Fix issues/2252

[fushi]

Resolves #2252

---

Before the change?

If the security_and_analysis block of github_repository is either unset, unchanged, or ignored by Terraform by using the ignore_changes list in the lifecycle block, the provider sends an update containing that information. This causes the following error if there are enterprise policies preventing such a change:

│ Error: PATCH https://api.github.com/repos/$ORG_REDACTED/$REPO_REDACTED: 422 An enterprise policy prevented modifying advanced security enablement. Contact your enterprise owner for details. [] │ │ with github_repository.all['$REPO_REDACTED'], │ on main.tf line 1, in resource "github_repository" "all": │ 1: resource "github_repository" "all" {

After the change?

• The provider properly ignores unset, unchanged, or ignored values for security_and_analysis

Pull request checklist

• Tests for the changes have been added (for bug fixes / features)
• Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Not specifically, but if anyone was relying on the incorrect behavior, this will likely break that workflow.

Please see our docs on breaking changes to help!

• Yes
• No

---

[fushi]

I've tested this as thoroughly as I am able, but I do not have an organization that pays for the advanced security, that also does not have enterprise policies preventing changes.

Thus, I tested the following scenarios:

• No change to security_and_analysis: No error when enterprise policies forbid changing these values
• Change to security_and_analysis: Error when enterprise policies forbid changing these values, identical to error in this scenario before the code change.

[fushi]

@nickfloyd @kfcampbell This has been sitting for a few weeks now, with no comments or movement. Is there something else I need to do in order for this to get some traction? Thanks!