[BUG]: Approving PAT taints github_enterprise_organization

[mgm-brandt]

Expected Behavior

When using github_enterprise_organization, the permissions should work on first apply and not taint the resource when giving permissions.

Actual Behavior

Creating a github org with github_enterprise_organization fails after creation because of PAT permissions:

│ Error: PATCH https://api.github.com/orgs/example: 403 Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. []
│ 
│   with github_enterprise_organization.default["example"],

When approving access for the PAT, the resource becomes tained.

  # github_enterprise_organization.default["example"] is tainted, so must be replaced
-/+ resource "github_enterprise_organization" "default" {
      + description   = "Example"
      ~ id            = "O_XXX" -> (known after apply)
        name          = "example"

Terraform Version

% terraform -version
Terraform v1.5.2
on darwin_arm64
+ provider registry.terraform.io/integrations/github v5.37.0

Affected Resource(s)

• github_enterprise_organization

Terraform Configuration Files

No response

Steps to Reproduce

% terraform apply

Debug Output

No response

Panic Output

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[github-actions]

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

[ericpardee]

We just hit this exact bug today (Dec 26 2025) on provider v6.8.3.

Scenario:

1. terraform apply to create new github_enterprise_organization in EMU environment
2. Apply partially fails - org is created, but subsequent resources fail with 403 SAML error (PAT not yet authorized for new org)
3. Authorized PAT for the new org via GitHub UI
4. Ran terraform apply again
5. Resource marked as tainted → Terraform destroyed the org

Evidence from GitHub audit logs:

• org.create at 19:51:51 UTC
• org_credential_authorization.grant at 19:52:15 UTC (PAT authorized)
• org.delete at 19:53:55 UTC

No config changes between creation and deletion. The taint was triggered by the PAT authorization flow.

Impact: Deleted org enters 90-day soft-delete. Required GitHub support ticket to release the name.

Workaround: Adding lifecycle { prevent_destroy = true } to the resource so Terraform errors instead of destroying.

This bug was closed by stalebot, not fixed. Requesting reopen.