[BUG]: github_app_installation_repository does not work with fine grained personal access tokens

[audunsolemdal]

Expected Behavior

Managing github app installations should work fine with fine-grained Github tokens

Actual Behavior

Fine-grained Github tokens do not work with managing app installations. Running Terraform plan works fine if the resource does not already exist, but fails with 403 Resource not accessible by personal access token [] on terraform apply. If the resource is already in terraform state the 403 error is returned when running terraform plan

The same resources work fine with a classic PAT with org:read and repo:write permissions. It is not clear to me if the fine-grained tokens supports generating a user access token , or if the terraform provider needs an update.

Terraform Version

Terraform v1.6.6 on windows_amd64

• provider registry.terraform.io/integrations/github v5.44.0

Affected Resource(s)

• github_app_installation_repositories
• github_app_installation_repository

Terraform Configuration Files

locals {
  app_installation_id = "123456789"
}

provider "github" {
  owner = "solomno"
  token = var.github_token
}

variable "github_token" {
  type = string
  default = "github_pat_xxxxxxxxxxxxxxxxxx" 
}

resource "github_app_installation_repositories" "sync_infra_app" {
  installation_id       = local.app_installation_id 
  selected_repositories = ["sharing"]
}

resource "github_app_installation_repository" "sync_infra_app2" {
  installation_id = local.app_installation_id
  repository = "sharing"
}

Steps to Reproduce

1. Generate fine-grained access token with access to a github organization. Allow all repos. Add as much permissions as you like, it will still fail

terraform apply

Debug Output

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # github_app_installation_repositories.sync_infra_app will be created
  + resource "github_app_installation_repositories" "sync_infra_app" {
      + id                    = (known after apply)
      + installation_id       = "123456789"
      + selected_repositories = [
          + "sharing",
        ]
    }

  # github_app_installation_repository.sync_infra_app2 will be created
  + resource "github_app_installation_repository" "sync_infra_app2" {
      + id              = (known after apply)
      + installation_id = "123456789"
      + repo_id         = (known after apply)
      + repository      = "sharing"
    }

Plan: 2 to add, 0 to change, 0 to destroy.
2024-01-16T10:23:23.372+0100 [DEBUG] command: asking for input: "\nDo you want to perform these actions?"

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

2024-01-16T10:23:24.179+0100 [INFO]  backend/local: apply calling Apply
2024-01-16T10:23:24.179+0100 [DEBUG] Building and walking apply graph for NormalMode plan
2024-01-16T10:23:24.179+0100 [DEBUG] Resource state not found for node "github_app_installation_repository.sync_infra_app2", instance github_app_installation_repository.sync_infra_app2
2024-01-16T10:23:24.179+0100 [DEBUG] Resource state not found for node "github_app_installation_repositories.sync_infra_app", instance github_app_installation_repositories.sync_infra_app
2024-01-16T10:23:24.179+0100 [DEBUG] ProviderTransformer: "github_app_installation_repository.sync_infra_app2" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/integrations/github"]
2024-01-16T10:23:24.180+0100 [DEBUG] ProviderTransformer: "github_app_installation_repositories.sync_infra_app" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/integrations/github"]
2024-01-16T10:23:24.180+0100 [DEBUG] ProviderTransformer: "github_app_installation_repositories.sync_infra_app (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/integrations/github"]
2024-01-16T10:23:24.180+0100 [DEBUG] ProviderTransformer: "github_app_installation_repository.sync_infra_app2 (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/integrations/github"]
2024-01-16T10:23:24.180+0100 [DEBUG] ReferenceTransformer: "var.github_token" references: []
2024-01-16T10:23:24.180+0100 [DEBUG] ReferenceTransformer: "github_app_installation_repository.sync_infra_app2" references: [local.app_installation_id (expand)]
2024-01-16T10:23:24.180+0100 [DEBUG] ReferenceTransformer: "github_app_installation_repositories.sync_infra_app (expand)" references: [local.app_installation_id (expand)]
2024-01-16T10:23:24.180+0100 [DEBUG] ReferenceTransformer: "github_app_installation_repository.sync_infra_app2 (expand)" references: [local.app_installation_id (expand)]
2024-01-16T10:23:24.180+0100 [DEBUG] ReferenceTransformer: "local.ne1net_app_installation_id (expand)" references: []
2024-01-16T10:23:24.180+0100 [DEBUG] ReferenceTransformer: "local.scanitizer_app_installation_id (expand)" references: []
2024-01-16T10:23:24.180+0100 [DEBUG] ReferenceTransformer: "local.app_installation_id (expand)" references: []
2024-01-16T10:23:24.180+0100 [DEBUG] ReferenceTransformer: "github_app_installation_repositories.sync_infra_app" references: [local.app_installation_id (expand)]
2024-01-16T10:23:24.180+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/integrations/github\"]" references: [var.github_token]
2024-01-16T10:23:24.180+0100 [DEBUG] pruneUnusedNodes: local.scanitizer_app_installation_id (expand) is no longer needed, removing
2024-01-16T10:23:24.180+0100 [DEBUG] pruneUnusedNodes: local.ne1net_app_installation_id (expand) is no longer needed, removing
2024-01-16T10:23:24.181+0100 [DEBUG] Starting graph walk: walkApply
2024-01-16T10:23:24.181+0100 [DEBUG] created provider logger: level=debug
2024-01-16T10:23:24.181+0100 [INFO]  provider: configuring client automatic mTLS
2024-01-16T10:23:24.184+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/integrations/github/5.44.0/windows_amd64/terraform-provider-github_v5.44.0.exe args=[".terraform/providers/registry.terraform.io/integrations/github/5.44.0/windows_amd64/terraform-provider-github_v5.44.0.exe"]
2024-01-16T10:23:24.187+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/integrations/github/5.44.0/windows_amd64/terraform-provider-github_v5.44.0.exe pid=37912
2024-01-16T10:23:24.187+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/integrations/github/5.44.0/windows_amd64/terraform-provider-github_v5.44.0.exe
2024-01-16T10:23:24.204+0100 [INFO]  provider.terraform-provider-github_v5.44.0.exe: configuring server automatic mTLS: timestamp="2024-01-16T10:23:24.204+0100"
2024-01-16T10:23:24.213+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: plugin address: address=127.0.0.1:10000 network=tcp timestamp="2024-01-16T10:23:24.213+0100"
2024-01-16T10:23:24.213+0100 [DEBUG] provider: using plugin: version=5
2024-01-16T10:23:24.225+0100 [DEBUG] No provider meta schema returned
2024-01-16T10:23:24.230+0100 [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/integrations/github\"]" changed the config value, but that value is unused
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: 2024/01/16 10:23:24 [INFO] Selecting owner  from GITHUB_OWNER environment variable
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: 2024/01/16 10:23:24 [INFO] Setting write_delay_ms to 1000
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: 2024/01/16 10:23:24 [DEBUG] Setting read_delay_ms to 0
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: 2024/01/16 10:23:24 [DEBUG] Setting parallel_requests to false
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: 2024/01/16 10:23:24 [DEBUG] GitHub API Request Details:
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: ---[ REQUEST ]---------------------------------------
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: GET /orgs/solomno HTTP/1.1
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Host: api.github.com
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: User-Agent: go-github/v57.0.0
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Accept: application/vnd.github.surtur-preview+json,application/vnd.github.stone-crop-preview+json
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Github-Api-Version: 2022-11-28
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Accept-Encoding: gzip
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe
2024-01-16T10:23:24.231+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: -----------------------------------------------------
2024-01-16T10:23:24.623+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: 2024/01/16 10:23:24 [DEBUG] GitHub API Response Details:
2024-01-16T10:23:24.623+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: ---[ RESPONSE ]--------------------------------------
2024-01-16T10:23:24.624+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: HTTP/2.0 200 OK
(- REDACTED - Success )
2024-01-16T10:23:24.628+0100 [INFO]  Starting apply for github_app_installation_repository.sync_infra_app2
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: }
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: -----------------------------------------------------
2024-01-16T10:23:24.629+0100 [DEBUG] github_app_installation_repositories.sync_infra_app: applying the planned Create change
2024-01-16T10:23:24.629+0100 [DEBUG] github_app_installation_repository.sync_infra_app2: applying the planned Create change
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: 2024/01/16 10:23:24 [DEBUG] GitHub API Request Details:
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: ---[ REQUEST ]---------------------------------------
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: GET /repos/solomno/sharing HTTP/1.1
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Host: api.github.com
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: User-Agent: go-github/v57.0.0
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Accept: application/vnd.github.scarlet-witch-preview+json, application/vnd.github.mercy-preview+json, application/vnd.github.baptiste-preview+json, application/vnd.github.nebula-preview+json,application/vnd.github.stone-crop-preview+json
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Github-Api-Version: 2022-11-28
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Accept-Encoding: gzip
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: -----------------------------------------------------
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: 2024/01/16 10:23:24 [DEBUG] GitHub API Request Details:
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: ---[ REQUEST ]---------------------------------------
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: GET /user/installations/123456789/repositories?per_page=100 HTTP/1.1
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Host: api.github.com
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: User-Agent: go-github/v57.0.0
2024-01-16T10:23:24.629+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Accept: application/vnd.github.mercy-preview+json, application/vnd.github.nebula-preview+json, application/vnd.github.baptiste-preview+json,application/vnd.github.stone-crop-preview+json
2024-01-16T10:23:24.630+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Github-Api-Version: 2022-11-28
2024-01-16T10:23:24.630+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Accept-Encoding: gzip
2024-01-16T10:23:24.630+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe
2024-01-16T10:23:24.630+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe
2024-01-16T10:23:24.630+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: -----------------------------------------------------
2024-01-16T10:23:25.000+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: 2024/01/16 10:23:25 [DEBUG] GitHub API Response Details:
2024-01-16T10:23:25.000+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: ---[ RESPONSE ]--------------------------------------
2024-01-16T10:23:25.000+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: HTTP/2.0 200 OK
(- REDACTED - Succcess)
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: -----------------------------------------------------
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: 2024/01/16 10:23:25 [DEBUG] GitHub API Request Details:
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: ---[ REQUEST ]---------------------------------------
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: PUT /user/installations/123456789/repositories/705227863 HTTP/1.1
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Host: api.github.com
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: User-Agent: go-github/v57.0.0
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Content-Length: 0
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Accept: application/vnd.github.v3+json,application/vnd.github.stone-crop-preview+json
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Github-Api-Version: 2022-11-28
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Accept-Encoding: gzip
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe
2024-01-16T10:23:25.007+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: -----------------------------------------------------
2024-01-16T10:23:25.164+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: 2024/01/16 10:23:25 [DEBUG] GitHub API Response Details:
2024-01-16T10:23:25.164+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: ---[ RESPONSE ]--------------------------------------
2024-01-16T10:23:25.165+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: HTTP/2.0 403 Forbidden
2024-01-16T10:23:25.165+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Access-Control-Allow-Origin: *
2024-01-16T10:23:25.165+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
2024-01-16T10:23:25.165+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Content-Security-Policy: default-src 'none'
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Content-Type: application/json; charset=utf-8
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Date: Tue, 16 Jan 2024 09:23:25 GMT
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Github-Authentication-Token-Expiration: 2024-02-15 10:05:03 +0100
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Server: GitHub.com
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Vary: Accept-Encoding, Accept, X-Requested-With
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Accepted-Github-Permissions: metadata=read
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Content-Type-Options: nosniff
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Frame-Options: deny
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Github-Api-Version-Selected: 2022-11-28
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Github-Media-Type: github.mercy-preview; param=nebula-preview.baptiste-preview; format=json, github.stone-crop-preview; format=json
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Github-Request-Id: 7533:3E649A:31838A6:322CD59:65A64B0D
2024-01-16T10:23:25.166+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Ratelimit-Limit: 5000
2024-01-16T10:23:25.167+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Ratelimit-Remaining: 4871
2024-01-16T10:23:25.167+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Ratelimit-Reset: 1705399023
2024-01-16T10:23:25.167+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Ratelimit-Resource: core
2024-01-16T10:23:25.167+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Ratelimit-Used: 129
2024-01-16T10:23:25.167+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Xss-Protection: 0
2024-01-16T10:23:25.167+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe
2024-01-16T10:23:25.167+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: {
2024-01-16T10:23:25.167+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe:  "message": "Resource not accessible by personal access token",
2024-01-16T10:23:25.167+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe:  "documentation_url": "https://docs.github.com/rest/apps/installations#list-repositories-accessible-to-the-user-access-token"
2024-01-16T10:23:25.167+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: }
2024-01-16T10:23:25.167+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: -----------------------------------------------------
2024-01-16T10:23:25.170+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-01-16T10:23:25.170+0100 [ERROR] vertex "github_app_installation_repositories.sync_infra_app" error: GET https://api.github.com/user/installations/123456789/repositories?per_page=100: 403 Resource not accessible by personal access token []
2024-01-16T10:23:25.428+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: 2024/01/16 10:23:25 [DEBUG] GitHub API Response Details:
2024-01-16T10:23:25.428+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: ---[ RESPONSE ]--------------------------------------
2024-01-16T10:23:25.428+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: HTTP/2.0 403 Forbidden
2024-01-16T10:23:25.428+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Access-Control-Allow-Origin: *
2024-01-16T10:23:25.429+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
2024-01-16T10:23:25.429+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Content-Security-Policy: default-src 'none'
2024-01-16T10:23:25.429+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Content-Type: application/json; charset=utf-8
2024-01-16T10:23:25.429+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Date: Tue, 16 Jan 2024 09:23:25 GMT
2024-01-16T10:23:25.430+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Github-Authentication-Token-Expiration: 2024-02-15 10:05:03 +0100
2024-01-16T10:23:25.430+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
2024-01-16T10:23:25.430+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Server: GitHub.com
2024-01-16T10:23:25.430+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
2024-01-16T10:23:25.430+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: Vary: Accept-Encoding, Accept, X-Requested-With
2024-01-16T10:23:25.430+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Content-Type-Options: nosniff
2024-01-16T10:23:25.430+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Frame-Options: deny
2024-01-16T10:23:25.430+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Github-Api-Version-Selected: 2022-11-28
2024-01-16T10:23:25.430+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Github-Media-Type: github.v3; format=json, github.stone-crop-preview; format=json
2024-01-16T10:23:25.431+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Github-Request-Id: 7533:3E649A:318397C:322CE1F:65A64B0D
2024-01-16T10:23:25.431+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Ratelimit-Limit: 5000
2024-01-16T10:23:25.431+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Ratelimit-Remaining: 4870
2024-01-16T10:23:25.432+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Ratelimit-Reset: 1705399023
2024-01-16T10:23:25.432+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Ratelimit-Resource: core
2024-01-16T10:23:25.432+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Ratelimit-Used: 130
2024-01-16T10:23:25.432+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: X-Xss-Protection: 0
2024-01-16T10:23:25.432+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe
2024-01-16T10:23:25.432+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: {
2024-01-16T10:23:25.432+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe:  "message": "Resource not accessible by personal access token",
2024-01-16T10:23:25.432+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe:  "documentation_url": "https://docs.github.com/rest/apps/installations#add-a-repository-to-an-app-installation"
2024-01-16T10:23:25.432+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: }
2024-01-16T10:23:25.432+0100 [DEBUG] provider.terraform-provider-github_v5.44.0.exe: -----------------------------------------------------
2024-01-16T10:23:25.433+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-01-16T10:23:25.433+0100 [ERROR] vertex "github_app_installation_repository.sync_infra_app2" error: PUT https://api.github.com/user/installations/123456789/repositories/705227863: 403 Resource not accessible by personal access token []
╷
│ Error: GET https://api.github.com/user/installations/123456789/repositories?per_page=100: 403 Resource not accessible by personal access token []
│
│   with github_app_installation_repositories.sync_infra_app,
│   on main.tf line 38, in resource "github_app_installation_repositories" "sync_infra_app":
│   38: resource "github_app_installation_repositories" "sync_infra_app" {
│
╵
╷
│ Error: PUT https://api.github.com/user/installations/123456789/repositories/705227863: 403 Resource not accessible by personal access token []
│
│   with github_app_installation_repository.sync_infra_app2,
│   on main.tf line 43, in resource "github_app_installation_repository" "sync_infra_app2":
│   43: resource "github_app_installation_repository" "sync_infra_app2" {
│
╵
2024-01-16T10:23:25.438+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-01-16T10:23:25.459+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/integrations/github/5.44.0/windows_amd64/terraform-provider-github_v5.44.0.exe pid=37912
2024-01-16T10:23:25.459+0100 [DEBUG] provider: plugin exited

Panic Output

No response

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[kfcampbell]

@audunsolemdal this is an API behavior, not the Terraform provider, though we could certainly stand to document it better here. The API docs say:

You must use a personal access token (which you can create via the command line or Basic Authentication) to access this endpoint.

[audunsolemdal]

I am aware that Github apps cannot use this endpoint, but I am using a personal access token. "Fine-grained". I do not think the sentence you refer to in docs directly covers this.

[kfcampbell]

Ahh you're right, I've misread, sorry. It still is an API issue, however: fine-grained tokens support only limited Apps endpoints.

[brett-swan-sh]

Hey there, wanted to bump this.

This endpoint's documentation is super frustrating because it explicitly says all the ways you can't authenticate to the endpoint, but makes no mention of how you can actually use the endpoint.

https://docs.github.com/en/rest/apps/installations?apiVersion=2022-11-28#add-a-repository-to-an-app-installation

Additionally the current docs for the provider resource make no mention of any of these constraints. Anybody know if it's actually possible to manage app installations on repos through TF right now? I would assume yes since there's a resource for it... but I can't figure it out. Thanks in advance!

[iniinikoski]

Good question @brett-swan-sh ! Bumping this as well, as managing GitHub Apps with Terraform would be highly useful.