terraform-provider-github icon indicating copy to clipboard operation
terraform-provider-github copied to clipboard

Published 20 hours ago verified publisher icon integrations

github_repository_environment causes provider to panic

Open iwarapter opened this issue 3 years ago • 3 comments

Terraform Version

terraform version
Terraform v1.1.2
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v3.70.0
+ provider registry.terraform.io/integrations/github v4.19.1

(Also tested with v4.19.0)

Affected Resource(s)

  • github_repository_environment

Terraform Configuration Files

resource "github_repository_environment" "apply" {
  environment  = "apply"
  repository   = github_repository.this.name
  reviewers {
    teams = [data.github_team.aws_core_infra.id]
  }
  deployment_branch_policy {
    protected_branches     = true
    custom_branch_policies = false
  }
}

Debug Output

Please provide a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.

Panic Output

https://gist.github.com/iwarapter/559140ddc7b4d89ca9959af521ceb822

Expected Behavior

Resource is created.

Actual Behavior

Resource is created, state is left incorrect provider dies.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

iwarapter avatar Jan 05 '22 19:01 iwarapter

This is caused by the error handling - https://github.com/integrations/terraform-provider-github/blob/main/github/resource_github_repository_environment.go#L115

I was getting 403 Resource not accessible by integration [] error but the current implementation ONLY handles a single error type, resulting in the nil panic when env is nil

iwarapter avatar Jan 05 '22 20:01 iwarapter

Im using a github app auth with permissions r/w on both environments and deployments - https://docs.github.com/en/rest/reference/deployments#get-an-environment and its covered by the docs, interestingly PUT works not GET

iwarapter avatar Jan 05 '22 21:01 iwarapter

Any progress on this? Currently running into this on 4.28.0, using app_auth and a read/write scope on repos - the workaround of limiting to read scope is not a proper solution as I'm relying on being able to do PUT as well.

grelland avatar Aug 08 '22 09:08 grelland

There is another issue that exists on the same topic #1146

The advice provided by user @courentin helped resolve the issue in my case. Here is what he's saying: "...on my side granting a read-only permission on repository Actions to my Github app fixed the issue".

kurianoff avatar Oct 31 '22 13:10 kurianoff

I like that workaround, and thanks for making the connection! It would be better if the provider handled the error more gracefully and didn't panic as well.

kfcampbell avatar Nov 10 '22 00:11 kfcampbell

I am currently dealing with the same issue. I don't understand what is meant by granting a read-only permission on repository Actions? Where do I set this?

Currently terraform has Read/Write to environments via a Fine Grained token. If I change to to read only it would be able to write secrets to environments or manage environments like I would like it to.

nexocentric avatar Jan 09 '23 10:01 nexocentric

Right now, the thing that I'm not understanding is, the plugin seems to work, and then it dies right in the middle before going on to other steps.

 github_repository_environment.gre_dev["secret-bootstrapping-poc"]: Creating...
2023-01-09T15:49:55.919Z [INFO]  Starting apply for github_repository_environment.gre_dev["secret-bootstrapping-poc"]
Error: -09T15:50:03.437Z [ERROR] plugin.(*GRPCProvider).ApplyResourceChange: error="rpc error: code = Unavailable desc = error reading from server: EOF"
Error: -09T15:50:03.437Z [ERROR] vertex "github_repository_environment.gre_dev[\"secret-bootstrapping-poc\"]" error: Plugin did not respond
╷
│ Error: Plugin did not respond
│ 
│   with github_repository_environment.gre_dev["secret-bootstrapping-poc"],
│   on main.tf line 28, in resource "github_repository_environment" "gre_dev":
│   28: resource "github_repository_environment" "gre_dev" {
│ 
│ The plugin encountered an error, and failed to respond to the
│ plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may
│ contain more details.

I've attempted to rollback the plugin. But for some reason it's not working.

I've run this exact GitHub configuration in a different space. It runs with no issue. So I don't know why I'm getting that here.

##[debug]2023-01-09T15:53:31.475Z [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/integrations/github\"]" changed the config value, but that value is unused
##[debug]2023-01-09T15:53:31.740Z [INFO]  Starting apply for github_repository_environment.gre_dev["secret-bootstrapping-poc"]
Error: 2023-01-09T15:53:39.174Z [ERROR] plugin.(*GRPCProvider).ApplyResourceChange: error="rpc error: code = Unavailable desc = error reading from server: EOF"
Error: 2023-01-09T15:53:39.174Z [ERROR] vertex "github_repository_environment.gre_dev[\"secret-bootstrapping-poc\"]" error: Plugin did not respond
##[debug]╷
##[debug]│ Error: Plugin did not respond
##[debug]│ 
##[debug]│   with github_repository_environment.gre_dev["secret-bootstrapping-poc"],
##[debug]│   on main.tf line 28, in resource "github_repository_environment" "gre_dev":
##[debug]│   28: resource "github_repository_environment" "gre_dev" {
##[debug]│ 
##[debug]│ The plugin encountered an error, and failed to respond to the
##[debug]│ plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may
##[debug]│ contain more details.
##[debug]╵
##[debug]
##[debug]Stack trace from the terraform-provider-github_v4.31.0 plugin:
##[debug]
##[debug]panic: runtime error: invalid memory address or nil pointer dereference
##[debug][signal SIGSEGV: segmentation violation code=0x1 addr=0x78 pc=0xc62c10]

I'm going to try going back to the 5.0 version of the plugin.

nexocentric avatar Jan 09 '23 15:01 nexocentric

This was quite confusing to figure out, but in general the error is just a "Permission denied" in disguise.

Permissions needed on your GitHub App:

applejag avatar Jun 19 '23 12:06 applejag

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

github-actions[bot] avatar Apr 21 '24 01:04 github-actions[bot]