Open zanozbot opened 3 years ago
what i've found is overwrite doesn't overwrite anything NOT in the state file...IE it only removes things that are in the state file
I am experiencing this behavious myself.
I am also experiencing this behavior :(
This is particularly painful for Groups that are created as a result of another process - e.g. the Endpoint Creators and Endpoint Administrators Groups are created automatically when a Service Endpoint has been added to a Project. This is the default behavior as the Groups are then given default permissions of Creator and Administrator respectively. Additionally, the Contributor and Project Administrator groups are added as members under the newly created Endpoint groups.
Because of this, maintaining the groups in state with the azuredevops provider is impossible. Given that the Azure DevOps REST API documentation for Removing Members from a Group expects exactly one member ID per request, it doesn't appear that this resource can remove all members on the first run (as @drdamour pointed out, the IDs of the members to remove from the group are not known yet).
I wish we could find an alternate path to use another provider to manage this group, but even using the restapi provider proves troublesome as you run into similar issues.
It would be great if we could get a data source for Group Membership through this provider instead. Something that uses the Members - Get API request and passes the return JSON out as a map so we can parse it.
Community Note
Terraform (and Azure DevOps Provider) Version
Terraform: v0.14.5 Azure DevOps Provider: 0.1.1
Affected Resource(s)
azuredevops_group_membership
Terraform Configuration Files
Debug Output
https://gist.github.com/zanozbot/aca3e5b2b34edbd9de77298d8c99d1bd
Expected Behavior
The Azure DevOps
Contributers
group should have no members.Actual Behavior
Nothing happens. On the second run Terraform detects changes and removes the members.
Steps to Reproduce
terraform apply
References