Terraform (and Azure DevOps Provider) Version
terraform 1.9.0
azuredevops 1.3.0
Affected Resource(s)
azuredevops_serviceendpoint_azurerm
Terraform Configuration Files
------------------------MODULE----------------------------
resource “azuredevops_serviceendpoint_azurerm” “this” {
for_each = var.service_connection_params
project_id = each.value.project_id
service_endpoint_name = each.value.service_endpoint_name
azurerm_spn_tenantid = each.value.tenant_id
azurerm_subscription_id = each.value.subscription_id
azurerm_subscription_name = each.value.subscription_name
resource_group = each.value.resource_group
}
resource “azuredevops_resource_authorization” “this” {
for_each = var.service_connection_params
project_id = each.value.project_id
resource_id = azuredevops_serviceendpoint_azurerm.this[each.key].id
authorized = true
}
------------------------VARIABLES FILE--------------------
variable “service_connection_params” {
type = map(object({
project_id = string
service_endpoint_name = string
tenant_id = string
subscription_id = string
subscription_name = string
resource_group = string
}))
}
------------------------MODULE CALL-----------------------
module “service_connection” {
source = “…/”
service_connection_params = {
ado_service_connnection = {
project_id = data.azuredevops_project.teamproject.project_id
service_endpoint_name = “TEST_SC” #data.azurerm_resource_group.rg-devops-arm-poc.name
tenant_id = “88155c28-f750-4013-91d3”
subscription_id = “d4549b4e-03a6-4b02-a194”
subscription_name = “APPS_EU_POC”
resource_group = data.azurerm_resource_group.rg-devops-arm-poc.name
}
}
}
Debug Output
file attached
trace_logs.txt
Panic Output
n/a
Expected Behavior
Successfully create service connection
Actual Behavior
Error:
│ Error: waiting for service endpoint ready. Looking up service endpoint given ID (bffcc32d-d0a8-4915-abed-e146a7d81124) and project ID (4ff74780-9ca2-4de5-8711-086114d194bb): map[errorCode:1 severity: state:Failed statusMessage:Failed to create an app in Microsoft Entra. Error: Insufficient privileges to complete the operation in Microsoft Graph Ensure that the user has permissions to create a Microsoft Entra Application.]
Steps to Reproduce
terraform apply the above code provided
terraform apply
Important Factoids
n/a
References
n/a
- #0000
Mentions:
The error is saying “Insufficient privileges to complete the operation in Microsoft Graph” - but the service principal used HAS the privileges to create service connections - this was separately tested in powershell for Microsoft Graph API.
Looking forward for any feedback, thanks!