Open flobeier opened 3 years ago
Hi @flobeier I cannot reproduce your. This error happened when the authorization
or scheme
is null, normally the service will return the service connection's authorization.scheme
Another questions is can you make sure this is the correct log when you execute terraform plan
? Though the log, provider was crashed when the Terraform try set values, this usually happened in terraform apply
phase.
@xuzhang3 usually a pipeline deploys the resources and doesn't crash. Running terraform plan
(yes, plan
, not apply
) locally triggers this crash. It might be relevant to the issue that I'm lacking the permissions to read Azure AD objects like users and see related errors due to that because of other resources. However, none of the errors point to the file that contains the Azure DevOps resource.
@flobeier terraform plan
will do the read operation and compare the response with .tfstate
file then generate an execution plan. You can check the service connection response with API (service connection get)[https://docs.microsoft.com/en-us/rest/api/azure/devops/serviceendpoint/endpoints/get?view=azure-devops-rest-5.1], if you does not have the permissions, you will get an error message.
I hade an simular problem (trace), I think it's a permission problem combining with that the code didn't handle it in a good way. When I added the service principal that runs the plan output to "Endpoint Administrators" I got it running. The service endpoint was created from my personal account, but the pipeline was running as an other user that didn't saw all Service endpoints"
@sennerholm Have grant the pipeline the access permission? If not, yuou can use azuredevops_resource_authorization grant pipeline the access permission. Provide created service connection won't grant the access permission by default.
We had the "Pipeline user" in the "Permissions->Endpoint creators" but not the "Permissions->Endpoint Administrators" with the impact that when the service endpoint was created from another user the "terraform plan" gave that stacktrace. It would be better if it got a more controlled error. But with this information I think you can reproduce it.
@sennerholm ADO provider mange the access permissions based on the personal access token. The group managed permissions should not affect the Terraform execution permissions. Can you check personal access token configurations?
Community Note
Terraform (and Azure DevOps Provider) Version
Terraform
0.15.1
Azure DevOps Provider0.1.4
Affected Resource(s)
data "azuredevops_project"
resource "azuredevops_serviceendpoint_azurerm"
Terraform Configuration Files
Debug Output
Panic Output
Expected Behavior
Plugin doesn't crash when running
terraform plan
.Actual Behavior
Plugin crashes when running
terraform plan
.Steps to Reproduce
?
Important Factoids
References