[BUG]: security_and_analysis in repository requires optional values to be set #3177
Description
Expected Behavior
When using the security_and_analysis block in github_repository we only specify code_security block as status = "enabled". Other values secret_scanningandsecret_scanning_push_protection` we do not define. These are optional in the docs.
We use a module. This is a partial:
security_and_analysis {
code_security {
status = var.code_scanning # set to "enabled" but can be over-ridden.
}
}
This should not cause any problems.
Actual Behavior
We're currently getting this for the plan:
# module.repository_auth0_config.github_repository.repository will be updated in-place
~ resource "github_repository" "repository" {
id = "auth0-config"
name = "auth0-config"
# (40 unchanged attributes hidden)
~ security_and_analysis {
+ code_security {
+ status = "enabled"
}
- secret_scanning {
- status = "disabled" -> null
}
- secret_scanning_push_protection {
- status = "disabled" -> null
}
}
}
Meaning the Terraform is seeing the value is defined and is trying to undefine it.
I suspect this might be a change in GitHub and possibly a bug in GitHub as well, but it's hard to say for certain.
Terraform Version
These are running in a pipeline so I don't have easy access to finding the version, but I've pulled these out of the code.
They're not super recent, but I checked the changes and I can't see anything related to security_and_analysis.
1.14.0
github = {
source = "integrations/github"
version = ">= 6.9.1"
}
Affected Resource(s)
- github_repository
Terraform Configuration Files
Steps to Reproduce
$ terraform plan
Debug Output
Panic Output
Code of Conduct
- I agree to follow this project's Code of Conduct