terraform-provider-github
terraform-provider-github copied to clipboard
integrations
[DOCS]: Document what permissions are required to use data.github_app resource
Describe the need
I get a 403 when trying to use data "github_app" while authenticated via an app with read only access. if I do the same with an app with more permissions it goes through. But I cant find any documentation specifically point out what permissions are required to use this resource (or api). Does anyone know?
SDK Version
5.39.0
API Version
No response
Relevant log output
│ Error: GET https://api.github.com/apps/psfni-infra-terrraform: 403 Resource not accessible by integration []
│
│ with module.github-organization.data.github_app.terraform,
│ on ../modules/github-organization/apps.tf line 2, in data "github_app" "terraform":
│ 2: data "github_app" "terraform" {
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
I agree; that's confusing. The documentation doesn't specify required permissions. Perhaps trial and error or logging an issue with the API are the best approaches here.
I'm investigating a bug where this has suddenly stopped working for me and I can't devine the right set of permissions
Did a little digging on this today. Found I could not read another private app using app authentication. I guess its possible with PAT given the right permissions, but for my usecase I found it easier to create a map of app names to Ids and just do a lookup rather than use the data github_app resource.
This is happening to us as well.
What it looks like to me is that terraform is pointing to:
https://api.github.com/apps/{{ app-name }}
but should be pointing to:
https://api.github.com/settings/apps/{{ app-name }}
Can anyone confirm this?
It seems like this is not possible based on this documentation: https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28
The github_app data source is not very useful without allowing apps to access the /apps endpoint.
I found that if I add a github app to a branch protection bypass list (in the UI) that is not the same as the terraform github app I get: Error: Resource not accessible by integration - without fail- when reading the branch protection resource.
Related: https://github.com/integrations/terraform-provider-github/issues/1248#issuecomment-2205450776
Is it impossible to manage anything referring to other GitHub Apps via using terraform w/ GitHub App auth?
👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I am also having this issue, trying to reopen it. I was able to get the node_id by running CLI command gh api https://api.github.com/apps/my-app-name-here | jq '.node_id', but when I pass the node_id into resource "github_branch_protection" I still get the same Error: Resource not accessible by integration message as when I try to use data "github_app".
If I had to guess, even with the node_id, it still tries to request data about the app, which it can't do due to missing unknown required permissions.
What I think might be happening, is the GH app I use to auth the github terraform provider doesn't have access to query/manage other gh apps, even though I granted it Enterprise organization installations read/write.
