Changing `resource_id` of `azuredevops_securityrole_assignment` should force recreation

[alexanderlinne]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

Affected Resource(s)

• azuredevops_securityrole_assignment

Terraform Configuration Files

resource "azuredevops_serviceendpoint_azurerm" "this" {
  […]
  service_endpoint_authentication_scheme = …
  […]
}

resource "azuredevops_securityrole_assignment" "this" {
  scope        = "distributedtask.serviceendpointrole"
  resource_id = resource.azuredevops_serviceendpoint_azurerm.this.id
  identity_id = …
  role_name   = "User"
}

Debug Output

Panic Output

Expected Behavior

When changing the service_endpoint_authentication_scheme both the azuredevops_serviceendpoint_azurerm and azuredevops_securityrole_assignment are planned for recreation.

Actual Behavior

The azuredevops_serviceendpoint_azurerm is planned for recreation, but the provider plans to update the azuredevops_securityrole_assignment in-place. During apply, the service endpoint gets destroyed and the update of the security role assignment fails since the service endpoint no longer exists.

Steps to Reproduce

1. terraform apply

Important Factoids

References

• 0000

[alexanderlinne]

I think the same goes for scope and identity_id, changing them should probably also force a recreation of the resource.