`azuredevops_group` is not recreated when deleted

[alexanderlinne]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

Affected Resource(s)

• azuredevops_group

Terraform Configuration Files

Anonymized example:

resource "azuredevops_group" "example" {
  scope        = local.project_id
  display_name = "example"
  description  = "example"
}

resource "azuredevops_group_membership" "example" {
  group   = azuredevops_group.example.descriptor
  members = […]
}

Debug Output

Panic Output

Expected Behavior

The group is recreated on the second apply and the members are added again.

Actual Behavior

The provider detects the drift for the azuredevops_group_membership and tries to add the members to the group, but azuredevops_group does not detect that the group has been deleted, which leads to the following error:

Error:  Adding group memberships during update: Error adding member aadgp.Uy… to group vssgp.Uy…: TF50258: An error occurred finding the group. There is no group with the security identifier (SID) S-…

Steps to Reproduce

1. terraform apply
2. Delete the group in Azure DevOps
3. terraform apply

Important Factoids

References

• 0000

[alexanderlinne]

Additionally, if resources like azuredevops_group_membership, azuredevops_project_permissions or azuredevops_git_permissions are used for the group and the group is deleted from state with terraform state rm, the provider attempts to recreate them. This of course fails, given that the group and it's associated permissions and memberships no longer exist.

[xuzhang3]

The group status flag was ignored by SDK internal