terraform-provider-github: github_repository_webhook: 404s on API call
Terraform Version
$ terraform -v
Terraform v0.11.11
+ provider.aws v2.0.0
+ provider.github v1.3.0
+ provider.random v2.0.0
Affected Resource(s)
github_repository_webhook
Terraform Configuration Files
resource "random_string" "webhook_secret" {
length = 16
special = false
}
locals {
webhook_secret = "${random_string.webhook_secret.result}"
}
resource "github_repository_webhook" "default" {
name = "web"
repository = "${var.github_repo}"
configuration {
url = "${aws_codepipeline_webhook.default.url}"
content_type = "json"
insecure_ssl = true
secret = "${local.webhook_secret}"
}
events = ["push"]
}
Debug Output
https://gist.github.com/milosgajdos83/39af1f290c75f0ff2d2c81385dfabaf7
Expected Behavior
New GitHub webhook should be created.
Actual Behavior
terraform fails [to create new GitHub webhook] with the error shown below
Error: Error applying plan:
1 error(s) occurred:
* module.foo.github_repository_webhook.default: 1 error(s) occurred:
* github_repository_webhook.default: POST https://api.github.com/repos/tellerhq/foo/hooks: 404 Not Found []
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
- configure webhook
- terraform plan
- terraform apply
Important Factoids
As you can see from the hcl snippet above the GitHub webhook I’ve tried to create was for AWS Cdepipeline Source action. I think that’s pretty much the most interesting thing, about this. I have however tested this in a standalone configuration (i.e. without hooking it up with AWS CodePipeline) to no avail.
References
It seems terraform does issue POST request to correct GitHub API endpoint as expected:
[https://developer.github.com/v3/repos/hooks/#create-a-hook](https://developer.github.com/v3/repos/hooks/#create-a-hook)
I have a hunch that this issue might be related to the issue listed below:
- GH-171
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 8
- Comments: 19 (2 by maintainers)
Thank you @CarlosEspejo for your suggestion! In the end, I tried your code and it didn’t change anything for me. Fortunately, I’ve gotten it working and I now understand what was wrong. For anyone that gets stuck on this, know these three things:
/hooksendpoint. Other people discussed permissions addressing the error above, but I wasn’t sure. The 403 Forbidden status is supposedly returned when the user doesn’t have permission to access the endpoint viaPOST, but in fact my testing shows that you actually get back 404 for bothPOSTandGETrequests without a valid token having sufficient permissions. It doesn’t seem to matter if the repo is public or private.admin:repo_hook. But you do definitely need to have that scope ticked.So this explains why I was seeing a 404 (permissions error) when my user’s token had the correct permissions. The user in question was a bot account I created solely to interact with the CI/CD pipeline. I didn’t know what role it would need, but I thought surely Maintain would be good enough. It was not.
If anybody else comes across this issue like I did, setting the
admin:org_hookpermission for the GITHUB_TOKEN that you are using will fix this 404 error.Ran into this problem as well in terraform v0.14.8. Changing permissions on the token didn’t work.
In my case, I was actually using
github_*resources in a module.So I had to add a
versions.tffile to that module directory:For me, defining
owneras the organization name (Github organization) in additional totokendid the trick. Thanks @nk9 for noting that the PAT user must have the Admin role on the repo!for me it only started to work when i added these lines: