-
Notifications
You must be signed in to change notification settings - Fork 763
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to create Organization repos in GHE #662
Comments
I just got access to our GH Org (maybe different to GHE since you have a custom endpoint, I am still using the cloud product) today and I thought I was doing it wrong! I can do it fine using the same PAT onthe CLI but in teh provider... no go. the thing I am finding:
that post is incorrect, when I do it successfully on thye CLI:
Provider config, doesn't really matter.. I have tried with organization set/with/withjout owner, etc.
I think lastly, I got this error:
when I set:
which I feel is incorrect, not sure why you have both params tbh, should remove the 'private' bool and just use visibility. note/edit/update: https://github.com/integrations/terraform-provider-github/blob/master/github/resource_github_repository.go#L48 :) |
so reading the code, I am not sure what the 'Organization' paramter in the provider config is doing.... but if I updated the provider config with
I get the following error:
At least now I am getting the same URL I constructed while using CURL. But still, something is up with the signing and auth of the provider, since I can create using CURL and not TF. |
I got it to work, use the above provider and:
and use private = true, you get a deprecated warning but it works. Now I get a
on runs after the create works (using auto_init also works fine now). |
ouch, that gave me private repos... need internal... Internal doesn't work. stuck here:
So looking closer, it seems while I can do this in teh UI... Curl fails with the same problems also, I get private repos and when I try to create internal ones, I need org create permissions apparently. |
hmm had another play
Gives me the following which is clearly trying to hit the user API endpoint when it should be honouring the organization value as per the doco - https://registry.terraform.io/providers/integrations/github/latest/docs
Tried with the following, same deal for private, internal and public. Doesn't seem to take any notice of the organization param on the provider.
|
I think it might be a known bug with the latest version if you're trying to use |
I've still been unable to get this to work even when using the variables as described above I'm afraid.
Still defaulting to user location and not organization. |
well, as I said... and maybe I wasn't clear, the provider config and setting organization is useless.... https://github.com/integrations/terraform-provider-github/blob/master/github/config.go#L18 it isn't used anywhere. The code goes and checks if the owner option is an org or not.... So set your org name under owner.... and then you will get the correct API posts.
|
Thanks for the clarity @jurgen-weber-deltatre however there seems to be a further bug in the logic. If I specify as you stated, the owner as the org name and the following repo resource it still doesn't work
However if I add a template repo reference within that org it works fine :)
I think this should be raised as a bug but at least I have a work around, thanks for all your help! |
What was the error? I found on the first run it would create, but then on the second run you would get an error about the repo not being 'init'. So you need to use a template like you are or turn auto_init = true. |
After some more digging around and playing; google/go-github#1786 For me when I tested wit hteh api-preview headers it works... it seems there is a typo. |
After #735 , below warning appears even when organization is not defined in provider configuration |
Thought I'd put my two 🪙's in here... There are a couple of things that could be a miss... some of which I just went through. In order to create a repo, you need to ensure that your PAT (personal access token) has the If you're making an organization repo, you need to be sure your token has permissions to that organization. That likely requires the I do agree there's some odd behavior between Hopefully this helps you out, otherwise I'm out of ideas |
As per @mengesb's recommendation above, I have created a token with provider "github" {
# NB. the base_url setting is NOT working for the github provider as of 4.19.0,
# we *have* to set export GITHUB_BASE_URL=https://ghe.company.com/ for this
# to work, cf. https://github.com/integrations/terraform-provider-github/issues/903
base_url = "https://ghe.company.com/"
owner = "my-org"
token = "..."
}
resource "github_repository" "my-repo" {
name = "my-repo"
visibility = "internal"
} This fails with
after creating a repository under my personal user account. I would be ok with using a template repository just for that purpose as in #662 (comment), but then I could not create that template repository either, so it's a bit of a chicken-and-egg situation. |
I'm running into a similar issue... My PAT has full admin. I created a template repo in the target organization and specify the details in the template block. However, I get the same error that @tgpfeiffer mentions.
Returns...
The path its trying to create the new repository is NOT the organization I specified. If I comment out the visibility and leave everything else the same, the repository is created OUTSIDE of the organization I specified, along with my other personal repos.
Path to resulting newly created public repo: I've also tried both the "owner" and deprecated "organization" attributes in the provider block. But every time, the organization is ignored. Now, if I make a call to GitHub's API using that very same PAT ( |
We were running into the same issue in the past few weeks, and finally resolved it. The problem in our case was due to the provider being moved to Here's an example of
Seeing as the root's So running with
Didn't quite catch it until I tried to set an aliased provider and got the following:
This is where I noticed that it used 2 different providers, So the solution is just have to set |
Having the same issue using the github provider within a module - can't create org repos and I get a 401 forbidden.
providers.tf config in the root of the repo is:
Unfortunately I can't use a provider block in my modules as I use Also, you don't need admin:org permissions to create an org repo with a PAT token. |
Your issue is that terraform {
required_providers {
github = {
source = "integrations/github"
version = "~> 4.0"
configuration_aliases = [ github.integrations ]
}
}
}
provider "github" {
token = var.GITHUB_TOKEN
owner = "org_name"
alias = "integrations"
} Or you can update your module to use the GitHub version of their provider, instead of the HashiCorp version. |
Thanks for the help. I tried setting the provider within the module but if you use for_each you'll get an error like this:
Adding the Currently I'm happy with just leaving out the
The hashicorp version is hashicorp/github v4.24.1, the same version number as integrations/github v4.24.1. If this is going to be shutdown/deprecated at any point, would be good to have this more clearly stated in the warning. |
👋 Hey Friends, this issue has been automatically marked as |
Ш |
Terraform Version
Affected Resource(s)
Terraform Configuration Files
Expected Behavior
Repository should be created in the organization and not the account of the PAT.
Actual Behavior
Repository is created under the user associated with the PAT i.e. not in the org.
Steps to Reproduce
terraform apply
Important Factoids
Just to be clear this is for GitHub Enterprise, I've not verified behaviour in github.com
References
This is possibly a similiar issue - #639
The text was updated successfully, but these errors were encountered: