Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform Apply for non-project resources fails if project removed #25

Closed
logachev opened this issue Jun 30, 2020 · 10 comments · Fixed by #57
Closed

Terraform Apply for non-project resources fails if project removed #25

logachev opened this issue Jun 30, 2020 · 10 comments · Fixed by #57
Labels
question

Comments

@logachev
Copy link
Contributor

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

Affected Resource(s)

  • azuredevops_build_definition
  • azuredevops_git_repository

Probably all resources, created inside the project

Terraform Configuration Files

resource "azuredevops_project" "this" {
  project_name = "test"
  description  = "description"
}

resource "azuredevops_git_repository" "this" {
  project_id = azuredevops_project.this.id
  name       = "Pipelines"
  initialization {
    init_type = "Clean"
  }
}

Debug Output

Panic Output

Expected Behavior

  • Run terraform apply and wait for it to succeed
  • Remove created devops project via the UI
  • Run terraform apply

Expected: detect both resources were destroyed & recreate them.

Actual Behavior

Error: VS800075: The project with id '6f6ee8e2-96ba-488e-95aa-79e17ee3ee28' does not exist, or you do not have permission to access it.

Steps to Reproduce

  • Run terraform apply and wait for it to succeed
  • Remove created devops project via the UI
  • Run terraform apply

Important Factoids

References

  • #0000
@xuzhang3
Copy link
Collaborator

xuzhang3 commented Jul 1, 2020

Hi @logachev , Thanks for open this issue. Its's not recommend manage resource with Terraform and portal UI at the same time.
Which Terraform version and ADO provider you use. I cannot reproduce your error.

@logachev logachev mentioned this issue Jul 4, 2020
Merged
11 tasks
@logachev
Copy link
Contributor Author

logachev commented Jul 4, 2020
edited
Loading

Sorry, git repos are fine. The error occurs for at least Build Definitions and Service Authorizations. I sent a PR to fix it.

I agree, it is not recommended to manage resources outside of Terraform, but it happens :)

Here is sample that shows an error (apply, delete project via UI, run plan)

provider "azurerm" {
  version = "=2.16.0"
  features {}
}

data "azurerm_subscription" "tools" {

}

resource "azuredevops_project" "this" {
  project_name = "test"
  description  = "description"
}

resource "azuredevops_git_repository" "this" {
  project_id = azuredevops_project.this.id
  name       = "Pipelines"
  initialization {
    init_type = "Clean"
  }
}

resource "azuredevops_serviceendpoint_azurerm" "foundation" {
  project_id            = azuredevops_project.this.id
  service_endpoint_name = "test"

  credentials {
    serviceprincipalid  = "clientid"
    serviceprincipalkey = "secret"
  }

  azurerm_subscription_id   = data.azurerm_subscription.tools.subscription_id
  azurerm_subscription_name = data.azurerm_subscription.tools.display_name
  azurerm_spn_tenantid      = data.azurerm_subscription.tools.tenant_id
}

resource "time_sleep" "wait_15_seconds" {
  create_duration = "15s"

  depends_on = [azuredevops_serviceendpoint_azurerm.foundation]
}


resource "azuredevops_build_definition" "foundation_deployment" {
  project_id = azuredevops_project.this.id
  name       = "Foundation Deployment"
  path       = "\\"

  repository {
    repo_id     = azuredevops_git_repository.this.id
    repo_type   = "TfsGit"
    branch_name = azuredevops_git_repository.this.default_branch
    yml_path    = ".azure-pipelines/foundation-tenant.yml"
  }
}


resource "azuredevops_resource_authorization" "foundation" {
  project_id  = azuredevops_project.this.id
  resource_id = azuredevops_serviceendpoint_azurerm.foundation.id
  authorized  = true
  depends_on  = [time_sleep.wait_15_seconds]
}

@ghost ghost removed the waiting-response label Jul 4, 2020
@jaicao jaicao mentioned this issue Oct 4, 2021
Open
@joaocc
Copy link

joaocc commented Oct 22, 2023
edited
Loading

Hi. Anyone still facing this issue? We are also getting this error when trying to recover from removal of a project. In out case it is from git_commit_file, azuredevops_git_repository_file.

Error: Get repository file commit failed , repositoryID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, branch: refs/heads/main, file: /some-folder/some-file.txt. Error:  VS800075: The project with id 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' does not exist, or you do not have permission to access it.

Thanks

@xuzhang3
Copy link
Collaborator

@joaocc can you be more specific how this error happens, any reproduce steps

@joaocc
Copy link

joaocc commented Oct 26, 2023

Hi. Sure.
We create projects, repos and pipelines via terraform. Then the project was removed outside terraform (for a valid reason, which is not relevant for this discussion). After this the only way I found to be able to work with state again was to manually cleanup the state file, as I kept getting errors telling me that the project was not available (which we already new).
I would expect the module to drop the resouce for not being able to find it, like with any other case (say a s3 bucket, a helm release, a configmap, VM, ...)
Thx

@xuzhang3
Copy link
Collaborator

xuzhang3 commented Nov 8, 2023

@joaocc Recreate project have different ID though they have the same name. If the project recreated, all the resource belong to this project will be deleted in which you need to remove it out of the state. In ADO provider it should detect this change and generate a new plan. I will track this issue

@joaocc
Copy link

joaocc commented Nov 8, 2023

Thanks. My issue was not that it would remove all resources of a project (as they are already gone due to project having been deleted). The main problem is that there was no path outside this error loop other than manually changing the state to prune it of the project and the remaining resources. We would expect to get a "oops, your resources are missing... removing them from terraform state" :)

@xuzhang3
Copy link
Collaborator

xuzhang3 commented Nov 9, 2023

@joaocc After the project deleted all the resource belong to is will return a http status code with 404, this will trigger a create operation but not deletion in ADO provider. State is a copy status of the resource not the first priority, real resource is. So in this scenario it will simply generate a creation plan but not info about update the state files.

@joaocc
Copy link

joaocc commented Nov 9, 2023

Not sure we are talking about the same situation. In our case, the project was removed in azdo (via the web ui) and we also removed the instance from the terraform code. We would not expect any errors, as all it had to do was understand that the desired state (no project) was already the same as in real life. However the 404 errors kept preventing code from running.
Hope this helps explaining the issue better.

@xuzhang3
Copy link
Collaborator

@joaocc Thanks for the feedback, this is a bug in ADO provider and I can reproduce it.

@xuzhang3 xuzhang3 mentioned this issue Nov 10, 2023
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix 400 bad request not found logachev/terraform-provider-azuredevops
3 participants
@logachev @joaocc @xuzhang3