search

Azure / ALZ-PowerShell-Module

The Azure Landing Zones Accelerators PowerShell module
https://www.powershellgallery.com/packages/ALZ/
MIT License
68 stars 29 forks source link

Bug: Github - Failed to create the environment protection rule. #193

Open richardf5 opened 3 weeks ago

richardf5 commented 3 weeks ago

Is there an existing issue for this?

Infrastrcuture as Code Type? (Required)

terraform

Module Versions (Required)

ALZ PowerShell Module: x3.0.4 Accelerator Bootstrap Modules: 3.1.2 Terraform Starter Modules: 2.3.2

Input arguments of the ALZ-PowerShell-Module (Optional)

Deploy-Accelerator -targetDirectory .\AlzTerraformAccelerator -inputs 'C:\Landing Zone Accelerators\inputsHubSpoke.yaml'

Basically, GitHub, Terraform and new standard parameters.

Debug Output/Panic Output (Optional)

First error
-----------
 Error: PUT https://api.github.com/repos/<GitHubOrg>/neon-shared/environments/neon-shared-apply: 422 Failed to create the environment protection rule. Please ensure the billing plan supports the required reviewers protection rule. []
│
│   with module.github.github_repository_environment.alz["apply"],
│   on ..\..\modules\github\environment.tf line 1, in resource "github_repository_environment" "alz":
│    1: resource "github_repository_environment" "alz" {

Additional error found in trace
-------------------------------

╵
╷
│ Error: Failed to perform action
│
│   with module.azure.azapi_resource_action.resource_provider_registration["a72c3bcf-21e8-4c35-9036-ec04f1643857_Microsoft.TimeSeriesInsights"],
│   on ..\..\modules\azure\resource_providers.tf line 17, in resource "azapi_resource_action" "resource_provider_registration":
│   17: resource "azapi_resource_action" "resource_provider_registration" {
│
│ performing action providers/Microsoft.TimeSeriesInsights/register of "Resource: (ResourceId
│ \"/subscriptions/<SubscriptionID>\" / Api Version \"2021-04-01\")": POST
│ https://management.azure.com/subscriptions/<SubscriptionID>/providers/Microsoft.TimeSeriesInsights/register
│ --------------------------------------------------------------------------------
│ RESPONSE 400: 400 Bad Request
│ ERROR CODE: DisallowedProvider
│ --------------------------------------------------------------------------------
│ {
│   "error": {
│     "code": "DisallowedProvider",
│     "message": "The operation is not permitted for namespace 'Microsoft.TimeSeriesInsights'.

Expected Behaviour (Required)

Bootstrap completes - especially as we're using GitHub Teams subscription.

Actual Behaviour (Required)

image

Steps to Reproduce (Optional)

No response

Important Factoids (Optional)

Using GitHub Teams Subscription - this used to work!

Also, there are still errors with regards to the change of AzureRM module - The Microsoft.TimeSeriesInsights is no longer a provider that can be registered.

References (Optional)

No response

jaredfholgate commented 5 days ago

I see this feature is not supported on private repos for your plan level: Image

See link here: https://github.com/pricing#compare-features

We only check for a free plan and not the teams plan. We probably need to reverse the logic here and / or add some notes to the docs around this: https://github.com/Azure/accelerator-bootstrap-modules/blob/72ad04bab8af6f988453dadd6b1e0e650178e837/modules/github/repository_module.tf#L5

The workaround for now would be to supply an empty array in the apply_approvers input.

jaredfholgate commented 5 days ago

Will have a think about the best solution to handle this, leaving open for now.