-
Notifications
You must be signed in to change notification settings - Fork 771
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes team membership bug #325
Fixes team membership bug #325
Conversation
https://github.com/terraform-providers/terraform-provider-github/issues/323 The current code parses username and team_id from the returned URL with code that expects the URL to be constructed in a certain fashion. Today that changed, in the form of "teams/id" to "team/id", making team_id go missing. Since the upstream API is only meant for obtaining membership status/type, with the URL being an opaque reference back to itself, we shouldn't depend on that URL being anything in particular. So this sets our data, if the API responds, to the username and team_id we already had to make the call.
Since the github API change this morning it probably should be noted that this resource is currently broken for everyone on all? versions of this provider. |
that's true indeed. This should be released asap. |
On the surface this seems like the right thing to do. I was wondering why the provider is gathering data from the API call that should already know. But I am not really familiar with the overall architecture of the provider, so I proposed an alternative PR, in case it's something we can get deployed faster. https://github.com/terraform-providers/terraform-provider-github/pull/326 However, I'm totally on board with this PR if the maintainers are comfortable releasing asap. Thanks @samrees ! |
If you need this quick: FROM golang:1.11-alpine as build-github
RUN apk add git make bash build-base
RUN git clone https://github.com/samrees/terraform-provider-github.git && \
cd terraform-provider-github && \
git checkout team_membership_bugfix && \
make build
FROM hashicorp/terraform:0.12.19
RUN mkdir -p /root/.terraform.d/plugins
COPY --from=build-github /go/bin/terraform-provider-github /root/.terraform.d/plugins Same, I'm not familiar with how this provider works specifically. Since that URL parsing function was from the initial commit I had an idea today to go through all the code and look for more instances of this. Theres a chance I'm missing something, that Github just made a mistake and broke their API, but I don't think so. I think it makes sense that Github thought they could change this value without consequence, because all the |
It only works after having imported the resource again. |
@Jonnymcc based on what I saw in the tfstate file yesterday while debugging this. You may want to roll back to a previous state file. One that doesn't have empty strings for the team_id value on these resources. I used version S3 so it was easy to find the state file before the provider started breaking it. That can save you from the toil of having to import a lot of membership resources if you have them. |
@steakfest is right on rolling back to a previous version of the statefile is the right choice. On of the off chance you can't rollback (or were dumb like me and thought it was all my fault), heres a ruby script to repair a statefile from data thats already there: def gen_cmds(r)
id = r['instances'].first['attributes']['id']
[
"terraform state rm github_team_membership.#{r['name']}",
"terraform import github_team_membership.#{r['name']} #{id}"
]
end
data = JSON.parse(File.read('terraform.tfstate'))
cmds = data['resources'].flat_map{|r| gen_cmds(r) if r['type'] == "github_team_membership" }.compact
f1 = File.open('cmds', 'w')
f1.write cmds.join("\n")
# run `bash -eux cmds` to re-import all your git team membership resources
# populates the `team_id` field from the existing data
def fix(r)
id = r['instances'].first['attributes']['id'].split(':').first
r['instances'].first['attributes']['team_id'] = id
end
data = JSON.parse(File.read('terraform.tfstate'))
data['resources'].each{|r| fix(r) if r['type'] == "github_team_membership" }
f2 = File.open('terraform-modified.statefile', 'w')
f2.write JSON.pretty_generate(data)
# mv terraform-modified.statefile terraform.tfstate |
👋 from GitHub here. We did upgrade this URL because we are long term deprecating the current endpoint and moving it to always reside under the organization that owns the team. We do this to ensure the future scalability of GitHub where a direct reference by You're also 100% right that we indeed assume that people treat the URLs as opaque references, and that parsing it / interpreting it like this is not a supported usage of these URLs. I think that the fix in this PR makes sense and is the right fix for the urgent issue right now. As for the longer term move to the new endpoints, that's something that can happen then at a later time and that we would also be happy to help with if needed. |
this is not working, compiled on darwin. |
@meabed I needed to deploy this without Docker so I'll give you my quick instructions. Requirements: GVM
You may need to symlink it as terraform-provider-github_v2.2.1_x4 as well if terraform init still tries to download and install the plugin
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is good to 🚢 despite not being able to get acceptance tests passing.
TestAccGithubTeamMembership_basic and TestAccGithubTeamMembership_caseInsensitive began failing on January 17th prior to this change being published. I'm able to get passing tests if I toggle ImportStateVerify
to false
, which gives me confidence that this change has no broader effects on functionality. I'd like to spend more time understanding the failure but I do not want to delay getting a potential fix released.
@jcudit Thanks! would this be merged soon? |
@meabed I'd like another set of Hashicorp eyes on this before merging and have pinged for review. I am unable to cut releases as I am still onboarding but would expect things to pick up now that the extended weekend has passed. If merging this to Apologies for hesitating on this one. I'm still new 🙃. |
I think you became quite famous on your first days with this world-wide effecting issue :) |
if you build this locally and then push it somewhere, make sure to do |
Any ETA on getting this in @jcudit it is unfortunate that this happened to us the day we had a new-hire start 😆 causing some grief getting them provisioned. |
I'm not sure you anybody else noticed this, so I'm share my experience. I've found that because of the order of operations by the provider, that generally what I want to happen is still happening. Since the apply fails to delete after any new memberships have been created, this hans't blocked me from being able to add new members to teams, since terraform doesn't roll back. |
I just noticed this too @steakfest my new user was at least added even with the errors which is enough for now. |
I am not sure if this fix is working correctly. |
Thank you @samrees for raising the PR with patch promptly. Your patch does a good job in fixing the bug for any new team memberships. I just pushed a small change to your branch to allow reconciliation, so that folks don't have to re-import resources or otherwise tinker with the state. I will explain bellow why that is necessary. I pushed this as a separate commit, so your original contribution is still credited to you. Detailed explanation for anyone interestedBasically what happened after the upstream API change is that the provider code parsed out empty string and so
All relevant acceptance tests ( State manipulationReverting state to a previous version is possible, assuming your state is versioned, although you may run into a situation where state is drifted, if you made any genuine changes to config and/or in GitHub manually. Generally speaking we always discourage from manipulating the state file outside of Terraform. Terraform offers commands ( Changing state manually may get you into a state which is hard to recover from (because the provider code can make assumptions about which fields are set to what and when) and more importantly if you run into a problem/bug we are less likely be able to help as the problem will be unreproducible for us. RecoveryWhen this patch is applied and released it should fix the problem for majority of users automatically (without having to touch the state) during the next Thanks everyone for the patience. |
Hello everyone and thanks for the great work! When can we expect a new release of the GH provider that will contain this fix? |
2.3.0 version with this patch was just released. Feel free to upgrade by setting e.g. provider "github" {
version = "~> 2.3"
} Recovery (after upgrading)As mentioned in my previous comment, upgrading the provider alone should resolve the problem for majority of users automatically during the next Those which for any reason employ |
Fixes team membership bug
Fixes #323
Closes #326
The current code parses username and team_id from the returned URL with code
that expects the URL to be constructed in a certain fashion. Today that changed,
in the form of "teams/id" to "team/id", making team_id go missing.
Since the upstream API is only meant for obtaining membership status/type, with
the URL being an opaque reference back to itself, we shouldn't depend on that URL
being anything in particular. So this sets our data, if the API responds, to the
username and team_id we already had to make the call.