Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When github_actions_secret is changes via gui, it will be re-created #964

Open
ArneRiemann4711 opened this issue Nov 2, 2021 · 11 comments
Open

When github_actions_secret is changes via gui, it will be re-created #964

ArneRiemann4711 opened this issue Nov 2, 2021 · 11 comments
Labels
Status: Pinned A way to keep old or long lived issues around

Comments

@ArneRiemann4711
Copy link

ArneRiemann4711 commented Nov 2, 2021
edited
Loading

Terraform Version

1.0.7

Affected Resource(s)

Please list the resources as a list, for example:

  • github_actions_secret

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

resource "github_actions_secret" "workflow_pat" {

  count = var.create_default_secrets ? 1 : 0

  repository      = github_repository.this.name
  secret_name     = "WORKFLOW_PAT"
  plaintext_value = "CHANGE_ME"

  lifecycle {
    ignore_changes = [plaintext_value]
  }
}

Expected Behavior

Changes to Secrets made from GitHub Gui should be ignored

Actual Behavior

Secret will be re-created

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

Repo is created from a template. Could this be the reason?
@thekbb
Copy link
Contributor

thekbb commented Nov 2, 2021

This is expected, terraform is fixing config drift. Changes to a terraform managed resource made outside of terraform will be put back when terraform applies.

Things should either be managed through terraform or not... there is no middle path.

@gfoligna-nyshex
Copy link

I think the ignore_changes lifecycle argument is there on purpose.

I'm having the same issue. I get a total new creation of the github_actions_secret every time I plan and apply.
None of the arguments from ignore_changes works for me.

TF ver 0.13.5
GitHub provider ver 4.7.0 (latest as of today)

This is expected, terraform is fixing config drift. Changes to a terraform managed resource made outside of terraform will be put back when terraform applies.

Things should either be managed through terraform or not... there is no middle path.

@gfoligna-nyshex gfoligna-nyshex mentioned this issue Nov 5, 2021
Open
@gfoligna-nyshex
Copy link

Also this relates to #749

@gfoligna-nyshex
Copy link

One more thing: v0.14.1 claims to have this error fixed. Tested and it is still not working (actually just worked once).

@atanaspam
Copy link

We are also running into this issue.

Seems to be related to this piece of code that does not respect the ignore_changes lifecycle argument.

@guineveresaenger guineveresaenger mentioned this issue Apr 25, 2022
Closed
@yordis
Copy link

yordis commented Nov 5, 2022

Following this,

Our intention at the moment is to provision the secrets without the values (just as a templating) to then manually update the secret values, but every time we do it the resource gets destroyed and recreated again.

@github-actions
Copy link

github-actions bot commented Aug 3, 2023

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

@github-actions github-actions bot added the Status: Stale Used by stalebot to clean house label Aug 3, 2023
@yordis
Copy link

yordis commented Aug 3, 2023

keep

@github-actions github-actions bot removed the Status: Stale Used by stalebot to clean house label Aug 4, 2023
@github-actions GitHub Actions
Copy link

github-actions bot commented May 3, 2024

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

@github-actions github-actions bot added the Status: Stale Used by stalebot to clean house label May 3, 2024
@yordis
Copy link

yordis commented May 3, 2024

Could somebody try to directly help at #1351

@kfcampbell kfcampbell added Status: Pinned A way to keep old or long lived issues around and removed Status: Stale Used by stalebot to clean house labels May 3, 2024
@kfcampbell kfcampbell moved this to 🆕 Triage in 🧰 Octokit Active May 3, 2024
@kfcampbell kfcampbell moved this from 🆕 Triage to 🔥 Backlog in 🧰 Octokit Active May 3, 2024
@mrsaiz
Copy link

mrsaiz commented May 8, 2024
edited
Loading

We are also facing this issue. In AWS terraform provider, the way it is manage is using two different resources, secret and secret_version.

resource "aws_secretsmanager_secret" "example" {
  name = "example"
}

resource "aws_secretsmanager_secret_version" "example" {
  secret_id     = aws_secretsmanager_secret.example.id
  secret_string = "example-string-to-protect"
}

I can create an "empty" secret with terraform, then manage the secret_version out of terraform state.

It would be nice to manage github secrets in a similar way. The day 1, I want to create the secret with terraform but, day 2, manage the rotation with a separated tool.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Pinned A way to keep old or long lived issues around
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@yordis @thekbb @atanaspam @kfcampbell @mrsaiz @ArneRiemann4711 @gfoligna-nyshex