Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: github_actions_organization_permissions has incorrect import behavior when allowed_actions_cofig is managed by enterprise actions permissions #2362

Open
1 task done
MatthewHou opened this issue Aug 22, 2024 · 0 comments
Open
1 task done

[BUG]: github_actions_organization_permissions has incorrect import behavior when allowed_actions_cofig is managed by enterprise actions permissions #2362

MatthewHou opened this issue Aug 22, 2024 · 0 comments
Labels
Status: Up for grabs Issues that are ready to be worked on by anyone Type: Bug Something isn't working as documented

Comments

@MatthewHou
Copy link

Expected Behavior

When allowed_actions_config is managed at enterprise level by resource github_enterprise_actions_permissions, the allowed_actions_config block should not be included in the state attribute when importing the organizational level resource github_actions_organization_permissions

Actual Behavior

In the tf state forgithub_actions_organization_permissions, the allowed_actions_config block is populated with data inherited from github_enterprise_actions_permissions . As a result, github_actions_organization_permissions will try to set the permissions managed at the enterprise level. API returns 409 error during apply.

This seems to be a symptom similar to #2182, but caused by import

Terraform Version

Terraform v1.9.4
on windows_amd64

  • provider registry.terraform.io/hashicorp/aws v5.63.0
  • provider registry.terraform.io/integrations/github v6.2.

Affected Resource(s)

  • github_actions_organization_permissions

Terraform Configuration Files

resource "github_enterprise_actions_permissions" "enterprise_actions_permissions" {
  enterprise_slug = "test"
  allowed_actions = "selected"
  enabled_organizations = "all"
   dynamic "allowed_actions_config" {
    for_each = var.actions_allowed_actions == "selected" ? ["selected"] : []
    content {
      github_owned_allowed = true
      verified_allowed     = true
      patterns_allowed = ["actions/checkout@v3" ]
    }
  }
}

resource "github_actions_organization_permissions" "organization_actions_permissions" {
  allowed_actions = "selected"
 

  repository_ids =[1000]
 
}

Steps to Reproduce

terraform import github_actions_organization_permissions.organization_actions_permissions <org_name>

Then make some changes to the actions org permissions, ie add a new id to repository_ids list

terrafrom plan
terraform apply

The apply will fail with error

╷
│ Error: PUT https://<host>/api/v3/orgs/<org>/actions/permissions/selected-actions: 409  []
│   ....
│   20: resource "github_actions_organization_permissions" "organization_actions_permissions" {
│

I was able to work around this by editing the allowed_actions_config attribute for this resource to [] in the tfstate file.

Debug Output

No response

Panic Output

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@MatthewHou MatthewHou added Status: Triage This is being looked at and prioritized Type: Bug Something isn't working as documented labels Aug 22, 2024
@MatthewHou MatthewHou changed the title [BUG]: github_actions_organization_permissions shows incorrect import behavior when allowed_actions_cofig is managed by enterprise actions permissions [BUG]: github_actions_organization_permissions has incorrect import behavior when allowed_actions_cofig is managed by enterprise actions permissions Aug 22, 2024
@kfcampbell kfcampbell added Status: Up for grabs Issues that are ready to be worked on by anyone and removed Status: Triage This is being looked at and prioritized labels Aug 26, 2024
@kfcampbell kfcampbell moved this from 🆕 Triage to 🔥 Backlog in 🧰 Octokit Active Aug 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Up for grabs Issues that are ready to be worked on by anyone Type: Bug Something isn't working as documented
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kfcampbell @MatthewHou