terraform-provider-github icon indicating copy to clipboard operation
terraform-provider-github copied to clipboard

Published 20 hours ago verified publisher icon integrations

[BUG]: Can't destroy github_repository_collaborators with security manager team

Open boekkooi-lengoo opened this issue 2 years ago • 5 comments

Expected Behavior

The teams are removed except for the "security manager team".

Actual Behavior

Error: DELETE https://api.github.com/orgs/<org>/teams/security-squad/repos/<org>/example: 403 You cannot remove repositories from a security manager team. []

Terraform Version

Terraform v1.6.2 on linux_amd64

  • provider registry.terraform.io/hashicorp/google v5.2.0
  • provider registry.terraform.io/integrations/github v5.40.0

Affected Resource(s)

  • github_repository_collaborators

Terraform Configuration Files

resource "github_repository" "repository" {
  name = "example"
}

resource "github_repository_collaborators" "collaborators" {
  repository = github_repository.repository.name

  team {
    team_id = "security-squad"
  }
  team {
    team_id = "other-team"
  }
}

Steps to Reproduce

In GitHub setup the Team security-squad with the security manager role.

With the provided config run terraform apply -auto-approve then run terraform apply -auto-approve -destroy. Enjoy the error :smile:

Debug Output

No response

Panic Output

No response

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

boekkooi-lengoo avatar Nov 23 '23 10:11 boekkooi-lengoo

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

github-actions[bot] avatar Nov 23 '23 10:11 github-actions[bot]

This issue still exists. Anyone have any known workarounds, besides state editing?

devopsrick avatar Mar 26 '24 10:03 devopsrick

This issue still exists. Anyone have any known workarounds, besides state editing?

We have ended up creating specific virtual team (group) for Github Security Managers, which you can't use to assign to any repository.

mkushakov avatar Mar 26 '24 12:03 mkushakov

This issue makes it impossible for us to rename a repo. By trying to do so, Terraform wants to re-create the github_repository_collaborators resource, but it fails on the delete because of this issue.

nnellanspdl avatar Apr 10 '24 18:04 nnellanspdl

This issue still exists.

posquit0 avatar Aug 27 '24 14:08 posquit0

Is this still an issue for folks?

As of May 30, 2024 organization security manager teams were updated to allow removing direct repository assignments through the "Remove a repository from a team" REST API.

So the 403 You cannot remove repositories from a security manager team. of the issue description no longer happens.

Note that removing the direct assignment does not remove read permissions to the repo by the security manager team. They just no longer need the direct grants.

just-joshing avatar Jan 10 '25 23:01 just-joshing

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

github-actions[bot] avatar Oct 08 '25 02:10 github-actions[bot]