[jimberlage]

I would bet money that Elastic uses a Terraform provider for Github and they marked repos private in an automated way, and the reverse API operation doesn't function in the same way.

It's possible that any delay is them trying to figure out how to get Terraform back to a good state rather than making the repos public being this inherently hard thing.

[bilekas]

> It's possible that any delay is them trying to figure out how to get Terraform back to a good state rather than making the repos public being this inherently hard thing.

I don't know if it is Terraform, but if that was the case, it would actually be trivial to rollback the IaC terraform itself, or even from a previous statefile.

All things considered it doesn't seem to be a destructive mistake, and not 18:00 on a Friday :)

[jimberlage]

My experience with non-AWS providers in TF is that they're less maintained and buggy - in theory this should be easy, but people seem very afraid of TF and I can picture this getting chaotic.

But you're quite right that if they're comfortable enough, they should go into S3 and get a statefile they were happy with!

[xeraa]

Permissions aren't the problem. But the upstream source of all the forks is wrong if you take a repo private, all stars from folks outside your organization are gone,... So you need GitHub support to restore everything.

And the details how it happened are a bit different but it was a configuration error (making things too secure )

[I work for Elastic]

[luke-stanley]

This bears out the idea that the fastest way to get the truth on the Internet is to say something wrong first.

[xeraa]

Well, it was a bad change. But we wouldn't want the wrong story make it worse. It was "just" an error in our configuration.

[luke-stanley]

Fair enough, and what I said was wrong too, so it's turtles all the way down! I butchered Cunningham’s Law, thank you for correcting me, though the name of the law is confusing since it was McGeady who pointed out: "The best way to get the right answer on the Internet is not to ask a question, it’s to post the wrong answer.", which is what I did, and what the parent comment did, it is attributed to the great Ward Cunningham, creator of the first Wiki, who is a rightful dude. I have nerd-sniped myself on this. At least I'm less wrong now, thank you.

[jimberlage]

I also kinda wonder if they accidentally removed a user or some credential that has the permissions needed to make things public again, a TF change could involve both the public/private change and user account changes. Could be a bit to look up an admin account to fix things.

[thiht]

You’re probably right, but I’m not sure I understand the point of managing a GitHub organization in Terraform, that sounds harder than it needs to be. Are there some reasons I’m missing?

[sausagefeet]

All the common Infrastructure as Code reasons - you can get a change reviewed, people have an audit trail of changes, you can template out repos so they all look the same, anyone can propose changes even if making the changes are locked down to a few people, so on and so forth.

[vb-8448]

> I’m not sure I understand the point of managing a GitHub organization in Terraform

+1 here

The pendulum went from "no tools, we manage everything manually" to "even smoke pauses need to be tracked and versioned".