diff --git a/github/resource_github_repository.go b/github/resource_github_repository.go index 2419dee190..d9c21873ae 100644 --- a/github/resource_github_repository.go +++ b/github/resource_github_repository.go @@ -411,6 +411,11 @@ func resourceGithubRepository() *schema.Resource { Optional: true, Description: "Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.", }, + "ignore_vulnerability_alerts": { + Type: schema.TypeBool, + Optional: true, + Description: "Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions.", + }, "full_name": { Type: schema.TypeString, Computed: true, @@ -773,9 +778,11 @@ func resourceGithubRepositoryCreate(ctx context.Context, d *schema.ResourceData, } } - err := updateVulnerabilityAlerts(d, client, ctx, owner, repoName) - if err != nil { - return diag.FromErr(err) + if !d.Get("ignore_vulnerability_alerts").(bool) { + err := updateVulnerabilityAlerts(d, client, ctx, owner, repoName) + if err != nil { + return diag.FromErr(err) + } } return resourceGithubRepositoryUpdate(ctx, d, meta) @@ -896,7 +903,7 @@ func resourceGithubRepositoryRead(ctx context.Context, d *schema.ResourceData, m } } - if !d.Get("ignore_vulnerability_alerts_during_read").(bool) { + if !d.Get("ignore_vulnerability_alerts").(bool) && !d.Get("ignore_vulnerability_alerts_during_read").(bool) { vulnerabilityAlerts, _, err := client.Repositories.GetVulnerabilityAlerts(ctx, owner, repoName) if err != nil { return diag.Errorf("error reading repository vulnerability alerts: %s", err.Error()) @@ -1013,7 +1020,7 @@ func resourceGithubRepositoryUpdate(ctx context.Context, d *schema.ResourceData, } } - if d.HasChange("vulnerability_alerts") { + if !d.Get("ignore_vulnerability_alerts").(bool) && d.HasChange("vulnerability_alerts") { err = updateVulnerabilityAlerts(d, client, ctx, owner, repoName) if err != nil { return diag.FromErr(err) diff --git a/website/docs/r/repository.html.markdown b/website/docs/r/repository.html.markdown index 92c67745de..b2e745a9ef 100644 --- a/website/docs/r/repository.html.markdown +++ b/website/docs/r/repository.html.markdown @@ -140,9 +140,11 @@ initial repository creation and create the target branch inside of the repositor * `template` - (Optional) Use a template repository to create this resource. See [Template Repositories](#template-repositories) below for details. -* `vulnerability_alerts` (Optional) - Set to `true` to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See [GitHub Documentation](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings. +* `vulnerability_alerts` (Optional) - Set to `true` to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See [GitHub Documentation](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings. To manage this setting, admin permissions are required; use `ignore_vulnerability_alerts` if you lack permissions. -* `ignore_vulnerability_alerts_during_read` (Optional) - Set to `true` to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read. +* `ignore_vulnerability_alerts` (Optional) - Set to `true` to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions. When enabled, the `vulnerability_alerts` setting is not managed. + +* `ignore_vulnerability_alerts_during_read` (Optional) - Set to `true` to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read. If `ignore_vulnerability_alerts` is set, this field is ignored. * `allow_update_branch` (Optional) - Set to `true` to always suggest updating pull request branches.