Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions issue when recreating azuredevops_git_repository in another project #1080

Open
msl0 opened this issue Jun 18, 2024 · 1 comment
Open

Permissions issue when recreating azuredevops_git_repository in another project #1080

msl0 opened this issue Jun 18, 2024 · 1 comment
Labels
bug

Comments

@msl0
Copy link

msl0 commented Jun 18, 2024
edited

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

Terraform v1.8.2
on linux_amd64

+ provider registry.terraform.io/microsoft/azuredevops v1.1.1

Affected Resource(s)

  • azuredevops_git_repository

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp
terraform {
  required_providers {
    azuredevops = {
      source  = "microsoft/azuredevops"
      version = "~> 1.1.1"
    }
  }
}

provider "azuredevops" {
  org_service_url = "https://dev.azure.com/${var.azdoorganization}"
}

data "azuredevops_project" "this" {
  name = var.project_name
}

resource "azuredevops_git_repository" "this" {
  project_id = data.azuredevops_project.this.id
  name       = var.repo_name
  initialization {
    init_type = "Clean"
  }
}

Debug Output

Panic Output

Expected Behavior

I should be able to recreate the existing repository in another project if the permissions are the same in both projects

Actual Behavior

Provider deletes the repository of the old project, but when creating the repository in the new project I get this error:
TF401027: You need the Git 'ManageAdvSecScanning' permission to perform this action. Details: identity 'Build\<project_collection_build_service_id>', scope 'repository'.. When I clear the state and run Terraform, a new repository is created and the mentioned error does not appear, which proves that no additional permissions are required beyond those currently granted.

Steps to Reproduce

  1. terraform apply
  2. Change var.project_name
  3. terraform apply

Important Factoids

I noticed that during this operation, despite deleting the old repository from Azure DevOps, Terraform does not update the state in case of a problem, which causes another problem that I mentioned here

References
@msl0 msl0 changed the title Permissions issue when I want to recreate azuredevops_git_repository in another project Permissions issue when recreating azuredevops_git_repository in another project Jun 18, 2024
@msl0
Copy link
Author

msl0 commented Jun 19, 2024

When I extended the permissions with ManageAdvSecScanning (Advanced Security: manage settings), the problem disappeared. It looks like this permission was only required for deletion. The permissions required to create new repositories are:

  • Create repository
  • Advanced Security: manage settings

It would be good to include this information in the documentation

@xuzhang3 xuzhang3 added the bug label Jun 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xuzhang3 @msl0