Closed julie-ng closed 3 years ago
BTW, to remove error by making Terraform forget this orphaned resources, run something like:
terraform state rm 'module.ado_collaboration_permissions_veggies.azuredevops_group.admins_group'
terraform state rm 'module.ado_collaboration_permissions_veggies.azuredevops_group.team_group'
terraform state rm 'module.ado_supermarket_permissions_fruits.azuredevops_group.admins_group'
terraform state rm 'module.ado_supermarket_permissions_fruits.azuredevops_group.team_group'
terraform state rm 'module.ado_supermarket_permissions_veggies.azuredevops_group.team_group'
terraform state rm 'module.ado_team_permissions["proj_fruits"].azuredevops_group.admins_group'
terraform state rm 'module.ado_team_permissions["proj_fruits"].azuredevops_group.team_group'
terraform state rm 'module.ado_team_permissions["proj_veggies"].azuredevops_group.admins_group'
terraform state rm 'module.ado_team_permissions["proj_veggies"].azuredevops_group.team_group'
terraform state rm 'module.team_permissions["proj_fruits"].azuredevops_group.team_group'
terraform state rm 'module.team_permissions["proj_veggies"].azuredevops_group.team_group'
Unfortunately the SID
in the error message is useless. So I've just deleted all the security group assignments aka "permissions" 🤷♀️
Symptom
Sometimes when IaC is changed, the following messages are returned when running
terraform apply
and eventerraform destroy
Hypothesis
Terraform is deleting ADO Projects before security groups. So when Terraform tries to remove security groups, it cannot find them and those "security identifier (SID)" are not found in terraform state. So I assume it's a weird legacy Team Foundation Server (TFS) identified.
Action
Use
depends_on
to force terraform to remove ADO security groups before removing projects.