[BUG]: github_organization_role base_role effectively can't be set to `none`

[jmeickle-theaiinstitute]

Expected Behavior

github_organization_role contains both org-scoped and repo-scoped permissions. A base role is only required if setting repo-scoped permissions; and is not desirable in orgs where the base repository role for the org is set to "None".

However, the module doesn't seem to support either omitting this argument, or setting it to none.

Additionally, ignore_changes on base_role doesn't help because other changes to the resource will still attempt to set this on a PATCH and trigger the below error messages.

Actual Behavior

I can't omit the base_role argument or explicitly null it:

│ Error: error updating GitHub custom organization role ([REDACTED]): PATCH https://api.github.com/orgs/[REDACTED]: 422 Invalid request.
│ 
│ Invalid property /base_role: `` is not a possible value. Must be one of the following: none, read, triage, write, maintain, admin. []
│ 
│   with github_organization_role.base,
│   on roles.tf line 4, in resource "github_organization_role" "base":
│    4: resource "github_organization_role" "base" {
│ 
╵

But I also can't set it to none:

╷
│ Error: Error
│ 
│   with github_organization_role.base,
│   on roles.tf line 14, in resource "github_organization_role" "base":
│   14:   base_role = "none"
│ 
│ none is an invalid value for argument [{{} base_role}]

Or set it to an empty string:

╷
│ Error: Error
│ 
│   with github_organization_role.base,
│   on roles.tf line 14, in resource "github_organization_role" "base":
│   14:   base_role = ""
│ 
│  is an invalid value for argument [{{} base_role}]
╵

Terraform Version

Terraform v1.13.5
on linux_amd64
+ provider registry.terraform.io/integrations/github v6.8.3

Your version of Terraform is out of date! The latest version
is 1.14.0. You can update by downloading from https://developer.hashicorp.com/terraform/install

Affected Resource(s)

• github_organization_role

Terraform Configuration Files

resource "github_organization_role" "base" {
  name        = "Organization base permissions"

  base_role = "none"
  permissions = [
    "edit_org_custom_properties_values",
    "read_custom_properties_for_organizations",
  ]
  lifecycle {
      ignore_changes = [base_role]
  }
}

Steps to Reproduce

No response

Debug Output

Panic Output

Code of Conduct

• I agree to follow this project's Code of Conduct

[deiga]

Hey @jmeickle-theaiinstitute

Thanks for raising this! You are right that this behaviour isn't working correctly.

Would you be interested in submitting a PR to address this?

[jmeickle-theaiinstitute]

I don't anticipate working on this as I just worked around it for the time being.

[deiga]

Fair enough! We're focusing on getting the new v7 release out.
After that's done we can start addressing more of the bug reports ☺️

[stevehipwell]

I'll pick this up, it looks like the API changed between the PR for this being created and merged (a year), and the docs don't really help.