Cannot create repository with 'visibility: private' in an organisation that does not allow public repositories

[ghost]

Terraform Version

Terraform v0.14.3

Provider Version

terraform {
  required_providers {
    github = {
      source = "integrations/github"
      version = "4.3.0"
    }
  }
}

Affected Resource(s)

• github_repository

Terraform Configuration Files

# Create repository
resource "github_repository" "test_terraform" {
  name        = "test-terraform"
  visibility  = "private"
}

Debug Output

POST https://api.github.com/orgs/{org}/repos: 403 You need admin access to the organization before adding a repository to it

See Details section below

Expected Behavior

Terraform will create a private repository.

Actual Behavior

403 returned.

Details

It seems that it is not possible to create a repository using the github_repository resource with the visibility = "private" paramater in an organisation where members are not allowed to create public repositories.

After some debug this is because the provider initially creates a public repo, and quickly makes a PATCH call to the GitHub API to switch it from public to private.

Running with TF_LOG and truncated for brevity:

# Initial request - note "private": false,
POST /orgs/{ORG}/repos HTTP/1.1
{
  "name": "test-terraform",
  "description": "",
  "homepage": "",
  "private": false,
  "has_issues": false,
  "has_projects": false,
  "has_wiki": false,
  "is_template": false,
  "auto_init": false,
  "gitignore_template": "",
  "license_template": "",
  "allow_squash_merge": true,
  "allow_merge_commit": true,
  "allow_rebase_merge": true,
  "delete_branch_on_merge": true
 }
 
 # A later request changing visibility to private
PATCH /repos/{ORG}/test-terraform HTTP/1.1
  {
  "name": "test-terraform",
  "description": "",
  "homepage": "",
  "auto_init": false,
  "allow_rebase_merge": true,
  "allow_squash_merge": true,
  "allow_merge_commit": true,
  "delete_branch_on_merge": true,
  "archived": false,
  "private": false,
  "has_issues": false,
  "has_wiki": false,
  "has_projects": false,
  "has_downloads": false,
  "is_template": false,
  "license_template": "",
  "gitignore_template": "",
  "visibility": "private"
 }

I've tested all this directly through the API. The error returned is coming directly from the GitHub API: when you try to create a public repo when only private repos are allowed you get a 403:

"message": "You need admin access to the organization before adding a repository to it."

This is not a useful message, it should read something like "message": "You cannot create a public repository in this organization unless you are an organization admin.", because organisation owners can still create public repos, when other members can't.

Anyway, is there something I'm missing? If not, is there a particular reason that the provider first creates a public repository and then change the visibility? You can pass "visibility": "private" on the initial POST request and this would solve this issue.

As an example:

# Request
curl --location --request POST 'https://api.github.com/orgs/{ORG}repos' \
--header 'Accept: application/vnd.github.v3+json, application/vnd.github.nebula-preview+json' \
--header '<AUTH>' \
--data-raw '{"name": "test-creating-repo-from-api", "visibility": "private"}'

# Response
201 Created

I've never contributed to a terraform provider before but if someone points me in the right direction I'm happy to try and do so to fix this issue; but if someone else wants to pick it up then that is cool too.

[jcudit]

Relates to #580. Thanks for boosting the signal here and providing this amount of detail 🙇🏾 .

[jurgen-weber-deltatre]

I would say you are hitting this like me; google/go-github#1786

[jurgen-weber-deltatre]

ignore my last comment, found it here; #680

[ms185570]

I am encountering the same problem. However I can set the deprecated private = true setting and it would work, but I need my repos to be internal so it would always set my repo to private on subsequent runs.

[divyagandhi01]

Will this be fixed by #781?

[alec-pinson]

I think the original issue described here is resolved by #761
However the PR I created #781 should resolve the issue @ms185570 and I are having

[github-actions]

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!