Provider update changes security_and_analysis block #1466
Description
In addition to the public repo issues everyone has been commenting on in #1419 there is another issue for private/internal repos with updating the provider version. If a repo was created at/after the security_and_analysis block was introduced (e.g. at 5.9.0+), without the block explicitly set, and then is updated to a newer version (doesn't seem to matter which), the plan wants to remove the block. e.g.
Terraform will perform the following actions:
# github_repository.repo will be updated in-place
~ resource "github_repository" "repo" {
id = "security_and_analysis_test"
name = "security_and_analysis_test"
- vulnerability_alerts = true -> null
# (28 unchanged attributes hidden)
- security_and_analysis {
- advanced_security {
- status = "enabled" -> null
}
- secret_scanning {
- status = "enabled" -> null
}
- secret_scanning_push_protection {
- status = "enabled" -> null
}
}
}
Plan: 0 to add, 1 to change, 0 to destroy.Steps to reproduce
create Terraform config:
provider "github" {
token = "foo"
owner = "bar"
}
terraform {
required_providers {
github = {
source = "integrations/github"
version = "5.9.0"
}
}
backend "local" {}
}
resource "github_repository" "repo" {
name = "security_and_analysis_test"
visibility = "internal"
}}apply the config
then update provider version in terraform config (no repository config changes), so the resulting config is:
provider "github" {
token = "foo"
owner = "bar"
}
terraform {
required_providers {
github = {
source = "integrations/github"
version = "5.10.0"
}
}
backend "local" {}
}
resource "github_repository" "repo" {
name = "security_and_analysis_test"
visibility = "internal"
}and plan again
the resulting plan tries to remove the security_and_analysis block (see above).
Originally posted by @jtgrohn in #1419 (comment)