Open WillEdMatsypie opened 2 months ago
I see this is actually fixed in #973 which has been merged - great solution, nice one! Any ideas when this version will be available to consume?
soon, working on it
Following up on this - I see this has been made available now.
However, notably when I use the resource to authorise access to a repository for all pipelines in another project, I get a timeout every time āwaiting for pipeline authorization ready. timeout while waiting for state to become āsucceed, failedā (last state: āwaitingā, timeout: 2m0s)ā
Notably when I check via the API, I see that the pipeline permission has in fact enabled! But terraform never gets a success response. I can also enable this via the API and get a success response using the same token
@xuzhang3 - From further inspection with some local testing, it looks like the method for āGetPipelinePermissionsForResourceā gets nil for āAllPipelinesā, whereas āUpdatePipelinePermissionsForResourceā itself gets a value back - so seems like something may be off thereā¦ I am sadly still learning Go, so not in much of a position to make suggestions, but I think thereās something inconsistent coming from the Go client maybe?
(Note this is specifically when going cross project on repo permissions, within the same project behaves entirely as expected)
EDIT: Notably, with the same token, the Get API endpoint returns AllPipelines and not null when called from python - so seems likely that it is to do with the client maybe?
EDIT 2: I think I found the issue - the checkPipelineAuthorization function doesnāt make use of pipelineProjectId, so it is checking the permissions in the wrong project. Updating this locally allows the resource creation to succeed after 10s.
Community Note
Terraform (and Azure DevOps Provider) Version
Affected Resource(s)
azuredevops_pipeline_authorization
Terraform Configuration Files
Debug Output
Expected Behavior
This should authorise my_repo for all pipelines in Project B.
The Azure DevOps API for adding pipeline permissions for repositories accepts resource_id of a repo in another Project provided it is given of format
"${project_id}.${repo_id}"
- I have been able to do this via the API using python requests, however it seems to not be possible to give IDs of this format in terraform.I have also attempted without the project_id prefixed but that results in an error that the resource cannot be found, likely due to it only checking the current project given by project_id.
Actual Behavior
Terraform throws an error that the Resource ID exceeds the maximum length of 100. This should not be true as the length of the 2 GUIDs concatenated with a
.
is actually 73 characters, I would assume under the hood this is maybe trying to add the project ID of Project B again to the front of the resource_id hence the longer string.At any rate, as per the Expected Behaviour, the API accepts resource_ids of this format for referencing repositories in different projects.
Steps to Reproduce
You can also test this works via the API with the API reference here, simply replace resource ID with this format
"${project_id}.${repo_id}"
https://learn.microsoft.com/en-us/rest/api/azure/devops/approvalsandchecks/pipeline-permissions/update-pipeline-permisions-for-resource?view=azure-devops-rest-7.1&tabs=HTTP