terraform-provider-github: cannot upgrade to above 3.1.0

We have many resources managed with terraform 0.12.29 and provider 2.9.2.

Now we want to upgrade to at least 4.0.1 and even 4.1.0. But anything above 3.1.0 breaks terraform plan with error message. I can reproduce this to one specific branch_protection resource which errors with the message

Error: Could not resolve to a node with the global id of 'liveshare-custom-domain-pipeline'

I have pruned the code and state so that only 2 resources remain and I am getting this error.

No error when I upgraded to just 3.1.0

Terraform Version

Terraform v0.12.29
+ provider.aws v3.0.0
+ provider.github v4.1.0

Your version of Terraform is out of date! The latest version
is 0.14.0. You can update by downloading from https://www.terraform.io/downloads.html

Also tried with terraform version 0.13.5 to no avail

Affected Resource(s)

github_branch_protection.liveshare_custom_domain_pipeline

Terraform Configuration Files


resource "github_branch_protection" "liveshare_custom_domain_pipeline" {
  repository_id  = github_repository.liveshare_custom_domain_pipeline.node_id
  pattern        = "master"
  enforce_admins = true

  required_pull_request_reviews {
    dismiss_stale_reviews      = true
    require_code_owner_reviews = false
  }

  required_status_checks {
    strict = true
  }

  push_restrictions = [data.github_team.devops.slug, data.github_team.operations.slug]
}
data "github_team" "devops" {
  slug = "devops"
}

data "github_team" "operations" {
  slug = "operations"
}
terraform {
  required_version = "= 0.12.29"
}

provider "aws" {
  region  = "us-east-1"
  version = "= 3.0.0"
}

# Configure the GitHub Provider
provider "github" {
  organization = var.github_organization
  token        = var.github_token
  version      = "= 4.1.0"
}
resource "github_repository" "liveshare_custom_domain_pipeline" {
  name        = "liveshare-custom-domain-pipeline"
  description = ""

  allow_merge_commit = false
  allow_rebase_merge = false

  visibility = "private"

  lifecycle {
    prevent_destroy = true
  }
}
variable "github_organization" {
  default = "seismic"
}

variable "github_token" {
  default = ""
}

Debug Output

available upon request

Panic Output

Expected Behavior

No error.

Actual Behavior

Error.

Steps to Reproduce

terraform plan

Important Factoids

No error for provider 3.1.0. I also get the above error when I use target on this resource

terraform  plan -target github_branch_protection.liveshare_custom_domain_pipeline
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.github_team.devops: Refreshing state...
data.github_team.operations: Refreshing state...
github_repository.liveshare_custom_domain_pipeline: Refreshing state... [id=liveshare-custom-domain-pipeline]

Error: Could not resolve to a node with the global id of 'liveshare-custom-domain-pipeline'

Before pruning code and state, I get no error when I plan with target on other resources.

I also get the following error on state show


terraform state show github_branch_protection.liveshare_custom_domain_pipeline
unsupported attribute "branch"
# github_branch_protection.liveshare_custom_domain_pipeline:
resource "github_branch_protection" "liveshare_custom_domain_pipeline" {

I tried the same terraform state show with other resources and I get similar error.

About this issue

Original URL
State: open
Created 4 years ago
Reactions: 6
Comments: 22 (13 by maintainers)

Most upvoted comments

@jcudit I have some great news! I am still running through the number of ones, so far all the issues are when we are specifying id rather than node_id. If we know the provider resource requires a node_id and not an id I think we should build some validation into it because this is a footgun that wasted a ton of time and the error messages were really not helpful. We had to rely on using a proxy (burp) to capture the requests.

majormoses on Mar 4, 2021

😬 seems like we’d need to account for old and new formats, thanks for linking https://github.blog/2021-02-10-new-global-id-format-coming-to-graphql/.

Capturing the failure with a local proxy or leveraging TF_LOG=DEBUG (or TRACE) are good next steps here to get more information. Just to confirm, @majormoses are you experiencing this with version 3.1.0?

My next steps here are to get a test org provisioned using v3.1.0 and then iterate on a state upgrader this week. It seems like only github_branch_protection is blocking upgrades, but if anyone else can point out other resources to include, please let me know. Will keep an eye out for the different format as well and hopefully come up with separate fixes to what seems to be two intertwined bugs.

jcudit on Feb 17, 2021

@majormoses the same happens with newly created resources as well:

module.github_repository.github_branch_protection.main: Creating...
  enforce_admins:                                                  "" => "false"
  pattern:                                                         "" => "master"
  repository_id:                                                   "" => "test-repo"
  require_signed_commits:                                          "" => "false"
  required_pull_request_reviews.#:                                 "" => "1"
  required_pull_request_reviews.0.required_approving_review_count: "" => "1"
  required_status_checks.#:                                        "" => "1"
  required_status_checks.0.contexts.#:                             "" => "2"
  required_status_checks.0.contexts.1584824872:                    "" => "ci/circleci"
  required_status_checks.0.contexts.2007057319:                    "" => "ci/jenkins"
  required_status_checks.0.strict:                                 "" => "true"

Error: Error applying plan:

1 error(s) occurred:

* module.github_repository.github_branch_protection.main: 1 error(s) occurred:

* github_branch_protection.main: Could not resolve to a node with the global id of 'test-repo'

great-qwerty on Feb 2, 2021