integrations / terraform-provider-github

Terraform GitHub provider
https://www.terraform.io/docs/providers/github/
MIT License
905 stars 746 forks source link

[BUG]: `oidc_subject_claim_customization_template` include account name in the API uri #2104

Closed petr-stupka closed 9 months ago

petr-stupka commented 9 months ago

Expected Behavior

When using template i should be able to specify the organization repo in the format org/repo

resource "github_actions_repository_oidc_subject_claim_customization_template" "repo_template" {
  repository         = data.github_repository.landingzone.full_name
  use_default        = false
  include_claim_keys = ["repo"]
}

Actual Behavior

The issue is that when using organization repo (as example org/repo) The URI is formed together with my account name user-account. I believe this is hardcoded behavior. The user-account should be not included by default, otherwise this limit the use of this resource to non-organizational repos only

github_actions_repository_oidc_subject_claim_customization_template.repo_template: Creating...
╷
│ Error: PUT https://api.github.com/repos/user-account/org/repo/actions/oidc/customization/sub: 404 Not Found []

Terraform Version

Terraform 1.6.6 Provider: 5.44 Authentication: OAuth / Personal Access Token available in Codespaces

Affected Resource(s)

Terraform Configuration Files

data "github_repository" "landingzone" {
  full_name = format("%s/%s", var.github.organization, var.github.repository)
}

resource "github_actions_repository_oidc_subject_claim_customization_template" "repo_template" {
  repository         = data.github_repository.full_name
  use_default        = false
  include_claim_keys = ["repo"]
}

Steps to Reproduce

No response

Debug Output

github_actions_repository_oidc_subject_claim_customization_template.repo_template: Creating...
╷
│ Error: PUT https://api.github.com/repos/user-account/org/repo/actions/oidc/customization/sub: 404 Not Found []
│ 
│   with github_actions_repository_oidc_subject_claim_customization_template.repo_template,
│   on resources.github.tf line 5, in resource "github_actions_repository_oidc_subject_claim_customization_template" "repo_template":
│    5: resource "github_actions_repository_oidc_subject_claim_customization_template" "repo_template" {

Panic Output

No response

Code of Conduct

nickfloyd commented 9 months ago

Hey @petr-stupka thanks for tracking this down. Let us know if you'd be interested in fixing the issue and submitting a PR. For now I have labeled this as "Up For Grabs" so that the community can take a stab at getting this fixed as well. ❤️

petr-stupka commented 9 months ago

Hi, thank you for reviewing. I tried to create PR and then just realized it is caused by my wrong provider config.

In provider, owner have to be specified (otherwise user-name will be the owner)

provider "github" {
  owner = var.owner
  token = var.github_token
}

With that no issue 👍🏼

resource "github_repository" "example" {
  name        = "oidc-subject-claim-customization"
  description = "Repository for testing the GitHub OIDC Subject Claim Customization template."

  visibility = "private"

  template {
    owner                = var.owner
    repository           = "terraform-template-module"
    include_all_branches = true
  }
}

resource "github_actions_repository_oidc_subject_claim_customization_template" "example" {
  repository         = github_repository.example.name
  use_default        = false
  include_claim_keys = ["repo"]
}

So this can be closed. I can eventually extend the docs/examples with this example if required.

kfcampbell commented 9 months ago

👍 thanks for clarifying, @petr-stupka. We'd be very receptive to a follow-up PR as you described if you so desire!