-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azuredevops_user_entitlement fails to re-add user once they are manually removed from the organisation #443
Comments
@OpsM0nkey It's not recommend to manage the resources out of Terraform and try handle the changes by Terraform. |
'_ It's not recommend to manage the resources out of Terraform and try handle the changes by Terraform._' With the reproduction, I wonder if this additional information will make a difference?
I hope my reply makes sense. I can replicate this error reliably every time with the code snippet I provided in the issue. |
@OpsM0nkey My test ORG connected to an AAD too, I still cannot reproduce the error. The username case sensitive issue has been fixed in #446 . |
@xuzhang3 thanks for the quick turnaround on #446! To answer your other question, no parallel tasks run, nor is the user referenced by another resource. This is running against a clean AzDO org I just set up for testing this provider. I know what you're saying, but in my case, just running
i.e. it picks up on the change in license type and license source, but not id... |
@OpsM0nkey just recall the delete operation is an async operation and users have status . In ADO provider , we ignore the account status, this seems to be the key point here. |
close this issue, feel free to open another if you still have questions. |
Community Note
Terraform (and Azure DevOps Provider) Version
Affected Resource(s)
azuredevops_user_entitlement
Terraform Configuration Files
Debug Output
Link to debug output in Gist
Panic Output
N/A
Expected Behavior
The configuration is expected to reconcile the desired state - i.e. users are added/modified with each plan/apply of the terraform module and azuredevops_user_entitlements provider. If a user is manually removed from the AzDO org (but not from the configuration), the reconciliation process will identify the drift and put them back in.
Actual Behavior
Adding a user into the organisation through the azuredevops_user_entitlement resource for the first time works as expected. However, if that same user is subsequently removed from the organisation outside of the terraform process (i.e. manually through the UI), applying the same configuration fails because it can no longer find the same object ID. Running
terraform plan
we get a hint to the problem:The above is the plan output detecting the drift in configuration. It picks up the drift in license_type and licensing_source, but not the drift in the fact the principal is no longer present. As a result, it attempts to perform an update on the record instead of attempting to recreate it (i.e. destroy and add).
As a result of the
terraform apply
:What's the impact?
It makes it difficult to rely on the azdo provider to provide a reliable mechanism for reconciling desired state. In this case, where a change occurs outside of the configuration process (like manually removing a user), the configuration process will fail.
Steps to Reproduce
terraform init/plan/apply
Manually remove the user
Important Factoids
N/A
References
The text was updated successfully, but these errors were encountered: