terraform-provider-github
terraform-provider-github copied to clipboard
integrations
Error: This resource can only be used in the context of an organization, "foo" is a user
Terraform Version
0.14.1
Affected Resource(s)
github_team_repository
Terraform Configuration Files
# root module main.tf
terraform {
required_version = "= 0.14.1"
backend "s3" {
bucket = "terraform-snd"
key = "terraform.tfstate"
endpoint = "https://example.com"
region = "us-east-1"
workspace_key_prefix = "github/workspace"
skip_credentials_validation = true
skip_metadata_api_check = true
force_path_style = true
}
required_providers {
github = {
source = "integrations/github"
version = "4.9.2"
}
}
}
provider "github" {
alias = "ex"
base_url = "https://github.enterprise.example.com/"
}
# repository.demo.tf
module "demo_repo" {
source = "./modules/repository"
repo_name = "demo-repo"
repo_desc = "A repo for testing creating repos with TF"
gitignore_template = "Terraform"
providers = {
github = github.ex
}
}
resource "github_team_repository" "demo_repo" {
team_id = 4590
repository = module.demo_repo.name
permission = "push"
}
# modules/repository/main.tf
terraform {
required_providers {
github = {
source = "integrations/github"
version = "4.9.2"
}
}
}
resource "github_repository" "repo" {
name = var.repo_name
description = var.repo_desc
visibility = var.visibility
gitignore_template = var.gitignore_template
allow_merge_commit = var.allow_merge_commit
allow_rebase_merge = var.allow_rebase_merge
allow_squash_merge = var.allow_squash_merge
has_issues = var.has_issues
has_projects = var.has_projects
has_wiki = var.has_wiki
delete_branch_on_merge = var.delete_branch_on_merge
}
Debug Output
https://gist.github.com/wsams/e8ef1b5335ab09c988e609c0cdf61053
Panic Output
N/A
Expected Behavior
The team with id 4950 should be added to the repository demo-repo. The provider should acknowledge my-org as an organization and not a user.
Actual Behavior
The resource errors with the following:
github_team_repository.demo_repo: Creating...
Error: This resource can only be used in the context of an organization, "my-org" is a user.
on repository.demo.tf line 11, in resource "github_team_repository" "demo_repo":
11: resource "github_team_repository" "demo_repo" {
Steps to Reproduce
terraform apply
Important Factoids
I don't think so. I'm trying to apply this config on a GitHub Enterprise instance v2.22.5
References
- This issue is similar #501
Possibly related to the bug described in https://github.com/integrations/terraform-provider-github/pull/735:
From high to low precedence, the order is:
- setting
organizationin the provider configuration- setting the
GITHUB_ORGANIZATIONenvironment variable- setting the
GITHUB_OWNERenvironment variable- setting
ownerin the provider configurationThat is,
organizationoverridesGITHUB_ORGANIZATION(as I'd expect), butGITHUB_OWNERoverridesowner(that seems backwards).
Would it be possible to try again while explicitly configuring an organization with the above precedence in mind?
Hello @jcudit , thanks for your quick reply. After quite a bit of testing I identified the issue, and it appears to have been a misconfiguration of the github provider.
I believe the issue was due to resource "github_team_repository" "demo_repo" { being defined in the module but no default github provider in the root module. Only the one with the ex alias. Because of that, I don't think that resource was using a configured provider.
I now have this root module provider configuration:
provider "github" {
base_url = "https://github.enterprise.example.com/"
owner = "my-org"
}
And I removed the providers block from module "demo_repo" {
The token is set by the GITHUB_TOKEN environment variable.
Does that sound about right to you @jcudit ?
Thanks, Weldon
Yes, this sounds like a common way that others have been tripped up as well. The next major release hopes to clean this up. Apologies for the friction!
Hi
I'm also facing the same issue, I tried with the new version 0.9.0 as well as, still no luck. Any update on this ?
on my side that error
│ Error: this resource can only be used in the context of an organization, "" is a user
belongs to the use of github_team_repository resource
so I had to
- remove any mention of that resource from the state
- comment tf code creating
github_team_repositoryresources
my provider is latest 5.9.0, terraform 1.3.4
Terraform v1.3.4
on linux_amd64
+ provider registry.terraform.io/cyrilgdn/postgresql v1.17.1
+ provider registry.terraform.io/gavinbunney/kubectl v1.14.0
+ provider registry.terraform.io/hashicorp/aws v4.40.0
+ provider registry.terraform.io/hashicorp/github v5.9.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.16.0
+ provider registry.terraform.io/hashicorp/local v2.2.3
+ provider registry.terraform.io/hashicorp/null v3.2.1
+ provider registry.terraform.io/hashicorp/random v3.4.3
+ provider registry.terraform.io/hashicorp/tls v4.0.4
+ provider registry.terraform.io/integrations/github v5.9.0
+ provider registry.terraform.io/scottwinkler/shell v1.7.10
+ provider registry.terraform.io/winebarrel/mysql v1.10.6
provider "github" {
owner = var.github_organization
app_auth {
id = var.github_app_auth_id
installation_id = var.github_app_auth_installation_id
pem_file = file(var.github_app_auth_pem_file)
}
}
All resources are authenticated just fine, except for the team permissions.
I have selected the following Permissions for the github app:
Repository permissions
- Administration (read and write)
- Checks (read and write)
- Commit statuses (read and write)
- Contents (read and write)
- Discussions (read and write)
- Issues (read and write)
- Metadata (read-only)
- Pages (read and write)
- Projects (read and write)
Organization permissions
- Administration (read and write)
- Members (read and write)
- Team Discussions (read and write)
Seems that should be a sufficient for github_team_repository, but it still fails.
Interesting thing is that the association (i.e. team_repository) is created successfully, but then still fails with the error message,
As reported here: https://github.com/integrations/terraform-provider-github/issues/1373
Hi All,
may be the following helps somebody wasting less time on the error message than i did.
Regardless of any combination of organization owner GITHUB_ORGANIZATIONor GITHUB_OWNER, for me the fact that by access token did expire led to the above error message.
So to me it appears as if:
- if authentication fails - e.g. due to token being expired
- "gracefully" fall back to assuming that the caller does not act on behalf or in the context of an organization
- bailing out because i was using a resource (
github_team_repository) that is not supported in the context of a "user organization"
Does that resonate ?
@nexocentric
I am hitting the same issue. I don't know how to resolve it.
Update version of the github terraform provider
this is mine:
terraform {
required_version = ">= 1.3.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.45"
}
null = "~> 3.2"
kubernetes = "~> 2.16"
random = "~> 3.4"
postgresql = {
source = "cyrilgdn/postgresql"
version = "~> 1.18"
}
shell = {
source = "scottwinkler/shell"
version = "~> 1.7"
}
kubectl = {
source = "gavinbunney/kubectl"
version = "~> 1.14"
}
mysql = {
source = "winebarrel/mysql"
version = "~> 1.10"
}
github = {
source = "integrations/github"
version = "5.11.0"
}
}
}
#############################################################
# Github Provider
#############################################################
provider "github" {
owner = var.github_organization
app_auth {
id = var.github_app_auth_id
installation_id = var.github_app_auth_installation_id
pem_file = file(var.github_app_auth_pem_file)
}
}
I'm using oauth app for the authentication, but it's optional.
Hi
I had a similar problem. I used a variable to set this token.
Try in this way
terraform import -var-file=_github.tfvars -var=github_token="ghp_TOKEN" module.team-**** *ID*
terraform apply -var-file=_github.tfvars -var=github_token="ghp_TOKEN" -target=module.team-***
My _github.tfvars
github_organization = "*ORG_ID*"
github_token = ""
This error masks the fact that our token had expired. This is described in the comment above.
Rotating the token solved for us - but it is still very opaque error messaging.
I got this error while migrating the github provider version from 2.4.1 to 5.28.0 (during the tf migration)
Since the latest version of github provider is already adding api/v3/ to baseurl we had to remove that part from the variable definition and that solved the problem
Before
base_url = "https://our.giturl.com/api/v3/"
Modified as below to fix the problem
base_url = "https://our.giturl.com/"
Error disappeared using version 6.0.0-rc2 while still broken on latest v5 (5.45.0).
If using modules, don't forget to also set that rc2 to your required_providers as per https://github.com/integrations/terraform-provider-github/issues/501#issuecomment-1879486590
Hi All, please review my comment:https://github.com/integrations/terraform-provider-github/issues/2280#issuecomment-2144301894 we can avoid this issue temporarily by this way:
- if the org is not existed,please create it with github_enterprise_organization,this step should put in a Independent module
- if the org is existed,make sure your token can access this org
- then you can setup the org with github_organization_settings,but the settings step should be in Independent module with a provider config whcih owner is above org id
