Bug: Unable to destroy host group on tenant without Device Control subscription

[l-teles]

When trying to destroy a host group created within a tenant without a Device Control subscription, the following error is raised:

╷
│ Error: Error deleting CrowdStrike host group
│ 
│ Unable to read assigned usb device control policies [GET /policy/queries/device-control/v1][403] queryDeviceControlPoliciesForbidden
│ &{Errors:[{Code:403 Message:access denied, authorization failed}] Meta:PoweredBy:crowdstrike-api-gateway QueryTime:1.49e-07
│ TraceID:redacted}}

[ffalor]

403 error refers to a missing scope in your api key do you have all the scopes documented in the resource? Or is the scope not available to you because you don't have the subscription?

https://github.com/CrowdStrike/terraform-provider-crowdstrike/blob/main/docs/resources/host_group.md

[l-teles]

Exactly, the scope is not available because I don't have the subscription.

[ffalor]

Here is some context around why this is happening.

A host group can be associated with many different policies like sensor update policies, prevention policies, etc in order to delete a host group those policies must be removed from the host group.

When the provider is told to delete a host group it calls the appropriate apis to see which policies are associated with that host group which is where this one is erroring.

When I wrote this I did not take into account your scenario. I will look and see what can be done.

Thank you again for reporting this!

[ffalor]

Latest version should fix this issue

terraform {
  required_providers {
    crowdstrike = {
      source = "CrowdStrike/crowdstrike"
      version = "0.0.4"
    }
  }
}

I appreciate your patience and thank you for reporting this issue.