search

microsoft / terraform-provider-azuredevops

Terraform Azure DevOps provider
https://www.terraform.io/docs/providers/azuredevops/
MIT License
387 stars 279 forks source link

azuredevops_team_members: error: Failed adding member aad.xyz to team TeamName #1129

Closed nilleb closed 3 months ago

nilleb commented 3 months ago

Bug

Description

The resource documentation specifies that the "add" mode is going to make sure that the user is part of the team. In reality, if the user is part of the team, the resource detects an error and fails.

This corresponds to line 451 of providers/terraform-provider-azuredevops/azuredevops/internal/service/core/resource_team.go

IMHO, if the mode is "add" the return value "False" should be considered as a success.

Steps

Details

The current samples use a resource user_entitlement, so I have used a data.azuredevops_users to retrieve the user descriptors.

The team_members resource is using a "add" mode.

resource "azuredevops_team_members" "devops_core_team" {
  project_id = data.azuredevops_project.terraform-modules.id
  team_id    = data.azuredevops_team.itid_platform_team.id
  mode       = "add"
  members    = local.devops_core_team_members_descriptors
}

The log does not contain any useful information about what could the root cause be.

2024-08-13T14:24:46.038Z [DEBUG] azuredevops_team_members.devops_core_team: applying the planned Create change
2024-08-13T14:24:46.039Z [TRACE] GRPCProvider: ApplyResourceChange
2024-08-13T14:24:46.039Z [TRACE] GRPCProvider: GetProviderSchema
2024-08-13T14:24:46.042Z [TRACE] provider.terraform-provider-azuredevops_v1.2.0: Received request: @module=sdk.proto tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/microsoft/azuredevops tf_req_id=4863e306-0b39-356d-2fe1-a3e922354e87 @caller=github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/tf5server/server.go:805 tf_rpc=ApplyResourceChange tf_resource_type=azuredevops_team_members timestamp=2024-08-13T14:24:46.039Z
2024-08-13T14:24:46.042Z [TRACE] provider.terraform-provider-azuredevops_v1.2.0: Sending request downstream: tf_resource_type=azuredevops_team_members tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/internal/tf5serverlogging/downstream_request.go:17 @module=sdk.proto tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/microsoft/azuredevops tf_req_id=4863e306-0b39-356d-2fe1-a3e922354e87 timestamp=2024-08-13T14:24:46.039Z
2024-08-13T14:24:46.042Z [TRACE] provider.terraform-provider-azuredevops_v1.2.0: Calling downstream: @module=sdk.helper_schema tf_provider_addr=registry.terraform.io/microsoft/azuredevops tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-sdk/v2@v2.23.0/helper/schema/resource.go:836 tf_req_id=4863e306-0b39-356d-2fe1-a3e922354e87 tf_resource_type=azuredevops_team_members timestamp=2024-08-13T14:24:46.040Z
2024-08-13T14:24:46.947Z [INFO]  provider.terraform-provider-azuredevops_v1.2.0: 2024/08/13 14:24:46 [TRACE] Adding member dda6db1c-06c5-6df4-aef9-b3fd49f496ad to team ITID DevOps Core Team: timestamp=2024-08-13T14:24:46.946Z
2024-08-13T14:24:47.236Z [TRACE] provider.terraform-provider-azuredevops_v1.2.0: Called downstream: tf_provider_addr=registry.terraform.io/microsoft/azuredevops tf_req_id=4863e306-0b39-356d-2fe1-a3e922354e87 tf_resource_type=azuredevops_team_members @caller=github.com/hashicorp/terraform-plugin-sdk/v2@v2.23.0/helper/schema/resource.go:838 @module=sdk.helper_schema tf_rpc=ApplyResourceChange timestamp=2024-08-13T14:24:47.235Z
2024-08-13T14:24:47.236Z [TRACE] provider.terraform-provider-azuredevops_v1.2.0: Received downstream response: @caller=github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/internal/tf5serverlogging/downstream_request.go:37 diagnostic_error_count=1 diagnostic_warning_count=0 tf_provider_addr=registry.terraform.io/microsoft/azuredevops tf_resource_type=azuredevops_team_members tf_rpc=ApplyResourceChange @module=sdk.proto tf_proto_version=5.3 tf_req_duration_ms=1196 tf_req_id=4863e306-0b39-356d-2fe1-a3e922354e87 timestamp=2024-08-13T14:24:47.235Z
2024-08-13T14:24:47.236Z [ERROR] provider.terraform-provider-azuredevops_v1.2.0: Response contains error diagnostic: tf_proto_version=5.3 @caller=github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/internal/diag/diagnostics.go:55 @module=sdk.proto diagnostic_detail="" diagnostic_severity=ERROR diagnostic_summary="Failed adding member aad.ZGRhNmRiMWMtMDZjNS03ZGY0LWFlZjktYjNmZDQ5ZjQ5NmFk to team ITID DevOps Core Team" tf_req_id=4863e306-0b39-356d-2fe1-a3e922354e87 tf_resource_type=azuredevops_team_members tf_provider_addr=registry.terraform.io/microsoft/azuredevops tf_rpc=ApplyResourceChange timestamp=2024-08-13T14:24:47.236Z
2024-08-13T14:24:47.236Z [TRACE] provider.terraform-provider-azuredevops_v1.2.0: Served request: @module=sdk.proto tf_proto_version=5.3 tf_req_id=4863e306-0b39-356d-2fe1-a3e922354e87 tf_resource_type=azuredevops_team_members tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.14.0/tfprotov5/tf5server/server.go:831 tf_provider_addr=registry.terraform.io/microsoft/azuredevops timestamp=2024-08-13T14:24:47.236Z
2024-08-13T14:24:47.240Z [TRACE] maybeTainted: azuredevops_team_members.devops_core_team encountered an error during creation, so it is now marked as tainted
2024-08-13T14:24:47.240Z [TRACE] terraform.contextPlugins: Schema for provider "registry.terraform.io/microsoft/azuredevops" is in the global cache
2024-08-13T14:24:47.240Z [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for azuredevops_team_members.devops_core_team
2024-08-13T14:24:47.240Z [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for azuredevops_team_members.devops_core_team
2024-08-13T14:24:47.240Z [TRACE] evalApplyProvisioners: azuredevops_team_members.devops_core_team is tainted, so skipping provisioning
2024-08-13T14:24:47.240Z [TRACE] maybeTainted: azuredevops_team_members.devops_core_team was already tainted, so nothing to do
2024-08-13T14:24:47.240Z [TRACE] terraform.contextPlugins: Schema for provider "registry.terraform.io/microsoft/azuredevops" is in the global cache
2024-08-13T14:24:47.240Z [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for azuredevops_team_members.devops_core_team
2024-08-13T14:24:47.240Z [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for azuredevops_team_members.devops_core_team
2024-08-13T14:24:47.241Z [DEBUG] State storage *cloud.State declined to persist a state snapshot
2024-08-13T14:24:47.241Z [ERROR] vertex "azuredevops_team_members.devops_core_team" error: Failed adding member aad.ZGRhNmRiMWMtMDZjNS03ZGY0LWFlZjktYjNmZDQ5ZjQ5NmFk to team ITID DevOps Core Team
2024-08-13T14:24:47.241Z [TRACE] vertex "azuredevops_team_members.devops_core_team": visit complete, with errors
2024-08-13T14:24:47.241Z [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/microsoft/azuredevops\"] (close)" errored, so skipping
2024-08-13T14:24:47.241Z [TRACE] dag/walk: upstream of "root" errored, so skipping
2024-08-13T14:24:47.241Z [TRACE] terraform.contextPlugins: Schema for provider "registry.terraform.io/microsoft/azuredevops" is in the global cache
2024-08-13T14:24:47.241Z [DEBUG] cloud/state: state read serial is: 2; serial is: 2
2024-08-13T14:24:47.241Z [DEBUG] cloud/state: state read lineage is: e5946d78-1ea0-b7e2-1a42-e5f0f0f04647; lineage is: e5946d78-1ea0-b7e2-1a42-e5f0f0f04647
╷
│ Error: Failed adding member aad.ZGRhNmRiMWMtMDZjNS03ZGY0LWFlZjktYjNmZDQ5ZjQ5NmFk to team ITID DevOps Core Team
│ 
│   with azuredevops_team_members.devops_core_team,
│   on main.tf line 37, in resource "azuredevops_team_members" "devops_core_team":
│   37: resource "azuredevops_team_members" "devops_core_team" {
│ 
╵

Sample Terraform Code

data "azuredevops_project" "terraform-modules" {
  name = "skills-finder"
}

data "azuredevops_team" "itid_platform_team" {
  project_id = data.azuredevops_project.terraform-modules.id
  name       = "ITID DevOps Core Team"
}

data "azuredevops_users" "devops_core_team_members" {
  for_each       = toset(local.devops_core_team_members)
  principal_name = each.key
}

resource "azuredevops_team_members" "devops_core_team" {
  project_id = data.azuredevops_project.terraform-modules.id
  team_id    = data.azuredevops_team.itid_platform_team.id
  mode       = "add"
  members    = local.devops_core_team_members_descriptors
}

locals {
  devops_core_team_members_descriptors = flatten([
    for user in data.azuredevops_users.devops_core_team_members[*] : [
      for key, user_obj in user : tolist(user_obj.users)[0].descriptor
    ]
  ])
  devops_core_team_members_descriptors_emails_map = flatten([
    for user in data.azuredevops_users.devops_core_team_members[*] : [
      for key, user_obj in user : {descriptor: tolist(user_obj.users)[0].descriptor, mail: tolist(user_obj.users)[0].mail_address}
    ]
  ])
}

output "users_descriptors_map" {
    value = local.devops_core_team_members_descriptors_emails_map
}

locals {
  devops_core_team_members = [
     "ivo@example.com"
  ]
}