fix: address remaining reviewer feedback from PR integrations#3143

sprioriello · claude · sprioriello · commit 3c9d5d75495c · 2026-03-17T09:07:00.000+11:00
- Remove fmt.Sprintf from all tflog calls; use static messages with
  structured fields map for dynamic data (28 instances fixed)
- Add configuration_id Computed field to both resources so the numeric
  config ID is stored separately in state
- Update/Delete now read enterprise_slug and configuration_id from
  state via d.Get() instead of parsing the composite ID
- Update enterprise docs with configuration_id attribute

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/github/resource_github_enterprise_security_configuration.go b/github/resource_github_enterprise_security_configuration.go
@@ -32,6 +32,11 @@ func resourceGithubEnterpriseSecurityConfiguration() *schema.Resource {
 				ForceNew:    true,
 				Description: "The slug of the enterprise.",
 			},
+			"configuration_id": {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "The numeric ID of the code security configuration.",
+			},
 			"name": {
 				Type:        schema.TypeString,
 				Required:    true,
@@ -303,7 +308,7 @@ func resourceGithubEnterpriseSecurityConfigurationCreate(ctx context.Context, d
 	enterprise := d.Get("enterprise_slug").(string)
 	name := d.Get("name").(string)
 
-	tflog.Debug(ctx, fmt.Sprintf("Creating enterprise code security configuration: %s/%s", enterprise, name), map[string]any{
+	tflog.Debug(ctx, "Creating enterprise code security configuration", map[string]any{
 		"enterprise": enterprise,
 		"name":       name,
 	})
@@ -312,7 +317,7 @@ func resourceGithubEnterpriseSecurityConfigurationCreate(ctx context.Context, d
 
 	configuration, _, err := client.Enterprise.CreateCodeSecurityConfiguration(ctx, enterprise, config)
 	if err != nil {
-		tflog.Error(ctx, fmt.Sprintf("Failed to create enterprise code security configuration: %s/%s", enterprise, name), map[string]any{
+		tflog.Error(ctx, "Failed to create enterprise code security configuration", map[string]any{
 			"enterprise": enterprise,
 			"name":       name,
 			"error":      err.Error(),
@@ -326,7 +331,7 @@ func resourceGithubEnterpriseSecurityConfigurationCreate(ctx context.Context, d
 	}
 	d.SetId(id)
 
-	tflog.Info(ctx, fmt.Sprintf("Created enterprise code security configuration: %s/%s (ID: %d)", enterprise, name, configuration.GetID()), map[string]any{
+	tflog.Info(ctx, "Created enterprise code security configuration", map[string]any{
 		"enterprise": enterprise,
 		"name":       name,
 		"id":         configuration.GetID(),
@@ -348,7 +353,7 @@ func resourceGithubEnterpriseSecurityConfigurationRead(ctx context.Context, d *s
 		return diag.FromErr(err)
 	}
 
-	tflog.Trace(ctx, fmt.Sprintf("Reading enterprise code security configuration: %s/%d", enterprise, id), map[string]any{
+	tflog.Trace(ctx, "Reading enterprise code security configuration", map[string]any{
 		"enterprise": enterprise,
 		"id":         id,
 	})
@@ -358,15 +363,15 @@ func resourceGithubEnterpriseSecurityConfigurationRead(ctx context.Context, d *s
 		var ghErr *github.ErrorResponse
 		if errors.As(err, &ghErr) {
 			if ghErr.Response.StatusCode == http.StatusNotFound {
-				tflog.Info(ctx, fmt.Sprintf("Removing enterprise code security configuration %s/%d from state because it no longer exists in GitHub", enterprise, id), map[string]any{
+				tflog.Info(ctx, "Removing enterprise code security configuration from state because it no longer exists in GitHub", map[string]any{
 					"enterprise": enterprise,
 					"id":         id,
 				})
 				d.SetId("")
 				return nil
 			}
 		}
-		tflog.Error(ctx, fmt.Sprintf("Failed to read enterprise code security configuration: %s/%d", enterprise, id), map[string]any{
+		tflog.Error(ctx, "Failed to read enterprise code security configuration", map[string]any{
 			"enterprise": enterprise,
 			"id":         id,
 			"error":      err.Error(),
@@ -382,7 +387,7 @@ func resourceGithubEnterpriseSecurityConfigurationRead(ctx context.Context, d *s
 		return diags
 	}
 
-	tflog.Trace(ctx, fmt.Sprintf("Successfully read enterprise code security configuration: %s/%d", enterprise, id), map[string]any{
+	tflog.Trace(ctx, "Successfully read enterprise code security configuration", map[string]any{
 		"enterprise": enterprise,
 		"id":         id,
 	})
@@ -392,35 +397,27 @@ func resourceGithubEnterpriseSecurityConfigurationRead(ctx context.Context, d *s
 
 func resourceGithubEnterpriseSecurityConfigurationUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
 	client := meta.(*Owner).v3client
+	enterprise := d.Get("enterprise_slug").(string)
+	id := int64(d.Get("configuration_id").(int))
 
-	enterprise, idStr, err := parseID2(d.Id())
-	if err != nil {
-		return diag.FromErr(err)
-	}
-
-	id, err := strconv.ParseInt(idStr, 10, 64)
-	if err != nil {
-		return diag.FromErr(err)
-	}
-
-	tflog.Debug(ctx, fmt.Sprintf("Updating enterprise code security configuration: %s/%d", enterprise, id), map[string]any{
+	tflog.Debug(ctx, "Updating enterprise code security configuration", map[string]any{
 		"enterprise": enterprise,
 		"id":         id,
 	})
 
 	config := expandCodeSecurityConfigurationCommon(d)
 
-	_, _, err = client.Enterprise.UpdateCodeSecurityConfiguration(ctx, enterprise, id, config)
+	_, _, err := client.Enterprise.UpdateCodeSecurityConfiguration(ctx, enterprise, id, config)
 	if err != nil {
-		tflog.Error(ctx, fmt.Sprintf("Failed to update enterprise code security configuration: %s/%d", enterprise, id), map[string]any{
+		tflog.Error(ctx, "Failed to update enterprise code security configuration", map[string]any{
 			"enterprise": enterprise,
 			"id":         id,
 			"error":      err.Error(),
 		})
 		return diag.FromErr(err)
 	}
 
-	tflog.Info(ctx, fmt.Sprintf("Updated enterprise code security configuration: %s/%d", enterprise, id), map[string]any{
+	tflog.Info(ctx, "Updated enterprise code security configuration", map[string]any{
 		"enterprise": enterprise,
 		"id":         id,
 	})
@@ -430,41 +427,33 @@ func resourceGithubEnterpriseSecurityConfigurationUpdate(ctx context.Context, d
 
 func resourceGithubEnterpriseSecurityConfigurationDelete(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
 	client := meta.(*Owner).v3client
+	enterprise := d.Get("enterprise_slug").(string)
+	id := int64(d.Get("configuration_id").(int))
 
-	enterprise, idStr, err := parseID2(d.Id())
-	if err != nil {
-		return diag.FromErr(err)
-	}
-
-	id, err := strconv.ParseInt(idStr, 10, 64)
-	if err != nil {
-		return diag.FromErr(err)
-	}
-
-	tflog.Debug(ctx, fmt.Sprintf("Deleting enterprise code security configuration: %s/%d", enterprise, id), map[string]any{
+	tflog.Debug(ctx, "Deleting enterprise code security configuration", map[string]any{
 		"enterprise": enterprise,
 		"id":         id,
 	})
 
-	_, err = client.Enterprise.DeleteCodeSecurityConfiguration(ctx, enterprise, id)
+	_, err := client.Enterprise.DeleteCodeSecurityConfiguration(ctx, enterprise, id)
 	if err != nil {
 		var ghErr *github.ErrorResponse
 		if errors.As(err, &ghErr) && ghErr.Response.StatusCode == http.StatusNotFound {
-			tflog.Info(ctx, fmt.Sprintf("Enterprise code security configuration %s/%d already deleted", enterprise, id), map[string]any{
+			tflog.Info(ctx, "Enterprise code security configuration already deleted", map[string]any{
 				"enterprise": enterprise,
 				"id":         id,
 			})
 			return nil
 		}
-		tflog.Error(ctx, fmt.Sprintf("Failed to delete enterprise code security configuration: %s/%d", enterprise, id), map[string]any{
+		tflog.Error(ctx, "Failed to delete enterprise code security configuration", map[string]any{
 			"enterprise": enterprise,
 			"id":         id,
 			"error":      err.Error(),
 		})
 		return diag.FromErr(err)
 	}
 
-	tflog.Info(ctx, fmt.Sprintf("Deleted enterprise code security configuration: %s/%d", enterprise, id), map[string]any{
+	tflog.Info(ctx, "Deleted enterprise code security configuration", map[string]any{
 		"enterprise": enterprise,
 		"id":         id,
 	})
diff --git a/github/resource_github_organization_security_configuration.go b/github/resource_github_organization_security_configuration.go
@@ -3,7 +3,6 @@ package github
 import (
 	"context"
 	"errors"
-	"fmt"
 	"net/http"
 	"strconv"
 
@@ -26,6 +25,11 @@ func resourceGithubOrganizationSecurityConfiguration() *schema.Resource {
 		},
 
 		Schema: map[string]*schema.Schema{
+			"configuration_id": {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "The numeric ID of the code security configuration.",
+			},
 			"name": {
 				Type:        schema.TypeString,
 				Required:    true,
@@ -301,7 +305,7 @@ func resourceGithubOrganizationSecurityConfigurationCreate(ctx context.Context,
 	org := meta.(*Owner).name
 	name := d.Get("name").(string)
 
-	tflog.Debug(ctx, fmt.Sprintf("Creating organization code security configuration: %s/%s", org, name), map[string]any{
+	tflog.Debug(ctx, "Creating organization code security configuration", map[string]any{
 		"organization": org,
 		"name":         name,
 	})
@@ -310,7 +314,7 @@ func resourceGithubOrganizationSecurityConfigurationCreate(ctx context.Context,
 
 	configuration, _, err := client.Organizations.CreateCodeSecurityConfiguration(ctx, org, config)
 	if err != nil {
-		tflog.Error(ctx, fmt.Sprintf("Failed to create organization code security configuration: %s/%s", org, name), map[string]any{
+		tflog.Error(ctx, "Failed to create organization code security configuration", map[string]any{
 			"organization": org,
 			"name":         name,
 			"error":        err.Error(),
@@ -324,7 +328,7 @@ func resourceGithubOrganizationSecurityConfigurationCreate(ctx context.Context,
 	}
 	d.SetId(id)
 
-	tflog.Info(ctx, fmt.Sprintf("Created organization code security configuration: %s/%s (ID: %d)", org, name, configuration.GetID()), map[string]any{
+	tflog.Info(ctx, "Created organization code security configuration", map[string]any{
 		"organization": org,
 		"name":         name,
 		"id":           configuration.GetID(),
@@ -350,7 +354,7 @@ func resourceGithubOrganizationSecurityConfigurationRead(ctx context.Context, d
 		return diag.FromErr(err)
 	}
 
-	tflog.Trace(ctx, fmt.Sprintf("Reading organization code security configuration: %s/%d", org, id), map[string]any{
+	tflog.Trace(ctx, "Reading organization code security configuration", map[string]any{
 		"organization": org,
 		"id":           id,
 	})
@@ -360,15 +364,15 @@ func resourceGithubOrganizationSecurityConfigurationRead(ctx context.Context, d
 		var ghErr *github.ErrorResponse
 		if errors.As(err, &ghErr) {
 			if ghErr.Response.StatusCode == http.StatusNotFound {
-				tflog.Info(ctx, fmt.Sprintf("Removing organization code security configuration %s/%d from state because it no longer exists in GitHub", org, id), map[string]any{
+				tflog.Info(ctx, "Removing organization code security configuration from state because it no longer exists in GitHub", map[string]any{
 					"organization": org,
 					"id":           id,
 				})
 				d.SetId("")
 				return nil
 			}
 		}
-		tflog.Error(ctx, fmt.Sprintf("Failed to read organization code security configuration: %s/%d", org, id), map[string]any{
+		tflog.Error(ctx, "Failed to read organization code security configuration", map[string]any{
 			"organization": org,
 			"id":           id,
 			"error":        err.Error(),
@@ -380,7 +384,7 @@ func resourceGithubOrganizationSecurityConfigurationRead(ctx context.Context, d
 		return diags
 	}
 
-	tflog.Trace(ctx, fmt.Sprintf("Successfully read organization code security configuration: %s/%d", org, id), map[string]any{
+	tflog.Trace(ctx, "Successfully read organization code security configuration", map[string]any{
 		"organization": org,
 		"id":           id,
 	})
@@ -394,18 +398,10 @@ func resourceGithubOrganizationSecurityConfigurationUpdate(ctx context.Context,
 		return diag.FromErr(err)
 	}
 	client := meta.(*Owner).v3client
+	org := meta.(*Owner).name
+	id := int64(d.Get("configuration_id").(int))
 
-	org, idStr, err := parseID2(d.Id())
-	if err != nil {
-		return diag.FromErr(err)
-	}
-
-	id, err := strconv.ParseInt(idStr, 10, 64)
-	if err != nil {
-		return diag.FromErr(err)
-	}
-
-	tflog.Debug(ctx, fmt.Sprintf("Updating organization code security configuration: %s/%d", org, id), map[string]any{
+	tflog.Debug(ctx, "Updating organization code security configuration", map[string]any{
 		"organization": org,
 		"id":           id,
 	})
@@ -414,15 +410,15 @@ func resourceGithubOrganizationSecurityConfigurationUpdate(ctx context.Context,
 
 	_, _, err = client.Organizations.UpdateCodeSecurityConfiguration(ctx, org, id, config)
 	if err != nil {
-		tflog.Error(ctx, fmt.Sprintf("Failed to update organization code security configuration: %s/%d", org, id), map[string]any{
+		tflog.Error(ctx, "Failed to update organization code security configuration", map[string]any{
 			"organization": org,
 			"id":           id,
 			"error":        err.Error(),
 		})
 		return diag.FromErr(err)
 	}
 
-	tflog.Info(ctx, fmt.Sprintf("Updated organization code security configuration: %s/%d", org, id), map[string]any{
+	tflog.Info(ctx, "Updated organization code security configuration", map[string]any{
 		"organization": org,
 		"id":           id,
 	})
@@ -436,18 +432,10 @@ func resourceGithubOrganizationSecurityConfigurationDelete(ctx context.Context,
 		return diag.FromErr(err)
 	}
 	client := meta.(*Owner).v3client
+	org := meta.(*Owner).name
+	id := int64(d.Get("configuration_id").(int))
 
-	org, idStr, err := parseID2(d.Id())
-	if err != nil {
-		return diag.FromErr(err)
-	}
-
-	id, err := strconv.ParseInt(idStr, 10, 64)
-	if err != nil {
-		return diag.FromErr(err)
-	}
-
-	tflog.Debug(ctx, fmt.Sprintf("Deleting organization code security configuration: %s/%d", org, id), map[string]any{
+	tflog.Debug(ctx, "Deleting organization code security configuration", map[string]any{
 		"organization": org,
 		"id":           id,
 	})
@@ -456,21 +444,21 @@ func resourceGithubOrganizationSecurityConfigurationDelete(ctx context.Context,
 	if err != nil {
 		var ghErr *github.ErrorResponse
 		if errors.As(err, &ghErr) && ghErr.Response.StatusCode == http.StatusNotFound {
-			tflog.Info(ctx, fmt.Sprintf("Organization code security configuration %s/%d already deleted", org, id), map[string]any{
+			tflog.Info(ctx, "Organization code security configuration already deleted", map[string]any{
 				"organization": org,
 				"id":           id,
 			})
 			return nil
 		}
-		tflog.Error(ctx, fmt.Sprintf("Failed to delete organization code security configuration: %s/%d", org, id), map[string]any{
+		tflog.Error(ctx, "Failed to delete organization code security configuration", map[string]any{
 			"organization": org,
 			"id":           id,
 			"error":        err.Error(),
 		})
 		return diag.FromErr(err)
 	}
 
-	tflog.Info(ctx, fmt.Sprintf("Deleted organization code security configuration: %s/%d", org, id), map[string]any{
+	tflog.Info(ctx, "Deleted organization code security configuration", map[string]any{
 		"organization": org,
 		"id":           id,
 	})
diff --git a/github/util_security_configuration.go b/github/util_security_configuration.go
@@ -67,6 +67,9 @@ func flattenSecretScanningDelegatedBypassOptions(options *github.SecretScanningD
 // setCodeSecurityConfigurationState writes all shared CodeSecurityConfiguration fields to Terraform state.
 // Used by both the organization and enterprise security configuration resources.
 func setCodeSecurityConfigurationState(d *schema.ResourceData, configuration *github.CodeSecurityConfiguration) diag.Diagnostics {
+	if err := d.Set("configuration_id", configuration.GetID()); err != nil {
+		return diag.FromErr(err)
+	}
 	if err := d.Set("name", configuration.Name); err != nil {
 		return diag.FromErr(err)
 	}
diff --git a/website/docs/r/enterprise_security_configuration.html.markdown b/website/docs/r/enterprise_security_configuration.html.markdown
@@ -60,6 +60,7 @@ The following arguments are supported:
 
 ## Attributes Reference
 
+* `configuration_id` - The numeric ID of the code security configuration.
 * `target_type` - The target type of the code security configuration.
 
 ### Dependency Graph Autosubmit Action Options
