When trying to create a Workplace Federated Identity service connection, apply fails with a missing "source" parameter

[jwr0next]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

terraform version: 1.8.5 ADO provider: 1.1.1

Affected Resource(s)

• azuredevops_serviceendpoint_azurerm

Terraform Configuration Files

resource "azurerm_user_assigned_identity" "ado" {
  for_each            = local.azure_service_connections
  name                = each.value.service_endpoint_name
  location            = data.azurerm_resource_group.ado.location
  resource_group_name = data.azurerm_resource_group.ado.name
}

resource "azuredevops_serviceendpoint_azurerm" "ado" {
  for_each                               = local.azure_service_connections
  project_id                             = each.value.project_id
  service_endpoint_name                  = each.value.service_endpoint_name
  azurerm_spn_tenantid                   = data.azurerm_client_config.current.tenant_id
  service_endpoint_authentication_scheme = "WorkloadIdentityFederation"
  azurerm_subscription_id                = data.azurerm_subscription.current.subscription_id
  azurerm_subscription_name              = data.azurerm_subscription.current.display_name
  description                            = "Managed by Terraform"
  environment                            = "AzureCloud"
  credentials {
    serviceprincipalid = azurerm_user_assigned_identity.ado[each.key].principal_id
  }
  features {
    validate = true
  }
}

resource "azurerm_federated_identity_credential" "ado" {
  for_each            = local.azure_service_connections
  parent_id           = azurerm_user_assigned_identity.ado[each.key].id
  name                = each.value.service_endpoint_name
  resource_group_name = data.azurerm_resource_group.apim.name
  audience            = ["api://AzureADTokenExchange"]
  issuer              = azuredevops_serviceendpoint_azurerm.ado[each.key].workload_identity_federation_issuer
  subject             = azuredevops_serviceendpoint_azurerm.ado[each.key].workload_identity_federation_subject
}

provider "azuredevops" {
  org_service_url = "https://dev.azure.com/xyz"
  personal_access_token = var.PAT
}

Debug Output

Panic Output

Expected Behavior

Endpoint connection is created successfully

Actual Behavior

Apply fails with a missing "source" parameter, however that parameter isn't mentioned in any documentation that I can find

│ Error: Value cannot be null.
│ Parameter name: source
│ 
│   with azuredevops_serviceendpoint_azurerm.ado["xyz"],
│   on service_connections.tf line 9, in resource "azuredevops_serviceendpoint_azurerm" "ado":
│    9: resource "azuredevops_serviceendpoint_azurerm" "ado" {

Steps to Reproduce

1. terraform apply

Important Factoids

References

• 0000

[xuzhang3]

@jwr0next the credentials.serviceprincipalid is the SPN client ID not identity ID.