[BUG]: github_enterprise_organization and github_organization_settings deployment conflict

Open markjandejong opened this issue 1 year ago • 5 comments

Expected Behavior

No errors should occur when deploying a github_enterprise_organization followed by github_organization_settings.

Actual Behavior

When deploying both resources github_enterprise_organization and github_organization_settings deployment in the same apply, we get the following error:

╷
│ Error: PATCH https://api.github.com/orgs/xxxxxx: 422  []
│ 
│   with module.organization["xxxxxx"].github_organization_settings.main,
│   on modules/organization/main.tf line 101, in resource "github_organization_settings" "main":
│  101: resource "github_organization_settings" "main" {
│ 
╵
ERRO[0021] 1 error occurred:
        * exit status 1

This seems to be because the setting for billing_email is managed at the enterprise level and cannot be modified at the org level. Importing the settings and adding a lifecycle policy is a workaround after the resource has been deployed.

lifecycle {
  ignore_changes = ["billing_email"]
}

Marking the billing_email field in github_organization_settings as optional should resolve this issue.

Terraform Version

Terraform 1.5.7 on Linux AMD64 using provider 6.2.1

Affected Resource(s)

  • github_enterprise_organization
  • github_organization_settings deployment

Terraform Configuration Files

data "github_enterprise" "main" {
  slug = "xxxxxx"
}

resource "github_enterprise_organization" "main" {
  for_each = local.organizations
  enterprise_id = data.github_enterprise.main.id
  name          = each.key
  display_name  = each.value.settings.name
  description   = each.value.settings.description
  billing_email = each.value.settings.billing_email
  admin_logins  = each.value.membership.admin
}

resource "github_organization_settings" "main" {
    billing_email = lookup(local.settings, "billing_email", null)
    blog = lookup(local.settings, "blog", null)
    email = lookup(local.settings, "email", null)
    twitter_username = lookup(local.settings, "twitter_username", null)
    name = lookup(local.settings, "name", null)
    description =lookup(local.settings, "description", null)
    has_organization_projects = lookup(local.settings, "has_organization_projects", null)
    has_repository_projects = lookup(local.settings, "has_repository_projects", null)
    default_repository_permission = lookup(local.settings, "default_repository_permission", null)
    members_can_create_repositories = lookup(local.settings, "members_can_create_repositories", null)
    members_can_create_public_repositories = lookup(local.settings, "members_can_create_public_repositories", null)
    members_can_create_private_repositories = lookup(local.settings, "members_can_create_private_repositories", null)
    members_can_create_internal_repositories = lookup(local.settings, "members_can_create_internal_repositories", null)
    members_can_create_pages = lookup(local.settings, "members_can_create_pages", null)
    members_can_create_public_pages = lookup(local.settings, "members_can_create_public_pages", null)
    members_can_create_private_pages = lookup(local.settings, "members_can_create_private_pages", null)
    members_can_fork_private_repositories = lookup(local.settings, "members_can_fork_private_repositories", null)
    web_commit_signoff_required = lookup(local.settings, "web_commit_signoff_required", null)
    advanced_security_enabled_for_new_repositories = lookup(local.settings, "advanced_security_enabled_for_new_repositories", null)
    dependabot_alerts_enabled_for_new_repositories=  lookup(local.settings, "dependabot_alerts_enabled_for_new_repositories", null)
    dependabot_security_updates_enabled_for_new_repositories = lookup(local.settings, "dependabot_security_updates_enabled_for_new_repositories", null)
    dependency_graph_enabled_for_new_repositories = lookup(local.settings, "dependency_graph_enabled_for_new_repositories", null)
    secret_scanning_enabled_for_new_repositories = lookup(local.settings, "secret_scanning_enabled_for_new_repositories", null)
    secret_scanning_push_protection_enabled_for_new_repositories = lookup(local.settings, "secret_scanning_push_protection_enabled_for_new_repositories", null)
    lifecycle {
      ignore_changes = [
        "billing_email",
        "name",
        "description"
      ]
    }
}

Steps to Reproduce

No response

Debug Output

No response

Panic Output

No response

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

markjandejong avatar May 02 '24 20:05 markjandejong

Expected Behavior

No errors should occur when deploying a github_enterprise_organization followed by github_organization_settings.

Actual Behavior

When deploying both resources github_enterprise_organization and github_organization_settings deployment in the same apply, we get the following error:

╷
│ Error: PATCH https://api.github.com/orgs/xxxxxx: 422  []
│ 
│   with module.organization["xxxxxx"].github_organization_settings.main,
│   on modules/organization/main.tf line 101, in resource "github_organization_settings" "main":
│  101: resource "github_organization_settings" "main" {
│ 
╵
ERRO[0021] 1 error occurred:
        * exit status 1

This seems to be because the setting for billing_email is managed at the enterprise level and cannot be modified at the org level. Importing the settings and adding a lifecycle policy is a workaround after the resource has been deployed.

lifecycle {
  ignore_changes = ["billing_email"]
}

Marking the billing_email field in github_organization_settings as optional should resolve this issue.

Terraform Version

Terraform 1.5.7 on Linux AMD64 using provider 6.2.1

Affected Resource(s)

  • github_enterprise_organization
  • github_organization_settings deployment

Terraform Configuration Files

data "github_enterprise" "main" {
  slug = "xxxxxx"
}

resource "github_enterprise_organization" "main" {
  for_each = local.organizations
  enterprise_id = data.github_enterprise.main.id
  name          = each.key
  display_name  = each.value.settings.name
  description   = each.value.settings.description
  billing_email = each.value.settings.billing_email
  admin_logins  = each.value.membership.admin
}

resource "github_organization_settings" "main" {
    billing_email = lookup(local.settings, "billing_email", null)
    blog = lookup(local.settings, "blog", null)
    email = lookup(local.settings, "email", null)
    twitter_username = lookup(local.settings, "twitter_username", null)
    name = lookup(local.settings, "name", null)
    description =lookup(local.settings, "description", null)
    has_organization_projects = lookup(local.settings, "has_organization_projects", null)
    has_repository_projects = lookup(local.settings, "has_repository_projects", null)
    default_repository_permission = lookup(local.settings, "default_repository_permission", null)
    members_can_create_repositories = lookup(local.settings, "members_can_create_repositories", null)
    members_can_create_public_repositories = lookup(local.settings, "members_can_create_public_repositories", null)
    members_can_create_private_repositories = lookup(local.settings, "members_can_create_private_repositories", null)
    members_can_create_internal_repositories = lookup(local.settings, "members_can_create_internal_repositories", null)
    members_can_create_pages = lookup(local.settings, "members_can_create_pages", null)
    members_can_create_public_pages = lookup(local.settings, "members_can_create_public_pages", null)
    members_can_create_private_pages = lookup(local.settings, "members_can_create_private_pages", null)
    members_can_fork_private_repositories = lookup(local.settings, "members_can_fork_private_repositories", null)
    web_commit_signoff_required = lookup(local.settings, "web_commit_signoff_required", null)
    advanced_security_enabled_for_new_repositories = lookup(local.settings, "advanced_security_enabled_for_new_repositories", null)
    dependabot_alerts_enabled_for_new_repositories=  lookup(local.settings, "dependabot_alerts_enabled_for_new_repositories", null)
    dependabot_security_updates_enabled_for_new_repositories = lookup(local.settings, "dependabot_security_updates_enabled_for_new_repositories", null)
    dependency_graph_enabled_for_new_repositories = lookup(local.settings, "dependency_graph_enabled_for_new_repositories", null)
    secret_scanning_enabled_for_new_repositories = lookup(local.settings, "secret_scanning_enabled_for_new_repositories", null)
    secret_scanning_push_protection_enabled_for_new_repositories = lookup(local.settings, "secret_scanning_push_protection_enabled_for_new_repositories", null)
    lifecycle {
      ignore_changes = [
        "billing_email",
        "name",
        "description"
      ]
    }
}

Steps to Reproduce

No response

Debug Output

No response

Panic Output

No response

Code of Conduct

  • [x] I agree to follow this project's Code of Conduct

Hey Friends, Just asking you a question, when you use this provider to create an enterprise organization, do you use PAT token or something else? What permissions are required when using PAT token? my error shows : "xxxx user does not have the correct permissions to execute CreateEnterpriseOrganization"

ljw4010 avatar May 29 '24 14:05 ljw4010

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

github-actions[bot] avatar Feb 24 '25 02:02 github-actions[bot]

您的来信已经收到,我会尽快处理,谢谢!!Thank you for your email.

ljw4010 avatar Feb 24 '25 02:02 ljw4010