error when creating repositories in orgs where projects are disabled

[majormoses]

I pulled in 1.1.0 and am now seeing issues where on create terraform fails and then a re-run works as intended. I am not yet sure if this is an upstream api issue yet but wanted to report it here first.

Terraform Version

$ terraform --version
Terraform v0.11.6
+ provider.github v1.1.0

Your version of Terraform is out of date! The latest version
is 0.11.7. You can update by downloading from www.terraform.io/downloads.html

Affected Resource(s)

Please list the resources as a list:

• github_repository

Config

# relevant bits from resource definitions in module
resource "github_repository" "repo" {
  name               = "${var.repo_name}"
  description        = "${var.repo_description}"
  has_downloads      = true
  has_issues         = true
  has_wiki           = true
  private            = "${var.private_repo}"
  allow_merge_commit = "${var.allow_merge_commit}"
  has_projects       = false

  # this automatically creates a commit and pushes to master and is needed
  # because your can't add branch protection for an uninitialized repo
  # since the branch will not exist yet. It is only relevant during repo
  # creation.
  auto_init = true
}


# calling the module
module "devops_repo_test-tf-repo-creation" {
  source             = "../modules/repository"
  repo_name          = "test-tf-repo-creation"
  repo_description   = ""
  team_base_id       = "${module.devops_teams.team_base_id}"
  reviewers_team_id  = "${module.devops_teams.team_reviewers_id}"
  admins_team_id     = "${module.devops_teams.team_admins_id}"
  enforce_admins     = false
  allow_merge_commit = "${var.allow_merge_commit}"

  reviewer_teams = [
    "${module.devops_teams.team_reviewers_name}",
    "${module.devops_teams.team_admins_name}",
  ]

  dismiss_stale_reviews = false
  dismissal_teams       = []
}

Plan Output

Terraform will perform the following actions:

  + module.devops_repo_test-tf-repo-creation.github_branch_protection.master
      id:                                                         <computed>
      branch:                                                     "master"
      enforce_admins:                                             "false"
      repository:                                                 "test-tf-repo-creation"
      required_pull_request_reviews.#:                            "1"
      required_pull_request_reviews.0.dismiss_stale_reviews:      "false"
      required_pull_request_reviews.0.require_code_owner_reviews: "true"
      required_status_checks.#:                                   "1"
      required_status_checks.0.strict:                            "true"
      restrictions.#:                                             "1"
      restrictions.0.teams.#:                                     "2"
      restrictions.0.teams.2186602979:                            "devops_admins"
      restrictions.0.teams.462764105:                             "devops_reviewers"

  + module.devops_repo_test-tf-repo-creation.github_repository.repo
      id:                                                         <computed>
      allow_merge_commit:                                         "false"
      allow_rebase_merge:                                         "true"
      allow_squash_merge:                                         "true"
      archived:                                                   "false"
      auto_init:                                                  "true"
      default_branch:                                             <computed>
      full_name:                                                  <computed>
      git_clone_url:                                              <computed>
      has_downloads:                                              "true"
      has_issues:                                                 "true"
      has_projects:                                               "false"
      has_wiki:                                                   "true"
      html_url:                                                   <computed>
      http_clone_url:                                             <computed>
      name:                                                       "test-tf-repo-creation"
      private:                                                    "true"
      ssh_clone_url:                                              <computed>
      svn_url:                                                    <computed>

  + module.devops_repo_test-tf-repo-creation.github_team_repository.admins
      id:                                                         <computed>
      permission:                                                 "admin"
      repository:                                                 "test-tf-repo-creation"
      team_id:                                                    "<REDACTED>"

  + module.devops_repo_test-tf-repo-creation.github_team_repository.base
      id:                                                         <computed>
      permission:                                                 "pull"
      repository:                                                 "test-tf-repo-creation"
      team_id:                                                    "<REDACTED>"

  + module.devops_repo_test-tf-repo-creation.github_team_repository.doxbot
      id:                                                         <computed>
      permission:                                                 "push"
      repository:                                                 "test-tf-repo-creation"
      team_id:                                                    "<REDACTED>"

  + module.devops_repo_test-tf-repo-creation.github_team_repository.reviewers
      id:                                                         <computed>
      permission:                                                 "push"
      repository:                                                 "test-tf-repo-creation"
      team_id:                                                    "<REDACTED>"


Plan: 6 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Apply Output

$ tfa
module.devops_repo_test-tf-repo-creation.github_repository.repo: Creating...
  allow_merge_commit: "" => "false"
  allow_rebase_merge: "" => "true"
  allow_squash_merge: "" => "true"
  archived:           "" => "false"
  auto_init:          "" => "true"
  default_branch:     "" => "<computed>"
  full_name:          "" => "<computed>"
  git_clone_url:      "" => "<computed>"
  has_downloads:      "" => "true"
  has_issues:         "" => "true"
  has_projects:       "" => "false"
  has_wiki:           "" => "true"
  html_url:           "" => "<computed>"
  http_clone_url:     "" => "<computed>"
  name:               "" => "test-tf-repo-creation"
  private:            "" => "true"
  ssh_clone_url:      "" => "<computed>"
  svn_url:            "" => "<computed>"

Error: Error applying plan:

1 error(s) occurred:

* module.devops_repo_test-tf-repo-creation.github_repository.repo: 1 error(s) occurred:

* github_repository.repo: PATCH https://api.github.com/repos/doximity/test-tf-repo-creation: 422 Validation Failed [{Resource:Repository Field:has_projects Code:invalid Message:This repository's organization has repository projects disabled, so projects cannot be enabled for this repository.}]

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

Expected Behavior

As we are setting has_projects as false I would expect it to successfully create the repository without any project enabled.

Actual Behavior

Steps to Reproduce

1. Disable projects on an organization
2. Run a terraform plan with some minimal snippets from my example
3. Run a terraform apply which fails with issue
4. Run a terraform plan
5. Run a terraform apply and it works

Important Factoids

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

• Add has_projects field #92
• document has_projects option #98

[majormoses]

From what I read here

This would seem to indicate that:

1. we should not set any defaults since the api sets a sensible one for you
2. that either its not sending the correct value for the option or something else is very wrong

[majormoses]

So looking at the code and the upstream library we do not set any defaults and the github api docs something is wrong but I can't seem to figure out where its going wrong yet.

[majormoses]

I am beginning to suspect the issue may be on github's side. Running this through charles proxy this is what I see:

# request
PATCH /repos/<REDACTED>/test-tf-repo-creation HTTP/1.1
Host: api.github.com
User-Agent: go-github
Content-Length: 314
Accept: application/vnd.github.v3+json
Authorization: Bearer <REDACTED>
Content-Type: application/json
Accept-Encoding: gzip

{"name":"test-tf-repo-creation","description":"","homepage":"","auto_init":true,"allow_rebase_merge":true,"allow_squash_merge":true,"allow_merge_commit":false,"private":true,"has_issues":true,"has_wiki":true,"has_projects":false,"has_downloads":true,"license_template":"","gitignore_template":"","archived":false}


# response
HTTP/1.1 422 Unprocessable Entity
Date: Fri, 01 Jun 2018 01:39:17 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 302
Server: GitHub.com
Status: 422 Unprocessable Entity
X-RateLimit-Limit: 5000
X-RateLimit-Remaining: 2603
X-RateLimit-Reset: 1527819621
X-OAuth-Scopes: admin:gpg_key, admin:org, admin:org_hook, admin:public_key, admin:repo_hook, gist, notifications, repo, user, write:discussion
X-Accepted-OAuth-Scopes: 
X-GitHub-Media-Type: github.v3; format=json
Access-Control-Expose-Headers: ETag, Link, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Content-Security-Policy: default-src 'none'
X-Runtime-rack: 0.039168
X-GitHub-Request-Id: A922:1B1E:22518D:2C0217:5B10A3C5
Connection: keep-alive
{"message":"Validation Failed","errors":[{"message":"This repository's organization has repository projects disabled, so projects cannot be enabled for this repository.","resource":"Repository","field":"has_projects","code":"invalid"}],"documentation_url":"https://developer.github.com/v3/repos/#edit"}

Which confirms that the payload being sent to github looks correct.

[paultyng]

Docs updated per #98 (thanks for the PR!), going to close this as I think that's all we can do at this point.

[majormoses]

@paultyng even though there is nothing we can do at the moment I think it should remain open for tracking purposes as other users may find themselves affected. When searching for answers people often only look at open vs closed issues and leaving it open can avoid wasting their time as I already put in the effort to validate that its an API issue.

[paultyng]

I can appreciate the desire to make the discoverability of the problem good for newcomers to the provider, but we do not leave open issues for every caveat or gotcha we call out in docs.

Now that it is documented on the provider website I don't think keeping this open is useful unless there is an upstream issue to track somewhere or some other actionable tasks left.

I did verify it will still come up in a Google search closed or open and the TF error message output from GitHub's API explains what the conflict is on their side. If we can do something down the road I'm happy to reopen it at that point.

[majormoses]

every caveat or gotcha we call out in docs

I think you are misunderstanding this, this is broken on GitHub's side, I have finally got confirmation today from GitHub that they agree its broken on their end and are not sure why. We do not call that out in our docs, we only documented that its an option not that it essentially does not matter what you pass it will always fail if your org disables projects. I respect your decision to keep it closed as there is no action item (other than me pinging github support every week until we have a resolution) and I will keep updating here as I get more information from the GitHub api team when they deliver a fix so then when someone googles it they can find the issue and be up to date.

[ultimatemonty]

my team ran into this issue in Github Enterprise 2.14. Our work around was to manually enable projects at the org level, apply the change (in our case it was adding checks to a branch) and then disable projects again.

Interestingly repo level changes were applied with no problem (disabled merge commits, rebase merges, and projects). It was only adding the checks to the branch that failed.