Fix behaviour on archived repository

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

Author: deiga

github/resource_github_repository_vulnerability_alerts.go

@@ -2,6 +2,7 @@ package github
 
 import (
 	"context"
+	"net/http"
 	"strconv"
 
 	"github.com/hashicorp/terraform-plugin-log/tflog"
@@ -51,6 +52,7 @@ func resourceGithubRepositoryVulnerabilityAlerts() *schema.Resource {
 }
 
 func resourceGithubRepositoryVulnerabilityAlertsCreate(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
+	tflog.Info(ctx, "Creating repository vulnerability alerts", map[string]any{"id": d.Id()})
 	meta := m.(*Owner)
 	client := meta.v3client
 
@@ -87,15 +89,31 @@ func resourceGithubRepositoryVulnerabilityAlertsCreate(ctx context.Context, d *s
 }
 
 func resourceGithubRepositoryVulnerabilityAlertsRead(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
+	tflog.Info(ctx, "Reading repository vulnerability alerts", map[string]any{"id": d.Id()})
 	meta := m.(*Owner)
 	client := meta.v3client
 
 	owner := meta.name // TODO: Add owner support // d.Get("owner").(string)
 	repoName := d.Get("repository").(string)
-	vulnerabilityAlertsEnabled, _, err := client.Repositories.GetVulnerabilityAlerts(ctx, owner, repoName)
+	vulnerabilityAlertsEnabled, resp, err := client.Repositories.GetVulnerabilityAlerts(ctx, owner, repoName)
 	if err != nil {
+		if resp.StatusCode == http.StatusNotFound {
+			d.SetId("")
+			return diag.Errorf("vulnerability alerts don't exist for repository %s/%s, removing resource from state", owner, repoName)
+		}
 		return diag.Errorf("error reading repository vulnerability alerts: %s", err.Error())
 	}
+	// If no error, but the response status code is 404, we need to check if the repository is accessible.
+	if resp.StatusCode == http.StatusNotFound {
+		repo, _, err := client.Repositories.Get(ctx, owner, repoName)
+		if err != nil {
+			return diag.Errorf("repository doesn't exist anymore, please remove the resource from your configuration: %s", err.Error())
+		}
+		if repo.GetArchived() {
+			return diag.Errorf("repository %s/%s is archived, please remove the resource from your configuration", owner, repoName)
+		}
+	}
+	tflog.Debug(ctx, "Setting vulnerability alerts enabled state", map[string]any{"owner": owner, "repo_name": repoName, "vulnerability_alerts_enabled": vulnerabilityAlertsEnabled, "response_status": resp.StatusCode})
 	if err = d.Set("enabled", vulnerabilityAlertsEnabled); err != nil {
 		return diag.FromErr(err)
 	}
@@ -104,6 +122,7 @@ func resourceGithubRepositoryVulnerabilityAlertsRead(ctx context.Context, d *sch
 }
 
 func resourceGithubRepositoryVulnerabilityAlertsUpdate(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
+	tflog.Info(ctx, "Updating repository vulnerability alerts", map[string]any{"id": d.Id()})
 	meta := m.(*Owner)
 	client := meta.v3client
 
@@ -127,6 +146,7 @@ func resourceGithubRepositoryVulnerabilityAlertsUpdate(ctx context.Context, d *s
 }
 
 func resourceGithubRepositoryVulnerabilityAlertsDelete(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
+	tflog.Info(ctx, "Deleting repository vulnerability alerts", map[string]any{"id": d.Id()})
 	meta := m.(*Owner)
 	client := meta.v3client
 

github/resource_github_repository_vulnerability_alerts_test.go

@@ -9,7 +9,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-testing/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 	"github.com/hashicorp/terraform-plugin-testing/knownvalue"
-	"github.com/hashicorp/terraform-plugin-testing/plancheck"
 	"github.com/hashicorp/terraform-plugin-testing/statecheck"
 	"github.com/hashicorp/terraform-plugin-testing/tfjsonpath"
 )
@@ -191,7 +190,7 @@ func TestAccGithubRepositoryVulnerabilityAlerts(t *testing.T) {
 		})
 	})
 
-	t.Run("destroys_from_archived_repository_without_error", func(t *testing.T) {
+	t.Run("errors_when_reading_archived_repository", func(t *testing.T) {
 		randomID := acctest.RandString(5)
 		repoName := fmt.Sprintf("%svuln-alerts-%s", testResourcePrefix, randomID)
 
@@ -209,15 +208,6 @@ func TestAccGithubRepositoryVulnerabilityAlerts(t *testing.T) {
 			}
 		`
 
-		archivedOnlyConfig := fmt.Sprintf(`
-			resource "github_repository" "test" {
-				name       = "%s"
-				visibility = "private"
-				auto_init  = true
-				archived   = true
-			}
-		`, repoName)
-
 		resource.Test(t, resource.TestCase{
 			PreCheck:          func() { skipUnauthenticated(t) },
 			ProviderFactories: providerFactories,
@@ -231,17 +221,7 @@ func TestAccGithubRepositoryVulnerabilityAlerts(t *testing.T) {
 				{
 					Config:             fmt.Sprintf(withAlertsConfig, repoName, true),
 					ExpectNonEmptyPlan: true,
-					ConfigStateChecks: []statecheck.StateCheck{
-						statecheck.ExpectKnownValue("github_repository.test", tfjsonpath.New("archived"), knownvalue.Bool(true)),
-					},
-				},
-				{
-					Config: archivedOnlyConfig,
-					ConfigPlanChecks: resource.ConfigPlanChecks{
-						PreApply: []plancheck.PlanCheck{
-							plancheck.ExpectResourceAction("github_repository_vulnerability_alerts.test", plancheck.ResourceActionDestroy),
-						},
-					},
+					ExpectError:        regexp.MustCompile(`is archived, please remove the resource`),
 				},
 			},
 		})

github/util.go

@@ -242,6 +242,7 @@ func deleteResourceOn404AndSwallow304OtherwiseReturnError(err error, d *schema.R
 	var ghErr *github.ErrorResponse
 	if errors.As(err, &ghErr) {
 		if ghErr.Response.StatusCode == http.StatusNotModified {
+			log.Printf("[INFO] Resource %s not modified, skipping", resourceDescription)
 			return nil
 		}
 		if ghErr.Response.StatusCode == http.StatusNotFound {