[BUG]: team membership flaps constantly after release 6.4.0 apparently due to #2420 #2470
Description
Expected Behavior
- teams that are referenced by name in
github_repository_collaboratorsshould be recognized in plans and applys, or changed implicitly to ID if necessary - teams that are repo collaborators should not flap with every plan
Actual Behavior
- plan detects a need to update team(s) as collaborator(s) because it's comparing team name to ID number (formerly didn't do that)
terraform applywith the plan succeeds- subsequent plan detects a need to update team(s) as collaborator(s) due to name/ID number issue
Terraform Version
Terraform v1.8.3
on darwin_arm64
- provider registry.terraform.io/hashicorp/aws v5.66.0
- provider registry.terraform.io/integrations/github v6.4.0
- The github provider that introduces the issue is 6.4.0 (acquired due to constraint
version = "~> 6.2"in the provider) - Pinning version 6.3.1 (last release before 6.4.0) resolves the issue
See #2420 for the change that seems to drive this.
Affected Resource(s)
- github_repository_collaborators
Terraform Configuration Files
### problem caused by this (auto upgrade to 6.4.0 via the version constraint)
terraform {
required_version = "~> 1.7"
required_providers {
github = {
source = "integrations/github"
version = "~> 6.2"
}
}
}
### problem not experienced (pinned to immediate previous release 6.3.1)
terraform {
required_version = "~> 1.7"
required_providers {
github = {
source = "integrations/github"
version = "6.3.1"
}
}
}
### we define collaborators like this:
collaborators = {
users = {
user_name_1 = "admin"
}
teams = {
team_name_1 = "pull"
team_name_2 = "pull"
}
}
### we pass collaborators to a repo-configuring module like this:
variables.tf:
...
variable "collaborators" {
type = map(map(string))
default = { users = {}, teams = {} }
}
### we unpack user/team collaborators into github_repository_collaborators like this in the module
module.tf:
...
resource "github_repository_collaborators" "my_repo_collab" {
repository = local.repo_name
dynamic "user" {
for_each = local.collaborators_users
content {
permission = user.value
username = user.key
}
}
dynamic "team" {
for_each = local.collaborators_teams
content {
permission = team.value
team_id = team.key
}
}
}Steps to Reproduce
notes
- If I replace the team name with the team id number in source code, the problem goes away, but our source has the names of teams, not their ID numbers
- We do not define users and teams in terraform, so those objects are not available. We only have the names.
configure
- use github provider version 6.4.0
plan
terraform plan
# module.repo_REPO_NAME.github_repository_collaborators.my_repo_collab will be updated in-place
~ resource "github_repository_collaborators" "my_repo_collab" {
id = "REPO_NAME"
# (2 unchanged attributes hidden)
- team {
- permission = "admin" -> null
- team_id = "4444444" -> null
}
- team {
- permission = "pull" -> null
- team_id = "8888888" -> null
}
- team {
- permission = "push" -> null
- team_id = "5555555" -> null
}
- team {
- permission = "push" -> null
- team_id = "7777777" -> null
}
+ team {
+ permission = "admin"
+ team_id = "name-of-team-1"
}
+ team {
+ permission = "pull"
+ team_id = "name-of-team-2"
}
+ team {
+ permission = "push"
+ team_id = "name-of-team-3"
}
+ team {
+ permission = "push"
+ team_id = "name-of-team-4"
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
### apply
terraform apply
module.repo_REPO_NAME.github_repository_collaborators.my_repo_collab: Modifying... [id=REPO_NAME]
module.repo_REPO_NAME.github_repository_collaborators.my_repo_collab: Modifications complete after 3s [id=REPO_NAME]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
### plan again
terraform plan
(same plan is generated as above)
Debug Output
No response
Panic Output
No response
Code of Conduct
- I agree to follow this project's Code of Conduct