fix: avoid 422 when enterprise policy controls org fork setting#3360
fix: avoid 422 when enterprise policy controls org fork setting#3360andrewesweet wants to merge 2 commits intointegrations:mainfrom
Conversation
|
👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with |
deiga
left a comment
deiga
left a comment
There was a problem hiding this comment.
I think this won't be as simple as this. Since we use d.GetOk to identify if members_can_fork_private_repositories should be sent to the API it would still continue sending the value.
It would be important to add a test that verify's that members_can_fork_private_repositories isn't actually being set or updated in the Read function
Remove Default: false from members_can_fork_private_repositories schema to prevent the field from being sent to the API when not explicitly set by the user. When an enterprise-level policy locks this setting, sending any value causes a 422 validation error. Without a default, the field is only included in API calls when the user explicitly configures it, matching the behavior of members_can_create_internal_repositories (enterprise-only field). Fixes integrations#2689 Relates to integrations#1333 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
andrewesweet
force-pushed
the
fix/org-settings-fork-422
branch
from
08b4cec to
21524a1
Compare
Add Computed: true to members_can_fork_private_repositories schema so Terraform accepts API values when users omit the field, preventing phantom diffs that trigger 422 errors under enterprise policy. Replace shouldInclude with d.GetOkExists for this field since GetOk cannot distinguish "set to false" from "not set" on Computed+Optional bools. Follows allow_forking pattern in resource_github_repository.go. Add unit tests for buildOrganizationSettings and acceptance test proving no phantom diff after apply. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
andrewesweet
left a comment
andrewesweet
left a comment
There was a problem hiding this comment.
Thanks for the review, @deiga. I've updated the PR.
The schema now has Computed: true on the field, and the build function uses d.GetOkExists instead of shouldInclude. I followed the same pattern as allow_forking in resource_github_repository.go.
I also added:
- Unit tests for
buildOrganizationSettingscovering nil when omitted, non-nil when explicitly set totrueorfalse, and nil on updates when unchanged. - An acceptance test (
TestAccGithubOrganizationSettings_omittedForkFieldProducesCleanPlan) verifying no phantom diff after apply.
2 participants
Resolves #2689
Relates to #1333
Before the change?
members_can_fork_private_repositorieshasDefault: falsein the schema, causing the field to always be sent to the GitHub API even when not explicitly set by the user.After the change?
Default: falsefrom the schema so the field is only included in API calls when explicitly configured by the user.members_can_create_internal_repositories(enterprise-only field with no default).Users who never set this field see no behavioral change — the API default is
falseand the Read function still populates state from the API response.Pull request checklist
Does this introduce a breaking change?