Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anonymous access flag deprecation? #502

Closed
jhosteny opened this issue Jun 29, 2020 · 12 comments
Closed

Anonymous access flag deprecation? #502

jhosteny opened this issue Jun 29, 2020 · 12 comments
Labels
Status: Up for grabs Issues that are ready to be worked on by anyone thinking Type: Breaking change Used to note any change that requires a major version bump
Milestone
v2.9.1

Comments

@jhosteny
Copy link

Terraform Version

Terraform version: 0.12.28
Provider version: 2.9.0

Affected Resource(s)

Provider configuration

Terraform Configuration Files

terraform {
  required_version = "~> 0.12.0"

  required_providers {
    github = "~> 2.2"
    local  = "~> 1.2"
  }
}

provider "github" {
  token        = var.github_token != "" ? var.github_token : null
  organization = var.github_organization
  anonymous    = var.github_anonymous
  base_url     = var.github_base_url
}

Debug Output

N/A

Panic Output

N/A

Expected Behavior

Expected the apply to work with the given provider pessimistic constraint.

Actual Behavior

I'm not sure if this qualifies as a bug or not, but I wanted to point out the the anonymous flag was removed in a minor release, and has broken some modules we use (notably this one).

Is it expected that the provider configuration can change in a release without a major bump?

Steps to Reproduce

N/A

Important Factoids

N/A

References

N/A
@jhosteny jhosteny changed the title Anonymous access deprecation? Anonymous access deprecation? Jun 29, 2020
@jhosteny jhosteny mentioned this issue Jun 29, 2020
Open
@jhosteny jhosteny changed the title Anonymous access deprecation? Anonymous access flag deprecation? Jun 29, 2020
@glenwinters
Copy link

glenwinters commented Jun 30, 2020
edited
Loading

I agree that this was unexpected for a minor release, and the CHANGELOG doesn't call out the removed attributes.

It looks like #464 is the PR where the anonymous attribute was removed.

The fix for now is to pin the provider to the previous release, 2.8.1.

@glenwinters glenwinters mentioned this issue Jun 30, 2020
Closed
@jhosteny
Copy link
Author

@glenwinters thanks, will do

jhosteny referenced this issue in cloudposse/terraform-github-repository-webhooks Jun 30, 2020
@jhosteny
fix: ensure provider does not use version >= 2.9
bbe8c74 
The GitHub provider introduced a breaking change with the minor bump
to version 2.9.0, by removing a number of configuration options. This
included the 'anonymous' flag, which is expected to exist by this
module. Prevent this provder version, or later, from being used for now.
For reference, see
https://github.com/terraform-providers/terraform-provider-github/issues/502.
@jhosteny jhosteny mentioned this issue Jun 30, 2020
Closed
@jamengual
Copy link

pining to 2.8.1 is the workaround because this is going to be re-added to the provider code? or is like pin to 2.8.1 because we will not add it back?

@glenwinters
Copy link

@jamengual I'm just a user of the provider, and that's how I got my existing code that uses anonymous = true to continue to work. We have yet to hear from a maintainer about how this will be addressed going forward.

@jamengual
Copy link

@jamengual I'm just a user of the provider, and that's how I got my existing code that uses anonymous = true to continue to work. We have yet to hear from a maintainer about how this will be addressed going forward.

no worries, thanks

@jrzdudek
Copy link

jrzdudek commented Jul 1, 2020
edited
Loading

I also would be thankful to know why the anonymous flag was removed along with the individual flag. We have used it to generate an IP whitelist using the github_ip_ranges datasource.

I don't think there is any point for use cases like that to run in an authenticated context of an owner/organization.

@jcudit jcudit added this to the v2.9.1 milestone Jul 1, 2020
@jcudit
Copy link
Contributor

jcudit commented Jul 1, 2020

Thanks for reporting this and apologies for the interrupt on this breaking release.

As for next steps, by end of week the aim is to either:

  • cut v2.9.1 with re-instated support for anonymous access for the github_ip_ranges datasource
  • unrelease v.2.9.0 and re-release it as v3.0.0

Still collecting feedback if anyone has suggestions on how best to proceed 😊

@jcudit jcudit added Type: Breaking change Used to note any change that requires a major version bump Status: Up for grabs Issues that are ready to be worked on by anyone regression thinking labels Jul 1, 2020
@jcudit
Copy link
Contributor

jcudit commented Jul 1, 2020

More guidance has been offered by the Terraform committers community and a revised plan is to:

  • cut v.2.9.1 to revert changes from v2.9.0
  • add a deprecation to the anonymous flag at the provider-level
  • migrate changes previously in v2.9.0 into a v3.0.0 release

This was referenced Jul 1, 2020
Merged
Merged
@MarcoDalco
Copy link

Having the ability to retrieve the GitHub public IPs using the plugin seems quite useful, to me, and it's currently the only way we use it, so I hope that such functionality won't actually be taken away. What's the idea? That we should not use the Provider for that? Using it seemed to be quite natural and simple, and besides that, if a Token were required, I would have to guess how to get it from within our Jenkins builds via Groovy. Extra, unnecessary code, for a functionality which doesn't require password protection or even a session.

@jcudit
Copy link
Contributor

jcudit commented Jul 2, 2020

A major reason for this change is to remove complexity from the project and put us on a better foundation to serve enterprise and individual use cases.

There has been friction in the past around our current configuration options (see here).

Additionally, provider configuration can be minimized to just providing a token (see here for how we can learn from GitLab).

Perhaps the absence of a token can signal anonymous mode . We can use this approach to our benefit to enable token-less operations (like IP Range requests) as a fallback when no token is provided, instead of erroring out.

Thanks for raising this common use case. Hoping to hear more as investigations continue into which resources benefit from functioning anonymously and which do not.

@jcudit jcudit mentioned this issue Jul 2, 2020
Merged
@jcudit
Copy link
Contributor

jcudit commented Jul 10, 2020

After some time has passed here, my next step is to merge https://github.com/terraform-providers/terraform-provider-github/pull/506.

A similar change to the individual flag can be made to simplify things. Once these edits are in, we can look to revert v2.9.0 and cut v3.0.0.

There are a few other features queued up for release, so hoping to follow through on this plan by end of next week.

@jcudit
Copy link
Contributor

jcudit commented Jul 15, 2020

The flag deprecations have landed in the final release of the v2 line. The breaking changes that landed in v2 are now re-instated and ready for the v3.0.0 release.

@jcudit jcudit closed this as completed Jul 15, 2020
@jcudit jcudit mentioned this issue Jul 20, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Up for grabs Issues that are ready to be worked on by anyone thinking Type: Breaking change Used to note any change that requires a major version bump
Projects
None yet
Milestone
v2.9.1
Development

No branches or pull requests
6 participants
@glenwinters @jhosteny @jamengual @MarcoDalco @jcudit @jrzdudek