Terraform Apply for missing/removed azdo prohe resources fails if project removed

[jaicao]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

Terraform v1.0.8
azurerm v2.78.0
azuredevops v0.1.7

• azuredevops_resource_authorization

Terraform Configuration Files

The state the remote object should be refreshed and updated correctly so that the inner resources can behave accordingly.
Here, we have separate lifecycle for the creation of azdo project and azuredevops_resource_authorization. Although the creation of project could have been done via the UI, obtaining the project id is't straight forward.

# this file is in .\project
variable "org_name" {}

terraform {
  required_providers {
    azuredevops = {
      source  = "microsoft/azuredevops"
      version = ">=0.1.0"
    }
  }
}

provider "azuredevops" {
  org_service_url = "https://dev.azure.com/${var.org_name}/"
}

resource "azuredevops_project" "blah" {
  name = "blah"
}

output "id" {
  value = azuredevops_project.blah.id
}

# this file is in .\service-endpoint
variable "org_name" {} # same as the org above
variable "project_id" {} # retrieved from above project

terraform {
  required_providers {
    azuredevops = {
      source  = "microsoft/azuredevops"
      version = ">=0.1.0"
    }
  }
}
provider "azuredevops" {
  org_service_url = "https://dev.azure.com/${var.org_name}/"
}

resource "azuredevops_serviceendpoint_azurerm" "endpointazure" {
  project_id            = "d04c1da4-d718-4f36-888c-72e4d0fa5149" # retrieved from above project
  service_endpoint_name = "Sample AzureRM"
  description           = "Managed by Terraform"
  credentials {
    serviceprincipalid  = "00000000-0000-0000-0000-000000000000"
    serviceprincipalkey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  }
  azurerm_spn_tenantid      = "00000000-0000-0000-0000-000000000000"
  azurerm_subscription_id   = "00000000-0000-0000-0000-000000000000"
  azurerm_subscription_name = "Sample Subscription"
}

resource "azuredevops_resource_authorization" "name" {
  project_id  = var.project_id 
  resource_id = azuredevops_serviceendpoint_azurerm.endpointazure.id
  authorized  = true
}

Debug Output

Panic Output

Expected Behavior

Expected: detect azdo project to have been destroyed for azuredevops_serviceendpoint_azurerm & azuredevops_resource_authorization and to be remove related child resources.

Actual Behavior

Error: VS800075: The project with id 'd04c1da4-d718-4f36-888c-72e4d0fa5149' does not exist, or you do not have permission to access it.

Steps to Reproduce

1. cd ./project and terraform apply to create azdo project
2. cd ./service-endpoint and terraform apply
3. cd back to ./project and terraform destroy to destroy azdo project
4. cd back to ./service-endpoint and terraform plan

Important Factoids

References

• Terraform Apply for non-project resources fails if project removed #25

I suspect that this line of code is returning the error - https://github.com/microsoft/terraform-provider-azuredevops/blob/main/azuredevops/internal/service/build/resource_resource_authorization.go#L119
Perhaps another check to determine if the project is missing should be added, and if so, set the id to "".

[xuzhang3]

Currently, all resource won't handle the project status, if the project resource been deleted, the sub resource will simply throw an error. All resources depends on project should handle the project status.