From 08b4cec4b611090539ddcd58451f96c226a98bb9 Mon Sep 17 00:00:00 2001 From: Andrew Sweet Date: Wed, 22 Apr 2026 14:54:57 +0100 Subject: [PATCH] fix: avoid 422 when enterprise policy controls org fork setting Remove Default: false from members_can_fork_private_repositories schema to prevent the field from being sent to the API when not explicitly set by the user. When an enterprise-level policy locks this setting, sending any value causes a 422 validation error. Without a default, the field is only included in API calls when the user explicitly configures it, matching the behavior of members_can_create_internal_repositories (enterprise-only field). Fixes #2689 Relates to #1333 Co-Authored-By: Claude Opus 4.7 (1M context) --- github/resource_github_organization_settings.go | 3 +-- website/docs/r/organization_settings.html.markdown | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/github/resource_github_organization_settings.go b/github/resource_github_organization_settings.go index 5b8d0b7062..643493e5ac 100644 --- a/github/resource_github_organization_settings.go +++ b/github/resource_github_organization_settings.go @@ -119,8 +119,7 @@ func resourceGithubOrganizationSettings() *schema.Resource { "members_can_fork_private_repositories": { Type: schema.TypeBool, Optional: true, - Default: false, - Description: "Whether or not organization members can fork private repositories.", + Description: "Whether or not organization members can fork private repositories. When an enterprise policy controls this setting, omit this attribute to avoid API validation errors.", }, "web_commit_signoff_required": { Type: schema.TypeBool, diff --git a/website/docs/r/organization_settings.html.markdown b/website/docs/r/organization_settings.html.markdown index c8a4db54a6..639f5801cf 100644 --- a/website/docs/r/organization_settings.html.markdown +++ b/website/docs/r/organization_settings.html.markdown @@ -64,7 +64,7 @@ The following arguments are supported: * `members_can_create_pages` - (Optional) Whether or not organization members can create new pages. Defaults to `true`. * `members_can_create_public_pages` - (Optional) Whether or not organization members can create new public pages. Defaults to `true`. * `members_can_create_private_pages` - (Optional) Whether or not organization members can create new private pages. Defaults to `true`. -* `members_can_fork_private_repositories` - (Optional) Whether or not organization members can fork private repositories. Defaults to `false`. +* `members_can_fork_private_repositories` - (Optional) Whether or not organization members can fork private repositories. When an enterprise policy controls this setting, omit this attribute to avoid API validation errors. * `web_commit_signoff_required` - (Optional) Whether or not commit signatures are required for commits to the organization. Defaults to `false`. * `advanced_security_enabled_for_new_repositories` - (Optional) Whether or not advanced security is enabled for new repositories. Defaults to `false`. * `dependabot_alerts_enabled_for_new_repositories` - (Optional) Whether or not dependabot alerts are enabled for new repositories. Defaults to `false`.