azuredevops_git_permissions "Repository level" example with "Project Collection Administrators" is not working

[thiagomarinho]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

Terraform 1.3.5 Azure Devops Provider 0.3.0

Affected Resource(s)

• azuredevops_git_permissions

Terraform Configuration Files

terraform {
  required_version = ">= 1.0.0"

  required_providers {
    azuredevops = {
      source  = "microsoft/azuredevops"
      version = ">=0.3.0"
    }
  }
}

resource "azuredevops_project" "example" {
  name               = "Example Project"
  work_item_template = "Agile"
  version_control    = "Git"
  visibility         = "private"
  description        = "Managed by Terraform"
}

data "azuredevops_group" "example-group" {
  name = "Project Collection Administrators"
}

resource "azuredevops_git_repository" "example" {
  project_id = azuredevops_project.example.id
  name       = "Example Empty Git Repository"
  initialization {
    init_type = "Clean"
  }
}

resource "azuredevops_git_permissions" "example-permissions" {
  project_id    = azuredevops_git_repository.example.project_id
  repository_id = azuredevops_git_repository.example.id
  principal     = data.azuredevops_group.example-group.id
  permissions = {
    RemoveOthersLocks = "Allow"
    ManagePermissions = "Deny"
    CreateTag         = "Deny"
    CreateBranch      = "NotSet"
  }
}

The code is the same from the example "Repository level"

Debug Output

https://gist.github.com/thiagomarinho/3a4fad24f97b176eafeed1613af03bab

Expected Behavior

• Create AzDo project, repo, and assign permissions to the Project Collection Administrators group.

Actual Behavior

• Project and repository were created, but got this error from the azuredevops_git_permissions.example-permissions:

azuredevops_git_permissions.example-permissions: Creating...
╷
│ Error:  waiting for permission update. Error reading permissions for principal INTERAL ERROR: identity map does not contain an item with key [Microsoft.TeamFoundation.Identity;S-x-x-xxxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-x-x-x-x-x]: vssgp.... 
│ 
│   with azuredevops_git_permissions.example-permissions,
│   on main.tf line 32, in resource "azuredevops_git_permissions" "example-permissions":
│   32: resource "azuredevops_git_permissions" "example-permissions" {
│ 
╵

Steps to Reproduce

1. Setup a Personal Access Token with an account that is a member of the Project Collection Administrators group;
2. run terraform apply

[LanceSandino]

I'm having similar issues but a different error:

2023-01-05T13:35:09.192-0500 [INFO]  provider.terraform-provider-azuredevops_v0.3.0: 2023/01/05 13:35:09 [TRACE] Waiting 10s before next try: timestamp=2023-01-05T13:35:09.192-0500

Will fully timeout after 1 hour.

[LanceSandino]

Any update on this? It doesn't happen often, but when it does it's very annoying