Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Branch protection rule failed to be created with new format Github repository node_id #908

Closed
xun-guo-anzx opened this issue Sep 21, 2021 · 13 comments
Labels
r/branch_protection Status: Needs info Full requirements are not yet known, so implementation should not be started Type: Bug Something isn't working as documented

Comments

@xun-guo-anzx
Copy link
Contributor

With Github migrating the repository's GraphQL global node ID to new format, branch protection rule resource cannot be created with node_id because the new format of node ID is no longer encoded by Base64.

Branch protection rule setup with repository name is still working correctly without being affected.

Terraform Version

0.14.11

Affected Resource(s)

  • github_branch_protection

Terraform Configuration Files

resource "github_repository" "new_example_repo" {
  name        = "new-example-repo"
  description = "New Example Repo"
}

resource "github_branch_protection" "example" {
  repository_id = github_repository.new_example_repo.node_id

  pattern          = "main"
  enforce_admins   = true
  allows_deletions = true
}

Expected Behavior

Branch protection rule should be created in the new repository.

Actual Behavior

Error reported as following:

Error: Could not resolve to a Repository with the name 'owner/R_xxXXXXxxXx'.

  on main.tf line 7, in resource "github_branch_protection" "example":
   7: resource "github_branch_protection" "example" {

Steps to Reproduce

  1. terraform apply
@yann-soubeyrand
Copy link
Contributor

Hello, I’ve the same issue. In the meantime, using the name attribute of the github_repository resource seems to work.

@logicbomb421
Copy link

logicbomb421 commented Sep 23, 2021

I'm also having this issue, but it seems weirdly intermittent. My module uses the repository node_id, which works for most repos, but every now and then I get the "could not resolve repository owner/<node_id>" error. If I can provide any additional information please let me know.

I've managed to work around this by adding some brute-force logic like so:

repository_id = local.default_branch._repo_id_escape_hatch ? github_repository.repo.name : github_repository.repo.node_id

stefanwb added a commit to schubergphilis/terraform-github-mcaf-repository that referenced this issue Sep 24, 2021
This resolves issue caused by moving to use the v4 API for this resouce, as part of provider version: 3.1.0

Issue: integrations/terraform-provider-github#908
Provider bump: integrations/terraform-provider-github#337

Signed-off-by: Stefan Wessels Beljaars <[email protected]>
@jcudit jcudit added Type: Bug Something isn't working as documented r/branch_protection labels Sep 28, 2021
@rob-whittle
Copy link

rob-whittle commented Oct 1, 2021

Also hit this issue. Using this as a workaround for now:

repository_id = can(base64decode(github_repository.repository.node_id)) ? github_repository.repository.node_id : github_repository.repository.name

@ayk33
Copy link

ayk33 commented Nov 23, 2021

The workaround mentioned doesn't work if your github_repository resource has a for_each loop in it. It attempts to change all of the existing branch protections repository_id to github_repository.repository.name.
Can we get some traction on this issue?

@kylekurz
Copy link

+1 on this, if you rename a repository, the name field will change, but the node_id should remain the same. Would be vastly preferable to continue using node_id everywhere.

@kylekurz
Copy link

This was mentioned in a PR that merged in November, but no release fixes it yet. Can we get an update on when we can expect to have this working, particularly for resources that include a loop? As noted by @ayk33, the ternary check doesn't work properly in a looping resource.

@Perfectium0
Copy link

I'm in the same boat as @ayk33 and @kylekurz. Please provide an update ASAP.

We've planned exponential growth for 2022, so this will become a critical blocker if not addressed.

olivercodes added a commit to olivercodes/tf-github-org that referenced this issue Apr 15, 2022
node_id is currently broken, see gh issue
integrations/terraform-provider-github#908

Note that this means if the name changes the protection apply will break.
@TheKevJames
Copy link

For folks still hitting this issue, I just wanted to share that I also got the same error response after mistakenly using the .id instead of the .node_id for referenced resources within a branch protection rule, ie. for cases where the repository_id was correct.

For example, I had the following:

  push_restrictions = [
    github_team.foo.id,
  ]

which should instead be:

  push_restrictions = [
    github_team.foo.node_id,
  ]

@kfcampbell
Copy link
Member

👋 hi! Is this still an issue with current versions of the provider? It looks like #914 may have resolved it.

@nickfloyd nickfloyd moved this to 🔥 Backlog in 🧰 Octokit Active Dec 5, 2022
@nickfloyd nickfloyd moved this from 🔥 Backlog to 🛑 Blocked/Awaiting Response in 🧰 Octokit Active Jan 13, 2023
@WTPOptAxe
Copy link

WTPOptAxe commented Feb 20, 2023

👋 hi! Is this still an issue with current versions of the provider? It looks like #914 may have resolved it.

I'm seeing the same error with push_restrictions when using a team's node_id as of today still.

@multani
Copy link

multani commented Feb 22, 2023

I also had the same issue, trying to configure pull_request_bypassers, something like:

resource "github_branch_protection" "main" {                                                                                                                                                                                                                                    
  repository_id = github_repository.this.node_id                                          
  pattern       = "main"
 
  required_pull_request_reviews {
    # [...]
    pull_request_bypassers = [
      "my-org/my-user",
    ]
  } 
}

I turned out that I was using a wrong user identifier in the pull_request_bypassers list and the provider couldn't find the associated user.

I found this by running Terraform with TF_LOG=debug, which gave me this:

2023/02/22 18:05:18 [DEBUG] GitHub API Request Details:
---[ REQUEST ]---------------------------------------
POST /graphql HTTP/1.1
Host: api.github.com
User-Agent: Go-http-client/1.1
Content-Length: 177
Accept: application/vnd.github.stone-crop-preview+json
Content-Type: application/json
Accept-Encoding: gzip

{
 "query": "query($organization:String!$slug:String!){organization(login: $organization){team(slug: $slug){id}}}",
 "variables": {
  "organization": "my-org",
  "slug": "my-user"
 }
}

-----------------------------------------------------
2023/02/22 18:05:18 [DEBUG] Sleeping 1s between operations
2023/02/22 18:05:19 [DEBUG] GitHub API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
Content-Security-Policy: default-src 'none'
Content-Type: application/json; charset=utf-8
Date: Wed, 22 Feb 2023 17:05:19 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: GitHub.com
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Vary: Accept-Encoding, Accept, X-Requested-With
X-Accepted-Oauth-Scopes: repo
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Github-Media-Type: github.stone-crop-preview; format=json
X-Github-Request-Id: 89B6:0725:5475011:55CF242:63F64B4D
X-Oauth-Scopes: read:discussion, read:org, repo, workflow
X-Ratelimit-Limit: 5000
X-Ratelimit-Remaining: 4974
X-Ratelimit-Reset: 1677088430
X-Ratelimit-Resource: graphql
X-Ratelimit-Used: 26
X-Xss-Protection: 0

{
 "data": {
  "organization": {
   "team": null
  }
 }
}
-----------------------------------------------------
2023/02/22 18:05:19 [DEBUG] Retrieved node ID for team my-org/my-user. ID is
2023/02/22 18:05:19 [DEBUG] Retrieved node ID for user/team : my-org/my-user - node ID :

I doubled checked the content using https://docs.github.com/en/graphql/overview/explorer and indeed it couldn't find the user.

I fixed that and uses a correct user and it worked afterwards.

(Actually, I wanted to allow a specific GitHub App to bypass mandatory pull requests, so I fetched the node_id of that app using the github_app datasource instead).

@thomascrowley
Copy link

👋 hi! Is this still an issue with current versions of the provider? It looks like #914 may have resolved it.

v5.18.0 fixed the similar issue I was getting for pull_request_bypassers

@kfcampbell
Copy link
Member

Closing this issue as it appears resolved. Please reopen with a descriptive comment if that's not the case!

@github-project-automation github-project-automation bot moved this from 🛑 Blocked/Awaiting Response to ✅ Done in 🧰 Octokit Active Mar 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
r/branch_protection Status: Needs info Full requirements are not yet known, so implementation should not be started Type: Bug Something isn't working as documented
Projects
None yet
Development

No branches or pull requests