Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: Unexpected recreation of a resource in every new plan #2275

Open
1 task done
sandro-a-gamarra-db opened this issue May 28, 2024 · 1 comment
Open
1 task done

[BUG]: Unexpected recreation of a resource in every new plan #2275

sandro-a-gamarra-db opened this issue May 28, 2024 · 1 comment
Labels
Status: Up for grabs Issues that are ready to be worked on by anyone Type: Bug Something isn't working as documented

Comments

@sandro-a-gamarra-db
Copy link

Expected Behavior

No Changes should have been shown in the plan

Actual Behavior

There is always a resource update: Plan: 0 to add, 1 to change, 0 to destroy.

Terraform Version

Terraform v1.7.2 on linux_amd64 + provider registry.terraform.io/integrations/github v6.2.1 (and v5.45.0)

Affected Resource(s)

  • github_branch_protection

Terraform Configuration Files

### This excerpt of code comes from the github.tf file

resource "github_branch_protection" "AAAAAA" {
  repository_id = github_repository.module_repo.name

  for_each       = toset(["main", "release"])
  pattern        = each.value
  enforce_admins = false

  required_status_checks {
    strict = true
    contexts = ["Prepare", "Test"]
  }

  required_pull_request_reviews {
    dismiss_stale_reviews           = true
    dismissal_restrictions          = [data.github_team.ops_team.node_id]
    required_approving_review_count = 2
    require_code_owner_reviews      = true
  }
}

Steps to Reproduce

$ terraform init
$ terraform plan

Debug Output

No response

Panic Output

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@sandro-a-gamarra-db sandro-a-gamarra-db added Status: Triage This is being looked at and prioritized Type: Bug Something isn't working as documented labels May 28, 2024
@kfcampbell kfcampbell added Status: Up for grabs Issues that are ready to be worked on by anyone and removed Status: Triage This is being looked at and prioritized labels May 28, 2024
@sandro-a-gamarra-db
Copy link
Author

sandro-a-gamarra-db commented May 30, 2024
edited
Loading

More context:

With required_pull_request_reviews set, every new plan is updating always 3/4 resources related to github branch protection. In particular, the node_id in required_pull_request_reviews.dismissal_restrictions

(Excerpt from our state)

"required_pull_request_reviews": [
{ "dismiss_stale_reviews": true, "dismissal_restrictions": [ "XXXXXXXXXXXxxxxxxx" ←This one ], }
]

Hashicorp support tested this out with versions 6.2.1 and 5.45.0 of the github provider, but they showed the same behaviour.

  • Without the line dismissal_restrictions = [data.github_user.current.node_id] , all works as expected. A second apply shows No changes. However, we require this dismissal_restrictions set.

  • When the line dismissal_restrictions = [data.github_user.current.node_id] is added to the required_pull_request_reviews in github_branch_protection, a second apply will result in the following: Plan: 0 to add, 1 to change, 0 to destroy.

I hope it helps to better understand this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Up for grabs Issues that are ready to be worked on by anyone Type: Bug Something isn't working as documented
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kfcampbell @sandro-a-gamarra-db