jemag
commented
2 months ago Interesting, we have been seeing the exact same error while trying to add a azuredevops_user_entitlement with PAT. Using provider 1.0.1 as well.
Open mobernberger opened 2 months ago
jemag
commented
2 months ago Interesting, we have been seeing the exact same error while trying to add a azuredevops_user_entitlement with PAT. Using provider 1.0.1 as well.
mobernberger
commented
2 months ago Interesting, we have been seeing the exact same error while trying to add a
azuredevops_user_entitlementwith PAT. Using provider1.0.1as well.
@jemag does the invitation works for you if you invite via the portal with the same user or not? If it isn't working in the portal maybe also check the Entra ID guest invitation settings.
jemag
commented
2 months ago please disregard my comment, the PAT used was of the wrong user without the proper permissions to create the user_entitlement. Not quite sure why it gave that message in this particular situation, either way, excuse my mistake.
JustinDroege
commented
5 hours ago We have essentially the same problem. With a PAT, everything works fine, but when we use the $System.AccessToken provided in a pipeline, we receive the same error. We also tried giving the Build Service Account, which is used for the pipeline, all permissions, but we were not successful. Is this a bug, or are we missing something?
Community Note
Terraform (and Azure DevOps Provider) Version
Terraform version: 1.8.0 (also happens with earlier versions) Azure DevOps provider tested with 1.0.0 and 1.0.1
Affected Resource(s)
azuredevops_user_entitlementTerraform Configuration Files
Debug / Trace Output
2024-04-16T10:12:05.769+0200 [ERROR] provider.terraform-provider-azuredevops_v1.0.1: Response contains error diagnostic: @module=sdk.proto tf_req_id=760ca8d1-df95-2593-91b1-12991ce551c9 tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/microsoft/azuredevops @caller=github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/internal/diag/diagnostics.go:55 diagnostic_detail="" diagnostic_severity=ERROR diagnostic_summary="Creating user entitlement: Adding user entitlement: (5102) You are trying to invite a user from outside your directory, but something went wrong. Please contact Azure DevOps support." tf_resource_type=azuredevops_user_entitlement tf_rpc=ApplyResourceChange timestamp="2024-04-16T10:12:05.768+0200" 2024-04-16T10:12:05.791+0200 [ERROR] vertex "azuredevops_user_entitlement.add_external_maintainers[\"test@external-domain.com\"]" error: Creating user entitlement: Adding user entitlement: (5102) You are trying to invite a user from outside your directory, but something went wrong. Please contact Azure DevOps support. 2024-04-16T10:12:05.791+0200 [TRACE] vertex "azuredevops_user_entitlement.add_external_maintainers[\"test@external-domain.com\"]": visit complete, with errors
Expected Behavior
User should be added to the corresponding Azure DevOps organization.
Actual Behavior
User never get's created or entitled inside of Azure DevOps.
Steps to Reproduce
terraform applyImportant Factoids
I have tested when using a "normal" user-account with the same permissions as the Service Principal (Member of "Project Collection Administrators") with a PAT inside of the provider everything works as expected. As soon as I switch again to Service Principal authentication I am getting the error above. I am also using some other Azure DevOps with SP authentication which are working fine in the same code (e.g. azuredevops_group_entitlement) so for me this couldn't be a permission problem of the Service principal.