terraform-provider-github icon indicating copy to clipboard operation
terraform-provider-github copied to clipboard

Published 20 hours ago verified publisher icon integrations

Resource github_team_repository referencing data github_team id will recreate every terraform plan/apply

Open pexa-dansali opened this issue 3 years ago • 3 comments

Data github_team is not retaining any state information and is causing other resources that reference information from the data block to recreate when no changes should be done.

Terraform Version

Terraform 1.2.4

Affected Resource(s)

Please list the resources as a list, for example:

  • github_team_repository
  • github_team

Terraform Configuration Files

data "github_team" "team" {
    depends_on = [github_repository.main]
    for_each   = var.team_slug
    slug       = each.key
}

resource "github_team_repository" "team_repo" {
    for_each   = var.team_slug
    team_id    = data.github_team.team[each.key].id
    repository = var.repo_name
    permission = each.value
}

Expected Behavior

No changes should have been detected.

Actual Behavior

  # module.repository["reponame"].data.github_team.team["team name"] will be read during apply
  # (config refers to values not yet known)
<= data "github_team" "team"  {
+description  = (known after apply)
~id           = "123456" ->(known after apply)
~members      = [
-"member1",
-"member2",
-"member3",
        ] ->(known after apply)
~name         = "team name" ->(known after apply)
~node_id      = "T_kwDdsfOewf2" ->(known after apply)
~permission   = "pull" ->(known after apply)
~privacy      = "closed" ->(known after apply)
~repositories = [
-"repo1",
-"repo2",
        ] ->(known after apply)
# (1 unchanged attribute hidden)
    }

  # module.repository["reponame"].github_team_repository.team_repo["team name"] must be replaced
-/+ resource "github_team_repository" "team_repo" {
~etag       = "W/\"XXX\"" ->(known after apply)
~id         = "1234567:reponame" ->(known after apply)
~team_id    = "1234567" ->(known after apply) # forces replacement
# (2 unchanged attributes hidden)
    }

Steps to Reproduce

  1. terraform plan

pexa-dansali avatar Jul 08 '22 01:07 pexa-dansali

I've also encountered this issue !!

AzySir avatar Jul 13 '22 11:07 AzySir

I think this could be because you have depends_on = [github_repository.main] on the data block. Move it to the resource block and see if it goes away.

My guess would be that the depends_on makes the data block dynamic and not stored in the state. I do team/access blocks exactly like this without the depends_on and do not have this problem

csainty avatar Jul 17 '22 23:07 csainty

I can confirm this behavior can be seen even without a depends_on on the data block

hazim1093 avatar Sep 19 '22 09:09 hazim1093

+1. This issue is affecting us aswell.

abdel-desjardins avatar Nov 22 '22 16:11 abdel-desjardins

Why is the permission state not saved?

$ terraform state show 'module.example.github_team_repository.this["foobar.l3.push"]'
# module.example.github_team_repository.this["foobar.l1.push"]:
resource "github_team_repository" "this" {
    etag       = "W/\"75e2obscuredb2c3obscured01aobsdcured60e2ddc7a4\""
    id         = "24:l1"
    repository = "example"
    team_id    = "24"
}

This behavior appears related to: https://github.com/integrations/terraform-provider-github/issues/881

macetw avatar May 02 '23 21:05 macetw

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

github-actions[bot] avatar Apr 20 '24 01:04 github-actions[bot]

I saw this issue when using an explicit depends_on between modules. If the depended on module is changed in any way, the github_team_repository resource would get recreated.

Removing the depends_on per @csainty's comment fixes the problem.

Here's some sample code to show the set up (using v6.2.1 of the integrations/github provider and terraform 1.7.4):

access_module:

data "github_team" "team" {
    slug = "my-team"
}

resource "github_team_repository" "team_repo" {
    team_id    = data.github_team.team.id
    repository = var.repo_name
    permission = "admin"
}

repo_module:

resource "github_repository" "this" {
  name = var.repo_name

  has_wiki = var.has_wiki
  # other attrs ...
}

main.tf:

module "repo_module" {
  # any change to this module results in replacement of github_team_repository

  source = "./modules/repo_module"

  repo_name = "test"

  # for example, changing has_wiki from false to true would do it
  has_wiki = false
}

module "access_module" {
  source = "./modules/access_module"

  repo_name = "test"

  depends_on = [module.repo_module] # <-- remove this to fix the issue
}

sbrudz avatar May 10 '24 19:05 sbrudz